[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] VNC through the firewall
Ivan, As far as I know, yes. Keystrokes are included, so those would be caught by the sniffer. Nearly everything I've read STRONGLY and VOCALLY pushes you to channel VNC through an SSH tunnel for full encryption. It's really quite easy to do. >From Sonnenreich's and Yates' "Building Linux and OpenBSD Firewalls".... "Like X, VNC is not a secure protocol. All of the caveats about X apply... simply forward the VNC TCP connection through an ssh tunnel. Forwarding VNC is easy to do. (With VNC server running on port 5900,) tell your client program to communicate with local port 5901. Then, use ssh on the client side to forward local port 5901 to port 5900 on the server end.... Regardless of how you do it, you should definitely run VNC through ssh. Ssh has built-in compression that will signficantly reduce network traffic and improve the speed of the connection." So you'll get performance benefits as well as full encryption. You can get more info on OpenSSH, the free version, at http://www.openssh.org Hope this helps! Brian Brian R. Aust IT Manager Health Decisions, Inc. 1512 East Franklin St. Suite 200 Chapel Hill, NC 27514 -----Original Message----- From: Ivan Fox [mailto:[email protected]] Sent: Wednesday, December 13, 2000 5:30 PM To: Firewall-Wizards@Nfr. Net; Firewalls@Lists. Gnac. Net; Firewall-1 Subject: [FW1] VNC through the firewall I understand that the ip and password for using VNC are encrypted, but the data are not. Please correct me: VNC is a very thin client. Are "data" passing through the wire are key strokes, mouse strokes, screen display? Are sniffer able to capture NT id and password when logging onto an NT domain using VNC. Any comments are appreciated. Thanks, Ivan ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|