Scott C. Best wrote: > First, when you press "Send" > on a web-browser form, all of the data in that form is sent at > once, in well-delineated form, making the data relatively easy to > identify. In a VNC session, by comparison, every *character* is > sent as soon as you type it, along with other RFB info to update > the visuals. That will make intercepting the data fundamentally > more difficult as it is "spread" across so many more packets, and > mixed in with so much other data.
Yes, it's encoded, it's compressed, it's scattered and it's mixed with lots of other data, but _that_does_not_matter_. Reassembling the scattered packets of a TCP session isn't difficult. Every operating system has the code to do that, and lots of monitoring programs too, and TCP is documented in case you really want to write it yourself. Decompressing and decoding the data stream isn't difficult either. VNC knows how to do it. The source code is free, and so is the RFB documentation. If I wanted to sniff other people's VNC traffic i'd first try to find an existing program to do this. If I couldn't find one I would: 1: use one of the existing programs that can intercept TCP sessions. Maybe I'd have to teach it how to recognize the RFB protocol. That's no big problem. 2: feed the keystrokes to a small program that would write them to a log file. If I'd need a translation table I could get one from any VNC server. 3: feed the screen updates to one of those VNC viewers that can record them as a video file. 4: feed the image data to one of the existing programs that perform character recognition on screenshots, and log the character data. Once this was done I could automatically record all VNC sessions on every network link I could get access to, and then I could scan the text logs for interesting tokens such as "Password" or whatever I'd be looking for. I'd be surprised if no one has done this already, and maybe even put the pieces together to a convenient program, but if not, it's probably just a matter of time. On the Internet, either you have encryption, or you have *no* security. Bjvrn Persson _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
