Re: VNC 4.0 on Soalris 8 with inetd
Alasdair Ferro wrote: Hello, I hope you can help, as google et. al have proved unable to! I am running VNC4.0 on Solaris 8 (2/04), via inetd. My inetd.conf line is thus: vnc-1152x864x24 stream tcp nowait root /space/tools/bin/Xvnc Xvnc -inetd -query localhost -once -geometry 1152x864 -depth 24 -SecurityTypes=None -desktop=baltar-Sol8 -fp tcp/baltar:7100 I can start a session via vncviewer, and get the CDE login prompt. I can enter a username password, but then the VNCviewer window simply disappears. vncviewer informs me end of stream and nothing else. I've looked at /var/dt/Xerrors: /usr/openwin/bin/xset: bad font path element (#38), possible causes are: Directory does not exist or has wrong permissions Directory missing fonts.dir Incorrect font server address or syntax Warning: Null child found in argumnet list to unmanage dtlogin: recieved signal 11 This indicates CDE, which services your login is quitting, its not vnc to blame for this, Xvnc just quits because it is instructed to do so by dtlogin. I don't think the fontpath is the problem, better look at the warning. Success, CBee I've looked at the font path from xset -q, and all the dirs exist and contain a fonts.dir. I've modified them all to be 777, so permissions should be fine (they have 7x5 all the way down the path). I guess I'm seeing dtlogin dying, but I've no idea why - where do I need to be looking? Thanks for your help, Alasdair Ferro. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Build vnc-4.0.8 in Federo 3 box
Hi Anyone try to build vnc-4.0.8 in a Federo 3 box? I install the vnc-4.0.8 source code from Federo 3 distribution, and try to build the vnc server with xorg-x11-6.8.1-4 source files, which is disbributed with vnc-4.0.8 souce rpm. But the build failed in the final link step. I get many errors like: undefine reference to 'operator[](unsigned int)' ../../../rfb/librfb.a(Confiuration.o)(.text+0x71a): In function rfb::intParameter::getDefaultStr()const': Any one has ever been built vnc in a Federo 3 box? Any hint on this problem? The README file in the vnc source directory state: You could also try the original X.org tree available from http://www.x.org but this does not build as easily because of lack of support for C++. What does this means? It seems to me, support of C++ is from compiler, not from X Windows. Any help would be highly appreciated. Thanks. Tom _ Dont just search. Find. Check out the new MSN Search! http://search.msn.click-url.com/go/onm00200636ave/direct/01/ ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: CPU overloading in WinVNC connecting to Linux box
Nicholas, Check the task manager on your notebook to see what is causing the CPU usage. I'd bet it's kernel CPU usage (i.e. the CPU usage bar will mostly be red), and that it's caused by some sort of problem with your operating system drivers. VNC 4.0 and VNC 3.3.7 are completely different codebases, so a CPU-hogging bug in one is unlikely to also exist in the other. More importantly, if an application using the CPU can cause your laptop to overheat then there is something seriously wrong with its internal temperature control, indicating either a power management driver problem or a hardware fault. Regards, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicholas Keown Sent: 01 March 2005 23:30 To: vnc-list@realvnc.com Subject: CPU overloading in WinVNC connecting to Linux box My CPU is maxing out causing overheating on my notebook when connecting to a Linux Fedora Core 3 box. I use this application to connect to windows machines with no issues. I have downloaded and tested the viewers for v4.0 and 3.3.7 and the result is the same - maximum CPU usage on my windows client machine. Can anyone advise a fix for this? Can I configure the vncserver on the linux box to minimise this, and if so what configuration/file is used? Thanks. Nicholas ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Java VNC Viewer - More than 256 Colors?
Takahiro, The VNC Viewer for Java currently supports only 256 colours, for compatibility reasons. We do plan to add higher colour support in a future release. Note that this is a limitation of the Java Viewer only - native VNC Viewers for Windows, Linux etc support a full set of colour settings. Regards, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Takahiro Horie Sent: 02 March 2005 01:38 To: vnc-list@realvnc.com Subject: Java VNC Viewer - More than 256 Colors? Hello, Im running VNC 4 and the java vnc viewer. I notice that my only choice is 256 colors. Is there a way to use higher colors? Thanks, Takahiro ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Stealth Connections?
Pedro, No, this is not supported by the standard VNC releases, which are designed specifically to ensure that the local user is aware of their presence. Regards, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of phermi Sent: 01 March 2005 15:35 To: vnc-list@realvnc.com Subject: Stealth Connections? Hello, Is there a way to connect a VNC Viewer to a VNC Server and not getting the VNC Server system try icon to change its color? Thanks in advance. Pedro Hermida Cel.: 954-822-2942 Important Note This message was sent to you from Pedro Hermida's e-mail account at Hotmail. Pedro Hermida does not guaranty you that the message body or its attachments will arrive, as they were sent, free of worms, hoaxes or viruses of any kind. Please take the appropriated measures to protect yourself. The content of this communication is confidential, between the recipients and may be legally privileged. If you are not the intended recipient, do not read or disclose to others, notify the sender by replying this e-mail, and delete this communication from your system right away. Failure to follow this process may be unlawful. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: CPU overloading in WinVNC connecting to Linux box
James, thank for the reply. The task causing the problem is vncviewer.exe, hogging between 50 and 70% of CPU constantly, causing overheating of my windows notebook. When I connect to a windows box, there is no problem. I thought it could be related to the polling etc on the linux box, and was wondering if these setting can be altered for a standard fedora 3 install as a test. Has knowone else had these sorts of problems? I have seen it in other threads here, but it was blammed on a buggy earlier version. Thanks. James Weatherall wrote: Nicholas, Check the task manager on your notebook to see what is causing the CPU usage. I'd bet it's kernel CPU usage (i.e. the CPU usage bar will mostly be red), and that it's caused by some sort of problem with your operating system drivers. VNC 4.0 and VNC 3.3.7 are completely different codebases, so a CPU-hogging bug in one is unlikely to also exist in the other. More importantly, if an application using the CPU can cause your laptop to overheat then there is something seriously wrong with its internal temperature control, indicating either a power management driver problem or a hardware fault. Regards, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicholas Keown Sent: 01 March 2005 23:30 To: vnc-list@realvnc.com Subject: CPU overloading in WinVNC connecting to Linux box My CPU is maxing out causing overheating on my notebook when connecting to a Linux Fedora Core 3 box. I use this application to connect to windows machines with no issues. I have downloaded and tested the viewers for v4.0 and 3.3.7 and the result is the same - maximum CPU usage on my windows client machine. Can anyone advise a fix for this? Can I configure the vncserver on the linux box to minimise this, and if so what configuration/file is used? Thanks. Nicholas ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: CPU overloading in WinVNC connecting to Linux box
Nicholas, VNC Viewer will only run when there are incoming updates to be processed. This will be the case if your remote desktop is changing rapidly, for example. VNC Viewer 3.3.7 will tend to consume more CPU, because it uses a less efficient method to draw the changes. Xvnc does not need to use polling to detect changes - since it is the X server, it is implicitly aware of all the changes that are taking place. To reiterate: - The only reason that VNC Viewer would use CPU cycles is if it is processing incoming updates, i.e. if things are changing on the VNC Server's desktop. - If your laptop is overheating then there is something fundamentally wrong with either its power management drivers or its hardware. Application software cannot cause a healthy system to overheat! Regards, Wez @ RealVNC Ltd. -Original Message- From: Nicholas Keown [mailto:[EMAIL PROTECTED] Sent: 02 March 2005 11:47 To: James Weatherall Cc: vnc-list@realvnc.com Subject: Re: CPU overloading in WinVNC connecting to Linux box James, thank for the reply. The task causing the problem is vncviewer.exe, hogging between 50 and 70% of CPU constantly, causing overheating of my windows notebook. When I connect to a windows box, there is no problem. I thought it could be related to the polling etc on the linux box, and was wondering if these setting can be altered for a standard fedora 3 install as a test. Has knowone else had these sorts of problems? I have seen it in other threads here, but it was blammed on a buggy earlier version. Thanks. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Hamachi
I'm very surprised to have only received one reply to the post about Hamachi. I would've thought that more users would have been able to fix their connection problems with it. Anyway, just for anyone interested in checking it out: http://hamachi.cc ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: VNC 4.0 on Soalris 8 with inetd
CBee the rest of the list :-) I'd begun to wonder if it was a CDE issue. I've tried an Openwindows login, but that fails in the same way. I've googled for the warning, with no joy - any suggestions on something else to try? I'm very much feeling my way around Solaris, so do suggest things that you think are obvious! Thanks, Alasdair I hope you can help, as google et. al have proved unable to! I am running VNC4.0 on Solaris 8 (2/04), via inetd. My inetd.conf line is thus: vnc-1152x864x24 stream tcp nowait root /space/tools/bin/Xvnc Xvnc -inetd -query localhost -once -geometry 1152x864 -depth 24 -SecurityTypes=None -desktop=baltar-Sol8 -fp tcp/baltar:7100 I can start a session via vncviewer, and get the CDE login prompt. I can enter a username password, but then the VNCviewer window simply disappears. vncviewer informs me end of stream and nothing else. I've looked at /var/dt/Xerrors: /usr/openwin/bin/xset: bad font path element (#38), possible causes are: Directory does not exist or has wrong permissions Directory missing fonts.dir Incorrect font server address or syntax Warning: Null child found in argumnet list to unmanage dtlogin: recieved signal 11 This indicates CDE, which services your login is quitting, its not vnc to blame for this, Xvnc just quits because it is instructed to do so by dtlogin. I don't think the fontpath is the problem, better look at the warning. -- Alasdair Ferro SpiraTech Ltd, Product Conformance Engineer Carrington Business Park, mailto:[EMAIL PROTECTED]Manchester, Work: +44 (0)161 776 4582 M31 4ZU, U.K. http://www.spiratech.com This email and any files transmitted with it are confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed. If you have received this in error, please contact the sender and delete the material immediately. Whilst this email has been swept for viruses, you should carry out your own virus check before opening any attachment. SpiraTech Ltd accepts no liability for any loss or damage which may be caused by software viruses or interception or interruption of this email. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: Hamachi
