> In that case, as long as your router does not forward connections > from the Internet that are VNC related then there is no need to > set-up AuthHosts as any such attempted connections from the Internet > will be blocked by your router.
I believe that is the case. I haven't explicitly opened any VNC ports on the router. The test tools I know of (grc.com, dslreports.com) only check the first 1056 ports, but those ports are locked solid. But I thought it was prudent to close down the AuthHosts just in case -- belt and suspenders. > I assume that there is no snooping within the network.... Right. This is a small private LAN in our house, with 5 computers on it for our several businesses. The only people with physical access to the computers are my wife and I. The router is a Wifi access point but I've locked that down as securely as I can. (No SSID broadcast, encrypted transmissions, connections limited to a specified set of MAC addresses, etc.) I feel fairly safe from external attack. I just wanted to make sure VNC wouldn't open up a new security hole. If I understand the mechanics properly, VNC opens up ports on the server. Behind the router, clients have no problem accessing those ports. But unless I explicitly open up those ports in the router, those open server ports are absolutely invisible to the outside world. Correct? It's possible that at some point I may want to allow one or two outside hosts access to the VNC server. That would require me to open up the ports on the router, which makes my network more visible than I like but it seems to be a necessary evil. But even if the ports are open, no one can touch the VNC server unless they're included in the AuthHosts list. So in theory, even if I opened the router ports, nobody could access my VNC server because my AuthHosts is "-:+192.168". Right? Thanks! Gary _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
