As a network administrator, I don't like an application that by-passes firewalls and server-based virus scanning. They are there for a reason, regardless whether you want to check your home PC or not.
Collins, Kevin (MindWorks) wrote:
I looked at Hamachi after a mention of it on this list yesterday, and while it seems pretty cools, I have to ask:
Am I the only one who has at least a slight distrust of using a
"mediation server" in the middle of a secure connection?
Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over?
Kevin
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Kovats Sent: Monday, February 28, 2005 6:33 PM To: vnc-list@realvnc.com Subject: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
For the typical users of RealVNC, the prevailing desire seems to be remote connectivity through home routers, corporate firewalls, etc. but the average user may be thwarted by diverse implementations of the "dreaded" Network Address Tranlations (NAT's).
Well, NAT has it's uses but hey...I just wanna check in with my home PC!
The following workaround will blow RealVNC users away with it's
operational
simplicity.
It's called Hamachi, it can be found at http://hamachi.cc and displays
some
brilliant Canuck software engineering.
Technically it's a P2P bidirectional NAT traversal solution with 3
levels of
security, i.e.
- DH group - 2048-bit MODP group from RFC 3526 <http://ietf.org/rfc/rfc3526>
- Message encryption - AES-256-CBC using ESP <http://ietf.org/rfc/rfc2406>-style padding
- Message authentication - 96-bit version <http://ietf.org/rfc/rfc2404>
of
HMAC-SHA1 <http://ietf.org/rfc/rfc2104>
It creates a virtual network adapter on your PC, issues Hamachi virtual
IP
addresses, i.e. 5.0.23.43 and speaks Hamachi protocol. It's not a "true"
P2P
implementation, i.e. it uses "mediation" servers to "help" connect the
peers.
But if you can operate a mouse, you can install and run Hamachi. It's free and about to become very popular. :)
And it literally does "punch" right through "most " NAT's. In fact as I type this my Hamachi virtual adapter on my work PC has a solid connection with my home PC. I have inserted the Hamachi issued IP into my RealVNC viewer and, voila...there is my desktop.
Remember to install Hamachi on every windows PC you wish to connect to
...in
fact you can easily create multiple and distinct Hamachi networks each
with
their own unique password access.
I work for a significantly sized NOC with multiple levels of firewalls, IDS and IPS. It's increasing popularity may soon have security personal frantically rewriting firewall app filter rules but hey...nows the time to try it out.
Bottom Line: Install Hamachi on your remote and local PCs. Create a network name and "common" network password. Add "trusted" users by Hamachi IP or by nickname. You can also "evict" them...in Hamachi parlance.
You now can enjoy an encrypted, operational and free virtual private network (VPN) that you can start tunneling your favorite applications right through, i.e. RealVNC.
Have fun....
NK in Toronto _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
-- ============================
Bob Hartung, Dir of I.T. c\o Wisco Industries, Inc. P. O. Box 10 736 Janesville St. Oregon, WI 53575
Phone: (608) 835-3106 x215 Fax: (608) 835-9644
email: bhartung(at)wiscoind.com _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
