I am wondering why expose VNC over the internet in the first place, really. It's my opinion that VNC is really only good for LAN's. Why not use VPN to secure your connection to the remote network before starting VNC sessions? It's much easier to set up on a LAN where you need VNC access to 200 computers than setting up SSH over the Internet!
I can concede that VNC data should be encrypted in some way when traveling the Internet but why do people set up VNC over SSH on local networks? That really makes very little sense to me. If your network is so insecure that you're worried about your VNC traffic being hacked, you've got some pretty big problems! I connect to a network via VPN and others I connect using encrypted RDP sessions. Once I've made those connections, I can safely use VNC on the remote networks. Why waste all of this time with SSH on Windows computers all over the network when VPN and RDP is so easy to set up? Yea, William did have a better search phrase than I did. That utility does have limitations and flaws, though. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Sean Kamath Sent: Tuesday, April 19, 2005 4:45 PM To: William Hooper Cc: vnc-list@realvnc.com Subject: Re: VNC Security [In a message on Tue, 19 Apr 2005 10:53:09 EDT, "William Hooper" wrote:] >Steve Bostedor wrote: >[snip] >> I've scoured the web out of this curiosity, looking for a tool to >> put VNC packets together into something useful for a hacker. There's >> nothing. Nada. > >Fifth hit on Google for: vnc capture playback > >http://users.tpg.com.au/bdgcvb/chaosreader.html Google is your friend. Of course, knowing the right phrase or keywords makes it nice. ;-) That's a very interesting tool, which should put the fear of the Internet in everyone. . . Another reason for tunneling VNC over SSH is this: My firewall only exposes a select few protocols to the outside world. If it weren't for the fact I have to support other people, I'd likely ONLY have SSH exposed to the world. Instead I have to have POP/IMAP, SMTP, etc. . . The fewer things you expose to the outside Big Bad World, the better. Sean _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
