Thread: Re: Okay, a not quite newbie question
Brought to you by:
anton19286,
const_k
From: <jm...@bi...> - 2006-07-20 15:56:13
|
Allen, I have one XP machine up and running -- I can't remember exactly, but it = appears as if it's very close to or exactly the same as the W2k install. It appears that you have a stronger understanding of computer security = than I do -- so trust your instincts. A static IP on your side is a = nice security measure, but could someone spoof it? =20 I am more comfortable leaving a SSH port open than a VNC port open -- my = mantra is to run a tight ship -- and to minimize risk, especially where = I may not understand it 100%. =20 Call me paranoid -- but given the option, I prefer to encrypt everything = I can. =20 John ------------------------------ Message: 2 Date: Wed, 19 Jul 2006 19:50:53 -0700 From: Allen <net...@so...> Subject: Re: VNC-Tight-list Digest, Vol 2, Issue 11 To: vnc...@li... Message-ID: <44B...@so...> Content-Type: text/plain; charset=3DISO-8859-1; format=3Dflowed John, I've read your process and have a fairly clear grasp of what is going on. I really only have a couple of questions. The first is that I assume the process is the same for W2K as XP, right? The second is that I'm not clear on what you mean by: > Theory: First of all, it's a *really* bad idea to forward 5900 > through your modem -- VNC is (a) not a secure transmission, so any > motivated cracker with a sniffer can watch exactly what you're doing > and typing, including passreplaces,=20 Yes, I understand most VNC servers/clients are not encrypted, but unless = there is DNS cache poisoning, ARP flooding or a couple of other corner=20 cases where the attacker is already on their local LAN, how is someone=20 going to sniff traffic over the hardwire Internet without being on the=20 same pipe using a man in the middle attack? Wireless I can see, but=20 hardwire? I'd like to understand how this type of attack would work.=20 Since it is mostly OT to this list you can write directly to me if the=20 list would prefer. In my case, I have a dotted quad fixed IP address and my parents are on=20 a dynamic dotted quad IP for the WAN. Assuming that the server is on my=20 parents end and they have the connection set to only accept a connection = from my IP address and using the password I know, how does an attacker=20 get the data flow unless they have compromised a router in between? I'm certainly not saying that it can't be done, I just can't visualize = it. Thanks, Allen |