Very unexpected connection attempt via a well-known site ?

Very unexpected connection attempt via a well-known site ?

Postby paddy_m » 2017-12-01 17:55

I hope this is the right place to ask about strangeness found with UVNC 1.2.1.1 and then with 1.2.1.6

I get unexpected connection attempts to UVNC server seemingly triggered/pushed through my browser.
e.g. with 1.2.1.1 server running I got an unsolicited 'Could not connect to 127.0.0.1'

It began today on a W10/64 system that has been running UVNC server happily for some time.
The browser is Firefox with NoScript. I used NoScript to narrow the source down.
So far, it only happens when I want to leave feedback on ebay and am asked to log in.
Reloading the login page triggers another connection attempt.

Windows log events 4624 and 4672 also show up (logon type = 5 - service)
My best guess is that they relate to the attempted connection to the winvnc service.
It may be that something wants to crawl up the pipe toward me via ebay.
I would be happy to be wrong.

I got debug logging working and updated 1.2.1.1 to 1.2.1.6
I now get something that looks even less appealing when asked to login by ebay.

Fri Dec 1 15:17:22 2017
vsocket.cpp : VSocket() m_pDSMPlugin = NULL
vncsockconnect.cpp : accepted connection from 127.0.0.1
vncserver.cpp : AddClient() started
vncclient.cpp : vncClient() executing...
vncclient.cpp : TEST 4
vncserver.cpp : AddClient() done
vncclient.cpp : client connected : 127.0.0.1 (1)
vncclient.cpp : DSMPlugin Pointer to socket OK
vncclient.cpp : Repeater connect
vncclient.cpp : Repeater connected, waiting viewer
vncserver.cpp : removing unauthorised client
vncserver.cpp : RemoveClient() done
vncclient.cpp : ~vncClient() executing...
vncclient.cpp : deleting socket
vsocket.cpp : closing socket
vncmenu.cpp : Reset 0

The unexpected/unsolicited 'connected' and 'waiting viewer' messages make me wonder what is trying to happen.

I have saved a copy of the offending web page source code and could provide a version stripped of personal identifiers.

This would be a good time for Rudi or some other guru to tell me I misunderstand the situation.

Thanks.

Paddy
paddy_m
 
Posts: 3
Joined: 2016-04-28 09:20

Re: Very unexpected connection attempt via a well-known site

Postby Rudi De Vos » 2017-12-02 18:44

Indeed this look strange..
Eventviewer and mslogon.log record access

It looks like
something start an invers winvnc.exe connection and connect to a repeater also running local
And they even try to make a viewer connection with wrong password

Can you give more info on the page..

Please test this version
https://www.uvnc.eu/download/1217/winvnc3264.zip
Rudi De Vos
Admin & Developer
Admin & Developer
 
Posts: 5626
Joined: 2004-04-23 10:21


Return to 1.2.1.x

Who is online

Users browsing this forum: No registered users and 4 guests