Hi,
I'm very impressed, having just installed UltraVNC. I had a couple of quick questions I haven't been able to answer from browsing messages.
It appears that I can not use the DSM plug in and the web-accessed viewer. Is that correct? I don't even get the page using the web-based viewer - I get a message that the server is not an RFB server.
I did have another quick question - if one doesn't use the DSM plug-in, and is using MS Login, is it safe to assume that at least the login is encrypted? Also, if one doesn't use the DSM plug-in, in what form is text transmitted between the viewer and the server -- is it in plain view, or in at least a binary format. I'm wondering how vulnerable I really am if I at least the authenitcation is encrypted.
Thanks very much,
Gordon
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Question on use of DSM plug-in
Gordon,
#1. The Java viewer does not incorporate the DSM interface, so, No, the Java viewer can't connect to an encrypted server.
The plugin encrypts EVERYTHING including the initial RFB protocol negotiation, so that's why the Java viewer doesn't even recognize it as a VNC server.
#2. The password exchange is 3DES encrypted. 3DES is old...
#3. Text (keystrokes) are sent as key-codes. To the casual user, unintelligible. There are tools that can record and play-back VNC sessions though.
The biggest issue (in my mind) is that the unencrypted VNC server will respond with a password prompt to anyone with a VNC viewer. Sure there is some code in the server to "slow down" a dictionary attack, but the password is ONLY 8 characters.
Using the plugin, the server won't connect unless the viewer supports the plugin, and has your pre-shared key. Kinda stops dictionary attacks in their tracks.
Sean
#1. The Java viewer does not incorporate the DSM interface, so, No, the Java viewer can't connect to an encrypted server.
The plugin encrypts EVERYTHING including the initial RFB protocol negotiation, so that's why the Java viewer doesn't even recognize it as a VNC server.
#2. The password exchange is 3DES encrypted. 3DES is old...
#3. Text (keystrokes) are sent as key-codes. To the casual user, unintelligible. There are tools that can record and play-back VNC sessions though.
The biggest issue (in my mind) is that the unencrypted VNC server will respond with a password prompt to anyone with a VNC viewer. Sure there is some code in the server to "slow down" a dictionary attack, but the password is ONLY 8 characters.
Using the plugin, the server won't connect unless the viewer supports the plugin, and has your pre-shared key. Kinda stops dictionary attacks in their tracks.
Sean
Last edited by scovel on 2005-04-19 02:27, edited 1 time in total.