Can't connect via VNC from work to home - Network

This is a discussion on Can't connect via VNC from work to home - Network ; "Duane Arnold" wrote in message news:Xns95FDD7E4B8E4Anotmenotmecom@204.127.204.17. .. > "Somebody" wrote in > news:elbQd.91250$vO1.570441@nnrp1.uunet.ca: > > > > > "Leythos" wrote in message > > news an.2005.02.14.21.44.31.551111@nowhere.lan... > >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote: > >> Anytime ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 58

Thread: Can't connect via VNC from work to home

  1. Re: Can't connect via VNC from work to home


    "Duane Arnold" wrote in message
    news:Xns95FDD7E4B8E4Anotmenotmecom@204.127.204.17. ..
    > "Somebody" wrote in
    > news:elbQd.91250$vO1.570441@nnrp1.uunet.ca:
    >
    > >
    > > "Leythos" wrote in message
    > > newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    > >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:
    > >> Anytime you expose your company to something they didn't authorize
    > >> you risk their network. Many companies don't block/filter web sites
    > >> because it's an expense to do so, others rely on the good nature of
    > >> the employees to not do anything they aren't suppose to do.
    > >>
    > >> There are few instances where a person connects from work to home for
    > >> Business reasons, fewer still that don't want to access a file at
    > >> home from work sometime.

    > >
    > > I'm interested to know what risks are incurred by remote controlling a
    > > machine at home, from within the corporate LAN. That's what the OP
    > > was trying to do.
    > >

    >
    > At my job, we had a programmer who was a tele-commuter and was authorized
    > with a VPN connection with a company laptop to make contact with the
    > company's network. However, the machine didn't have a FW installed and the
    > person didn't bother to let IT know that the machine had no FW. Needless

    to
    > say, the machine was infected with a worm and that in turn lead to the
    > company network being infected and they tracked it back to the programmer.
    > Let me tell you that they went off not only on the programmer but anyone
    > needing a remote connection and everyone was prohibited from doing

    anything
    > with a remote connection of any type. They finally eased the restrictions
    > and gave the programmer a router to use. I would hate to see what would
    > happen to someone who has made an unauthorized connection to a home

    network
    > and that lead to the compromise of the company's network. Knowing the
    > mindset of management at my company, they would terminate that person on


    > the spot.



    Entirely different than the case we're discussing -- that's a connection *in
    to* the network, not outbound as the OP was doing, and it's not using VNC,
    it's using a VPN which is a huge risk.

    -Russ.



  2. Re: Can't connect via VNC from work to home


    "Charles Newman"
    wrote in message news:jtadnR-9g_lpJYzfRVn-ow@comcast.com...
    >
    > "Somebody" wrote in message
    > news:elbQd.91250$vO1.570441@nnrp1.uunet.ca...
    > >
    > > "Leythos" wrote in message
    > > newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    > >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:
    > >> Anytime you expose your company to something they didn't authorize you
    > >> risk their network. Many companies don't block/filter web sites because
    > >> it's an expense to do so, others rely on the good nature of the

    employees
    > >> to not do anything they aren't suppose to do.
    > >>
    > >> There are few instances where a person connects from work to home for
    > >> Business reasons, fewer still that don't want to access a file at home
    > >> from work sometime.

    > >
    > > I'm interested to know what risks are incurred by remote controlling a
    > > machine at home, from within the corporate LAN. That's what the OP was
    > > trying to do.

    >
    > I would suppose it would depend on what you are doing. If you are
    > using Remote Desktop, your work PC wold be no more than a
    > "dumb terminal" to your home PC, with no file transfer capability of
    > any kind between the two machines, so there would be no real
    > risk to the network as far as security goes. And do remember that
    > inbound connections are blocked on the lowest tiers of DSL and
    > cable service. If you want to connect inbound, you will need to
    > upgrade to one of the more expensive tiers on most cable and
    > DSL services.


    He's using VNC, not RDP. No file xfer capability.

    -Russ.



