Joe:
Heya. Your VNC Server (which I presume is running at home,
behind your firewall appliance) will always listen to the port you
tell it to. By default that's 5900.
Your VNC Viewer (which I presume is running at work), on the
other hand, will use whatever port the OS gives to it.
Mike:
Heya. You need to do two things: set either the AllowLoopback
or LoopbackOnly registry entries (presuming your VNC server is on a
Windoze box) for VNC, *and* restart the server after you do that.
Then loop-back connections will be enabled.
cheers,
Scott
> Date: Thu, 25 Apr 2002 16
Rusty:
Heya. The VNC server only needs one TCP port for the
actual VNC session. The default is 5900, you could change that
to 12345 if you wanted to.
Alternatively...leave the VNC server alone, and just
change how you're forwarding the port across your firewall. So
have the outsid
Tom:
Heya. Quick suggestion: you have to restart your VNC
server after you change the AuthHosts setting. It reads those
settings on startup, *not* when a connection initiates. I
believe that TightVNC is smarter than this, but I've not found
a way to force AT&T VNC to re-read those settings
Steve:
Heya. Yes, Kaboodle makes use of the Gnutella protocol in
(what I think is) an interesting way. It goes like this:
Kaboodle's key feature (which will be part of 1.0, and
only works somewhat in 0.80) is a "personal VPN" capability. It's
a VPN-like technology targeted for use
Joe:
Heya. Give Kaboodle a try (http://www.Kaboodle.org). It
will auto-discover VNC *servers* on your network, though it doesn't
gather any version info about them. At the Kaboodle website, in the
Links section, I've listed a number of other VNC utilities that I've
heard celebrated on thi
Alex:
Hello! Thanks for the feedback. I've diced up your email and
have written some replies inline:
> I've thought of complaining about the interface graphics, but they kind
> of grow on you... and look low-bandwidth, too. :)
Honestly, I didn't like it all that much when it fir
Jon:
Heya. It's a bit early to suggest this, but you may
want to give Kaboodle a try. It comes with a "personal VPN"
service called GetEngaged. My intent here was to create a
point-to-point secure connection tool that was easy enough
for my Mom to use (she also has heart attacks over every
Ali:
Heya. Give Kaboodle a try. Install it on your WinNT
VNC server, start it up, and open the VNC icon. Click on the
Server Tab. Activate the "Access List" feature. It will put
the correct settings into your Windows registry to restrict
VNC connections from specific IP addresses you indi
Hee.
> You can find the new binary in the usual places:
>
> http://kaboodle.sourceforge.net
> http://www/kaboodle.org
That's "www.kaboodle.org" of course. Should have
been dictating...
-Scott
---
Heyaz. This is an announcement that version 0.80 of the Kaboodle
LAN-Management utility for Windows has been released. Woo. :)
Improvements from version 0.75 include:
1. Improved UI: devices now grouped by type. Up-arrow, Dn-arrow,
Page-Up, Page-Dn, Return (to open a device's
Tony:
Heya. The easiest thing to do is to setup the Netgear
box to do the port-mapping, and then put the IP address that
you want to allow to connect in the AuthHosts registry setting
for your VNC server. For some exact examples see the AuthHost
section of:
http://www.uk.research.att.com/
Mike:
That's a really good point about the proxy; it definitely
sounds as if Nick's workplace LAN is setup to use one.
Nick: using port 443 as Mike suggested should work. You
can forward your home-LAN LinkSys's external port 443 to port 5900
of the target VNC server, or forward it
Nick:
Heya. Sorry for the late reply. Most firewalls that a
company would use come "out of box" with only a handful of
external services reachable. That is, the firewalls will allow
anyone to connect to FTP, Telnet, HTTP, HTTPS and SMTP. That's
about it. For example, an "ICSA approved" fir
Avi:
Heya. Since you're using Linux, this problem turns out to be
pretty easy for you: use SSH. Most of the time, SSH is used as a
"secure telnet". But it has the great capability of being a secure
tunnel as well.
There's actually a page about it on the VNC website:
http://www.uk.
Jeff:
Heya. Some quick shameless self-promotion and then a
more useful answer. :) Kaboodle is a Windows application that
acts as a secure "wrapper" for VNC. It's free, it's GPL, but
it's in beta prototype now. Working on that. :)
On the Kaboodle webpage (http://kaboodle.sf.net) he
Randy:
Heya. Sounds like you're doing everything right. Three
things to try:
1. On your home Win98 box, what error message do you get when
you try to "telnet a.b.c.d 5900" from a DOS command line (where
a.b.c.d is the IP address of the external side of your work's
LinkSys box)? If it fail
Lonnie:
Heya. I'll update the echoWall.lrp package so that
it forwards the 58xx ports as well as the 59xx ones.
Thought I was reading the wrong list for a minute. :)
-Scott
>
> Date: Sun, 27 Jan 2002 01:49:33 -0500 (EST)
> From: "Lonnie Cumberland" <[EMAIL PROTECTED]>
> Subject:
Nate:
Heya. Am working now on enhancing Kaboodle to make what
you're trying to do a lot easier. Version 0.75 can be used to
securely tunnel the connection of one VNC viewer to one VNC server
on the same LAN. Version 0.80 will allow a VNC viewer to connect
to *multiple* VNC servers on a LAN
ks interesting.
>
> ANy possibility of implementing some sort of ActiveX support so it can
> be used via a control embedded in a web page or HTA?
>
> - - Original Message -
> From: "Scott C. Best" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
&
JPV:
Hello! Please have a look here:
http://kaboodle.sourceforge.net
Just posted a beta release, version 0.75 of Kaboodle, a
LAN management app with a "personal VPN" capability. It's got
VNC-Commander-like oversight of VNC servers on your LAN, and
includes the auto-detect
Chuck:
Heya. You've probably already discovered this, but there's
a registry setting you need to make to your VNC server machine to
allow loopback:
http://www.uk.research.att.com/vnc/winvnc.html
Down at the bottom, AllowLoopback. Or, even more aggressive,
try LoopbackOnly
Nate:
Heya. You're *so* close. :) The browser-based VNC
viewer is delivered to a requesting user via port 5800, which
you have correctly setup and forwarded in your firewall.
However...just like a regular VNC viewer...it *still* uses
the default port 5900 for data exchange.
So, do
Heyaz. Sorry to chime in so late to this, but I though
I might add some detail. I'm the developer of the echowall
firewall package for the LEAF/LRP Linux distro (lead.sf.net),
and I've learned a thing or two about supporting Netmeeting
thru a NAT'ing firewall/router.
Let me start
Gregg:
Heya. Some quick comments:
> 2) Let's see here:
> - - I don't think i can put a computer on the unprotected (WAN) side of the
> firewall, by defualt my routeer forces everthing behind the firewall.
> - - I put my PC directly on the net w/o the router/firewall and i still got a
Ed:
Heya. As someone else has already suggested, this is
likely a problem with the firewall at your workplace. As per
some ICSA specifications which a lot of firewall vendors like
to adhere to, allowing outgoing connections to any arbitrary
service is a problem. Only a small handful are "
Spencer:
Heya. Sorry for the late reply. Since you get as
far as the password prompt, it doesn't sound as if any of
the VPN setup is getting in the way. My experience with
the viewer "turning all black and then shutting down"
suggests to try a different viewer: the the browser, the
Tight
David:
Hello! I like these easy ones. :) You cannot
connect to the LAN from *outside* of the LAN because
of the security provided by the device which is
connecting that LAN to the Internet. Sometimes called
a firewall/router, sometimes called a gateway, sometimes
it's part of the DSL/Cable
Markus:
Hello! Try this:
1. Turn off SSH compression (the -C switch). Better/same/worse?
2. Instead of connecting with the vncviewer, telnet into
localhost:5901. Does it connect to an "RFB" prompt?
3. What version of viewer are you using? Might want to try
the Tridia or the TightVN
I've often wondered, and since someone asked me today
and I found myself without an answer, I thought I might ask
here: just how big is the VNC user group anyhow? Have the
AT&T guys ever posted any download stats? How 'bout Tridia?
Any leads appreciated!
thanks,
Scott
David:
Heya. Not to split hairs too much, and not as if I
ever tried this myself , but it should be possible with
to create a PPTP/IPSec tunnel, or even a secure bridge, with
both endpoints behind different firewalls. I've even heard
about CIPE being used on two 2.4 Linux boxes like thi
Asa:
Heya...
> how do you change your VNC server's http port?
From a few months back. Hope it helps!
-Scott
--
Date: Sun, 29 Apr 2001 20:41:32 +0100
From: "Seth Kneller" <[EMAIL PROTECTED]>
Subject: RE: Changing port number on VNC Server for NT
Kev
Brian:
Heya. It sounds as if your office-place firewall
and/or router (the Cisco and Sygate stuff) is causing the
problem. I've heard of something like this before, when
a user was running a viewer from behind a NAT'ing router,
and the masquerade timeouts on that router were too small.