[EMAIL PROTECTED] wrote: I'm very surprised to have only received one reply to the post about Hamachi. I would've thought that more users would have been able to fix their connection problems with it. Anyway, just for anyone interested in checking it out: http://hamachi.cc I'm interestd in it, just haven't had time to check it out this week. I will hopefully later this week or early next week. Thanks, Zach ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
My my... Perhaps...just what the RealVNC list needed. All the previous posts on port forwarding, sshconverged into a simple interface. Whilst I would assume the majority of users are not technically inclined and putty is a great front end, the difficulties of implementing the open source SSH servers for the average Window users is noted. Unless, of course the average user is willing to pay for a commercial solution. ...but the plethora of no-cost RealVNC users tend to exist for a reason! The bigger questions generated are definitely worthwhile discussing, i.e. network admin's economic and security priorities with their overworked IT staff perpetually several internet generations behind vs the ever increasing computational power, security sophistication and internet savvy mobile independent users (consumers). The idea of virtual network adapters, secure and simple network pools, etc... is very powerful stuff, indeed. Thanks, Alex for stepping up to the plate. What is your take on SHA1 being recently broken by Chinese researchers? NK -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Pankratov Sent: March 1, 2005 11:25 PM To: Paul Haskew Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... Paul Haskew wrote: While I am glad to see the main designer/developer here, I do not wear tin foil hats. :P I am just a concerned IT Admin, who will at one point will have to make a decision about this program. TCP/11975 ;-) ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Waiting for VNC to work again.. the basics.
Hi All, My friend had vnc working with adelphia cable and a cable modem and a dlink router on one machine and the other machine was hardwired with a nic and an RJ45 cable. All he did was to basically move the machine from one cable operator to another (the viewwer only-server is still in place) and now vnc(the server) refuses to work. I went to this machine and used it as the server and got into my machine at home (66 miles away) with no problem. My machine has a different cable provider and is hardwired to a nic with no router or hub or anything inbetween. When we try to access the server it says connection timed out. From talking to the cable people they are telling me that the firewall is not allowing the connection. I also know that the machine is turned off most of the time and that could very well be the problem and that can be fixed. I got into the cable modem the other day and it shows vnc setup for ports 5800 and 5900 as it should be. Nobody has messed with this and all we did was to physically move one of the viewers. The server has windows xp sp1 (no preset firewall as far as xp is concerned). There is antivirus software on the machine but no firewall installed in it. From the above, I am going to assume that the router is correctly port forwarded to the nic. Can I assume that this is true? Nothing was touched software-wise on the server. This is the rest of what I know, no more, no less. VNC sends a request that goes to the cable modem first. Adelphia cable told me there was no firewall on the cable modem so there should be no problem there? Then, the request goes to the router or a hub but not both? I thought a router was a hub of sorts? There is a hub that probably has 2 network cables, one for the server and one for the machine in the room upstairs. From what I know a hub is just a repeater and allows you multiple connections off the same router or cable modem? There is no firewall on the hub? Then the request goes to nic. Both the nic and the cable modem have ip addresses. What the he** is the difference (in plain, understandable English) between a public and a private IP Address and what accomodations do I have to make for both? How do I find out which is the public and which is the private ip address? I know how to do a ping and an ipconfig/all to a batch file. I can also go into the connections tab and add allowable ip addresses, but which one(s) do I add? The public or the private or both? And how? I need to mention that I have read the documentation that vnc provides and some of it was Greek to me. I am just starting to learn networking as you have already surmised. The hardware connections are a no-brainer; it is the software and all its rules that is screwing me over royal. What is really pissing me off is this setup used to work and the guy that did it only took an hour to set it up. He is no longer available and the burden has fallen on me. The best idea that i have is to bring the machine home and hook it up to my cable modem, which is hardwired from the modem to the nic and see if it works that way. That tells me then that the problem lies with the router and/or the hub if it decides to work? I have xp pro, sp1, no firewalls, no router, no hubs or any of that crap to mess with. I think that is why from the server i could connect to my machine at home. No bs to put up with. Straight through connection basically. I would appreciate any step-by-step help you could give me as far as what to check and/or troubleshooting. Thanks much, Joe - Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
Since my last posting, I've been trying to play devil's advocate with this technology. I've been trying to imagine legitimate scenarios for using this technology in a business environment. So far, I haven't been able to do it. It still seems to be a technology whose primary purpose is to thwart firewalls and company usage policies. Perhaps Alex or other listers who are using the technology could provide some examples of how Hamachi is or could be used in a positive, legitimate fashion. Alex Pankratov wrote: Paul Haskew wrote: While I am glad to see the main designer/developer here, I do not wear tin foil hats. :P I am just a concerned IT Admin, who will at one point will have to make a decision about this program. TCP/11975 ;-) Also, about trusted outsiders, I am not worried about me setting up trusted persons. I am worried about those who have computer access, a little knowledge, and try to set this up and allow someone incorrect access. Thus compromising what is currently in place without realizing it. Don't get me wrong, I am all for making things as simple as possible for end users. Also, this is a wonderful idea, I am just hoping that certain safeguards or means of prevention will also be made avail with the product. Agreed. It is very hard to find the balance so that 'tolerant to accidental misuse' wouldn't become 'unusable out of the box'. I am not a sys admin, so any suggestions as to what these safeguards should be are really welcomed. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list -- Bob Hartung, Dir of I.T. c\o Wisco Industries, Inc. P. O. Box 10 736 Janesville St. Oregon, WI 53575 Phone: (608) 835-3106 x215 Fax: (608) 835-9644 email: bhartung(at)wiscoind.com ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
Collins, Kevin (MindWorks) wrote: I looked at Hamachi after a mention of it on this list yesterday, and while it seems pretty cools, I have to ask: Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over? You get it. I don't trust it. Just because you and I are overly paranoid doesn't mean the mediation server hasn't been 0wned or the admin curious. Besides, in a truly secure network environment (where I work) there is no way for users to install it in the first place. With 400 users on NT 4 network all using IE and Outlook we have never had a single virus or compromise of any kind in the last 9 years. Moreover, even if users could install it, or somehow get a machine authenticated to use the network and then the proxy and Internet, they would definitely get fired for violating the agreement they signed when they got hired (at least where I work anyway). In fact, I am betting that I am not able to make a connection from work to home through our firewall. Anyone care to wager? Rick ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
In fact, I am betting that I am not able to make a connection from work to home through our firewall. Anyone care to wager? No need to get cocky. It's all in how your firewall is setup. Most firewalls allow outgoing connections to occur, which allows you to create a bidirectional connection between inside the network and an outside network. If you're limiting the ports available to outgoing traffic then a default install probably won't work. However if you're allowing users to go through port 80, port 110, port 25, etc... to go outside your internal network then I'll state, it can be done! The only person I've ever met who *can't* install something on a computer is an end user. Any great sysadmin (especially in winbox environment) should be able to do what they need to regardless of how locked down the system is. ;) However this is only if all tools are availabe to the user except for physically modifying the workstation or performing a reinstall. TMTOWTDI Zach ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
Bob Hartung wrote: Since my last posting, I've been trying to play devil's advocate with this technology. I've been trying to imagine legitimate scenarios for using this technology in a business environment. So far, I haven't been able to do it. It still seems to be a technology whose primary purpose is to thwart firewalls and company usage policies. Well for starters. This is a great tool for the IS/IT dept in a company and especially for admins. Maybe this won't work well for a typical end user on a large corporate network, but this is great in smaller to medium sized businesses and even SOHOs. If this works well with VNC, then the worth of this product just went 100% in my book. Here are some example scenarios: - In the northern country where it snows, the finance gal gets snowed in or runs into a ditch (its happened before) so she works from home. She needs to access some files from her work computer. (Her home computer is also a company laptop). She calls the IT dept and makes a request. The IT dept set her up to vnc into her machine from home and to drag over her files (thx hamachi). - A programmer codes both at home and at work. He does some sample coding at home late last night and then finds out tomorrow morning he needs that code. He vnc's in to his computer and drags the files over. (thx hamachi). - Engineers from a regional office are visiting headquarters. Their meeting is at 2pm, it's 10am now. What to do for 4 hours. They get on an extra workstation and vnc into their up north computer and review some of their revisions from yesterday. They decide to include the new ideas in their 2pm meeting. So they generate a pdf of their latest cad files. They drag the pdf over to the current workstation, and print it out. (thx hamachi) These are all scenarios our company has hit. And if I understand Hamachi right, the solution should be similar to what they are above in each example. If I dont' understand Hamachi right, please tell me. Zach ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Pass special keys directly to server?
