Is it possible to tunnel VNC over HTPP to go through a firewall

Rasmus Emil Møller AER "at" topdanmark.dk
Tue, 14 Nov 2000 09:47:39 +0000


Angel R. Puerta" <puerta "at" redwhale.com> wrote:

>I have a situation where the vnc server is behind a firewall that has only
>standard ports open (such as the http ports). The vnc client is outside
the
>firewall and the fw is not allowing the 5800 and 5900 traffic required
(I'm
>using the java applet on a web browser to run vnc. We are using windows
>2000 on the server side and win 98/nt/2000 on the client side (outside
fw).
>
>Has anyone come up with a solution to this problem? Can all the traffic be
>tunneled through http? or is there an appropriate solution for this
problem
>in the windows environment?
>
>Thanks,
>Angel

The short answer is yes - any single TCP port can be tunneled with the free
software httptunnel :

http://www.nocrew.org/software/httptunnel.html

I don't know anything about the guys who make it - though it looks fine to
me;
small, compact and efficient code - binaries for windows exist also.

It requires HTS.EXE running on the machine outside the firewall/proxy
and HTC.EXE on the machine inside. I made a shot through our test-proxy,
and it worked fine. It should be easy to include other tunnels like Zebedee
in the chain - only caveat may be increased latency.

As my group is also in charge of firewall/proxy security, I have hesitated
to broadcast the availability of such tools - however, it _is_ a false
sense
of security to rely on HTTP proxy. Any program/user can make two-way data
transfers through it. There is even a commercial niche for firms, who
openly
sell proxy/firewall/socks penetration services - for example

http://www.firethru.com

I hope I have not opened Pandora's Box ... but I think we should do better
than hoping for Security Through Ignorance.

Sincerely

Rasmus Mxller
IT System Programming PC
Topdanamrk
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to majordomo "at" uk.research.att.com
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------