Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Port 5900 (tcp/udp) Attack Activity Port 5900 (tcp/udp) Attack Activity

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
[get complete service list]
Port Information
Protocol Service Name
tcp vnc Virtual Network Computer
Top IPs Scanning
TodayYesterday (524) (677798) (169) (419742) (157) (2882) (144) (1772) (54) (1478) (25) (1320) (19) (1074) (12) (661) (12) (605) (11) (482)
Port diary mentions
Mailbag and DShield items generate a post VNC exploitation fun question
User Comments
Submitted By Date
K. P. 2009-10-04 18:45:22
RealVNC ( prior 12-May-2006 has "Password Authentication Bypass Vulnerability" ( ,
Andrew Daviel 2006-06-11 19:53:09
Actively being exploited May/June 2006 etc.
Patrick K. 2005-11-21 22:57:46
A VNC server listens on two ports. The exact port numbers depend on the VNC display number, because a single machine may run multiple servers. The most important one is 59xx, where xx is the display number. The VNC protocol itself runs over this port. So for most PC servers, the port will be 5900, because they use display 0 by default. (See also, port 5800.)
Add a comment
CVE Links
CVE # Description