> James Weatherall asked "Why do people want to move the VNC port under 100"
>
> Because many of us behind corporate firewall's and Proxy's are only
allowed
> to talk to the outside world on port 80.
This worries me. Sending VNC through your firewall in this manner is
equivalent in security terms to using telnet through it. You may as well
enable the telnet and VNC ports, or just remove the firewall entirely.
The fact that only port 80 is available is in some sense a red herring. In
reality, it should be the case that the only *protocol* available is HTTP,
since any other (telnet or VNC) is likely to have security vulnerabilities.
Ideally, in addition to HTTP, the SSH (Secure SHell) port should be open and
secure shell services should be running inside your company. This allows
almost any other protocol, including VNC, to be used without needing to
change the ports it uses, and with the same degree of security your
sysadmins are really trying to maintain by using the firewall in the first
place.
The problem you are seeing when you connect to your VNC server, by the way,
is that you are connecting to the port on which the VNC protocol runs, not
the HTTP part of the VNC server. This means you should be connecting to the
target machine with a native VNC viewer.
Sorry if the above sounds like a rant but it's extremely important to
remember the *intended* effect of imposing a firewall, not just the
resulting limitations.
Cheers!
James "Wez" Weatherall
--
"The path to enlightenment is /usr/bin/enlightenment"
Laboratory for Communications Engineering, Cambridge - Tel : 766513
AT&T Labs Cambridge, UK - Tel : 343000
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
