[GLLUG] Uh Oh. Help?
J Neveau
neveauj at gmail.com
Thu Mar 1 17:16:11 EST 2012
Could someone in the group with network guru skills help me out? I was
perusing my Mom's router log today and saw something that concerned me.
The log shows:
[LAN access from remote] from 70.86.214.138:48659 to
192.168.1.3:5900Thursday, Mar 01,2012 08:06:39
and
[LAN access from remote] from 140.123.103.148:45214 to
192.168.1.3:5900Wednesday, Feb 29,2012 6:31:46
Both of those lines show up a number of times over the past couple weeks.
I'm concerned, as my Mom is 80 years old and (hopefully) didn't download
anything malicious that is allowing port 5900 to be used on her OS. She is
using Linux Mint and I've been keeping it up to date on updates through
it's synaptic application. (version 10.something if I recall correctly)
I have a PDF file of the entire log if anyone would be kind enough to look
at it.
I had her router set up for remote management so that I could log in to
deal with issues. I had it assigned to a selected port number for admin of
the router. I also had the DHCP reserve that IP address to her machine so
I could remote admin her operating system if she had any issues; it was
port forwarded to a selected port (different than the router log-in; NOT
port 5900) for that purpose as well.
For the time being, I've disabled the remote log-in function until I can
get this surveyed by those more knowledgeable. I will have physical access
to her machine for the next week, so if any additional diagnoses is needed,
I'll be happy to forward that information to the group.
Any help is greatly appreciated!
J.Neveau
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.egr.msu.edu/mailman/public/linux-user/attachments/20120301/d5ab122f/attachment.html>
More information about the linux-user
mailing list