Re: remote port unlocker - does such a thing exist??

From: Scott Duckworth (scott@astnetworks.com)
Date: 07/10/02 

From: Scott Duckworth <scott@astnetworks.com>
Date: Wed, 10 Jul 2002 03:32:30 -0400

On Tuesday 09 July 2002 04:12 pm Ant wrote:

> Can anyone tell me if there is a utility out there that would allow me
> to remotely lock/unlock ports?
>
> Just to clarify, a typical scenario is as follows - I leave a VNC
> server (or could be any other server) running on my home system. I
> also leave this 'remote port unlocker' utility running on my home pc
> too, which sits there listening to one port of my choice. Later, while
> at work, I wish to access my home pc using a VNC viewer, so I run this
> utility on the computer at work to unlock the port used for VNC on my
> home pc. I then use VNC for a few minutes, then when I've finished I
> run the utility again to lock the port.
>
> Would be good if the utility works in stealth mode - If the utility
> does not receive a correct password with the request, then it returns
> no acklowdgements etc, aka stealth mode in ZoneAlarm (which I use by
> the way).
>
> Any suggestions?
>
> Would be really nice to leave a VNC server running at home, but I'm
> worried about security. My setup is Windows 2000 SP2 and ZoneAlarm.
>
> Ant

Hard way that is almost what you want:

Yes this is probablly possible, but probablly not without doing some
programming - there is no program that I know of that can do this. If
there is some way of turning off VNC via the command line or through some
other method in the programming language you choose, then it should work.
What I think you would need to do would be to make the "remote port
unlocker" use the UDP protocol to listen for an unlock request. The reason
you need to use UDP instead of TCP is that with TCP there is going to be a
reply to anybody to connects to your program, therefore throwing the whole
"stealth" thing out the window. This is just the nature of TCP - search
the web to find out why if you wish.

With UDP, no replies of any kind need to be sent unless you tell the program
to do so. You can just tell your client program to send the username and
password and have the server authenticate the user and start up VNC.

One major problem with this is that if anybody sniffs this packet you are
pretty much screwed - they could replicate this packet at any time and have
access to your server. Encryption is not really an option in this case
because you would have to use the same key all the time unless you could
find another way to sync the keys between the two computers.

Pros: Does exactly what you want.
Cons: Reliable username/password encryption is next to impossible.
       Programming required.
       Security holes might be introduced with this new program.

Easy way that is almost what you want:

You could get the tried and true SSH (Secure Shell) server for windows - I
know it exists but I can't think of it's name right now. This will give
you the ability to run any program from the command line. This is also
fully encrypted. The only disadvantage is that SSH uses TCP, meaning that
a "stealth" status is impossible without knowing the IP of every possible
computer. Even if you did know every possible client IP, I still don't
know if the Windows TCP/IP stack would allow for a "stealth" status with
other computers.

Pros: Encrypted username/password.
       Tried and true program has very little chance of being cracked.
Cons:

The bad thing about the whole encryption deal is that (I think) VNC is not
encrypted. This means anybody could watch your every move, including
keystrokes and mouse movements!

The right, secure way to do what you want:

Get Linux. It is a pain in the *** to learn, but what you want to do is
theoretically possible. You could use an encryption layer such as stunnel
to tunnel your X session (graphical interface), using XDMCP to log into
your computer. This would leave no trace of your computer to portscanners
(stealth) and everything would be encrypted.

This, however, can be a huge task coming from Windows, although I do
recomend this method. A year ago I had no idea of how to use Linux, not to
mention I hardly even knew what it was.

Well, good luck! 

-- 
Scott Duckworth
Computer engineering student and wanna-be know-it-all. ;)