RE: Wish: Version Query :VSMail mx3
I wouldn't use them :-) I personally don't see this as any more risk than my browser telling the web host what I am using, or the server telling me what software it is running. We already get very rudimentary info from the RFB version. Right now I audit using a platform specific tool. Having an extension to vnc that would report its' version and flavor would allow me to monitor/audit multiple platforms. Obviously this would only work if the vnc server was updated with this info on al the platforms I need. Adding in the support isn't a big deal. I can compile my own. We need a standard. I feel this is a very valid request, even if it will never happen. -Original Message- From: William Hooper [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: RE: Wish: Version Query :VSMail mx3 > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Tuesday, March 18, 2003 3:18 PM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: RE: Wish: Version Query :VSMail mx2 > > > It would be nice to be able to audit my network to see if > there were any > clients vulnerable to said exploit. It works both ways. > > Security through obscurity is folly. If the port is open then > it is open. > Reporting the version is after the fact. I agree, security through obscurity is not security. On the other hand, reporting the version gives an attacker just another piece of information that is not needed by an authorized client. Auditing the network can be done a number of different ways now that don't involve even connecting to the VNC server. In fact if it is a large enough network that I would want auditing for VNC, I would want auditing for a number of different programs. And again, unless everyone adds this some versions won't give you this information, so how do you audit those? -- William Hooper ___ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Wish: Version Query :VSMail mx3
That is what I was referring to. Yea, it would have to be a new standard implemented by every flavor. That would actually be the point. It would be nice to query it to tell if it is running esVNC, realVNC, tightVNC, etc, along with the version number. Example: TCP CONNECT Port 5800 Command: VERSION Reply: Real VNC 3.3.6-4 - Steve Bostedor http://www.vncscan.com -Original Message- From: Mike Miller [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 2:38 PM To: [EMAIL PROTECTED] Cc: VNC List Subject: RE: Wish: Version Query :VSMail mx3 On Tue, 18 Mar 2003 [EMAIL PROTECTED] wrote: > On Tue, 18 Mar 2003, Steve Bostedor wrote: > > > Ya know, it'd be cool if there was a way to connect to the VNC port on > > a computer, issue a command, and get back the flavor and version that > > is running on that computer. If anybody feels like adding new > > features to VNC, this would be awesome! > > I think he was referring to the VNC flavor and version. That may be, but then wouldn't every author of a VNC product have to agree to add the same functionality to their product? Mike ___ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Wish: Version Query :VSMail mx3
On Tue, 18 Mar 2003 [EMAIL PROTECTED] wrote: > On Tue, 18 Mar 2003, Steve Bostedor wrote: > > > Ya know, it'd be cool if there was a way to connect to the VNC port on > > a computer, issue a command, and get back the flavor and version that > > is running on that computer. If anybody feels like adding new > > features to VNC, this would be awesome! > > I think he was referring to the VNC flavor and version. That may be, but then wouldn't every author of a VNC product have to agree to add the same functionality to their product? Mike ___ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Wish: Version Query :VSMail mx3
I think he was referring to the VNC flavor and version. This mailbox protected from junk email by Matador from MailFrontier, Inc. http://info.mailfrontier.com -Original Message- From: Mike Miller [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 10:18 AM To: VNC List Subject: Re: Wish: Version Query :VSMail mx3 On Tue, 18 Mar 2003, Steve Bostedor wrote: > Ya know, it'd be cool if there was a way to connect to the VNC port on a > computer, issue a command, and get back the flavor and version that is > running on that computer. If anybody feels like adding new features to > VNC, this would be awesome! If the machine is running {Win,X}VNC, you can connect using vncviewer then either go to My Computer, Help, About (if it's Windows), or, if it's Unix, open a terminal window and type "uname -a". I'll bet you knew all these things. Is the problem that VNC runs on other OSes too and you want to be able to automatically get the info for any OS through some special VNC keystrokes or a menu? Mike ___ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list