Gerard:
Heya. I'd suggest not trying to work-around the
corporate firewall and SOCKS proxy, but rather to use them.
It's not optimal but...grab a copy of httptunnel, and setup
one side at work, and another side at home:
http://freshmeat.net/projects/httptunnel/
I
Shea:
Heya. Good progress. :) Some thoughts:
> I have vnc running successfully. I start the vncserver on box B, and
> then can log in w/ xvncviewer on B as well. I logged into my
> Firewall/Masq box and entered the last two commands. I tried to vnc
> to my ip C, today at work, but I di
Shea:
Heya. Fortunately, getting VNC running on your workstation
is the difficult part. :)
I wrote the echowall.lrp package for the LRP Linux distro,
a firewall configuration script. Here are the commands you need to
add to your firewall setup to get VNC to work:
ipchains -A input
Apologies as warranted for the solicitous tone in
this email. The story:
I started a company a few years ago to develop a
"personal VPN" application for Windoze PC's. Spent a lot
of my own money, got prototype, and even some interested
partners. However, with the recent downturn in
Nick:
Heya. It may have something to do with the firewall/proxy
you have at work not being happy about allowing replies back
from anything but the "common services", such as HTTP or TELNET.
So what you might want to try is setting up your home VNC server
to run its service on port 80 inst
Saleel:
Hello! So, if you have the server running on A, and you
type "telnet 5900" from a command-line on
machine-B, what happens? You *should* see a response something
like "RFB 3.0"
This will help narrow down the LAN problems you're having.
Write back when you get it this far..
ll the help
I can offer has been.
Good luck!
cheers,
Scott
On Thu, 17 May 2001, Mike Miller wrote:
> On Wed, 16 May 2001, Scott C. Best wrote:
>
> > > If I run nmap on another machine as follows:
> > >
> > > nmap -p 6001 host.machine
> >
> >
Mike:
Hello! Some thoughts on what you're seeing:
> If I run nmap on another machine as follows:
>
> nmap -p 6001 host.machine
Instead of running nmap on all those ports (the
-p , without the number, scans all the low numbered
ports <1024, plus any that come with the nmap config
Adam:
Heya. In case you hadn't gotten it yet:
> Hey Bud I looked at your email and it's exactlly my problem
>
> I insatlled ICS on WinSE and now can't connect.
>
> By anychance do you have that info you where talking about? Can you
> send it to me if you do PLEASE
Here's the i
Goeran:
Hello! My guess would be that there's a firewall
of some sort protecting the VNC server, and it has been
configured to allow 5900 through, but not 5800. Is there
any way you can check the firewall setup?
Good luck!
-Scott
> Know anyone why I cannot acces via the java view
Fred:
Hello! Hope your first days of VNC have not been
too intimidating. :)
In general, TW has given you some good information.
VNC is not incredibly "secure" as it was designed to be
optimally convenient. And, of course, convenience is the
opposite of security.
That is *no
Harmen:
Heya. Some quick comments:
> I don't see how having another machine at a home-LAN would help,
> and why Win98 can't do network tricks (although I have no experience
> with it 98).
My experience with making Win98 do networking tricks is
about as vast. Though my
Kevin:
Hello! Quick thought, perhaps it's nothing:
> Now I am presented with the applet login. However, now when I
> login it gives me the following error message:
>
> com.ms.security.SecurityExceptionEx[rfbProto.]: cannot connect to
> "10.1.0.15"
>
> Here is the HTML code. Keep in min
Steve:
Heya. Regarding your last note:
> Imagine if someone were to make a windows package which included VNC,
> a SSH client and an FTP client, along with a common configuration
> procedure. I think this would be quite popular and adequately address
> Steve Bostedor's and many other pos
Raji:
Hello! As Harmen wrote, I'm a big fan of:
> http://www.nocrew.org/software/httptunnel.html
I found it terribly easy to setup. Source compiles
quickly, giving two binaries: htc and htc. You run htc
at your workplace, telling it to forward port (for
example) on your loc
Mario:
Hello!
> I am trying to connect to remote win vnc server using ie browser.
> Get error:
>
> "RFB 003 003"
>
> Remote win vnc behind firewall. I am able to connect without using
> browser.
>
> Any suggestions?
Yes, you've got quite the problem to have: functionality. :
Jeroen:
Hello!
> So the connection is made on the "portnumber-100" and after the applet
> is started the connection continues on "portnumber"?
