[TriLUG] requirements for classes...

Timothy A. Chagnon tchagnon at nc.rr.com
Thu Apr 29 15:24:10 EDT 2004


On Thu, 2004-04-29 at 14:22, Brian A. Henning wrote:
> I remember hearing VNC wasn't safe to do in-the-clear on an unsecured
> network...  Or is that just X?  At any rate, it would simplify your port
> issues (at the router, at least) if you tunneled vnc through ssh anyhow..
> or will that be too much of a performance hit?  Not that I know how to do
> that..  just that it can be done. :-)

Yes, the protocol (rfb?) that vnc uses is wicked simple and can be
snooped by just capturing the data stream and playing it back with a
slightly modified vncviewer.  Really just mouse & keyboard to server and
chunks of image to client.  You need a man-in-the middle sort of proxy. 
I set it up for a client last year that wanted to keep records of
emergency (fix-the stupid M$-SQL server) off-hours vnc stuff.

SSH tunneling it is easy, just port forward.  Certainly a performance
hit, maybe a couple hundred miliseconds added latency and 25% extra
bandwidth usage.  That's just guessing about some testing I did over a
year ago.  Probably not worth it for non-sensitive educational data.

-Tim
-- 
Timothy A. Chagnon <tchagnon at nc.rr.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040429/41006b26/attachment.pgp>


More information about the TriLUG mailing list