WinVNC - "-connect" command over telnet

David Griffiths dgriff "at" direct.ca
Thu, 17 Aug 2000 09:18:55 +0000


> From: Ingecom - SERRE Jean-Christophe <jcs "at" ingecom.com>

> >From home, I just enter in my browser:
>   http://1.2.3.4/secretDirectory/secretName.bat
>
> And this batch is executed, doing the trick. Of course, using OmniHTTPd,
> there's no user:password security on this file, only the knowledge of
> the complete URL is the "secret", but it's enough for my purpose.
>
> A similar thing could do it for you, using a batch or a dedicated CGI
> .exe app (even VB would do).

Yup, exactly what I do.  I've whipped together a small VB-CGI app that has a
couple of functions - it starts VNC, and it can do a forced reboot of
windows 2k if VNC ever locks up (had this problem a few times with an older
version).

Since I quit VNC as soon as I'm done the session, there's no way for someone
to get into it unless they know the name of my CGI app, the special
arguments & password I use to start it, then can hack VNC's password.

Now I have to say, that my firewall logs all connect attempts to the VNC
ports, and I havn't been even scanned on them once, so I don't think it's a
huge threat, but of course, better safe than sorry.  Of course, more and
more people are discovering VNC, so I suppose the risk is slowly building.

It is a great app, however a friend was showing me MS terminal server, which
seemed quite a bit faster than VNC (and I think it's encrypted?).  I'd love
to see the data compression that people have been chatting about included in
the regular build, as well as some enhanced security (more than 8 char
passwords, encrypted data, configurable timeout/lockout for bad password
attempts, etc).

Dave.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------