Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 08-22-2009, 04:08 PM   #1
LQ Newbie
Registered: Jan 2008
Posts: 12

Rep: Reputation: 0
Recent remote desktop access


recently, somebody from japan took remote access over my desktop, because I (stupidly) forgot to check "require users to enter this password".

Thankfully I was at my desk when it happened, so nothing was deleted or lost, but I had to force it to shut down via the power button, because I couldnt disconnect him. When I tried to, the mouse moved away because he was trying to move it.

However, is there a way to find out through logs, recent commands or anything like that, who it was? I got a brief look due to the notification popup, and all I saw before he started entering commands was and the accompanying mac address or whatever.

He opened up nautilus and typed in something Im not quite sure about before I shut the comp down.

So is there a way to find out who recently took control of my comp, what commands he entered, etc?

Also, what keyboard shortcut disconnects remote users?

Last edited by psykotrol; 08-22-2009 at 04:11 PM.
Old 08-24-2009, 02:01 AM   #2
Senior Member
Registered: Oct 2007
Location: Brighton, UK
Distribution: Ubuntu Hardy, Ubuntu Jaunty, Eeebuntu, Debian, SME-Server
Posts: 1,213
Blog Entries: 1

Rep: Reputation: 88
the easiest way is not to pull the power, it's pull the network cable!
Old 08-24-2009, 02:21 AM   #3
Registered: Nov 2008
Location: ~/
Distribution: Arch || Sidux
Posts: 393

Rep: Reputation: 45
Originally Posted by irishbitte View Post
the easiest way is not to pull the power, it's pull the network cable!
LOL...! true

You need to audit your listening ports ... Check your log files... I use shorewall & SSH w/ syslog-ng. The filters I use separate the firewall logs to a separate log file that records the mac... I would audit the SSH logs, firewall logs, and auth logs. This is of course you have appropriate filters and log files. I would find the auth time stamps and grep the firewall log for a pattern. From there you'll find the mac. You need to run chkrootkit on your machine, and see if there are any common rootkits. Also audit your crons. Someone can easily plant a reverse ssh script that crons a connection to listen to a port. Giving away there position. If he was controlling the screen, that would suspect a vnc connection possibly over ssh. Check the firewall rules for vnc connections. I would change all listening ports and set appropriate logs for any future audits. And reset the port forwarding on the router.

Just grep the logs first with the timestamps, then the compromised username, find a pattern.

Last edited by manwithaplan; 08-24-2009 at 02:23 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Secure remote access to your desktop LXer Syndicated Linux News 0 10-05-2007 12:50 PM
How to access windows Remote Desktop? hacker supreme Linux - Newbie 8 02-08-2007 06:51 PM
access through remote desktop..... ashley_31 Linux - Networking 10 09-14-2006 12:55 PM
Remote Desktop Access winxlinx Linux - Networking 3 02-10-2006 08:28 AM
Remote App and Desktop Access Chazz_CA Linux - Software 3 03-12-2004 01:40 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:38 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration