It would be nice to be able to audit my network to see if there were any clients vulnerable to said exploit. It works both ways.
Security through obscurity is folly. If the port is open then it is open. Reporting the version is after the fact. ---------------------------------------------------- This mailbox protected from junk email by Matador from MailFrontier, Inc. http://info.mailfrontier.com -----Original Message----- From: William Hooper [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2003 11:38 AM To: [EMAIL PROTECTED] Subject: RE: Wish: Version Query :VSMail mx2 > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve Bostedor > Ya know, it'd be cool if there was a way to connect to the > VNC port on a computer, issue a command, and get back the > flavor and version that is running on that computer. If > anybody feels like adding new features to VNC, this would be awesome! > > -Steve Bostedor For this to be useful EVERY version of VNC would need to include it, so older versions would still be unknown. This would also be a unnecessary security risk. If you know what flavor/version of VNC is running you can use a (hypothetical) exploit against people that haven't updated. Assuming all the versions conform to the VNC spec, the clients and servers can be interchanged with a basic level of compatibility without this information. -- William Hooper _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] http://www.realvnc.com/mailman/listinfo/vnc-list