  3. Re: Can't connect via VNC from work to home


    "Charles Newman"
    wrote in message news:crSdnc7EcveBJ4zfRVn-pQ@comcast.com...
    >
    > "Leythos" wrote in message
    > newsan.2005.02.15.00.44.03.184994@nowhere.lan...
    > > On Mon, 14 Feb 2005 19:26:46 -0500, Somebody wrote:
    > >
    > >
    > >> "Leythos" wrote in message
    > >> newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    > >>> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote: Anytime you expose
    > >>> your company to something they didn't authorize you risk their

    network.
    > >>> Many companies don't block/filter web sites because it's an expense to
    > >>> do so, others rely on the good nature of the employees to not do
    > >>> anything they aren't suppose to do.
    > >>>
    > >>> There are few instances where a person connects from work to home for
    > >>> Business reasons, fewer still that don't want to access a file at home
    > >>> from work sometime.
    > >>
    > >> I'm interested to know what risks are incurred by remote controlling a
    > >> machine at home, from within the corporate LAN. That's what the OP was
    > >> trying to do.

    > >
    > > Some remote control programs allow people to move files through the
    > > connection, while VNC doesn't allow files specifically, there is no

    reason
    > > that they could not email a file from their personal computer to their
    > > work account. There are a number of apps, like PcAnywhere, etc... that
    > > allow it, also if they setup a small web-server in their home and access
    > > that to get files it's a threat - the home environment is best described
    > > as the Wild-West where anything goes, the corporate environment is
    > > controlled, monitored, and better protected.

    >
    > Well, Remote Desktop can be restricted so that no file transfers
    > between the two machines are possible, and that client machine
    > is no more than a dumb terminal to the hosting machine. IT can
    > tweak Remote Desktop on the PCs, so a connection in either
    > direction will not allow transfer of any files.


    VNC not RDP is the topic.

    -Russ.



  4. Re: Can't connect via VNC from work to home


    "Grosby" wrote in message news:4211c775$1@dnews.tpgi.com.au...
    > Somebody wrote:
    >
    > > Map both the client and the server to port 80. Problem solved.

    >
    > Tried that but didn't work. 10061 connection error.


    Did you map both sides?

    How did you map the client?

    What connection restrictions might there be at your house?

    -Russ.



  5. Re: Can't connect via VNC from work to home


    "Elmer J Fudd" wrote in message
    news:4aa03119.0502150754.4238a6ec@posting.google.c om...
    > "Grosby" wrote in message

    news:<4211c85a@dnews.tpgi.com.au>...
    > > Leythos wrote:
    > >
    > > > Since the OP has mentioned that he/she doesn't want the company IT
    > > > people involved, it's obviously something they know they should not
    > > > be doing.

    > >
    > > Not necessarily. Web browsing is permitted during off-periods, as I
    > > originally stated, for example during lunch and before/after work.
    > > However, for the reasons mentioned by some people here, they might
    > > not like "remote control" web pages going on. Personally, I see no
    > > risk. BUT, if they (I.T.) decide it IS a risk, then they might take
    > > steps to stop it. The ideal solution would be for me to be able to
    > > do it until actually told to stop. That was the point of this thread.
    > > Some say I might get sacked over it, but that's a risk I'm prepared
    > > to take -- their web policy (which is in writing) does NOT state that
    > > you CAN'T visit certain types of web pages. So basically I'd be able
    > > to claim that "remote desktoping" via a web page is within the rules
    > > of the policy.

    >
    > You might want to try MyWebExPC, a Web-based solution. It comes in both
    > free and paid versions. The paid version uses SSL encryption, so the

    admins
    > cannot sniff your connection. We recommend it to people who access our

    online
    > sports coverage from their workplace. Because the encryption is connected,
    > Snort, and sniffing programs cannot get anything, unless someone has

    figured
    > out how to crack and sniff SSL.
    > Another method, that one lady I was chatting with the other day was

    using,
    > was to log onto AOL to chat from work. She uses AOL for broadband, signs

    onto
    > AOL, and then comes onto the chat room. Her boss has no CLUE as to what

    she
    > is up to. She also brings her own laptop, and connects to the company's
    > wireless access point (WAP). The only way they could figure out where the
    > connection was coming from would be to bring in a spectrum analyser and
    > trace the connection that way.


    AOL chat is a *way* bigger security issue than an outbound VNC connection.
    So is an SSL connection -- you can shove anything down that sort of pipe.
    That's going to be the next big security headache of the network
    administrator.

    -Russ.



  6. Re: Can't connect via VNC from work to home


    My original question stands, even over all the activity.