Is the Pass special keys directly to server functionality of VNCviewer not available when the client is running Windows 98? Using the same viewer on Windows 2000 and Windows 98, I find that it only works correctly on Windows 2000. Is this how it works, or am I doing something wrong? Mike -- Michael B. Miller, Ph.D. Assistant Professor Division of Epidemiology and Community Health and Institute of Human Genetics University of Minnesota http://taxa.epi.umn.edu/~mbmiller/ ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: Waiting for VNC to work again.. the basics.
From talking to the cable people they are telling me that the firewall is not allowing the connection. I also know that the machine is turned off most of the time and that could very well be the problem and that can be fixed. Are the cable people suggesting that they have a firewall that might be blocking VNC requests before it gets to your cable modem? I got into the cable modem the other day and it shows vnc setup for ports 5800 and 5900 as it should be. Nobody has messed with this and all we did was to physically move one of the viewers. Sounds like your cable modem is also a router, unless you were actually referring to your router here. It is not uncommon to find modems, routers and hubs (switches) all built into one unit. This is the rest of what I know, no more, no less. VNC sends a request that goes to the cable modem first. Adelphia cable told me there was no firewall on the cable modem so there should be no problem there? Back to my first question. Then, the request goes to the router or a hub but not both? I thought a router was a hub of sorts? There is a hub that probably has 2 network cables, one for the server and one for the machine in the room upstairs. From what I know a hub is just a repeater and allows you multiple connections off the same router or cable modem? There is no firewall on the hub? basically correct. A switch is a hub with a little intelligence built-in to reduce collisions. Then the request goes to nic. Both the nic and the cable modem have ip addresses. What the he** is the difference (in plain, understandable English) between a public and a private IP Address and what accomodations do I have to make for both? This is were things get tricky. I will assume by your comments that your cable modem is also a router. (You got into it and it showed ports 5800 and 5900 setup for VNC) Try to imagine your cable modem as two units. The first one (modem) converts a digital cable signal into Ethernet. The second one (router) lets multiple computers (your LAN) share a single external IP address. (Think of the router as a telephone receptionist.) public IP (aka external IP or WAN IP): The IP address by which your router is known to the rest of the internet community. (The main phone number that reaches the receptionist) private IP (aka internal IP or LAN IP): The IP addresses of each device on your network. (analogous to the internal numbers that employees use to call each other) The router has a private IP to talk to the computers on the LAN. Each computer on the LAN has a private IP for each nic (I'll assume one per computer) This IP address is either static or dynamic. (dynamic means it was assigned by the router or some other DHCP server). Each nic is also assigned a gateway IP (the LAN IP of the router) and 2 DNS server addresses. (The computer uses the gateway is like an employee would use the receptionist to make an outside phone call) Putting it all together: When a VNC request is made to your router's public IP address, your router checks its own port fowarding (routing) tables to determine which machine on the network should get the request (how may I direct your call?). The router must have ports 5800 (javaviewer) and 5900 (VNCClient) forwarded to a local IP address. The machine with that IP address must be on with VNC Server running and listening. How do I find out which is the public and which is the private ip address? try www.dyndns.org local ip addresses are usually 10.x.x.x or 192.168.x.x I can also go into the connections tab and add allowable ip addresses, but which one(s) do I add? The public or the private or both? And how? Sounds like firewall type question. Make sure the machine running VNC can accept requests from the gateway IP (router's internal IP) Hope this helps. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
Ed, You might want to check out this long thread about Hamachi. -Paul -Original Message- From: Zach Dennis [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 7:30 AM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... Bob Hartung wrote: Since my last posting, I've been trying to play devil's advocate with this technology. I've been trying to imagine legitimate scenarios for using this technology in a business environment. So far, I haven't been able to do it. It still seems to be a technology whose primary purpose is to thwart firewalls and company usage policies. Well for starters. This is a great tool for the IS/IT dept in a company and especially for admins. Maybe this won't work well for a typical end user on a large corporate network, but this is great in smaller to medium sized businesses and even SOHOs. If this works well with VNC, then the worth of this product just went 100% in my book. Here are some example scenarios: - In the northern country where it snows, the finance gal gets snowed in or runs into a ditch (its happened before) so she works from home. She needs to access some files from her work computer. (Her home computer is also a company laptop). She calls the IT dept and makes a request. The IT dept set her up to vnc into her machine from home and to drag over her files (thx hamachi). - A programmer codes both at home and at work. He does some sample coding at home late last night and then finds out tomorrow morning he needs that code. He vnc's in to his computer and drags the files over. (thx hamachi). - Engineers from a regional office are visiting headquarters. Their meeting is at 2pm, it's 10am now. What to do for 4 hours. They get on an extra workstation and vnc into their up north computer and review some of their revisions from yesterday. They decide to include the new ideas in their 2pm meeting. So they generate a pdf of their latest cad files. They drag the pdf over to the current workstation, and print it out. (thx hamachi) These are all scenarios our company has hit. And if I understand Hamachi right, the solution should be similar to what they are above in each example. If I dont' understand Hamachi right, please tell me. Zach ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
If we're going to use something like that, why not use Kaboodle and the Get Engaged service that you can use for free? While they don't offer the source code for the server, they do make it available for the client. And according to their documents, the KaboodleProxy isn't actually part of the connection, it just re-routes the data and since it uses the Zebedee app, it's encrypted. Also, it would appear that for now, at least, you can test the app and the proxy software using their demo proxy server. John -Original Message- From: Jerry Westrick [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 01, 2005 12:49 PM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... On Tuesday 01 March 2005 18:39, Collins, Kevin (MindWorks) wrote: I looked at Hamachi after a mention of it on this list yesterday, and while it seems pretty cools, I have to ask: Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over? Kevin I Agree 100%. If they had offered the source, so that we can look at it. and so we could setup our own servers as mediators, then maybe... Otherwise I'd feel extremely uneasy about the whole thing... Jerry ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
Alex: How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 01, 2005 4:25 PM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... I am principle designer and developer of Hamachi. I got few hits from this maillist, checked out the comments and since we don't have much information on the website I thought I'd offer some answers here. Since I just joined the list I don't have original emails, so here's a summary with my comments in it - Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. See my next comment regarding security of the connection. Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over? Have a look at Security page on H website. This should take care of your m-n-m worries. I come from a network security background and take security architecture very seriously. If you can find an exploitable flaw in it, I'd be very happy to hear about it. I'll assume that by 'snooping' you mean our client software doing something nasty on your machine and pushing the results back to the servers. Well, you will have to have the same amount of trust in H you have in any other application distributed in binary form. This includes, btw, pre-build open-source packages. In fact, you cannot even trust applications that you compile yourself unless you go and inspect entire codebase line by line. So the 'level' is clearly subjective and based on your risk tolerance. I have to wonder what the motivation for a company offering a service like this for free... Few reasons. First - it doesn't cost much to maintain. We don't relay traffic, so bandwidth requirements are fairly low. Second - there is a demand for this kind of application and offering basic services for free is common approach for building a customer base. Agreed, this type of a program makes you sit back and wonder, why? Well, you are most certainly entitled to this. However, I would suggest to take your tinfoil hat off :) and have another look at the application. If programs like these are freewheeling around, what is even the point of having a firewall, also what is there to prevent them giving total access to outsiders, even without knowing? Trusted outsiders. This makes the world of difference. If they had offered the source, so that we can look at it. and so we could setup our own servers as mediators, then maybe... Otherwise I'd feel extremely uneasy about the whole thing... I am a big propent of Open Source - you can look me up on sf.net and freshmeat, but in this particular case opening the source up gives us very little benefit, but does take away quite a bit of an avantage away. However we plan to do something better than opening the sources - we are going to open cli-srv protocol after the first production release. If you don't trust our client implementation for some reason - feel free to build your own. In case if you wonder how it is better, opening protocol spec means making a commitment to maintaining it, while opening sources merely says 'here, look how _current_ version is implemented'. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Stealth Connections?
