James,
>> James Weatherall asked "Why do people want to move the VNC port under
100"
>>
>> Because many of us behind corporate firewall's and Proxy's are only
allowed
>> to talk to the outside world on port 80.
> This worries me. Sending VNC through your firewall in this manner is
> equivalent in security terms to using telnet through it. You may as well
> enable the telnet and VNC ports, or just remove the firewall entirely.
> The fact that only port 80 is available is in some sense a red herring.
In
> reality, it should be the case that the only *protocol* available is HTTP,
> since any other (telnet or VNC) is likely to have security
vulnerabilities.
I didn't describe this very well the first time. The reason that I can't
use the native viewer is that the firewall *doesn't* allow anything out port
80 except http protocol. I also have to go through a proxy server. This is
why I was trying to get the browser to be able to work.
> Ideally, in addition to HTTP, the SSH (Secure SHell) port should be open
and
> secure shell services should be running inside your company. This allows
> almost any other protocol, including VNC, to be used without needing to
> change the ports it uses, and with the same degree of security your
> sysadmins are really trying to maintain by using the firewall in the first
> place.
> The problem you are seeing when you connect to your VNC server, by the
way,
> is that you are connecting to the port on which the VNC protocol runs, not
> the HTTP part of the VNC server. This means you should be connecting to
the
> target machine with a native VNC viewer.
I thought that by setting the VNC server port to listen on port 80, It would
allow the VNC protocol to run on *same* port as the http part of the VNC
server, thereby allowing the browser to do everything through the firewall
with the http protocol. I obviously still don't understand this. Is there
any way to do what I was trying?
> Sorry if the above sounds like a rant but it's extremely important to
> remember the *intended* effect of imposing a firewall, not just the
> resulting limitations.
> Cheers!
> James "Wez" Weatherall
> --
> "The path to enlightenment is /usr/bin/enlightenment"
> Laboratory for Communications Engineering, Cambridge - Tel : 766513
> AT&T Labs Cambridge, UK - Tel : 343000
Steve Gordon
Motorola - Engineering Computing
Global Telecom Solutions Sector
(817) 245-6811
[EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
