Home page logo

basics logo Security Basics mailing list archives

Re: vnc server
From: hytham.a () securityfocus com, gmail () securityfocus com, com () securityfocus com
Date: 24 Jan 2006 03:20:30 -0000

Depending the version of VNC you'd like to utilize, the short answer would be; yes you are exposing yourself to 
additional risks.  Naturally, each new port you open up on your host, you allow an attacker another avenue of 
opportunity to gain access to any data stored on your machine.  Now back to VNC.  Unfortunately the only encrypted 
mechanism offered is during the authentication phase and password storage on the client side - even then, the password 
stored utilizes a static 3DES key which is easily obtainable.

If you'd like to remotely administer your system, running VNC through a ssh tunnel would be your best option.  
Mitigations: Man in the middle attacks are null, and all data transmitted is now encrypted and prevents prying eyes.  
If you have sshd configured on your system running the vnc server, the following from the client would forward your 
session through:

ssh -l <username> -L <local port>:localhost:<remote vnc port> <ip address>

So:  ssh -l admin -L 1234:localhost:5900

Fire up your vnc client and connect locally to port 1234 and that will redirect your vnc session to the remote host on 
port 5900.

I hope that makes sense :)

The Norwich University program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Tailor your education to your own professional goals with degree 
customizations including Emergency Management, Business Continuity Planning, 
Computer Emergency Response Teams, and Digital Investigations. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]