One could always hack the registry to not show the icon at all. There've been several posts in various places I've seen discussing how to hide the tray icon altogether. But I agree with James -- VNC should not be used to snoop on people. -Original Message- From: James Weatherall [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 6:24 AM To: 'phermi'; vnc-list@realvnc.com Subject: RE: Stealth Connections? Pedro, No, this is not supported by the standard VNC releases, which are designed specifically to ensure that the local user is aware of their presence. Regards, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of phermi Sent: 01 March 2005 15:35 To: vnc-list@realvnc.com Subject: Stealth Connections? Hello, Is there a way to connect a VNC Viewer to a VNC Server and not getting the VNC Server system try icon to change its color? Thanks in advance. Pedro Hermida Cel.: 954-822-2942 Important Note This message was sent to you from Pedro Hermida's e-mail account at Hotmail. Pedro Hermida does not guaranty you that the message body or its attachments will arrive, as they were sent, free of worms, hoaxes or viruses of any kind. Please take the appropriated measures to protect yourself. The content of this communication is confidential, between the recipients and may be legally privileged. If you are not the intended recipient, do not read or disclose to others, notify the sender by replying this e-mail, and delete this communication from your system right away. Failure to follow this process may be unlawful. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
While H is primarily oriented on home users (gaming, data sharing, etc), the primarily business usage is a remote access and p2p connectivity between remote points. Zach listed some. And while those should be enough to get you on the track, I will give you another one. Say you have two sales people sitting in the same city but in different hotels wanting to exchange documents. You would normally resolve this by having VPN concentrator at routable location in your central office and VPN clients on sales' notebooks. Now imaginethey are in Peru, your office is in Mongolia and the document is a PowerPoint presentation as lightweigth as usual at mere 40Megs. Remember - they are in the same city, probably 4 hops away. Bob Hartung wrote: Since my last posting, I've been trying to play devil's advocate with this technology. I've been trying to imagine legitimate scenarios for using this technology in a business environment. So far, I haven't been able to do it. It still seems to be a technology whose primary purpose is to thwart firewalls and company usage policies. Perhaps Alex or other listers who are using the technology could provide some examples of how Hamachi is or could be used in a positive, legitimate fashion. Alex Pankratov wrote: Paul Haskew wrote: While I am glad to see the main designer/developer here, I do not wear tin foil hats. :P I am just a concerned IT Admin, who will at one point will have to make a decision about this program. TCP/11975 ;-) Also, about trusted outsiders, I am not worried about me setting up trusted persons. I am worried about those who have computer access, a little knowledge, and try to set this up and allow someone incorrect access. Thus compromising what is currently in place without realizing it. Don't get me wrong, I am all for making things as simple as possible for end users. Also, this is a wonderful idea, I am just hoping that certain safeguards or means of prevention will also be made avail with the product. Agreed. It is very hard to find the balance so that 'tolerant to accidental misuse' wouldn't become 'unusable out of the box'. I am not a sys admin, so any suggestions as to what these safeguards should be are really welcomed. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Waiting for VNC to work again.. the basics.
The public address is the IP address given to your cable modem by the cable company. The private IP address is the one that the router assigns, or you have manually assigned, such as 10.10.1.x or 192.168.1.x or 192.168.0.x. You need to make sure that 1) the IP of the vnc server machine is either hard coded in the router so that it ALWAYS gets the same address when it asks for an address or 2) is hard-coded in Windows XP. Also, double-check that your antivirus software doesn't detect VNC as a trojan. There have been several reports that VNC is being caught by some antivirus software as a trojan. This is a false positive hit by the antivirus software. -Original Message- From: tbcbbq [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 8:50 AM To: vnc-list@realvnc.com; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Waiting for VNC to work again.. the basics. Hi All, My friend had vnc working with adelphia cable and a cable modem and a dlink router on one machine and the other machine was hardwired with a nic and an RJ45 cable. All he did was to basically move the machine from one cable operator to another (the viewwer only-server is still in place) and now vnc(the server) refuses to work. I went to this machine and used it as the server and got into my machine at home (66 miles away) with no problem. My machine has a different cable provider and is hardwired to a nic with no router or hub or anything inbetween. When we try to access the server it says connection timed out. From talking to the cable people they are telling me that the firewall is not allowing the connection. I also know that the machine is turned off most of the time and that could very well be the problem and that can be fixed. I got into the cable modem the other day and it shows vnc setup for ports 5800 and 5900 as it should be. Nobody has messed with this and all we did was to physically move one of the viewers. The server has windows xp sp1 (no preset firewall as far as xp is concerned). There is antivirus software on the machine but no firewall installed in it. From the above, I am going to assume that the router is correctly port forwarded to the nic. Can I assume that this is true? Nothing was touched software-wise on the server. This is the rest of what I know, no more, no less. VNC sends a request that goes to the cable modem first. Adelphia cable told me there was no firewall on the cable modem so there should be no problem there? Then, the request goes to the router or a hub but not both? I thought a router was a hub of sorts? There is a hub that probably has 2 network cables, one for the server and one for the machine in the room upstairs. From what I know a hub is just a repeater and allows you multiple connections off the same router or cable modem? There is no firewall on the hub? Then the request goes to nic. Both the nic and the cable modem have ip addresses. What the he** is the difference (in plain, understandable English) between a public and a private IP Address and what accomodations do I have to make for both? How do I find out which is the public and which is the private ip address? I know how to do a ping and an ipconfig/all to a batch file. I can also go into the connections tab and add allowable ip addresses, but which one(s) do I add? The public or the private or both? And how? I need to mention that I have read the documentation that vnc provides and some of it was Greek to me. I am just starting to learn networking as you have already surmised. The hardware connections are a no-brainer; it is the software and all its rules that is screwing me over royal. What is really pissing me off is this setup used to work and the guy that did it only took an hour to set it up. He is no longer available and the burden has fallen on me. The best idea that i have is to bring the machine home and hook it up to my cable modem, which is hardwired from the modem to the nic and see if it works that way. That tells me then that the problem lies with the router and/or the hub if it decides to work? I have xp pro, sp1, no firewalls, no router, no hubs or any of that crap to mess with. I think that is why from the server i could connect to my machine at home. No bs to put up with. Straight through connection basically. I would appreciate any step-by-step help you could give me as far as what to check and/or troubleshooting. Thanks much, Joe - Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
In only one of your examples is the IT department involved. It that case, they could have accomplished the same as Hamachi by temporarily opening some ports in the firewall and forwarding them to her work computer. Or they could have e-mailed her the files she needed. In all your other examples, they represent well-meaning individuals circumventing company security. As an administrator, I'd be worried about showing employees how to by-pass security because it's convenient to do so. Who's to control their access after that? Zach Dennis wrote: Bob Hartung wrote: Since my last posting, I've been trying to play devil's advocate with this technology. I've been trying to imagine legitimate scenarios for using this technology in a business environment. So far, I haven't been able to do it. It still seems to be a technology whose primary purpose is to thwart firewalls and company usage policies. Well for starters. This is a great tool for the IS/IT dept in a company and especially for admins. Maybe this won't work well for a typical end user on a large corporate network, but this is great in smaller to medium sized businesses and even SOHOs. If this works well with VNC, then the worth of this product just went 100% in my book. Here are some example scenarios: - In the northern country where it snows, the finance gal gets snowed in or runs into a ditch (its happened before) so she works from home. She needs to access some files from her work computer. (Her home computer is also a company laptop). She calls the IT dept and makes a request. The IT dept set her up to vnc into her machine from home and to drag over her files (thx hamachi). - A programmer codes both at home and at work. He does some sample coding at home late last night and then finds out tomorrow morning he needs that code. He vnc's in to his computer and drags the files over. (thx hamachi). - Engineers from a regional office are visiting headquarters. Their meeting is at 2pm, it's 10am now. What to do for 4 hours. They get on an extra workstation and vnc into their up north computer and review some of their revisions from yesterday. They decide to include the new ideas in their 2pm meeting. So they generate a pdf of their latest cad files. They drag the pdf over to the current workstation, and print it out. (thx hamachi) These are all scenarios our company has hit. And if I understand Hamachi right, the solution should be similar to what they are above in each example. If I dont' understand Hamachi right, please tell me. Zach ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list -- Bob Hartung, Dir of I.T. c\o Wisco Industries, Inc. P. O. Box 10 736 Janesville St. Oregon, WI 53575 Phone: (608) 835-3106 x215 Fax: (608) 835-9644 email: bhartung(at)wiscoind.com ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Stealth Connections?