    Can someone tell me how an outbound VNC connection from inside a corporate
    LAN to a home desktop is a security risk?

    -Russ.



  7. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 07:54:05 -0800, Elmer J Fudd wrote:

    > Another method, that one lady I was chatting with the other day was using,
    > was to log onto AOL to chat from work. She uses AOL for broadband, signs onto
    > AOL, and then comes onto the chat room. Her boss has no CLUE as to what she
    > is up to. She also brings her own laptop, and connects to the company's
    > wireless access point (WAP). The only way they could figure out where the
    > connection was coming from would be to bring in a spectrum analyser and
    > trace the connection that way.


    That's so lame - the AOL chat can been seen in the firewall. The laptop,
    being hers, is also easy to spot in several places on the network,
    including the firewall - no fancy anything needed.


    --
    spam999free@rrohio.com
    remove 999 in order to email me


  8. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 11:34:18 -0500, Somebody wrote:

    >
    > My original question stands, even over all the activity.
    >
    > Can someone tell me how an outbound VNC connection from inside a corporate
    > LAN to a home desktop is a security risk?


    Sure, it give the person inside the company the ability to copy/paste
    company information into a document on their home computer without anyone
    finding an email trail or other file transfer trail - different security
    threat, but still a valid threat.

    As for back-ending the connection, there is more than one version of VNC,
    and some versions allow file sharing, if you can share files then you
    create a threat by that simple action alone.


    --
    spam999free@rrohio.com
    remove 999 in order to email me


  9. Re: Can't connect via VNC from work to home


    Leythos wrote:
    > On Tue, 15 Feb 2005 07:54:05 -0800, Elmer J Fudd wrote:
    >
    > > Another method, that one lady I was chatting with the other day

    was using,
    > > was to log onto AOL to chat from work. She uses AOL for broadband,

    signs onto
    > > AOL, and then comes onto the chat room. Her boss has no CLUE as to

    what she
    > > is up to. She also brings her own laptop, and connects to the

    company's
    > > wireless access point (WAP). The only way they could figure out

    where the
    > > connection was coming from would be to bring in a spectrum analyser

    and
    > > trace the connection that way.

    >
    > That's so lame - the AOL chat can been seen in the firewall. The

    laptop,
    > being hers, is also easy to spot in several places on the network,
    > including the firewall - no fancy anything needed.



    She is not connecting to an AOL chat room. What she is doing is
    connecting to AOL, and then connecting to the IRC chat room via AOL.
    Also, you did not read the entire message. She is bring her OWN
    LAPTOP, and connecting it to the company's WIRELESS network. It is
    becuase of this that they would have to bring in a spectrum analyser
    in order to be able to trace the offending computer. They can spot
    it on the firewall, but to find the offending computer would require
    a spectrum analyser and a tracking antenna.


  10. Re: Can't connect via VNC from work to home


    wrote in message
    news:1108488894.436460.87650@z14g2000cwz.googlegro ups.com...
    >
    > Leythos wrote:
    > > On Tue, 15 Feb 2005 07:54:05 -0800, Elmer J Fudd wrote:
    > >
    > > > Another method, that one lady I was chatting with the other day

    > was using,
    > > > was to log onto AOL to chat from work. She uses AOL for broadband,

    > signs onto
    > > > AOL, and then comes onto the chat room. Her boss has no CLUE as to

    > what she
    > > > is up to. She also brings her own laptop, and connects to the

    > company's
    > > > wireless access point (WAP). The only way they could figure out

    > where the
    > > > connection was coming from would be to bring in a spectrum analyser

    > and
    > > > trace the connection that way.

    > >
    > > That's so lame - the AOL chat can been seen in the firewall. The

    > laptop,
    > > being hers, is also easy to spot in several places on the network,
    > > including the firewall - no fancy anything needed.

    >
    >
    > She is not connecting to an AOL chat room. What she is doing is
    > connecting to AOL, and then connecting to the IRC chat room via AOL.
    > Also, you did not read the entire message. She is bring her OWN
    > LAPTOP, and connecting it to the company's WIRELESS network. It is
    > becuase of this that they would have to bring in a spectrum analyser
    > in order to be able to trace the offending computer. They can spot
    > it on the firewall, but to find the offending computer would require
    > a spectrum analyser and a tracking antenna.


