Ok, so im really a beginner at internet security. I've worked in IT and have tons of experinece with hardware and such, but internet security is so confusing. Anyway.
I've been trying to lock down my PC better, working in the Windows Firewall and also running scans with Wireshark to see what is going on in general.
I've noticed the same several IP addresses trying to get into my VNC port. (I know, I know, VNC is really not great to open to the world, but I need access and have no clue how to make an IPSEC tunnel or SSH tunnel or even what those mean, but more on that later).
Anyway, as soon as I switch my VNC port, within a day, it's happening again. ( Yes, my realVNC is password protected, and of course, virus scans, malware scans all negative etc etc, my computer is seemingly clean).
Here's an example packet:
source destination protocol length
126.96.36.199 192.168.2.5 TCP 74
[TCP Retransmission] 58787→5903 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=359065360 TSecr=0 WS=128 496
5903 is my VNC port of course.
This is coming from an IP address registered to Purdue University in Indiana (what the heck?).
A few questions:
(1) Why does this keep happening? Who the heck is at Purdue trying to scan my ports?
(2) If my VNC is password protected, does the fact that they found this port mean they can get into it working around the VNC, i.e. use the port as a doorway but bypass the VNC authentication and mess around? How can I even tell if they got in (my VNC was never successfully activated)
(3) And if so, is there a way in Windows firewall to restrict a particular port's use to only realVNC? I have not seen an option like that....you can restrict a program to a port, but not a port to a program...i.e., lock down that port so that all traffic entering that port MUST use VNC...
As well, no matter how many times I have read about VPNs, SSH tunnels, IPsec, I am still utterly confused, and have no idea what I can implement to better secure my VNC, as a casual user. I only ever log in from outside my LAN by using my vnc app on cellphone, over my carrier's data (not on some open wifi). Can anyone refer me to a plainish-English tutprial to understand these terms?
Oh, and P.S., is there some legal issue with SSH? I was reading strange things about it being illegal to use, and also, from what I was reading, VPNs are generally also used for nefarious activities much moreso than anything legal...is this accurate? Sorry for the n00biness)
Edited by quietmedic, 18 January 2017 - 09:06 PM.