Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://twitter.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

Stupid question

SC <-> Proxy <-> Repeater <-> Proxy <-> Viewer
Post Reply
dpuckett
Posts: 6
Joined: 2007-03-21 16:34

Stupid question

Post by dpuckett »

I have things working fine using a repeater. What I have concerns about is that during my testing when I connect to the repeater using 'vncviewer_ssl.exe' I do not have to authenticate myself. What would prevent an attacker from connection to a repeater and simply attempting to connect to random ID:Numbers. Is there a simple way to prevent this?
snobs
8
8
Posts: 20
Joined: 2005-04-23 02:05
Location: germany/stuttgart

Re: Stupid question

Post by snobs »

nothing would prevent it... but at first it is very unlikely that a customer (server) connects to the repeater while someone bad connects to it (with ssl client) and second: the one i am talking about has even has to use the same ID.
dpuckett
Posts: 6
Joined: 2007-03-21 16:34

Re: Stupid question

Post by dpuckett »

Is there any way to restrict which addresses are allowed to connect from a vncviewer_ssl without breaking the server side connection, since they both connect over port 443?
dpuckett
Posts: 6
Joined: 2007-03-21 16:34

Re: Stupid question

Post by dpuckett »

Actually I have my answer. Simply use RC4 Encryption with a new key to ensure end2end encryption should protect againts certain attacks. If someone could post snobs "create your own certificate" util I would feel much more confident in implementing. Thanks
snobs
8
8
Posts: 20
Joined: 2005-04-23 02:05
Location: germany/stuttgart

Re: Stupid question

Post by snobs »

there is a working link again - look into my post...

and an additional encryption is overhead... if you use SC3 there is already ssl encryption, which should do the job...
Last edited by snobs on 2007-04-02 21:38, edited 1 time in total.
dpuckett
Posts: 6
Joined: 2007-03-21 16:34

Re: Stupid question

Post by dpuckett »

Thank you snobs. As far as encryption goes. Does using SSL only create a 'gap' at the repeater where both ends are unencrypted? That is how I perceived it where using RC4 is true end2end. Or am I wrong?
Post Reply