    Why a spectrum analyser? If she has a MAC and an IP (which she does), it's
    not hard to figure out and/or block.

    -Russ.



  11. Re: Can't connect via VNC from work to home

    "Somebody" wrote in
    news:PrpQd.91292$vO1.570759@nnrp1.uunet.ca:

    >
    > "Duane Arnold" wrote in message
    > news:Xns95FDD7E4B8E4Anotmenotmecom@204.127.204.17. ..
    >> "Somebody" wrote in
    >> news:elbQd.91250$vO1.570441@nnrp1.uunet.ca:
    >>
    >> >
    >> > "Leythos" wrote in message
    >> > newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    >> >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:
    >> >> Anytime you expose your company to something they didn't authorize
    >> >> you risk their network. Many companies don't block/filter web
    >> >> sites because it's an expense to do so, others rely on the good
    >> >> nature of the employees to not do anything they aren't suppose to
    >> >> do.
    >> >>
    >> >> There are few instances where a person connects from work to home
    >> >> for Business reasons, fewer still that don't want to access a file
    >> >> at home from work sometime.
    >> >
    >> > I'm interested to know what risks are incurred by remote
    >> > controlling a machine at home, from within the corporate LAN.
    >> > That's what the OP was trying to do.
    >> >

    >>
    >> At my job, we had a programmer who was a tele-commuter and was
    >> authorized with a VPN connection with a company laptop to make
    >> contact with the company's network. However, the machine didn't have
    >> a FW installed and the person didn't bother to let IT know that the
    >> machine had no FW. Needless

    > to
    >> say, the machine was infected with a worm and that in turn lead to
    >> the company network being infected and they tracked it back to the
    >> programmer. Let me tell you that they went off not only on the
    >> programmer but anyone needing a remote connection and everyone was
    >> prohibited from doing

    > anything
    >> with a remote connection of any type. They finally eased the
    >> restrictions and gave the programmer a router to use. I would hate to
    >> see what would happen to someone who has made an unauthorized
    >> connection to a home

    > network
    >> and that lead to the compromise of the company's network. Knowing the
    >> mindset of management at my company, they would terminate that person
    >> on

    >
    >> the spot.

    >
    >
    > Entirely different than the case we're discussing -- that's a
    > connection *in to* the network, not outbound as the OP was doing, and
    > it's not using VNC, it's using a VPN which is a huge risk.
    >
    > -Russ.
    >
    >
    >


    The example is about what Network Security will do in a situation about
    the company network being compromised or the potential for it to be
    compromised. And I'll tell you right now. I did what the OP did back a
    couple of years ago and made that connection from work to my home network
    being stupid and ignorant of the potential risks to the company. Yeah, I
    had big fun doing it and also was not doing my job as I was doing
    everything else under the Sun at that time because I had made contact
    with a machine on my home network, emails NG(s), xfering files the whole
    nine yards. That lasted for a couple of weeks before I was cut off and
    was somewhat rolled on the carpet about it. I wouldn't dare attempt it
    now due to what I know now about the risks and in addition to that, as to
    what they will do to an employee that has been caught doing something one
    is not paid to be doing on company time. I have seen them terminate
    someone for a far far less security violation than making unauthorized
    contact with a non secure situation.

    Duane






  12. Re: Can't connect via VNC from work to home


    "Leythos" wrote in message
    newsan.2005.02.15.16.58.29.719099@nowhere.lan...
    > On Tue, 15 Feb 2005 11:34:18 -0500, Somebody wrote:
    >
    > >
    > > My original question stands, even over all the activity.
    > >
    > > Can someone tell me how an outbound VNC connection from inside a

    corporate
    > > LAN to a home desktop is a security risk?

    >
    > Sure, it give the person inside the company the ability to copy/paste
    > company information into a document on their home computer without anyone
    > finding an email trail or other file transfer trail - different security
    > threat, but still a valid threat.


    Simillar to filling out a web form, but I'll concede the point there. I'll
    also bet that the shop in question has no policies or limitations on
    sniffing out the contents of emails or outgoing traffic. But really it's
    the same as pasting into a form field on a website and mailing it to
    yourself outside the company. But there is no security risk to the network.
    That risk is equivalent to carrying out printed documentation, your laptop,
    a USB key, or any other hundred ways of getting information out of a
    network -- very few places have that level of security. In those cases I'd
    can VNC -- but I'd do it at a data level with a content aware firewall, not
    by blocking port 5900. But it's still not a threat to the network.

