I manage several PC's remotely with VNC but I ALWAYS tunnel the connection through SSH otherwise everything is completely in the clear. Setting up a tunnel fairly simple if you use a GUI client like SecureCRT or the SSH Client from SSH.com
Glenn ------------------------------------------------------------------ Glenn Schoonover, MCSE Director of Security and Internal Systems [EMAIL PROTECTED] http://www.inter.net 12120 Sunset Hills Road Inter.Net Suite 410 Office : (703) 456-3917 Reston, Virginia 20190 Cellular : (571) 236-9849 Fax : (703) 456-0148 ------------------------------------------------------------------ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, April 19, 2002 9:01 PM To: CHRIS GRABENSTEIN Cc: [EMAIL PROTECTED] Subject: RE: IP AND NAT Actually allowing VNC from the internet is VERY INSECURE. I suggest you open port 22 (ssh) and tunel vnc throuhg this tunnel. I have a script for this if you'd like. -------------- Brian Carpio CSG Systems Inc. Open Systems Unix System Admin x3317 -------------- On Fri, 19 Apr 2002, CHRIS GRABENSTEIN wrote: > You'll have to map a port from your machine with public IP to the private > one. I believe VNC uses 5800 and 5900 by default. You then connect your > vncviewer to the public IP. How you go about doing that depends on your OS > and personal preferences. > > You might want to consider using a port other than the default to avoid basic > port scanners scanning subnets for servers. It involves changing two > registry keys, but it's pretty straight forward. There are also several > third-party tools that will let you run vnc through an encrypted tunnel for > added security. > > |-----Original Message----- > |From: snaqi [mailto:[EMAIL PROTECTED]] > |Sent: Thursday, April 18, 2002 6:23 AM > |To: [EMAIL PROTECTED] > |Subject: IP AND NAT > | > | > |My first question is, is this possible, I have only one public > |IP address, and I am using nat to hide my internal network, > |and I want to connect to a machine with vnc on that with > |private ip And then run my web server and ftp server inside > |that network. So my question is how can I connect to vnc host > |from outside world to the machine having private ip behind my nat. > | > |Thanks for help in advance > | > |Naqi > | > | >
