RE: VNC Manager only free for personal use

[Steve Bostedor]

Hi,
  Should we carry this on in direct email to keep from bothering the VNC
guru's.  ;)  I was thinking about using password support in VNCScan once I
find a way to prevent hackers from taking advantage of that feature.  I notice
yours does, but it is easy to gain the password from the console if it is left
unprotected.  Just highlighting the text field reveals the password.  I think
it's VNCManager that also supports this, but the password is stored in the
database in a seemingly easy to crack format.  If I decide to allow saved
passwords, I'll need to make an encrypted password file or password protect
the database or something.  I've been going over the idea for quite some time
and I even have a test version that does.  I just don't want to unleash it on
the rest of the world unless I'm 100% sure that it is secure.  Saving
passwords is a convenience, security is a necessity.

-----Original Message-----
From: Alastair Burr [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 12, 2002 12:31 PM
To: [EMAIL PROTECTED]
Subject: RE: VNC Manager only free for personal use


It is always interesting to hear what other developers think :) I
personnaly prefer windows, but that is due to it being so widespread,
and appears to be the standard. I just wish vnc had the ability to use
nt authentication, instead of its set encryption algorithm (where the
source is freely available which makes it easier to intercept and
decrypt), but I guess this will be done at some point if it is possible.

At the moment the timeout in VNCon is set as 3 seconds, but will change
that soon. VNCon was created around using a domain scan, and not an ip
scan, but the domain scan shows all computers turned on and not just
those running vnc, so now you can do a domain scan (on windows
networks), then check the results to see which are running vnc. This
method is far faster than purely doing an ip scan.

VNCon also has exporting tools, but these are user customisable to allow
any text based file format be created with information contained in the
computer list by using the new custom list exporter. So you can make
html pages, installation scripts etc. (read documentation for more info)

Also, does VNCScan have password support? Anyway, I am unsure of
Microsofts .NET strategy on taking over the world, but I guess we will
have to accept it (grudgingly) :) It would be nice though if all the
people who are continuing to sue Microsoft about this internet explorer
bundled with the operating system disagreement, would just let it slide
and not continue to waste billions of dollars on court cases which in
turn raise the price of all Microsofts products, ah well.. thats just
my small opinion :)

Regards, Alastair Burr


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Steve Bostedor
Sent: 12 March 2002 13:55
To: [EMAIL PROTECTED]
Subject: RE: VNC Manager only free for personal use


        This thread is turning good.  ;)  It's all in good spirit.  I'm
sure the *NIX
guys are saying "'common, what's all this scanner fuss about, we have
NMAP!"
;)  We Windowz users like a GUI for everything.  The easier it is for us
Windows users, the more VNC is going to get adopted and taken seriously.
Each
of the authors of software like VNCScan are very nice people and I enjoy
dialog with you all.  Here is some clarity on the situation, though:
        You can speed up VNCScan by placing a smaller timeout value for
the scan.  I
can scan my entire class C (local LAN) in 60 seconds by setting the
timeout to
1.  Your times will be less if you don't have as many hosts that need to
be
resolved.  I did modularize the scanning code to make way for
multithreaded
scanning.  I was holding off on implementing this until I was more
familiar
with .NET.
        I plan on releasing a version under the .NET framework that will
do just that
and the way that the code is written will make it very easy.  I also
want to
take into account the new IDS systems in place in most security
conscious
organizations.  If I start multithreading and pounding networks with
connection attempts, it's more likely to trip the IDS systems.  Maybe
I'll
make it an option that can be turned off.
        I describe it as advanced because you can do background scans
and export them
to HTML, scan multiple ranges (in order or not), remembers state
information
like if the computer responded on the last scan or not (this goes three
levels
deep), can be set to a custom timeout based on network conditions,  and
can be
invoked as an object in code; making it reusable in many ways.  Here are
some
key features of VNCScan:

        * Multiple IP ranges per scanning group (already pointed out)

        * Unlimited Grouped scans (others have this feature too - in a
limited way)

        * Scans are saved in the popular Access 2000 database (great for
reporting
and editing)

        * Scans can be exported to an HTML table with links to use the
Java front
end

        * Can be made to operate in a "background" timed scanning mode
that updates
the web page at a central location
        
        * Connection state is remembered between scans (next version
will place
timestamps, also)

        * Browse mode allows integrated management via tabs and the java
browser
interface (great for many connections at once)

        * Both global and individual command line switches (with
inheritance)

        * A preview of the command line in the status bar for double
checking custom
switches

        * Comments that are remembered even after a rescan

        * Each computer can be edited by hand if need be

        * Computers can be added or deleted individually (they don't
need to be
collected from a scan to be managed)

        * You can view your list in Basic or detailed view.

        * You can save a group of computers to another group name.
(makes it easy to
create duplicate groups that you can edit later)

        * Many more to come...

-----------------------------End of transmission
-------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------