Menu
Reply
  • 10
  • 1
  • 0
eds89
Tuning in
311 Views
Message 1 of 15
Flag for a moderator

VNC server warning email

Hi,

 

I just received an e-mail notification from VM, advising of a VNC server on my network.

I don't use VNC at all, so this isn't me.

 

In the detail of the message it gives me this IP:

Details of the alert:

IP: 82.24.67.59
Date: 11 July 2019

This is not my external IP, and when doing a WHOIS lookup, it seems to be a VM IP address.

 

Does anyone know if that IP is supposed to be the source or the target for the VNC traffic?

I've done some checks and can't really see anything unusual going on on my network, so am wondering if they have sent to the wrong person.

 

Cheers

Eds

0 Kudos
Reply
  • 3.65K
  • 201
  • 607
chenks
Community elder
295 Views
Message 2 of 15
Flag for a moderator

Re: VNC server warning email

are you sure it's a valid email from virgin?
0 Kudos
Reply
  • 10
  • 1
  • 0
eds89
Tuning in
291 Views
Message 3 of 15
Flag for a moderator

Re: VNC server warning email

Certainly seems so.

 

Email domain is virginmedia.com and it has my valid account number and area code in the email.

0 Kudos
Reply
  • 3.65K
  • 201
  • 607
chenks
Community elder
287 Views
Message 4 of 15
Flag for a moderator

Re: VNC server warning email

VNC (and similar remote control apps) use ports 5800 and 5900.
are those ports open your hub/router?

Teamviewer also used those ports and could be confused with VNC using a basic port scan.
0 Kudos
Reply
  • 10
  • 1
  • 0
eds89
Tuning in
284 Views
Message 5 of 15
Flag for a moderator

Re: VNC server warning email

I don't use Teamviewer or VNC, as I make use of a remote desktop gateway for external access, which uses RDP 3389 and HTTPS 443.

 

5800 and 5900 and open LAN to WAN, but not WAN to LAN unless an outbound connection is already established.

I have checked for traffic on my pfSense router for VNC traffic on 5800 and 5900 and found nothing.

0 Kudos
Reply
  • 3.65K
  • 201
  • 607
chenks
Community elder
280 Views
Message 6 of 15
Flag for a moderator

Re: VNC server warning email

ignore the email then.
0 Kudos
Reply
  • 3.46K
  • 111
  • 413
VMCopperUser
Trouble shooter
257 Views
Message 7 of 15
Flag for a moderator

Re: VNC server warning email

Is this the same as what your reporting?

https://community.virginmedia.com/t5/Security-matters/Virgin-Media-Security-Alert-Virtual-Network-Co...

Keep in mind that your IP can change, but it generally doesn't do it that often.

VNC means "Virtual Network Computing" and there are plenty of VNC servers.  I don't see a open VNC server on that IP, tho I do see what looks like AsusWRT running with possibly DNSCrypt, so those type of people are likely to have a remote connection open from time to time.

Going by the other thread I linked to, It would appear that someone else gives VM the IP addresses and then they issue warnings.  Perhaps their lookup script is attaching the wrong account to the IP.  It might be worth you phoning up to see if you have had a different IP issued over the past few days.

 

----
I do not work for VM, but I would. It is just a Job.
Most things I say I make up and sometimes it's useful, don't be mean if it's wrong.
I would also make websites for them, because the job never seems to require the website to work.
0 Kudos
Reply
  • 10
  • 1
  • 0
eds89
Tuning in
247 Views
Message 8 of 15
Flag for a moderator

Re: VNC server warning email

Yes that's the same email I received.

 

I appreciate my DHCP lease can expire, but it hasn't changed for at least a few days.

Was concerned it was an indication someone had gotten onto my WiFi network and was initiating an outbound VNC connection.

Are you suggesting the IP in my initial post was running those services? That isn't me, so definitely feels like they have gotten the wrong customer.

 

I'll give support a call tomorrow to double check anyway.

 

Cheers

Eds

0 Kudos
Reply
  • 3.65K
  • 201
  • 607
chenks
Community elder
245 Views
Message 9 of 15
Flag for a moderator

Re: VNC server warning email


@eds89 wrote:

I appreciate my DHCP lease can expire, but it hasn't changed for at least a few days.


days? i'd be surprised if it hadn't been the same for months.
mine hasn't changed since i activated the hub back in september last year.

0 Kudos
Reply
  • 10
  • 1
  • 0
eds89
Tuning in
243 Views
Message 10 of 15
Flag for a moderator

Re: VNC server warning email

I know when it last changed, as I rebuilt my pfSense router, so the connection was down for an afternoon.

After it all came back up, the lease had changed, and I had to change my domain DNS entries to match.

 

Had I not have gone through that maintenance, then no it would not have changed for much much longer.

0 Kudos
Reply