I installed vino VNC server on Lubuntu 18.04, and configured and started my vino server according to https://askubuntu.com/a/530196/1471:
$ export DISPLAY=:0
$ gsettings set org.gnome.Vino enabled true # although fails, it doesn't matter
No such key “enabled”
$ gsettings set org.gnome.Vino prompt-enabled false
$ gsettings set org.gnome.Vino require-encryption false
$ /usr/lib/vino/vino-server
https://www.cl.cam.ac.uk/research/dtg/attarchive/vnc/sshvnc.html says that
VNC uses a random challenge-response system to provide the basic authentication that allows you to connect to a VNC server. This is reasonably secure; the password is not sent over the network. Once you are connected, however, traffic between the viewer and the server is unencrypted, and could be snooped by someone with access to the intervening network. We therefore recommend that if security is important to you, you 'tunnel' the VNC protocol through some more secure channel such as SSH.
Does vino VNC server authenticate clients using a challenge-response approach, instead of transferring password?
I could connect to the server at port 5900 from RealVNC's VNC viewer on my Android phone within the same WIFI network, and I was only asked to provide a password which I thought was the one used for logging into my Lubuntu.
The quote at the beginning says that VNC uses challenge-response system, and doesn't transfer password, so does me having to provide a password mean that the VNC server transfers the password instead of using a challenge-response system? If it uses a challenge-response system, why do I have to provide a password?
In the following monitoring output message of the server, I found the following suspicious clients
46.101.184.149
,zg-0817a-64.stretchoid.com
,196.52.43.118
, andscan-06.shadowserver.org
. Did they successfully connect to my vino VNC server, and were they authenticated?Since the quote at the beginning says that VNC uses challenge-response system, and doesn't transfer password, if the suspicious clients were authenticated, how could they find out the password? By testing every password to log in and being lucky?
If the suspicious clients did not try to log in, but only snooped the traffic between the viewer and the server, isn't it that the server should be unaware of these clients?
Thanks.
$ /usr/lib/vino/vino-server
(vino-server:32529): dbind-WARNING **: 19:44:12.185: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
19/08/2018 07:44:12 PM Autoprobing TCP port in (all) network interface
19/08/2018 07:44:12 PM Listening IPv6://[::]:5900
19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900
19/08/2018 07:44:12 PM Autoprobing selected port 5900
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface
19/08/2018 07:44:12 PM Listening IPv6://[::]:5900
19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Advertising authentication type: 'No Authentication' (1)
19/08/2018 07:44:12 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface
19/08/2018 07:44:12 PM Listening IPv6://[::]:5900
19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Clearing authTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Advertising authentication type: 'VNC Authentication' (2)
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Clearing authTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Advertising authentication type: 'VNC Authentication' (2)
19/08/2018 07:44:12 PM Advertising security type: 'VNC Authentication' (2)
19/08/2018 07:44:17 PM [IPv4] Got connection from client android-c28b29b650f6548c.home
19/08/2018 07:44:17 PM other clients:
19/08/2018 07:44:17 PM Client Protocol Version 3.7
19/08/2018 07:44:17 PM Advertising security type 18
19/08/2018 07:44:17 PM Advertising security type 2
19/08/2018 07:44:17 PM Client returned security type 2
** (vino-server:32529): WARNING **: 19:44:28.888: VNC authentication failure from 'android-c28b29b650f6548c.home'
19/08/2018 07:44:28 PM rfbAuthPasswordChecked: password check failed
19/08/2018 07:44:28 PM Client android-c28b29b650f6548c.home gone
19/08/2018 07:44:28 PM Statistics:
19/08/2018 07:44:28 PM framebuffer updates 0, rectangles 0, bytes 0
19/08/2018 07:44:30 PM [IPv4] Got connection from client android-c28b29b650f6548c.home
19/08/2018 07:44:30 PM other clients:
19/08/2018 07:44:30 PM Client Protocol Version 3.7
19/08/2018 07:44:30 PM Advertising security type 18
19/08/2018 07:44:30 PM Advertising security type 2
19/08/2018 07:44:30 PM Client returned security type 2
** (vino-server:32529): WARNING **: 19:44:40.531: Deferring authentication of 'android-c28b29b650f6548c.home' for 5 seconds
19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 22
19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 21
19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 15
19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -314
19/08/2018 07:44:45 PM Enabling NewFBSize protocol extension for client android-c28b29b650f6548c.home
19/08/2018 07:44:45 PM Pixel format for client android-c28b29b650f6548c.home:
19/08/2018 07:44:45 PM 8 bpp, depth 6
19/08/2018 07:44:45 PM true colour: max r 3 g 3 b 3, shift r 4 g 2 b 0
19/08/2018 07:44:45 PM Pixel format for client android-c28b29b650f6548c.home:
19/08/2018 07:44:45 PM 32 bpp, depth 24, little endian
19/08/2018 07:44:45 PM true colour: max r 255 g 255 b 255, shift r 16 g 8 b 0
19/08/2018 07:44:45 PM no translation needed
Gtk-Message: 20:43:41.511: GtkDialog mapped without a transient parent. This is discouraged.
