I use ssh to establish a connection to the remote LAN,
using Stajano's method,
http://www.uk.research.att.com/vnc/sshwin.html
This gets me encryption, but I don't see how this prevents
others from brute force trying to connect to the server.
Could someone please enlighten me on this, or point me
to an informative page or thread? Thanks.
Fred
-------------------------------------------
Fred Ma
Department of Electronics
Carleton University, Mackenzie Building
1125 Colonel By Drive
Ottawa, Ontario
Canada K1S 5B6
[EMAIL PROTECTED]
===========================================
>
> Date: Tue, 21 May 2002 18:31:21 -0400
> From: Glenn Mabbutt <[EMAIL PROTECTED]>
> Subject: RE: Security Risk?
>
> No, these risks and others still exist. If security is a necessity (ie,
> outside of a local network, or even inside one if nosy people exist), one
> normally tunnels the VNC session inside of SSH or Zebedee or other encrypted
> tunnel. There are a couple of patches to do NT domain authentication, and
> there are a couple of "secure VNC" projects floating around (try a Google
> search), but for the most part, people tunnel.
>
> - -----Original Message-----
> From: Paul Simon [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 21, 2002 5:00 PM
> To: [EMAIL PROTECTED]
> Subject: Security Risk?
>
> Am I correct in these three assumptions?
>
> 1, this link is talking about the unix version 3.3.3r1
> 2, this crack is isolated to that specific version
> 3, vnc in it's current rev, has no known security issues?
>
> http://www.securiteam.com/tools/Brute_forcing_VNC_passwords.html
>
> Thanks
---------------------------------------------------------------------
To unsubscribe, mail [EMAIL PROTECTED] with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
