I'm admittedly a novice at this. Out of an abundance of caution, I installed LS about six months ago. Tonight, I decided to have a deeper look at the data in LS, and I am quite alarmed to see that Screensharingd.bundle has been permitted ~50-60 random accesses (from random IPs) since the initial install. The IPs range in location from Russia to Africa to SE Asia.
Yes, I have Screen Sharing enabled in Mac OS X prefs (I use Screens to VPN into my iMac, so some of these connections are legitimate). Yes, Screen Sharing is limited to Admin only and has always been password protected.
I am easily able to identify the legitimate connections from illegitimate episodes (my connections are 50-75 MB each, the illegitimate ones are generally measured in KB).
I have now changed the rule in LS to deny connections from Screensharingd.bundle. My question is ... should I be taking other security-related precautions? Can anyone suggest best practices or ideas for how I can try to determine if my screen was actually viewed by an unauthorized third-party? The connections were permitted by LS (my fault; somehow I set the Rule incorrectly), but is the small size of data transferred back and forth any comfort?
Thank you for any help/suggestions.