John, There is no way to hack the registry to not show the icon at all in VNC 4 and later. Regards, Wez @ RealVNC Ltd. -Original Message- From: John Aldrich [mailto:[EMAIL PROTECTED] Sent: 02 March 2005 16:24 To: 'James Weatherall'; 'phermi'; vnc-list@realvnc.com Subject: RE: Stealth Connections? One could always hack the registry to not show the icon at all. There've been several posts in various places I've seen discussing how to hide the tray icon altogether. But I agree with James -- VNC should not be used to snoop on people. -Original Message- From: James Weatherall [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 6:24 AM To: 'phermi'; vnc-list@realvnc.com Subject: RE: Stealth Connections? Pedro, No, this is not supported by the standard VNC releases, which are designed specifically to ensure that the local user is aware of their presence. Regards, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of phermi Sent: 01 March 2005 15:35 To: vnc-list@realvnc.com Subject: Stealth Connections? Hello, Is there a way to connect a VNC Viewer to a VNC Server and not getting the VNC Server system try icon to change its color? Thanks in advance. Pedro Hermida Cel.: 954-822-2942 Important Note This message was sent to you from Pedro Hermida's e-mail account at Hotmail. Pedro Hermida does not guaranty you that the message body or its attachments will arrive, as they were sent, free of worms, hoaxes or viruses of any kind. Please take the appropriated measures to protect yourself. The content of this communication is confidential, between the recipients and may be legally privileged. If you are not the intended recipient, do not read or disclose to others, notify the sender by replying this e-mail, and delete this communication from your system right away. Failure to follow this process may be unlawful. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Pass special keys directly to server?
Mike, Yes, that is correct. Windows 95/98 and Me lack the required operating system interfaces to implement that. The fact that it appears to be a valid option via the GUI is a bug (albeit a minor one) and the documentation should definitely mention that limitation. Thanks for spotting that! Cheers, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Miller Sent: 02 March 2005 15:40 To: VNC List Subject: Pass special keys directly to server? Is the Pass special keys directly to server functionality of VNCviewer not available when the client is running Windows 98? Using the same viewer on Windows 2000 and Windows 98, I find that it only works correctly on Windows 2000. Is this how it works, or am I doing something wrong? Mike -- Michael B. Miller, Ph.D. Assistant Professor Division of Epidemiology and Community Health and Institute of Human Genetics University of Minnesota http://taxa.epi.umn.edu/~mbmiller/ ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
What is your take on SHA1 being recently broken by Chinese researchers? As far as I understand it, it's a little premature to say that it's been broken. The research hasn't been published formally as yet but those in the know suggest that it's a method of producing pairs of strings with a (relatively) high probability of a digest clash, rather than of producing a new string that clashes with an existing one. Regards, Wez @ RealVNC Ltd. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
Bob Hartung wrote: In only one of your examples is the IT department involved. It that case, they could have accomplished the same as Hamachi by temporarily opening some ports in the firewall and forwarding them to her work computer. Or they could have e-mailed her the files she needed. In all your other examples, they represent well-meaning individuals circumventing company security. This depends on your security policy. As an administrator, I'd be worried about showing employees how to by-pass security because it's convenient to do so. Who's to control their access after that? I think this is just blowing hot air. Is ftp circumventing security? The administrator's can put rules and regulations on this type of functionality. All your doing is providing them with a graphical-way to inteface another computer and transfer files, all in 1 to 2 steps. Admins can block ports, or open ports. To many IT departments get stuck in paradaigm paralysis, where everything has to be one way. If it's not that one way, then red flags everywhere. For the most part this is for good reason, but I fail to see where this is bypassing security. The admin's are the ones who control the ports. Who said the end user has the ability to configure port forwarding orthe ability to create ssh tunnels? I didn't. Zach ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
http://www.kaboodle.org/KaboodleProxy.html says - .. to find and connect with each other, by enabling connections through an echoServer which most likely means that they are relaying traffic through a third node. This is so last century :) Hamachi is p2p and this would probably be the biggest difference. Alex PS (rather big one) I have to disagree that having sources open makes the client any more _trustworthy_ than getting it in a binary. It makes it that much easier to debug, to change or to admire internal beauty, but a complete code audit will cost you a lot. IMO people tend to think that if an author opened the sources, there should be no evil there as presumably the code will get peer reviewed. And the very fact of a possible peer review would keep an author from planting nasty stuff into the code and thus make O/S code trustworthy. But ! .. Only major and most active O/S projects really benefit from the peer review, for the rest .. well, it just doesn't happen for them. I know this, and whoever is planning to f*ck people over with their evil client software do too. So they may as well release it as an open-source and get away with it. Just another flavour of a social engineering. Open source is just that - it is open, that's it. The trustworthness does NOT follow. Feel free to disagree :) John Aldrich wrote: Alex: How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 01, 2005 4:25 PM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... I am principle designer and developer of Hamachi. I got few hits from this maillist, checked out the comments and since we don't have much information on the website I thought I'd offer some answers here. Since I just joined the list I don't have original emails, so here's a summary with my comments in it - Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. See my next comment regarding security of the connection. Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over? Have a look at Security page on H website. This should take care of your m-n-m worries. I come from a network security background and take security architecture very seriously. If you can find an exploitable flaw in it, I'd be very happy to hear about it. I'll assume that by 'snooping' you mean our client software doing something nasty on your machine and pushing the results back to the servers. Well, you will have to have the same amount of trust in H you have in any other application distributed in binary form. This includes, btw, pre-build open-source packages. In fact, you cannot even trust applications that you compile yourself unless you go and inspect entire codebase line by line. So the 'level' is clearly subjective and based on your risk tolerance. I have to wonder what the motivation for a company offering a service like this for free... Few reasons. First - it doesn't cost much to maintain. We don't relay traffic, so bandwidth requirements are fairly low. Second - there is a demand for this kind of application and offering basic services for free is common approach for building a customer base. Agreed, this type of a program makes you sit back and wonder, why? Well, you are most certainly entitled to this. However, I would suggest to take your tinfoil hat off :) and have another look at the application. If programs like these are freewheeling around, what is even the point of having a firewall, also what is there to prevent them giving total access to outsiders, even without knowing? Trusted outsiders. This makes the world of difference. If they had offered the source, so that we can look at it. and so we could setup our own servers as mediators, then maybe... Otherwise I'd feel extremely uneasy about the whole thing... I am a big propent of Open Source - you can look me up on sf.net and freshmeat, but in this particular case opening the source up gives us very little benefit, but does take away quite a bit of an avantage away. However we plan to do something better than
RE: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
Ok. Interesting point about the third node... but I thought you needed a proxy server for Hamachi as well, no? In your first email to the list (that I have) you said: Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. Does that mean that you do NOT use a proxy server in the middle? John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 12:09 PM To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... http://www.kaboodle.org/KaboodleProxy.html says - .. to find and connect with each other, by enabling connections through an echoServer which most likely means that they are relaying traffic through a third node. This is so last century :) Hamachi is p2p and this would probably be the biggest difference. Alex PS (rather big one) I have to disagree that having sources open makes the client any more _trustworthy_ than getting it in a binary. It makes it that much easier to debug, to change or to admire internal beauty, but a complete code audit will cost you a lot. IMO people tend to think that if an author opened the sources, there should be no evil there as presumably the code will get peer reviewed. And the very fact of a possible peer review would keep an author from planting nasty stuff into the code and thus make O/S code trustworthy. But ! .. Only major and most active O/S projects really benefit from the peer review, for the rest .. well, it just doesn't happen for them. I know this, and whoever is planning to f*ck people over with their evil client software do too. So they may as well release it as an open-source and get away with it. Just another flavour of a social engineering. Open source is just that - it is open, that's it. The trustworthness does NOT follow. Feel free to disagree :) John Aldrich wrote: Alex: How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 01, 2005 4:25 PM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... I am principle designer and developer of Hamachi. I got few hits from this maillist, checked out the comments and since we don't have much information on the website I thought I'd offer some answers here. Since I just joined the list I don't have original emails, so here's a summary with my comments in it - Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. See my next comment regarding security of the connection. Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over? Have a look at Security page on H website. This should take care of your m-n-m worries. I come from a network security background and take security architecture very seriously. If you can find an exploitable flaw in it, I'd be very happy to hear about it. I'll assume that by 'snooping' you mean our client software doing something nasty on your machine and pushing the results back to the servers. Well, you will have to have the same amount of trust in H you have in any other application distributed in binary form. This includes, btw, pre-build open-source packages. In fact, you cannot even trust applications that you compile yourself unless you go and inspect entire codebase line by line. So the 'level' is clearly subjective and based on your risk tolerance. I have to wonder what the motivation for a company offering a service like this for free... Few reasons. First - it doesn't cost much to maintain. We don't relay traffic, so bandwidth requirements are fairly low. Second - there is a demand for this kind of application and offering basic services for free is common approach for building a customer base. Agreed, this type of a program makes you sit back and wonder,
