On Sun Oct 01, 2006 at 08:31:43AM -0400, Jesse wrote: > >Are any of the connections actually successful? The one's you posted > >look to be connection attempts which have failed (they appear to be > >attempting to exploit the earlier security flaw). > > Uuumm. Why would you say that? Maybe I mis-read this, but several of the > items say, "Connections: accepted: 71.141.133.10::62311". To me, that means > that the connection was accepted. Sure, there was a "closed", and "unknown > listener event: 0" error all in the same second, but it's the "Connections: > accepted" part that concerns me. Why would VNC post a message to the event > log stating that a connection was accepted if it was not accepted? > I'm not familiar with VNC log messages as such, but normally a "connection accepted" message just means that an initial connection has been made (i.e. something has connected to the service). This is logged before any security checking (and possibly even before any protocol checking). The authentication process is then done and the connection is closed if the remote client fails to authenticate successfully.
> >BTW, running VNC without any encryption presents security issues of its > >own - the keypresses & screen updates can be sniffed on the network. > >I'd advise either using an encrypted tunnel (ssh/vpn/zebedee/etc) or > >getting one of the commercial versions of VNC which include encryption. > > I considered purchasing either a personal or enterprise version of VNC at > one point, but just never did that. If I did that, would the person on the > other end need a personal or enterprise version as well in order to be able > to connect with an encrypted connection? > I believe so, yes - I've never used either though, so I can't say for sure. > I considered using VPN, but that's proven too difficult to make work. Plus, > when I connect, I'll be "out there" with my laptop, and could be connecting > through who knows what sort of network, so I cannot tell my router what WAN > IP address I'm connecting through. So, I think for now, VPN is out. I'll > research ssh and zebedee, I've heard of SSH, but don't know how to set it > up, and I've never heard of zebedee before. > Yes, VPNs are more complicated and mostly useful for fixed connections (and only worth the bother if you're needing to connect multiple services). Zebedee is a pretty simple client-server encrypted tunnel available for various operating systems (see http://www.winton.org.uk/zebedee/ for details). Cheers, Robin P.S. Can you please try to make sure replies go to the list - it'll help anyone with a similar issue in future. -- ___ ( ' } | Robin Hill <[EMAIL PROTECTED]> | / / ) | Little Jim says .... | // !! | "He fallen in de water !!" | [demime 1.01d removed an attachment of type application/pgp-signature] _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
