Replies in-line below: > > General message: > > vnc has no security build in. > > If you need security, take the next steps: > > Get a secure connection with ssh and/or vpn or such > > DONT use the java viewer: It requires an additional open port which you > > don't want. and abova all, You should not give hackers the tool to >access > > your machine. > > Do use the binary viewer for your viewer platform. > > > > As far as I know, the AuthHosts can be easily spoofed. >
Thanks for the advice - at the time I could not find any MacOSX ports of the VNC client. I have now found several such ports, and may indeed replace the Java client at some stage with one of them. > >You can use tcp wrappers with Xvnc. It will block attempts at ports in >the 59xx range, but I guess it doesn't do anything about the 58xx range. >Has there ever been a breakin using the java http port 58xx? > Yes, tcpwrappers would be a good solution, but [unfortunately] the server is a Windows one! > >You don't give an example if the line you used in the first case, so I >apologize if you know this... >From the second line, unless it's a typo, you don't have the correct >syntax. According to the VNC Docs "-:+158.97: would filter out all >incoming connections except those beginning with 158.97." Notice the + >before the IP after the colon. > Yes, I did indeed have the format of the AuthHosts setting incorrect. I have changed the format and this has had the desired effect - many thanks! > >Your statement about the "...only thing preventing a connection from an >internet host is the firewall..." confuses me. If you have firewalled >off the 5800 and 5900 ports from the Internet that is all you need to >do. > Yes, but firewalls can - and do - fail. Application failure, misconfiguration, malicious intervention - any of these fates can befall the firewall, and I don't want to leave control of my server in the hands of a 8-character length password which may be guessed or brute-forced. An Access Control List such as that offered by the AuthHosts feature is an additional layer of security which I will happily accept... Thanks again to everybody who responded. _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