> If 3000 is an open port in the firewall and 3100 is not then I still can't
> get through? Or am I interpreting something completely false
Steve:
Wow, funky. You cannot do it with any standard firewall
config utilities that I know of. But try this:
http://freshmeat.net/projects/nportredird/
Never used it myself, but it sounds like exactly what
you're looking for. Drop a note if it works. :)
cheers,
Florian:
Hello!
> Date: Wed, 7 Mar 2001 16:10:02 +0100
> From: "Werbinek, Florian" <[EMAIL PROTECTED]>
> Subject: log vnc activity
>
> is there any possibility to log vnc activity (inbound only
> necessary)?
I log connections here at the firewall. So instead
of a rule which l
Dave:
Heya. PDF turned out larger than I thought it would,
so I'll post it rather than spam your inbox:
ftp://ftp.echogent.com/docs/FTP_and_Firewalls.pdf
Any feedback of course appreciated. I'm thinking
this is version 0.9, and I'll knock it into 1.0 shape and
get it onto Sourcef
Jordan:
Hello! Can't...help...myself...must...answer...;)
> As far as using FTP in passive mode, can you tell me how to get this to
> work when both machines are behind a "one-to-many" NAT? I was pretty
> sure the FTP protocol required 2 connections, one for control and one
> for data.
Mario:
Hello! A thought for you:
>I get a "java.net:connect exception:connection refused" error when
> I am connecting to a vcn server.
Yes, try this: telnet to the vnc server you're trying to
connect with. Specifically: "telnet aaa.bbb.ccc.ddd 5900" where
aaa.bbb.ccc.ddd is the
MF:
Heya. In addition to Lyle's spot-on comment, here
are two other thoughts for you:
> Server win nt -- 192.xxx.xxx.xx1
> Subnet - 192.xxx.xxx.254
Typically a netmask looks like "255.255.255.0" for
the 192.168.x.x address range you're using.
> Dsl router open ports setup:
Eric:
Two quick questions for ya:
1. Have you ever gotten the LinkSys box to forward any ports?
I mean, not just for VNC, for anything. Sometimes you have
to specify *opening* the port, as well as specifiying that
you want to *forward* it; two-steps.
2. Next time you've got the
Ric:
Hello! Actually...this solution worries me:
> 1. Go to "Network and Dialup Connections"
> 2. Double-click on the network card that is connected to the Internet
> 3. Hit the Properties button
> 4. Hit the Sharing tab
> 5. Hit the Settings button
> 6. Hit the Services tab
> 7. H
Graham:
Heya. Let me just be sure I heard you:
> Well, see James' comment. If you can see it over the network, you can
> run regedt32 against it. IIRC, though, the password is encrypted in the
> registry anyway (And VNC does not allow blank passwords, so simply
> deleting it is o
John:
Hello! Some NAT thoughts for you:
> For those who have successfully run zebedee over roadrunner, a
> question:
> Do you know if your local roadrunner is using NAT?
What is the address your local ISP is giving you? If
it starts with 192.168.x.x, or 172.x.x.x, or 10.x.x.x the
> I have an unexpected situation working with VNC. My job is
> incredebly.
Incredible indeed. Five gets you ten that someone just
wants to know how to crack into a VNC server they know about.
People should just *ask* without the elaborate cover story.
-Scott
--
Ariane:
Hello! Some quick questions and suggestions:
> I have read the FAQ's about setting up VNC to run through a firewall, but
> was left a bit confused. Can anyone help?
> My Win2k PC sits behind a firewall. The VNC server is outside the firewall.
> Exactly what ports do I need to o
Jonathan:
Hello! First off, my apologies for my perceived role
as "director of improvement prevention". :) Hope the discussion
proves at all useful.
> ...If the encrypted key from the server was
> sniffed (or retrieved by connecting to the server), it could be replayed
> to a cl
John:
Hello! Quick thought for you:
>4. Both will connect through the router to my VNC server at work
> (Linux) w/o zebedee just fine.
I suspect that the firewall at your workplace is specifically
configured to allow you to connect to some specific port range on that
L
Jonathon:
Heya. Sorry, I should have been more clear:
> Scott mentions the difficulties of revoking a compromised key. In the
> context of VNC, how difficult does this have to be? Initial host-key
> exchange is done using a "key password" which can be changed by the
> user by physical
Jonathan:
Hello! Quick two comments:
> If someone can give me a SINGLE example of a protocol which is NOT
> susceptible to the above attack (which can be practised by any host
> capable of both listening to and modifying the packet stream, eg. a
> rogue or compromised router or f
Heyaz. Could someone please point me to a URL for
a mini-HOWTO on running VNC over a SSH tunnel? Thanks in
advance!
-Scott
-
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See als
67 matches
Mail list logo
