[ale] VNC how to punch thru DSL modem

Bob Toxen transam at verysecurelinux.com
Sat Mar 10 15:25:05 EST 2007 

On Thu, Feb 22, 2007 at 10:36:32PM -0500, H. A. Story wrote:
> NO NO NO NO NO NO NO NO !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
What he said!  VNC scans are the most common scan I see on my
clients' firewalls.  Don't do it!

> Do Not ever Open VNC to the net.  Major hack problem.   Even if you open 
> it thinking you will close it later.  Still a bad idea.  I got lucky.  I 
> had opened it on my home machine and didn't run vnc server all the 
> time.  I just happen to be setting here watching TV and the mouse 
> started heading for the start menu.  I was fast enough to drop the 
> connection.  Then check the access logs from the firewall and then start 
> blocking that range of IP address owned by that ISP.  Which turned out 
> to by a T-mobile AP in Denmark.    Besides you the DSL modem is doing 
> DHCP and you forward remote VNC to her machine,  who is to say she will 
> still get the same IP next week?
> 
> Now here is a solution for you.  And it will make you look like one of 
> those fancy computer stores that do remote support.   We use it at work 
> to help.  you need to have a way to serve the access program or send it 
> to her to save on the desktop.   There are some requirements like static 
> IP address.  Now look at this http://www.uvnc.com.  You setup up a 
> client, Actually it is vnc server, that can be downloaded and this 
> client/server will know who to call you and connect to you.  You then 
> have vncviewer running in listen mode.  No passwords and such a little 
> more secure in that you are not leaving the VNC port open on the net and 
> that you can stop and start the listen daemon on your side.  And it will 
> not matter what OS is connecting to you.
> 
> With all that said,  keep in mind that the traffic is not encrypted.   
> And that by default bellsouth DSL modems don't allow remote access, a 
> good thing.   You can bridge it and put in a router such as a VPN 
> router.  You would then have a VPN to their LAN.  You could do RDP or 
> VNC then without going over the Internet.
> 
> Adrin
> 
> 
> jtholmes wrote:
> > My parents are in Florida, I am in Atl.
> >
> > One has XP the other Kubuntu.
> >
> > I set up the Kubuntu with TightVNC so I could take over Mom's machine
> > when she is having problems.
> >
> > However, I am sure I will have to set up the Bell South Modem
> > to allow some VNC port of my choosing so I can get to Her machine.
> > Not sure it makes a difference but they have the later Black 5 light
> > Bell South Supplied modem.
> >
> > Anyone know were there is a tutorial, or better yet someone on ALE
> > does this and has written it up. Either way is OK as I want to learn
> > as much about the process as possible.
> >
> > thanks
> > jt
> > _______________________________________________
> > Ale mailing list
> > Ale at ale.org
> > http://www.ale.org/mailman/listinfo/ale
> >
> >   
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list