UltraVNC

[dpuckett]

I have things working fine using a repeater. What I have concerns about is that during my testing when I connect to the repeater using 'vncviewer_ssl.exe' I do not have to authenticate myself. What would prevent an attacker from connection to a repeater and simply attempting to connect to random ID:Numbers. Is there a simple way to prevent this?

[snobs]

nothing would prevent it... but at first it is very unlikely that a customer (server) connects to the repeater while someone bad connects to it (with ssl client) and second: the one i am talking about has even has to use the same ID.

[dpuckett]

Is there any way to restrict which addresses are allowed to connect from a vncviewer_ssl without breaking the server side connection, since they both connect over port 443?

[dpuckett]

Actually I have my answer. Simply use RC4 Encryption with a new key to ensure end2end encryption should protect againts certain attacks. If someone could post snobs "create your own certificate" util I would feel much more confident in implementing. Thanks

[snobs]

there is a working link again - look into my post...

and an additional encryption is overhead... if you use SC3 there is already ssl encryption, which should do the job...

[dpuckett]

Thank you snobs. As far as encryption goes. Does using SSL only create a 'gap' at the repeater where both ends are unencrypted? That is how I perceived it where using RC4 is true end2end. Or am I wrong?