The icons on my Windows XP machine have been flashing on & off intermittently for quite a while.  The problem would come & go, and it wasn’t my primary computer, so I never bothered looking into it, though I did have a few suspicions as to the culprit.

I had a little extra time today, and the desktop icons were flashing so much it looked like a little icon disco over there, so I decided to look into the problem a little bit further. 

I suspected that the problem was related to VNC, (UltraVNC in my case), and as an experiment, I shut down the VNC daemon. Sure enough, the icons stopped flashing. 

I figured that the icons were flashing each time a remote machine tried to make a VNC connection to my computer, so I did a second test.  The second part of my test was to restart the VNC server & choose the option to to “Display Query Window.”  What this will do is pop up a little notification each time the machine receives an incoming connection request. 


After enabling that option, it didn’t take long until I got the following pop-up:


So, who is this remote machine?  A “hacker,” of course.  Actually, more like a script kiddie.  In case you’re unaware, people use scripts to scan your computer hundreds of thousands of times per day, looking for vulnerabilities. Since I have my VNC running on the default port (5900), it is a prime target for these unsophisticated rubes.

Not that I’m too concerned about it – I have a strong password and am not worried about an intrusion.  More than anything, I just want the flashing to stop.

Here are few ways you can fix or minimize the problem

  1. Only run VNC when you have to.  This isn’t a great solution for me, as I like to have it running 24/7.  But if you use VNC infrequently, it may work for you.
  2. Change the default port to something other than 5900.  Many of these scripts are configured to only check the default ports.  It won’t stop the more sophisticated port scanning apps, but it’ll stop most.  Of course, you’ll have to configure your VNC connection software to use this alternate port.
  3. Configure your router to only accept connections from certain remote IP’s, if you know the remote machines you will be connecting from.  (Or only from your local LAN, if you only use VNC on your local network.)
  4. Turn off VNC port forwarding on your router, and configure your router so you can connect remotely & turn it back on when you need it.  This eliminates the flashing problem & keeps VNC running, but adds another level of security headache by making your router configuration accessible to the public.  If you have a good username & password, it shouldn’t be a problem.
  5. Change the “Display Query Window” settings to timeout after a longer period, and then accept the connection by default.  These kiddie scripts work on brute force, and many time out after 10 or 20 seconds.  Configuring the server to wait 60 seconds before replying will cause many of them to go away uninterested after the first timeout.  When you connect remotely, you’ll have to wait 60 seconds for the connection, obviously.  And you may have to deal with a pop up notification about an incoming connection every once in a while, but it’s better than the constant flashing.

Right now, I’m experimenting with option #5, with good results so far.  I’ve had a few pop ups, but after that first initial inquiry, the remote machine just goes away.  (Instead of trying its list of 100 common passwords, causing 100 flashes.)

Number 4 is a good option (for me) too, but if #5 works, I’ll stick with that because it’s only less step to perform when connecting remotely.  (Just have to wait that extra 60 seconds.)