I have screensharing enabled on my Mac. I make use of the feature often to remotely control my Mac from public computers.
However, while looking through the console today, I noticed this message appearing about once every ten seconds:
screensharingd[13223]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 60.6.38.2 :: Type: VNC DES
So, it seems that someone with the IP address 60.6.38.2 is trying to connect to my computer via screen-sharing, and possibly attempting to brute-force my password. Is there any way I can block this guy without actually turning off screen sharing?
Edit: I should probably note that I'm aware my system is not ideal from a security perspective. I just want a way to block this one IP.
Best Answer
The bigger question here is why is your Mac not behind a firewall that is doing some sort of port filtering/forwarding as well as stateful packet inspection?
If you were behind a firewall you could block/filter out IP addresses, but this is only temporary because all the attacker has to do is change their IP.
Instead of VNC, which in my opinion is very weak in terms of both security and functionality and instead go for a product like TeamViewer (free for personal use) and you don't have to open any ports on your firewall to use it.
By the way, your attacker is coming from China....