![]() ![]() The second idea was the one that we ended up using. That means that we had to disable SIP to change it, which is not currently possible with our infrastructure. The VNC port is located in a system configuration file protected by SIP (System Integrity Protection). Or use a system to automatically ban offending IP addresses.We had two main ideas to solve the problem: ![]() The more an attacker tries to log in, the slower it becomes for legitimate users. It seems that screensharingd, the process that provides the built-in VNC, is vulnerable to denial of service attacks. The results were staggering, as the slowness of the VNC simply disappeared. We added a firewall rule to discard all incoming traffic on the VNC port from all but our IP, and we enabled the firewall. Every machine with a public IP address is subject to automated scans and brute force attacks, so we found a way to see for ourselves if these attempts were the source of our troubles. Yet, this is a common thing in the IT industry. And we quickly confirmed this hypothesis by looking at the logs, as there were many “Authentication :: FAILED” messages. Attackers were trying to gain control over the machines. There was only one possible reason for this: our machines were the targets of brute-force attacks. After looking at the capture, we discovered something unusual: our machine saw many different IP addresses targeting the VNC port. That’s when one of our team members had the simple yet smart idea of capturing the network traffic from a machine having the symptoms. We tried several remote desktop solutions, either open-source or commercial, and each one of them worked flawlessly. We couldn’t wrap our heads around why only the VNC was this slow. In fact, the network traffic for this product is usually below 0.25% of its capacity, and for the time being, never exceeded 2.5%. But after spending quite some time with our network engineers, we’ve come to the conclusion that it couldn’t be the network. It seemed logical that an overcrowded network link could result in some slowdowns during the day, which is where most of the activity happens. Our first designated culprit was the network. We even got reports of VNC connections working better in the evening than during the day! Our clients were starting to get rightfully annoyed, and we started to sweat over this issue. Our customer excellence team was getting more and more tickets over the months, yet we couldn’t find the root cause of the issue. We had to buy a lot more to add them to our data center… and we doubled our customer base since.īut there was one big problem: the VNC was slow. And we weren’t the only ones thinking it was exciting: our Apple silicon M1 as-a-Service quickly sold out after the launch. The engineering put in this product is nothing short of incredible. ![]() This project was particularly exciting because Apple’s M1 finally gave us an ARM chip that is more powerful than most of its x86 counterparts. Later, I was put in charge of the massive restocking that we needed. Tip: You can find more information on the macOS Orb documentation page.In February 2021, Scaleway introduced a new product: the Mac mini M1 from Apple. Use credentials vncuser and the password you set in MAC_ORB_VNC_PASSWORD.Connect to the VNC session from your VNC client:.Configure SSH port forwarding on your local machine:.Linux and Windows users can download and install TightVNC or RealVNC Viewer.macOS users can use the Screen Sharing app.Install a VNC viewer on your local machine:.Set up your desired VNC password in an environment variable or context variable named MAC_ORB_VNC_PASSWORD.To connect to a macOS container using the macOS Orb: As such this method creates a new user from whom you can VNC into the session and run any commands from there. Note: It is not possible to know the password for the default user. This can be done by ensuring that VNC is enabled in the host OS, and setting up the credentials with which to connect to the host. When troubleshooting macOS builds, sometimes it can be useful to find out what's happening on screen in the macOS GUI. ![]()
0 Comments
Leave a Reply. |