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
Nick Kovats wrote: What is your take on SHA1 being recently broken by Chinese researchers? My take would be like this - 'when I win a lottery I should no more be buying Bentleys with gold plated door handles, because they tend to get cold in a winter time'. Ie it's not a yet problem worth worrying about. Besides in a network crypto SHA1 is not used by itself, it is normally used in conjunction with HMAC and they yet to analyze if this collision attack can be extended to HMAC-SHA1. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
Khm .. I can't seem to find a description on how exactly GetEngaged works, so I will tell how Hamachi operates and leave it to you to compare it to Kaboodle. Say we have two clients A and B, and the server S. First A talks to S and S discovers A's location. Then B talks to S and S now knows B's location. Then S tells A B's location and B - A's, and then A contacts B and they establish secure tunnel for the rest of A-B traffic. Sounds trivial, but with Hamachi both A and B can be behind their own NAT devices. Or only A may be, but B be initiating the tunnel setup. Alex John Aldrich wrote: Ok. Interesting point about the third node... but I thought you needed a proxy server for Hamachi as well, no? In your first email to the list (that I have) you said: Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. Does that mean that you do NOT use a proxy server in the middle? John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 12:09 PM To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... http://www.kaboodle.org/KaboodleProxy.html says - .. to find and connect with each other, by enabling connections through an echoServer which most likely means that they are relaying traffic through a third node. This is so last century :) Hamachi is p2p and this would probably be the biggest difference. Alex PS (rather big one) I have to disagree that having sources open makes the client any more _trustworthy_ than getting it in a binary. It makes it that much easier to debug, to change or to admire internal beauty, but a complete code audit will cost you a lot. IMO people tend to think that if an author opened the sources, there should be no evil there as presumably the code will get peer reviewed. And the very fact of a possible peer review would keep an author from planting nasty stuff into the code and thus make O/S code trustworthy. But ! .. Only major and most active O/S projects really benefit from the peer review, for the rest .. well, it just doesn't happen for them. I know this, and whoever is planning to f*ck people over with their evil client software do too. So they may as well release it as an open-source and get away with it. Just another flavour of a social engineering. Open source is just that - it is open, that's it. The trustworthness does NOT follow. Feel free to disagree :) John Aldrich wrote: Alex: How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 01, 2005 4:25 PM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... I am principle designer and developer of Hamachi. I got few hits from this maillist, checked out the comments and since we don't have much information on the website I thought I'd offer some answers here. Since I just joined the list I don't have original emails, so here's a summary with my comments in it - Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. See my next comment regarding security of the connection. Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over? Have a look at Security page on H website. This should take care of your m-n-m worries. I come from a network security background and take security architecture very seriously. If you can find an exploitable flaw in it, I'd be very happy to hear about it. I'll assume that by 'snooping' you mean our client software doing something nasty on your machine and pushing the results back to the servers. Well, you will have to have the same amount of trust in H you have in any other application distributed in binary form. This includes, btw, pre-build open-source packages. In fact, you cannot even trust applications that you compile yourself unless you go and inspect entire codebase line
RE: A simple, solid and stable P2P Bidirectional NAT Traversal t e chnique for RealVNC users...
Interesting. Sounds like it *is* different from Kaboodle. Kaboodle's GetEngaged service is more like Gotomypc where you have a central server somewhere... Of course the server could be on your own LAN or somewhere else accessible. Both are very interesting to me. -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 12:26 PM To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... Khm .. I can't seem to find a description on how exactly GetEngaged works, so I will tell how Hamachi operates and leave it to you to compare it to Kaboodle. Say we have two clients A and B, and the server S. First A talks to S and S discovers A's location. Then B talks to S and S now knows B's location. Then S tells A B's location and B - A's, and then A contacts B and they establish secure tunnel for the rest of A-B traffic. Sounds trivial, but with Hamachi both A and B can be behind their own NAT devices. Or only A may be, but B be initiating the tunnel setup. Alex John Aldrich wrote: Ok. Interesting point about the third node... but I thought you needed a proxy server for Hamachi as well, no? In your first email to the list (that I have) you said: Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. Does that mean that you do NOT use a proxy server in the middle? John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 12:09 PM To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... http://www.kaboodle.org/KaboodleProxy.html says - .. to find and connect with each other, by enabling connections through an echoServer which most likely means that they are relaying traffic through a third node. This is so last century :) Hamachi is p2p and this would probably be the biggest difference. Alex PS (rather big one) I have to disagree that having sources open makes the client any more _trustworthy_ than getting it in a binary. It makes it that much easier to debug, to change or to admire internal beauty, but a complete code audit will cost you a lot. IMO people tend to think that if an author opened the sources, there should be no evil there as presumably the code will get peer reviewed. And the very fact of a possible peer review would keep an author from planting nasty stuff into the code and thus make O/S code trustworthy. But ! .. Only major and most active O/S projects really benefit from the peer review, for the rest .. well, it just doesn't happen for them. I know this, and whoever is planning to f*ck people over with their evil client software do too. So they may as well release it as an open-source and get away with it. Just another flavour of a social engineering. Open source is just that - it is open, that's it. The trustworthness does NOT follow. Feel free to disagree :) John Aldrich wrote: Alex: How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 01, 2005 4:25 PM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... I am principle designer and developer of Hamachi. I got few hits from this maillist, checked out the comments and since we don't have much information on the website I thought I'd offer some answers here. Since I just joined the list I don't have original emails, so here's a summary with my comments in it - Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. See my next comment regarding security of the connection. Maybe I just don't get it, or I do and am overly paranoid, but this seems to invite snooping, man in the middle attacks, etc... What level of trust do I need to place on servers I have no control over? Have a look at Security page on H website. This should take care of
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
John: Heya. I know you didn't ask me, but as I'm the guy behind the Kaboodle and KaboodleProxy stuff, I thought I'd toss in my two coppers as well. When we started building the echoWare and echoServer stuff for Kaboodle, we initially looked at hole punching solutions such as what I believe Hamachi is doing (Alex, please correct me if I'm wrong). A really good discussion about hole punching is here: http://www.brynosaurus.com/pub/net/p2pnat/ As that paper discusses in detail, hole-punching thru a NAT'ing router works...but not always. Their studies show it's effective for 82% of the NAT'ing routers tested (using UDP; for TCP it drops to 64%). The paper is a bit slanted, of course, because it's clear they *want* hole-punching to work. To me (and I think to many of my company's customers), hole-punching looks a lot like session hijacking -- something a good, stateful firewall is specifically capable of preventing. That is, as far as I can tell, in the Hamachi system, the two clients send packets to the server, which will (presuming your firewall allows arbitrary traffic to flow to the server, rather than blocking all traffic which is not TCP to common service ports) open a return path in any NAT'ing router. The server then tells the two clients to, essentially, hijack that return path. A good, stateful firewall will see the arriving packets on that return path are *not* coming from where the return path originally sent them, and they will be blocked. A low-end NAT'ing router might not care about the discrepancy, and lets the packets in. If the timing all works out...the peer-to-peer connection becomes established, with strong encryption, and the server is out of the loop. Once that connection is established you can, very conveniently, run a tunneled VNC connection over it. On the other hand...there is the echoServer approach. It is a traditional TCP Relay Server which connects echoWare clients together. Un-traditionally, we let the users run their own relay servers; that's the lowest-cost solution (ie, my company doesn't need to charge GoToMyWallet kind of prices to keep a server farm well maintained). It also appears to be the most appealing solution to professional remote support providers: they can run their own servers, and their customers need only relay their data thru them (whom they trust already). Minimum firewall hassle, minimum setup cost, maximum open-source -- which I do believe maximizes the overall security -- everyone's happy. Currently, Kaboodle is the only echoWare-enabled application, but we're working to address that. Unfortunately, Kaboodle is in an unstable pre-1.0 release state, halfway thru a major GUI rework. Once it's stable and securely tunneling VNC connections again, with a minimum of firewall adjustments, I'll mention it here again. Hope that helps! Alex, please do let me know if I mis-spoke at all about Hamachi's approach. -Scott How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users...
