Stupid question

dpuckett · Post by **dpuckett** » 2007-03-21 16:41

I have things working fine using a repeater. What I have concerns about is that during my testing when I connect to the repeater using 'vncviewer_ssl.exe' I do not have to authenticate myself. What would prevent an attacker from connection to a repeater and simply attempting to connect to random ID:Numbers. Is there a simple way to prevent this?

snobs · Post by **snobs** » 2007-03-21 18:10

nothing would prevent it... but at first it is very unlikely that a customer (server) connects to the repeater while someone bad connects to it (with ssl client) and second: the one i am talking about has even has to use the same ID.

dpuckett · Post by **dpuckett** » 2007-03-21 18:49

Is there any way to restrict which addresses are allowed to connect from a vncviewer_ssl without breaking the server side connection, since they both connect over port 443?

dpuckett · Post by **dpuckett** » 2007-03-23 01:00

Actually I have my answer. Simply use RC4 Encryption with a new key to ensure end2end encryption should protect againts certain attacks. If someone could post snobs "create your own certificate" util I would feel much more confident in implementing. Thanks

snobs · Post by **snobs** » 2007-04-02 21:38

there is a working link again - look into my post...

and an additional encryption is overhead... if you use SC3 there is already ssl encryption, which should do the job...

dpuckett · Post by **dpuckett** » 2007-04-10 12:37

Thank you snobs. As far as encryption goes. Does using SSL only create a 'gap' at the repeater where both ends are unencrypted? That is how I perceived it where using RC4 is true end2end. Or am I wrong?

UltraVNC

Stupid question

Stupid question

Re: Stupid question

Re: Stupid question

Re: Stupid question

Re: Stupid question

Re: Stupid question