Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] VNC through the firewall

To: "'Ivan Fox'" <[email protected]>, "Firewall-Wizards@FW1-NOSPAMNfr. Net" <[email protected]>, "Firewalls@FW1-NOSPAMLists. Gnac. Net" <[email protected]>, Firewall-1 <[email protected]>
Subject: RE: [FW1] VNC through the firewall
From: Brian Aust <[email protected]>
Date: Thu, 14 Dec 2000 13:37:48 -0500
Sender: [email protected]

Ivan,

As far as I know, yes.  Keystrokes are included, so those would be caught by
the sniffer.  Nearly everything I've read STRONGLY and VOCALLY pushes you to
channel VNC through an SSH tunnel for full encryption.  It's really quite
easy to do.

>From Sonnenreich's and Yates' "Building Linux and OpenBSD Firewalls"....

	"Like X, VNC is not a secure protocol.  All of the caveats about X
apply...   simply forward the VNC TCP connection through an ssh tunnel.
Forwarding VNC is easy to do.  (With VNC server running on port 5900,) tell
your client program to communicate with local port 5901.  Then, use ssh on
the client side to forward local port 5901 to port 5900 on the server
end....  Regardless of how you do it, you should definitely run VNC through
ssh.  Ssh has built-in compression that will signficantly reduce network
traffic and improve the speed of the connection."

So you'll get performance benefits as well as full encryption.

You can get more info on OpenSSH, the free version, at
http://www.openssh.org

Hope this helps!
Brian

Brian R. Aust
IT Manager
Health Decisions, Inc.
1512 East Franklin St. Suite 200
Chapel Hill, NC  27514

-----Original Message-----
From: Ivan Fox [mailto:[email protected]]
Sent: Wednesday, December 13, 2000 5:30 PM
To: Firewall-Wizards@Nfr. Net; Firewalls@Lists. Gnac. Net; Firewall-1
Subject: [FW1] VNC through the firewall



I understand that the ip and password for using VNC are encrypted, but the
data are not.  Please correct me:

VNC is a very thin client.  Are "data" passing through the wire are key
strokes, mouse strokes, screen display?  Are sniffer able to capture NT id
and password when logging onto an NT domain using VNC.

Any comments are appreciated.

Thanks,

Ivan



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Nokia IP330 & IPX
Next by Date: RE: [FW1] VNC through the firewall
Previous by thread: [FW1] VNC through the firewall
Next by thread: RE: [FW1] VNC through the firewall
Index(es):
- Date
- Thread