Gtk-Message: 20:43:44.339: GtkDialog mapped without a transient parent. This is discouraged.
Gtk-Message: 20:43:52.072: GtkDialog mapped without a transient parent. This is discouraged.
19/08/2018 10:39:57 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:39:57 PM other clients:
19/08/2018 10:39:57 PM android-c28b29b650f6548c.home
19/08/2018 10:39:57 PM Client Protocol Version 3.3
** (vino-server:32529): WARNING **: 22:39:57.238: VNC authentication failure from '46.101.184.149'
19/08/2018 10:39:57 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:39:57 PM Client 46.101.184.149 gone
19/08/2018 10:39:57 PM Statistics:
19/08/2018 10:39:57 PM framebuffer updates 0, rectangles 0, bytes 0
19/08/2018 10:43:41 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:43:41 PM other clients:
19/08/2018 10:43:41 PM android-c28b29b650f6548c.home
19/08/2018 10:43:41 PM Client Protocol Version 3.3
** (vino-server:32529): WARNING **: 22:43:41.812: Deferring authentication of '46.101.184.149' for 5 seconds
** (vino-server:32529): WARNING **: 22:43:47.449: VNC authentication failure from '46.101.184.149'
19/08/2018 10:43:47 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:47:27 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:47:27 PM other clients:
19/08/2018 10:47:27 PM 46.101.184.149
19/08/2018 10:47:27 PM android-c28b29b650f6548c.home
19/08/2018 10:47:27 PM Client Protocol Version 3.3
** (vino-server:32529): WARNING **: 22:47:27.692: Deferring authentication of '46.101.184.149' for 5 seconds
** (vino-server:32529): WARNING **: 22:47:32.452: VNC authentication failure from '46.101.184.149'
19/08/2018 10:47:32 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:51:12 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:51:12 PM other clients:
19/08/2018 10:51:12 PM 46.101.184.149
19/08/2018 10:51:12 PM 46.101.184.149
19/08/2018 10:51:12 PM android-c28b29b650f6548c.home
19/08/2018 10:51:12 PM Client Protocol Version 3.3
** (vino-server:32529): WARNING **: 22:51:12.833: Deferring authentication of '46.101.184.149' for 5 seconds
** (vino-server:32529): WARNING **: 22:51:18.448: VNC authentication failure from '46.101.184.149'
19/08/2018 10:51:18 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:54:58 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:54:58 PM other clients:
19/08/2018 10:54:58 PM 46.101.184.149
19/08/2018 10:54:58 PM 46.101.184.149
19/08/2018 10:54:58 PM 46.101.184.149
19/08/2018 10:54:58 PM android-c28b29b650f6548c.home
19/08/2018 10:54:58 PM Client Protocol Version 3.3
** (vino-server:32529): WARNING **: 22:54:58.339: Deferring authentication of '46.101.184.149' for 5 seconds
** (vino-server:32529): WARNING **: 22:55:03.449: VNC authentication failure from '46.101.184.149'
19/08/2018 10:55:03 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:58:43 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:58:43 PM other clients:
19/08/2018 10:58:43 PM 46.101.184.149
19/08/2018 10:58:43 PM 46.101.184.149
19/08/2018 10:58:43 PM 46.101.184.149
19/08/2018 10:58:43 PM 46.101.184.149
19/08/2018 10:58:43 PM android-c28b29b650f6548c.home
19/08/2018 10:58:43 PM Client Protocol Version 3.3
** (vino-server:32529): WARNING **: 22:58:43.756: Deferring authentication of '46.101.184.149' for 5 seconds
** (vino-server:32529): WARNING **: 22:58:49.448: VNC authentication failure from '46.101.184.149'
19/08/2018 10:58:49 PM rfbAuthPasswordChecked: password check failed
