How to prohibit unauthorized repeater use?

Simple, Free, Open Source UltraVNC Wrapper Supporting Windows and Mac OSX.

How to prohibit unauthorized repeater use?

Postby Pedja » 2010-11-26 16:14

I've made repeater accessible on publi cIP and ChuckVNC works fine.

Now, i am conserned that someone unauthorised may use my router. I have limited and costly resources, so I would like to be able to control it's usage.

Is there a way to limit viewer connections somehow? I guess if unknown users cannot connect using viewer, I am good.

Limiting by IP will not work, as whole point of chuchVNc is to be used from everywhere.

I am considering using, VPN but that would be quite limiting factor.
Pedja
8
8
 
Posts: 15
Joined: 2005-06-30 14:22

Re: How to prohibit unauthorized repeater use?

Postby supercoe » 2010-11-26 17:25

The easiest way is to block connections to the repeater on the viewer port (5901).
If you need to use the viewer outside of your LAN after blocking the viewer port you'll have to setup a simple VPN.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: How to prohibit unauthorized repeater use?

Postby JonD » 2010-11-27 22:58

The Linux version of the repeater that I use allows you to restrict connections based upon ID.

If you modify ChunkVNC to allow a very limited range of IDs and (possibly) not even display them to the end user you can get a degree of security... not perfect of course.

JonD
Last edited by JonD on 2010-11-28 23:50, edited 1 time in total.
JonD
40
40
 
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Postby Pedja » 2010-11-29 12:20

Well, blocking port leads to the same problem as blocking IP, it would not be accessible from everywhere. I would like to avoid VPN.

I saw TeamViewer, asks passwords along with ID, which helps at least in manner that i protects accessing servers by anyone.

I notied in SRC\InstantSupport_Files\ultravnc.ini there is

[ultravnc]
passwd=DE1D75CB847AB2FAD7
passwd2=BEB49784199CB48172


Can I change these passwords? Would that prevent third party to use his own VNC viewer?
Pedja
8
8
 
Posts: 15
Joined: 2005-06-30 14:22

Re: How to prohibit unauthorized repeater use?

Postby supercoe » 2010-11-29 15:02

With version 3.1 for someone to take control of a server they would need to know the ID# and have access to the encryption key. Both possible.

With version 3.2 someone would need to know the ID# of the server, have the correct version of SecureVNC and decrypt the password. All possible.

Really there isn't much stopping a skilled hacker from gaining access, it's a fine line between ease of use and security.

Nothing is better than securing the operating system when installing remote applications.

Since ChunkVNC is currently more focused on quick support calls and less so on permanent installs the security is considered "good enough". For now. ;)
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: How to prohibit unauthorized repeater use?

Postby JonD » 2010-11-29 18:05

I'm not sure but I think what he is concerned about is someone using the repeater... not necessarily connecting to one of the clients. In other words another individual setting up server/viewers on his repeater???

This is a different issue, I think.

JonD
JonD
40
40
 
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Postby supercoe » 2010-11-29 20:08

Thanks for the clarification, I understand the issue now.

At this time there isn't much you can do with a repeater in a public location. :(

In the future more security will be built into the repeater.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: How to prohibit unauthorized repeater use?

Postby JonD » 2010-11-29 20:24

That's why I like the repeater application that I use since you can restrict in various ways access... the restriction I use is the range of ID's.

I only ever need about 3 IDs for my support at any one time and I chose #'s that could (eventually) be found but it would take a while.

I don't display the #'s at the server end either.


JonD
JonD
40
40
 
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Postby Pedja » 2010-11-30 14:00

How do you deal with issue that ChunkVNC server generates ID on his own?
Pedja
8
8
 
Posts: 15
Joined: 2005-06-30 14:22

Re: How to prohibit unauthorized repeater use?

Postby supercoe » 2010-11-30 14:46

Pedja,

I'm sure JonD just modified SRC\InstantSupport.au3 to only connect with the ID numbers that he wants.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: How to prohibit unauthorized repeater use?

Postby JonD » 2010-11-30 14:53

You would have to make changes to InstantSupport.au3.

I've made a number of different changes for my own situation... however, I think that the following might work for you. They are based upon v3.2:
Line 42:
Global $GenerateID = False
Line 45:
Global $IDNumber = the number you want
You may also need to enter the number in instantsupport.ini unless you make other mods as well.

A better method, would be to simply adjust the range to be more restrictive:
Lines 177 & 178
$LowerLimit = 417655
$UpperLimit = 417656
would force the value to 417655
or
$LowerLimit = 417655
$UpperLimit = 417656
would allow a limited range

Then compile.

Neither of these changes have been tested by me. You will find the source code quite logically laid out with descriptive variables and comments that make it fairly easy to make these kind of small adjustments. Just make sure you keep backup copies of before and after changes.



JonD
Last edited by JonD on 2010-11-30 18:07, edited 3 times in total.
JonD
40
40
 
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Postby supercoe » 2010-11-30 17:16

JonD wrote:You will find the source code quite logically laid out with descriptive variables and comments that make it fairly easy to make these kind of small adjustments.


Wow, what a compliment!
That was the idea. :D :D :D
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
User avatar
supercoe
Super-Mod
Super-Mod
 
Posts: 1735
Joined: 2009-07-20 21:27
Location: Walker, MN

Re: How to prohibit unauthorized repeater use?

Postby RUS » 2011-03-06 18:10

Yes indeed, an attacker can learn the name of the server, it can configure it for themselves.
The only solution to run multiple repeater, configured with different ports and configure InstantSupport.exe with one id.
Run the repeater.exe must be from the new folder (1) (2) (3 )....
RUS
8
8
 
Posts: 10
Joined: 2010-12-16 19:52


Return to ChunkVNC

Who is online

Users browsing this forum: No registered users and 2 guests