Hey Scott, Yes we do UDP hole punching, but the numbers given in the p2pnat paper are somewhat inaccurate. See my recent posts to p2p-hackers list for detailed statistics. To sum it up here - with around 2 unique IPs we saw so far we were successfully mediate 97% of requested tunnels. Which in my opinion is pretty darn good :) An issue of udp hole punching through symmetric firewalls is really not an issue at all. There are multiple ways around it, and all of them work like magic. Alex Scott C. Best wrote: John: Heya. I know you didn't ask me, but as I'm the guy behind the Kaboodle and KaboodleProxy stuff, I thought I'd toss in my two coppers as well. When we started building the echoWare and echoServer stuff for Kaboodle, we initially looked at hole punching solutions such as what I believe Hamachi is doing (Alex, please correct me if I'm wrong). A really good discussion about hole punching is here: http://www.brynosaurus.com/pub/net/p2pnat/ As that paper discusses in detail, hole-punching thru a NAT'ing router works...but not always. Their studies show it's effective for 82% of the NAT'ing routers tested (using UDP; for TCP it drops to 64%). The paper is a bit slanted, of course, because it's clear they *want* hole-punching to work. To me (and I think to many of my company's customers), hole-punching looks a lot like session hijacking -- something a good, stateful firewall is specifically capable of preventing. That is, as far as I can tell, in the Hamachi system, the two clients send packets to the server, which will (presuming your firewall allows arbitrary traffic to flow to the server, rather than blocking all traffic which is not TCP to common service ports) open a return path in any NAT'ing router. The server then tells the two clients to, essentially, hijack that return path. A good, stateful firewall will see the arriving packets on that return path are *not* coming from where the return path originally sent them, and they will be blocked. A low-end NAT'ing router might not care about the discrepancy, and lets the packets in. If the timing all works out...the peer-to-peer connection becomes established, with strong encryption, and the server is out of the loop. Once that connection is established you can, very conveniently, run a tunneled VNC connection over it. On the other hand...there is the echoServer approach. It is a traditional TCP Relay Server which connects echoWare clients together. Un-traditionally, we let the users run their own relay servers; that's the lowest-cost solution (ie, my company doesn't need to charge GoToMyWallet kind of prices to keep a server farm well maintained). It also appears to be the most appealing solution to professional remote support providers: they can run their own servers, and their customers need only relay their data thru them (whom they trust already). Minimum firewall hassle, minimum setup cost, maximum open-source -- which I do believe maximizes the overall security -- everyone's happy. Currently, Kaboodle is the only echoWare-enabled application, but we're working to address that. Unfortunately, Kaboodle is in an unstable pre-1.0 release state, halfway thru a major GUI rework. Once it's stable and securely tunneling VNC connections again, with a minimum of firewall adjustments, I'll mention it here again. Hope that helps! Alex, please do let me know if I mis-spoke at all about Hamachi's approach. -Scott How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal t e chnique for RealVNC users...
Well, I've got to say. I just don't get it. I can understand how a mediation server can help connect A to B if EITHER A OR B is behind a firewall. But I still don't see how it can work if BOTH A AND B are behind firewalls. If neither firewall allows incoming TCP connections (the standard config for all hardware firewalls), I just don't see it would ever work John Aldrich wrote: Interesting. Sounds like it *is* different from Kaboodle. Kaboodle's GetEngaged service is more like Gotomypc where you have a central server somewhere... Of course the server could be on your own LAN or somewhere else accessible. Both are very interesting to me. -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 12:26 PM To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... Khm .. I can't seem to find a description on how exactly GetEngaged works, so I will tell how Hamachi operates and leave it to you to compare it to Kaboodle. Say we have two clients A and B, and the server S. First A talks to S and S discovers A's location. Then B talks to S and S now knows B's location. Then S tells A B's location and B - A's, and then A contacts B and they establish secure tunnel for the rest of A-B traffic. Sounds trivial, but with Hamachi both A and B can be behind their own NAT devices. Or only A may be, but B be initiating the tunnel setup. Alex John Aldrich wrote: Ok. Interesting point about the third node... but I thought you needed a proxy server for Hamachi as well, no? In your first email to the list (that I have) you said: Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the traffic flows directly between them. Does that mean that you do NOT use a proxy server in the middle? John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 02, 2005 12:09 PM To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... http://www.kaboodle.org/KaboodleProxy.html says - .. to find and connect with each other, by enabling connections through an echoServer which most likely means that they are relaying traffic through a third node. This is so last century :) Hamachi is p2p and this would probably be the biggest difference. Alex PS (rather big one) I have to disagree that having sources open makes the client any more _trustworthy_ than getting it in a binary. It makes it that much easier to debug, to change or to admire internal beauty, but a complete code audit will cost you a lot. IMO people tend to think that if an author opened the sources, there should be no evil there as presumably the code will get peer reviewed. And the very fact of a possible peer review would keep an author from planting nasty stuff into the code and thus make O/S code trustworthy. But ! .. Only major and most active O/S projects really benefit from the peer review, for the rest .. well, it just doesn't happen for them. I know this, and whoever is planning to f*ck people over with their evil client software do too. So they may as well release it as an open-source and get away with it. Just another flavour of a social engineering. Open source is just that - it is open, that's it. The trustworthness does NOT follow. Feel free to disagree :) John Aldrich wrote: Alex: How is your app better than Kaboodle and their KaboodleProxy? They make the client source available and they even sell the proxy so you can run it on your own machine(s), which in my book, makes it a bit more trustworthy than having to trust someone else's machine. Granted the proxy is sold in binary-only form, but at least you can run it on your own machine and sniff what's going on. John -Original Message- From: Alex Pankratov [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 01, 2005 4:25 PM To: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal technique for RealVNC users... I am principle designer and developer of Hamachi. I got few hits from this maillist, checked out the comments and since we don't have much information on the website I thought I'd offer some answers here. Since I just joined the list I don't have original emails, so here's a summary with my comments in it - Am I the only one who has at least a slight distrust of using a mediation server in the middle of a secure connection? Mediation server is NOT in the middle of the connection. All it does is allows clients locate their peers and learn their external (routable) IP/port numbers. The clients then hook up on their own and the rest of the
RE: CPU overloading in WinVNC connecting to Linux box
I had a similar problem connecting to a mac running osxvnc; it turned out the culprit was a pulsating cursor on the mac, which was causing continuous changes on the mac screen. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
Alex, If the two ends of the connection are both behind NAT routers then, without configuring those routers in some way, its fundamentally impossible to connect from one to the other. So what is it that you are claiming your mediation server does that makes this possible? Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Pankratov Sent: 02 March 2005 17:09 To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... http://www.kaboodle.org/KaboodleProxy.html says - .. to find and connect with each other, by enabling connections through an echoServer which most likely means that they are relaying traffic through a third node. This is so last century :) Hamachi is p2p and this would probably be the biggest difference. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
Alex, So, in fact, there is a degree of configuration required at at least one end (in order to allow the incoming connection through the NAT), and so this whole setup could be replaced by a dynamic DNS name for the server... :) Anyway guys, I think it's time this discussion moved elsewhere, since this is the VNC Discussion List, not the Hamachi Advertising Board! Cheers, Wez @ RealVNC Ltd. Sounds trivial, but with Hamachi both A and B can be behind their own NAT devices. Or only A may be, but B be initiating the tunnel setup. Alex ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: CPU overloading in WinVNC connecting to Linux box
Dave, A pulsating cursor shouldn't keep VNC Viewer noticably loaded at all! It should be a really pretty minimal amount of traffic, minimal update to the display, and unelss it's flashing incredibly quickly, not too fast either. Cheers, Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Dyer Sent: 02 March 2005 18:18 To: Nicholas Keown Cc: vnc-list@realvnc.com Subject: RE: CPU overloading in WinVNC connecting to Linux box I had a similar problem connecting to a mac running osxvnc; it turned out the culprit was a pulsating cursor on the mac, which was causing continuous changes on the mac screen. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