19/08/2018 11:02:28 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 11:02:28 PM other clients:
19/08/2018 11:02:28 PM 46.101.184.149
19/08/2018 11:02:28 PM 46.101.184.149
19/08/2018 11:02:28 PM 46.101.184.149
19/08/2018 11:02:28 PM 46.101.184.149
19/08/2018 11:02:28 PM 46.101.184.149
19/08/2018 11:02:28 PM android-c28b29b650f6548c.home
19/08/2018 11:02:28 PM Client Protocol Version 3.3
** (vino-server:32529): WARNING **: 23:02:28.345: Deferring authentication of '46.101.184.149' for 5 seconds
** (vino-server:32529): WARNING **: 23:02:33.449: VNC authentication failure from '46.101.184.149'
19/08/2018 11:02:33 PM rfbAuthPasswordChecked: password check failed
19/08/2018 11:30:51 PM [IPv4] Got connection from client zg-0817a-64.stretchoid.com
19/08/2018 11:30:51 PM other clients:
19/08/2018 11:30:51 PM 46.101.184.149
19/08/2018 11:30:51 PM 46.101.184.149
19/08/2018 11:30:51 PM 46.101.184.149
19/08/2018 11:30:51 PM 46.101.184.149
19/08/2018 11:30:51 PM 46.101.184.149
19/08/2018 11:30:51 PM 46.101.184.149
19/08/2018 11:30:51 PM android-c28b29b650f6548c.home
19/08/2018 11:31:01 PM rfbProcessClientProtocolVersion: client gone
19/08/2018 11:31:01 PM Client zg-0817a-64.stretchoid.com gone
19/08/2018 11:31:01 PM Statistics:
19/08/2018 11:31:01 PM framebuffer updates 0, rectangles 0, bytes 0
sendto: Network is unreachable
sendto: Network is unreachable
20/08/2018 10:37:54 AM rfbProcessClientNormalMessage: read: Connection reset by peer
20/08/2018 10:37:54 AM Client android-c28b29b650f6548c.home gone
20/08/2018 10:37:54 AM Statistics:
20/08/2018 10:37:54 AM key events received 32, pointer events 3932
20/08/2018 10:37:54 AM framebuffer updates 7016, rectangles 13714, bytes 270216867
20/08/2018 10:37:54 AM ZRLE rectangles 13714, bytes 270216867
20/08/2018 10:37:54 AM raw bytes equivalent 538553044, compression ratio 1.993040
20/08/2018 02:15:10 PM [IPv4] Got connection from client 196.52.43.118
20/08/2018 02:15:10 PM other clients:
20/08/2018 02:15:10 PM 46.101.184.149
20/08/2018 02:15:10 PM 46.101.184.149
20/08/2018 02:15:10 PM 46.101.184.149
20/08/2018 02:15:10 PM 46.101.184.149
20/08/2018 02:15:10 PM 46.101.184.149
20/08/2018 02:15:10 PM 46.101.184.149
20/08/2018 02:15:10 PM Client Protocol Version 3.7
20/08/2018 02:15:10 PM Advertising security type 18
20/08/2018 02:15:10 PM Advertising security type 2
20/08/2018 02:15:10 PM Client returned security type 1
20/08/2018 02:15:10 PM rfbAuthProcessSecurityTypeMessage: client returned unadvertised security type 1
20/08/2018 02:15:10 PM Client 196.52.43.118 gone
20/08/2018 02:15:10 PM Statistics:
20/08/2018 02:15:10 PM framebuffer updates 0, rectangles 0, bytes 0
20/08/2018 02:31:26 PM [IPv4] Got connection from client scan-06.shadowserver.org
20/08/2018 02:31:26 PM other clients:
20/08/2018 02:31:26 PM 46.101.184.149
20/08/2018 02:31:26 PM 46.101.184.149
20/08/2018 02:31:26 PM 46.101.184.149
20/08/2018 02:31:26 PM 46.101.184.149
20/08/2018 02:31:26 PM 46.101.184.149
20/08/2018 02:31:26 PM 46.101.184.149
20/08/2018 02:31:28 PM rfbProcessClientProtocolVersion: client gone
20/08/2018 02:31:28 PM Client scan-06.shadowserver.org gone
20/08/2018 02:31:28 PM Statistics:
20/08/2018 02:31:28 PM framebuffer updates 0, rectangles 0, bytes 0