On 8 Mar 2003 at 22:18, Scott C. Best wrote:
> David:
>
> Heya. Have you given Kaboodle a try? It provides a
> functionality similar to SSH tunnels for remotely accessing all
> of the VNC servers on a given LAN, but IMO it's better integrated,
> having a builtin VNC connection manager and server-detection system.
> You can find it here: "www.Kaboodle.org". It's Windows only right now,
> and it uses Zebedee as the secure-tunnel.
>
> I won't spam this list with two many details,
Obviously in the end its up to to James Weatherall and all the great
folks at realvnc. However, I for one think that its perfectly legitimate
and a positive(even essential) aspect of the list to discuss helper,
ancillary and variants of VNC on the list. I certainly don't consider it
as spam.
> but it
> works like this: install Kaboodle on a PC in each of the two
> LANs, and setup the firewalls to port forward TCP 4182 and
> 11965 (adjustable) to the two PC's. Once the two LANs are
> connected, you can initiate any number of VNC connections from
> one side to the other, and the data will all "share" the one
> tunnel between the two LAN's. Kaboodle can do a secure file-
> transfer across the connection (or, of course, intra-LAN) as
> well.
>
> It's a little edgy in places, but I'd be interested in
> what you think.
> I'm working now on a version that allows for
> a secure tunnel to be setup that doesn't require touching the
> firewall settings on either side of the connection.
With all due respect I must admit to being a bit edgy about your
proposal. That is not to say that I am not very grateful for the
work you have done on Kaboodle and I am looking at adding it
to my toolkit for managing small lans.
My worries go like this:
1. Setting up a VPN tunnel to remotely bridge/manage a
lan is a great tool.
2. However, the power of tools like this carry serious
and inescapable security implications.
3. If you don't have control of the firewall's/routers at
both ends because you are not the network management
do you have the right to place what is effectively a
stealthed tunnel between the two lans ?. In all organizations
I know this would be considered gross misconduct.
4. If you do own/manage both lans and it is not normally
a big problem to redirect two ports.
5. The availability of a tool to stealth a VPN between lans,
would be so say the least, an additional and difficult to
detect security hole for network managers.
6. I would also point out the current Worm using port 445 to
install VNC on Windows 2000 and later pcs. The use of
a similar Worm to install Kaboodle with stealthed VPNs
is not very pleasant to contemplate.
Please, please do not take this as an attack on you but rather
as constructive comment.
With very best wishes
Peter Ball
> cheers,
> Scott
>
> > Hi again :-)
> >
> > I have a dyndns domain name at home and point all incoming
> > connections to a Linux box that currently doesn't run X (it will
> > take me a while to get that fixed, too, though one could also argue
> > the merit of putting X on an ssh/ftp/http server and calling it
> > "fixed" at all). My laptop is on an internal address within the
> > network. It's great to be able to get to my files from Dad's house
> > or a client's site or wherever. As you saw in my other post, I'm
> > working toward running vnc on the laptop so that I'll even be able
> > to access my running desktop.
> >
> > I could manually configure the router/NATter, which currently sends
> > everything to the gateway box, to send VNC packets to my laptop, but
> > what about my wife's laptop or anything else in the house? Worse
> > yet if I reboot into Windows temporarily and pick up a different
> > address via DHCP.
> >
> > Is there a proxy that I can run on my gateway box that will let me
> > connect via vncviewer, pick the target address or hostname, and then
> > enter the vnc password for that system as usual? Can it be done
> > some other -- perhaps simpler -- way?
> >
> >
> > TIA & HAND
> _______________________________________________
> VNC-List mailing list
> [EMAIL PROTECTED]
> http://www.realvnc.com/mailman/listinfo/vnc-list
-----------------------------------
Peter Ball
Computers For Linguists
[EMAIL PROTECTED]
Tel: +44(0)20 7732 1741
Fax: +44(0)20 7358 9214
Mobile: +44(0)77 1968 2913
45 Endwell Road, London, SE4 2PQ, United Kingdom
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
http://www.realvnc.com/mailman/listinfo/vnc-list
