Re: Access from office to home

Fri, 03 May 2002 10:20:14 -0700 

Joe:
        Heya. Your VNC Server (which I presume is running at home,
behind your firewall appliance) will always listen to the port you
tell it to. By default that's 5900.
        Your VNC Viewer (which I presume is running at work), on the
other hand, will use whatever port the OS gives to it. Typically, it
will be in the range of 1024 to 49151 (a pretty big range!). The IANA,
which manages which port is associated with which service, calls this
range the "Registered Port Numbers". Quote:

"The Registered Ports are listed by the IANA and on most systems
can be used by ordinary user processes or programs executed by ordinary
users."

        Despite how much we like it, your VNC Viewer is one of these
"ordinary user processes". :) Most every time, the port number associated
with a client-initiated connection will be randomly assigned (bounded,
but random).

        Blocking the connection based on IP address, at your firewall,
is a Good Idea. You can also use AuthHosts in VNC itself to block
based on IP Address. If you're really interested in securing it even
further, I would suggest setting up an SSH tunnel, and instructing
VNC to listen only to these sorts of connections. More info on SSH
and VNC at the AT&T site, of course.

        Hope this helps!

-Scott

> Date: Thu, 2 May 2002 18:59:54 -0700
> From: "Joe Michael" <[EMAIL PROTECTED]>
> Subject: Access from office to home
>
> I'm trying to access the home PC (A) from the office PC (B)....
>
> But can I program the port that computer A uses to connect to B ??
>
> My firewall is asking for a TCP/IP address and port number ..
> If I dont put in a port number it works fine, But I want to secure it
> further..
>
> I'm looking to tell computer A to use perhaps port 1214 to connect to B on
> port 5900.
>
> Every time I check the active ports I see VNC uses different ports to
> connect to computer B.
>
> But computer B always uses port 5900 ..
>
> Any takers on this ???
>
> Thanks in advance....
>
> Joe.
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------

Reply via email to