> >AuthHosts "-:+127.0.0.1" listens on all adaptors and rejects connections
> >from any external address other than 127.0.0.1. LoopbackOnly only
listens
> >on the loopback adaptor, so the only possible address of a connecting
> >connection is 127.0.0.1. They are not the same thing.
>
[snip]
> At least, my security paranoid friends assure me that this is possible...
> If it turns out they've been lying to me for the last several years,
please
> try to limit the flamage, because I am very sensitive to heat ;-)
Even if this is not possible, the fact that they can connect to a VNC port
at all provides an attacker with some information. Not listening externally
on that port at all will divulge no information on what you are running to
outsiders.
Cheers,
James "Wez" Weatherall
--
"The path to enlightenment is /usr/bin/enlightenment"
Laboratory for Communications Engineering, Cambridge - Tel : 766513
AT&T Labs Cambridge, UK - Tel : 343000
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
