VNC and port forwarding

I'm away from home a fair bit, but sometimes need to sort out some printing
and other work. So I'm trying to set up VNC

My wife's (xp) wireless netbook has the IP 192.168.1.x (set using DHCP from
the D-Link router)

I've enabled port forwarding on the router for:
'private IP' 192.168.1.20 (the first number),
'all protocols',
'start port 5900',
'end port 5900' (+ the same off-set for each port) and using
'connection PVC0'

This seems to work all right. Is that it? or am I leaving something
vulnerable to attacks?

I wasn't sure what options might go in the 'protocols' setting

TIA

John

--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.

About 95% of quoted statistics are probably made up

On Mon, 12 Oct 2009 16:10:22 +0100, JTM <(E-Mail Removed)> wrote:

> I'm away from home a fair bit, but sometimes need to sort out some printing
> and other work. So I'm trying to set up VNC
>
> My wife's (xp) wireless netbook has the IP 192.168.1.x (set using DHCP from
> the D-Link router)
>
> I've enabled port forwarding on the router for:
> 'private IP' 192.168.1.20 (the first number),
> 'all protocols',
> 'start port 5900',
> 'end port 5900' (+ the same off-set for each port) and using
> 'connection PVC0'
>
> This seems to work all right. Is that it? or am I leaving something
> vulnerable to attacks?

If you are using password authentication then that should be as safe as the
strength of the chosen password.

I would nail down the IP address of the netbook by setting it to be fixed
and not rely on it getting the same address each time from DHCP.

Is your home Internet on a fixed IP address or are you using DynDNS etc?

Tony

In message <(E-Mail Removed)>, JTM <(E-Mail Removed)> writes

>This seems to work all right. Is that it? or am I leaving something
>vulnerable to attacks?

VNC has a poor reputation for security. One reason is that it sends
passwords as clear text. That may not be an issue if all you keep on the
machine is your own personal data. If you keep any of your employer's
data on the machine you should get their permission and advice.

The usual advice for making VNC more secure is to use SSH tunnelling
using stunnel or similar. The VNC server should then be locked so that
only local users (including those using tunnels) can connect.



--
Bernard Peek

In article <(E-Mail Removed)>,
Bernard Peek <(E-Mail Removed)> wrote:
> In message <(E-Mail Removed)>, JTM <(E-Mail Removed)> writes

> >This seems to work all right. Is that it? or am I leaving something
> >vulnerable to attacks?

> VNC has a poor reputation for security. One reason is that it sends
> passwords as clear text. That may not be an issue if all you keep on the
> machine is your own personal data. If you keep any of your employer's
> data on the machine you should get their permission and advice.

> The usual advice for making VNC more secure is to use SSH tunnelling
> using stunnel or similar. The VNC server should then be locked so that
> only local users (including those using tunnels) can connect.

Thanks to A R Gold, Alex Fraser and yourself for the replies.

The home address is not fixed, so I'll need grandson or someone to
switch on and tell me what it is. (whatismyip.com?)

I'll have to read up on SSH tunnelling and address Reservation.

So far though, this VNC seems easier than my attemps to set up home
networks for XP, Vista, RISC OS and Mandriva / Kubuntu. Only partially
managed that over the last few years while I seem to have VNC working
within a week!

Tomorrow I get to see if it works from France as well as it has from a
couple of miles away.

Thanks again

John

--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.

The grave's a fine and private place, but none I think do there embrace

On Mon, 12 Oct 2009 20:09:20 +0100, JTM <(E-Mail Removed)> wrote:

> The home address is not fixed, so I'll need grandson or someone to
> switch on and tell me what it is. (whatismyip.com?)
>
> I'll have to read up on SSH tunnelling and address Reservation.

http://www.dyndns.com/ is free will allow you to address the home by some
chosen hostname (eg: (E-Mail Removed)) regardless of its changing IP
address, which should be far simpler.

> Tomorrow I get to see if it works from France as well as it has from a
> couple of miles away.

If you need help either opening the free account or installing the DynDNS
client software then ask again.

Tony

On Mon, 12 Oct 2009 20:46:58 +0100, "Anthony R. Gold"
<not-for-(E-Mail Removed)> wrote:

> On Mon, 12 Oct 2009 20:09:20 +0100, JTM <(E-Mail Removed)> wrote:
>
>> The home address is not fixed, so I'll need grandson or someone to
>> switch on and tell me what it is. (whatismyip.com?)
>>
>> I'll have to read up on SSH tunnelling and address Reservation.
>
> http://www.dyndns.com/ is free will allow you to address the home by some
> chosen hostname (eg: (E-Mail Removed)) regardless of its changing IP
> address, which should be far simpler.

Sorry, that should of course be jtmhome.dyndns.org and not wot i rote b4.

Tony

Anthony R. Gold wrote:
> On Mon, 12 Oct 2009 20:46:58 +0100, "Anthony R. Gold"
> <not-for-(E-Mail Removed)> wrote:
>
>> On Mon, 12 Oct 2009 20:09:20 +0100, JTM <(E-Mail Removed)> wrote:
>>
>>> The home address is not fixed, so I'll need grandson or someone to
>>> switch on and tell me what it is. (whatismyip.com?)
>>>
>>> I'll have to read up on SSH tunnelling and address Reservation.
>> http://www.dyndns.com/ is free will allow you to address the home by some
>> chosen hostname (eg: (E-Mail Removed)) regardless of its changing IP
>> address, which should be far simpler.
>
> Sorry, that should of course be jtmhome.dyndns.org and not wot i rote b4.
>
> Tony
I'm using the free

https://www.no-ip.com

has worked flawlessly for a year on my father's pc.

A good way of getting/checking the IP address of the remote PC is to get
them to send you an email and look at the first received from in the
headers/source - dynamic IP address dont change that often if you leave
the router switched on.

In article <(E-Mail Removed)>,
JTM <(E-Mail Removed)> wrote:

> Tomorrow I get to see if it works from France as well as it has from a
> couple of miles away.

Well I've been in France for a few days and today needed to try to print
some documents at home in Lancs. Daughter switched wife's netbook on and
grandson looked after the printer in the attic. VNC (ultraVNC actually
'cos realvnc won't work with Vista) did the job and I'm a happy chappy.

Thanks again folks.

John

--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.

Health is not valued until sickness comes

JTM wrote:
> In article <(E-Mail Removed)>,
> JTM <(E-Mail Removed)> wrote:
>
>> Tomorrow I get to see if it works from France as well as it has from a
>> couple of miles away.
>
> Well I've been in France for a few days and today needed to try to print
> some documents at home in Lancs. Daughter switched wife's netbook on and
> grandson looked after the printer in the attic. VNC (ultraVNC actually
> 'cos realvnc won't work with Vista) did the job and I'm a happy chappy.
>
> Thanks again folks.
>
> John
>

The free version of RealVNC won't work with Vista, you have to use the
Personal Edition, which is about £20. Does UltraVNC have a "listening
client" option? I find that very useful.

Phil, London

In article <mWCCm.25705$(E-Mail Removed)2>,
Philip Herlihy <(E-Mail Removed)> wrote:

> The free version of RealVNC won't work with Vista, you have to use the
> Personal Edition, which is about £20. Does UltraVNC have a "listening
> client" option? I find that very useful.

> Phil, London

It has UltraVNC viewer listen mode and UltraVNC viewer listen
mode(Encrypted)

--
John Mulrooney
NOTE Email address IS correct but might not be checked for a while.

There are 3 types of people: those who are numerate and those who aren't.