Firewall question

Habermann, David (DA) habermann "at" dow.com
Fri, 16 Jun 2000 13:12:20 +0000 

Leland and Ken:

My VncInboxAgent program (source and executable, although I don't expect that anyone can use the executable as is due to Outlook environment differences) are available on the list.  Search the list for "VncInboxAgent".  Download "bin7a003pl" using "Save Target As" to save as "VncInboxAgent.zip".

Note that the port for the server initiated connections (5500) is NOT the same as for client initiated connections (5900), so I don't think the test you described was conclusive.

When I was using this system, I did leave it running all the time.  I agree that this did leave a minor security hole open, but even is someone had sent a malicious e-mail my hacks of WinVNC force all outgoing connections to authenticate themselves so the hacker would still need my VNC password which is securely stored behind the firewall in my office.  Recently we've been working toward use of a secured tunnel instead.

As to the shortcut, it is possible to do what you've described in some environments.  Outlook 2000 (or a hacked version of my VncInboxAgent) could launch the server and ask for the outbound connection at the same time on the command line.  So the shortcut file (residing outside the firewall on the homepc) would need to do the following:

1) Launch vncviewer in listening mode
2) Send e-mail to the office to be processed by the inbox agent system
	i) inbox agent would launch server and trigger server-initiated connection

So your biggest trick is step 2.  If anyone knows of a DOS command line program that will send simple e-mail, I'd like to hear of it.  I have used an expensive scripting package (Userland Frontier) to accomplish this because I already owned it.

Dave
--------------------------------------
Leland wrote:

We don't need full automation, .. but your approach sounds interesting! What sort of mechanism do you use on Windows?? Do you always have the server running, .. or do you launch the server with the email? (I would think no running the service all the time would prevent a big security hole, .. even IF you're behind a firewall.)

Question - how hard would it be to create a shortcut that would launch the connection? That way, the remote user can just use a shortcut to launch [hopefully] the server and then the connection.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------