[Full-disclosure] Some VNC doubts : access server behind TCP/IP proxy or gateways

From: Aditya Deshmukh (aditya.deshmukh_at_online.gateway.strangled.net)
Date: 07/05/05

  • Next message: Ill will: "Re: [Full-disclosure] Some VNC doubts : access server behind TCP/IP proxy or gateways" 
    To: <full-disclosure@lists.grok.org.uk>
Date: Tue, 5 Jul 2005 10:56:09 +0530

    Hi List,

    I have a very peculiar problem about accessing VNC server behind gateways
    and proxy server...

    Here is the background info...

    I have a client who has pretty big vnc installation base mostly windows but
    Linux and Solaris also includes.

    Most of the Road Warriors have windows with vnc and ssh installed on them (
    mostly winxp sp2 )

    VNC is used to remote admin or support for some of the road warriors. But
    most of the times when the VNC server is behind a gateway like this it wont
    connect.

    [ Internet ] -- [ Gateway ] --- [ Lan ]

    The work about is to use the UltraVNC relay service, but if you don't have
    any control over the gateway this becomes impossible to operate. And I hate
    to open ports in the firewalls of the road warriors' computers.

    Is there a way something like reverse shell that allows someone to connect
    to a VNC server, behind gateway and through firewalls without opening any
    holes in it or a tcp/ip proxy that is proxy that does not allow connections
    from the internet ?

    Basically, The user initiates the connection and the helpdesk can use the
    same socket to the laptop for connection over VNC ( vnc encryption and
    compression have already been taken care of, and only one socket is needed
    for all this- for a firewall I would require only one hole )

    Any help would be appreciated - aditya

    ________________________________________________________________________
    Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: Ill will: "Re: [Full-disclosure] Some VNC doubts : access server behind TCP/IP proxy or gateways"

    Relevant Pages

    • Re: [Full-disclosure] Some VNC doubts : access server behind TCP/IP proxy or gateways
      ... > I have a very peculiar problem about accessing VNC server behind gateways ... > and proxy server... ... > any control over the gateway this becomes impossible to operate. ...
      (Full-Disclosure)
    • Using iptables to foward vnc
      ... I want to forward a vnc connection using ... Connecting to the vnc server (via tightvnc's java/web-browser ... goes through the gateway gets an ICMP Destination Unreachable. ...
      (Fedora)
    • Re: how to change the port vnc is running?
      ... >>the port change is something to do with X or vnc. ... >gateway and view my parents desktops. ... Or just tunnel the vnc in ssh, and make vncviewer set up the connection: ...
      (Fedora)
    • How did they get past my NAT?
      ... kicked in on my VNC server - my desktop background image disappeared ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ...
      (comp.security.firewalls)
    • RE: VNC icon in systray
      ... Yes you can.If you intend to use VNC to provide remote access to a computer, ... you will probably prefer to install VNC Server in Service-Mode. ... Service-Mode, VNC Server can allow remote connections even while the computer ...
      (microsoft.public.windowsxp.help_and_support)