About dragging/dropping, copy/paste
Hi Is it possible to drag and drop from the VNC picture into the computer I use to se the other PC. Or we can called it copy, then paste.. Not very good in English, sorry for this... Best regard from Petter ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
So on a side note, I was one of the people that actually DID give Hamachi a try in my company and I did get it to work. After configuring my firewall to allow port 11975 and all upd ports on one test machine I got a connection to my home computer with VNC! There was one slight problem however... Once I got home and tried to connect to the machine in my company through my computer at home I was able to log in and see the desktop but my mouse wasnt able to control anything on my company computer. I dont know if this is because of Hamachi or because of VNC running through Hamachi. Any ideas or suggestions would be appreciated. -kdoh On Wed, 2 Mar 2005 19:05:57 -, James Weatherall [EMAIL PROTECTED] wrote: Alex, So, in fact, there is a degree of configuration required at at least one end (in order to allow the incoming connection through the NAT), and so this whole setup could be replaced by a dynamic DNS name for the server... :) Anyway guys, I think it's time this discussion moved elsewhere, since this is the VNC Discussion List, not the Hamachi Advertising Board! Cheers, Wez @ RealVNC Ltd. Sounds trivial, but with Hamachi both A and B can be behind their own NAT devices. Or only A may be, but B be initiating the tunnel setup. Alex ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: About dragging/dropping, copy/paste
copy paste is supported for the 'clipboard' that is if you copy some text to the clipboard on one computer it is on the clipboard of the other computer. so when you are connected the clipboard is synchronized. you cant move files in this manner, however. --Angelo On Wed, 2 Mar 2005 21:13:02 +0100, Petter Gulbrandsen [EMAIL PROTECTED] wrote: Hi Is it possible to drag and drop from the VNC picture into the computer I use to se the other PC. Or we can called it copy, then paste.. Not very good in English, sorry for this... Best regard from Petter ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Fw: About dragging/dropping, copy/paste
Is it possible to get another explonation. I did not understand it.. Sorry for this Petter - Original Message - From: Angelo Sarto [EMAIL PROTECTED] To: Petter Gulbrandsen [EMAIL PROTECTED] Cc: vnc-list@realvnc.com Sent: Thursday, March 03, 2005 1:14 AM Subject: Re: About dragging/dropping, copy/paste copy paste is supported for the 'clipboard' that is if you copy some text to the clipboard on one computer it is on the clipboard of the other computer. so when you are connected the clipboard is synchronized. you cant move files in this manner, however. --Angelo On Wed, 2 Mar 2005 21:13:02 +0100, Petter Gulbrandsen [EMAIL PROTECTED] wrote: Hi Is it possible to drag and drop from the VNC picture into the computer I use to se the other PC. Or we can called it copy, then paste.. Not very good in English, sorry for this... Best regard from Petter ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
James, It is very much possible. See the paper Scott linked for the basic idea behind it (the idea is BTW few years old already) - http://www.brynosaurus.com/pub/net/p2pnat Alex James Weatherall wrote: Alex, If the two ends of the connection are both behind NAT routers then, without configuring those routers in some way, its fundamentally impossible to connect from one to the other. So what is it that you are claiming your mediation server does that makes this possible? Wez @ RealVNC Ltd. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alex Pankratov Sent: 02 March 2005 17:09 To: John Aldrich Cc: vnc-list@realvnc.com Subject: Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users... http://www.kaboodle.org/KaboodleProxy.html says - .. to find and connect with each other, by enabling connections through an echoServer which most likely means that they are relaying traffic through a third node. This is so last century :) Hamachi is p2p and this would probably be the biggest difference. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: A simple, solid and stable P2P Bidirectional NAT Traversal te chnique for RealVNC users...
James Weatherall wrote: Alex, So, in fact, there is a degree of configuration required at at least one end (in order to allow the incoming connection through the NAT), and so this whole setup could be replaced by a dynamic DNS name for the server... :) Anyway guys, I think it's time this discussion moved elsewhere, since this is the VNC Discussion List, not the Hamachi Advertising Board! Agreed, didn't mean to be intrusive or disrespectful especially given it's not just some list. If anyone wants to continue this discussion, forward yourselves to H support forums. Alex ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
RE: Unexplained VNC behavior
Hello again, The source of the problem was finally found. VNC server was being invoked with XKEYSYMDB variable being set to /usr/lib/X11/XKeysymDB, it should of been set to /usr/openwin/lib/XKeysymDB. Once the correct path is used, then all of the keyboard and mouse related problems that I had been experiencing disappears. My ~/.vnc/xstartup file looks like now: #!/bin/sh [ -r $HOME/.Xresources ] xrdb $HOME/.Xresources xsetroot -solid grey vncconfig -iconic xterm -geometry 80x24+10+10 -ls -title $VNCDESKTOP Desktop set XKEYSYMDB /usr/openwin/lib/XKeysymDB /usr/dt/bin/Xsession Graham -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Helwig Graham-A11558 Sent: Monday, 28 February 2005 11:23 AM To: 'vnc-list@realvnc.com' Subject: RE: Unexplained VNC behavior Hello again, After a lot of experimentation and searching of the mailing lists I'm still no closer to resolving this problem. Can anyone help? I'm invoking vncserver v4.0 on a SunOS(v5.8) machine using the following command: vncserver -depth 8 -geometry 1280x1024 -cc 3 -alwaysshared This VNC session invokes dtwm. I'm viewing the vnc session on a PC(Win2000 pro) using vncviewer v4.0. There is something definitely going wrong when I open some pull down menus (particular the ones that control closing/resizing etc). Once this occurs, then weird things happen including: - mouse clicks have no effect. - mouse pointer shape/direction from right-left to left-right. It does not return back to normal (right-left). - I can enter text into existing xterm, but it won't appear until I move the mouse. It appears that the vncserver keeps on running but the mouse and keyboard commands are not getting through. I've tried using different machines locally and remotely. I've tried various vnc session window managers. I've tried invoking dtwm using dtwm, dtsession and xsession. I got the person on the remote end to replicate the same setup and the same problems as I'm seeing. All without success. Does anyone know what I'm doing wrong or what is going wrong? Is there any fix that I have missed? Thanks in advance. Graham -Original Message- From: Helwig Graham-A11558 Sent: Monday, 21 February 2005 5:59 PM To: 'vnc-list@realvnc.com' Subject: Unexplained VNC behavior Hello, I have been trying to connect from my PC to a remote Sun machine using VNC version 4. I have been experiencing the following problems: 1) When I click on certain pull down menus in some applications running on the remote machine, the session freezes. Restarting the VNC viewer does not unfreeze them, I have to kill and restart the VNC server. On occasions I have been able to recover the frozen session by randomly typing a few keys on the keyboard. 2) For some applications (ie. gvim) I can enter text into it, while other applications I cannot (when I should be able to). I also experience the same behavior when I VNC into the remote Sun machine from other Sun machine. However other people can VNC into this remote Sun machine with out any problems. Any help will be appreciated. Regards Graham ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
vnc woes (Windows - Linux)
Hi. I'm trying to get a vnc connection going between a Windows-based vnc4 server at work and a (Debian) Linux-based xvnc4viewer client at home. Once enter the password the connection to the server on the Windows host is successfully established, but it dies immediately with the error Connection rejected by user reported client-side. I assume that the reference to user in the error message means that it was the client-side machine that killed the connection. I figured this may have something to do with my home machine's firewall, but when I look at my log files I see no mention of any connection attempts rejected by the firewall at times even remotely matching those of my login attempts. How can I troubleshoot this problem? Thanks! kj ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Connectivity without Internet
Can I use Remote Access Software on my local network without any connectivity to web ??? - Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
Re: Connectivity without Internet
Gidday Sajjan yes only way to admin computers on a lan Sajjan Singhania wrote: Can I use Remote Access Software on my local network without any connectivity to web ??? - Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list -- -- Peter Blakeley - Attain Consultants - mobile: 0427-723-814 SECURITY Virus-Protection, Firewalls, Auditing, Upgrades, Repairs, Troubleshooting NETWORK Windows 2000, XP, Design, Setup, Management, Troubleshooting INTERNET Web site design, Java programming, JEE2, JSP, Servlets, RMI, EJB, XML, Workflow, Accounting, Web Services [ attainconsult.com ] [ coolcat.com.au ] Why open source? because I prefer to surf the wave to the beach rather than swim all the way in. ___ VNC-List mailing list VNC-List@realvnc.com To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list