vnc_scanning_outside_to_inside

Explanation

The vnc_scanning_outside_to_inside NDM is designed to detect VNC scanning activity on a network. This activity can occur when an attacker attempts to move from an outside network to an inside network using the VNC protocol. The NDM monitors network traffic to identify suspicious VNC scanning behavior.

What to Look For

When this NDM is triggered, customers should examine their network traffic to look for any instances of VNC scanning activity. They should also investigate any suspicious IP addresses that may be attempting to access their network using VNC. Customers should take immediate action to block any unauthorized access attempts and strengthen their network security measures to prevent future attacks.

Related MITRE ATT&CK Categories

Network Service Discovery, Technique T1046 - Enterprise
Active Scanning, Technique T1595 - Enterprise