TCP Port 5900
Virtual Network Computer (VNC).
Currently inbound scans are likely looking for either VNC computers with weak
password or trying to exploit buffer oveflow vulnerability within UltraVNC (
http://www.kb.cert.org/vuls/id/721460 ) or a vulnerability where RealVNC
Server fails to properly authenticate clients (
Outbound scans if occurring in volume should be considered an indication of a
possible worm infection on the source computer and should be investigated or a
remote connection to a VNC enabled system.
Page last updated on
November 29, 2008