step by step

James Weatherall jnw "at" realvnc.com
Thu Apr 21 11:02:00 2005 

Scott,

Actually the key here is that the feature you describes only works if you're
using Windows Messenger - it sounds like they use that (which connects to a
central site) to tell the machines to connect to each other, i.e. as the
mediation server.

This sounds to me like a potential source of some serious security issues.

Wez @ RealVNC Ltd.


> -----Original Message-----
> From: vnc-list-admin "at" realvnc.com 
> [mailto:vnc-list-admin "at" realvnc.com] On Behalf Of B. Scott Smith
> Sent: 20 April 2005 23:26
> Cc: vnc-list "at" realvnc.com
> Subject: Re: step by step
> 
> Yes, that's right. But the key here is that it only requires outbound 
> access on 3389, not inbound. So, it will work with virtually all home 
> networks and routers. Corporate networks may limit outbound 
> access. It 
> still doesn't explain "how" they do it. I looked inside the 
> "invitation" 
> file that gets attached if you email the assistance request, and it 
> references very high UDP port numbers. So, I am assuming it is using 
> some type of mediation server or UDP tunneling technology.
> 
> evets dranem wrote:
> 
> >B. Scott Smith wrote:
> >
> >  
> >
> >>I'm not exactly sure how they do it, I suppose they must 
> use a mediation 
> >>server.
> >>Whereas straight RDP requires the "supported" PC to have 
> port 3389 open, 
> >>the Remote Assistance only requires outbound access to 3389 
> from both 
> >>PC's. While this may be blocked by some corporate 
> firewalls, standard 
> >>home-based routers will work fine as is. At least it does for me...
> >>
> >>James Weatherall wrote:
> >>
> >> 
> >>
> >>    
> >>
> >>>Scott,
> >>>
> >>>How does this eliminate firewall issues?
> >>>
> >>>Regards,
> >>>
> >>>Wez @ RealVNC Ltd.
> >>>   
> >>>
> >>>      
> >>>
> >>>>-----Original Message-----
> >>>>From: vnc-list-admin "at" realvnc.com 
> >>>>[mailto:vnc-list-admin "at" realvnc.com] On Behalf Of B. Scott Smith
> >>>>Sent: 18 April 2005 16:35
> >>>>To: Haggai Back
> >>>>Cc: VNC-List "at" realvnc.com
> >>>>Subject: Re: step by step
> >>>>
> >>>>If both computers are XP, and you would like your parents 
> to request 
> >>>>your help, then I would recommend using the built-in Remote 
> >>>>Assistance 
> >>>>feature of XP. Your parents would simply email you a 
> request, and you 
> >>>>will be able to immediately take control of the desktop.
> >>>>
> >>>>      
> >>>>http://www.microsoft.com/technet/prodtechnol/winxppro/maintain
> >>>>/rmassist.mspx
> >>>>
> >>>>This will eliminate firewall issues and allow you to chat while 
> >>>>controlling the remote PC.
> >>>>
> >>>>Haggai Back wrote:
> >>>>
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>Hello,
> >>>>>I've read a lot of questions and answers about that, but 
> >>>>>    
> >>>>>
> >>>>>       
> >>>>>
> >>>>>          
> >>>>>
> >>>>still could not apply:
> >>>>  
> >>>>
> >>>>     
> >>>>
> >>>>        
> >>>>
> >>>>>I want to connect my parent's computer via Internet.
> >>>>>We both using XP
> >>>>>I have their ip as: xxx.xx.xxx.xxx,xxx.xx.xx.xx
> >>>>>Where should I write the ip?
> >>>>>Which ip? The first/second or both?
> >>>>>Do we need to open server/client before connecting
> >>>>>
> >>>>>          
> >>>>>
> >*From Microsoft technet quoted page link above ;-P
> >
> >Note*: If the person who is being helped is behind a 
> firewall, NAT, or
> >ICS, Remote Assistance will still function as long as the 
> person being
> >helped initiates the session via Windows Messenger. However, 
> as stated
> >above, Remote Assistance will not work in cases when the outbound
> >traffic from port 3389 is blocked.
> >
> >
> >    Administering Remote Assistance in Corporate Environments
> >
> >There are several issues to consider when managing and administering
> >Remote Assistance in the corporate environment or large organization.
> >You can specify an open environment where employees can 
> receive Remote
> >Assistance from outside the corporate firewall. Or you can restrict
> >Remote Assistance via Group Policy and specify various levels of
> >permissions such as only allowing Remote Assistance from within the
> >corporate firewall.
> >
> >
> >      Configuring Port 3389 to Enable Remote Assistance
> >
> >Remote Assistance runs over the top of Terminal Services technology,
> >which means it needs to use the same port already used by Terminal
> >Services: port 3389. For more information about using and configuring
> >ports, see this Microsoft Knowledge Base article
> ><http://support.microsoft.com/default.aspx?scid=kb;en-us;1505
> 43&sd=tech>.
> >
> >*Note*: If the person who is being helped is behind a 
> firewall, NAT, or
> >ICS, Remote Assistance will still function as long as the 
> person being
> >helped initiates the session via Windows Messenger. However, 
> as stated
> >above, Remote Assistance will not work in cases when the outbound
> >traffic from port 3389 is blocked.
> >
> >
> >      Using Remote Assistance in a Home Network
> >
> >If you are using Personal Firewall or NAT in a home 
> environment, you can
> >use Remote Assistance without any special configurations. However, if
> >you have a corporate-like firewall in a home environment, the same
> >restrictions apply: you would need to open Port 3389 in order to use
> >Remote Assistance.
> >_______________________________________________
> >VNC-List mailing list
> >VNC-List "at" realvnc.com
> >To remove yourself from the list visit:
> >http://www.realvnc.com/mailman/listinfo/vnc-list
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list