    > As for back-ending the connection, there is more than one version of VNC,
    > and some versions allow file sharing, if you can share files then you
    > create a threat by that simple action alone.


    I'm not aware of that version of VNC. Linkage? The answer I was waiting
    for was a patched/hacked version of VNC being used, which of course could be
    a threat, but for that matter, any hackerware could use port 5900, 25, 80,
    21, whatever you like anyway, some of those are surely permitted through the
    firewall. The VNC that I know and love, does not allow any such security
    risks when used for an outgoing connection. Which was what the OP was going
    to do, use vanilla VNC for an outbound connection. As a security officer I
    would have allowed him to do that as it poses no risk to the security of the
    network, if he showed me the build of VNC he was using.

    -Russ.



  13. Re: Can't connect via VNC from work to home


    "Leythos" wrote in message
    newsan.2005.02.15.16.55.20.399129@nowhere.lan...
    > On Tue, 15 Feb 2005 07:54:05 -0800, Elmer J Fudd wrote:
    >
    > > Another method, that one lady I was chatting with the other day was

    using,
    > > was to log onto AOL to chat from work. She uses AOL for broadband, signs

    onto
    > > AOL, and then comes onto the chat room. Her boss has no CLUE as to what

    she
    > > is up to. She also brings her own laptop, and connects to the company's
    > > wireless access point (WAP). The only way they could figure out where

    the
    > > connection was coming from would be to bring in a spectrum analyser and
    > > trace the connection that way.

    >


    Connections to a WAP are dead easy to trace/filter/block, just by
    configuring the WAP properly.

    Failing that, you DMZ it on a proper firewall and filter/block/analyse the
    traffic at that point.

    If you're doing neither of those things, then shame on you, take your lumps.

    -Russ.



  14. Re: Can't connect via VNC from work to home


    wrote in message
    news:1108488894.436460.87650@z14g2000cwz.googlegro ups.com...

    > She is not connecting to an AOL chat room. What she is doing is
    > connecting to AOL, and then connecting to the IRC chat room via AOL.
    > Also, you did not read the entire message. She is bring her OWN
    > LAPTOP, and connecting it to the company's WIRELESS network. It is
    > becuase of this that they would have to bring in a spectrum analyser
    > in order to be able to trace the offending computer. They can spot
    > it on the firewall, but to find the offending computer would require
    > a spectrum analyser and a tracking antenna.
    >


    Hey dipwad,

    She would not get out on any network that I ran, becuase I would have
    ports 1000 through 5300 blocked, to block Kazaa, and AOL IM
    and AOL for Broadband, at port 5190 would fall within that range.

    You and your online girlfriends can obviously get past hardware
    appliances, but you would not get past my firewall setup. Hardware
    firewalls dont offer the flexibility that software firewalls, such as
    SyGate and Tiny offer. On my setup, Tiny can be modified to
    block Kazaa on the Socks server, including port 80, while
    allowing the HTTP proxy to get out on port 80. AOL, Yahoo,
    and MSN IM can be blocked in the same way.




  15. Re: Can't connect via VNC from work to home

    ejfudd820@hotmail.com wrote:

    > Also, you did not read the entire message. She is bring her OWN
    > LAPTOP, and connecting it to the company's WIRELESS network.


    She might be violating company rules already simply by doing that.

    > It is becuase of this that they would have to bring in a spectrum >
    > analyser in order to be able to trace the offending computer.


    Uh... nope. See below.

    > They can spot it on the firewall, but to find the offending computer
    > would require a spectrum analyser and a tracking antenna.


    They can see the IP address. The DHCP server will tell them the MAC to
    that IP. Then they check which access point the network card with that
    MAC is connected to. That limits the search to the area covered by this
    access point - with a usual corporate layout, they'll only have one
    floor to search, possibly even as little as 2 or 3 offices.

    Not to mention that it wouldn't have helped with the original question
    - the poster didn't want to use private equipment inside the company
    network, he wanted to circumvent or tunnel the firewall. Your friend is
    in trouble, but she still is behind the firewall.


    Juergen Nieveler
    --
    You're still hungry, eat another fortune cookie

  16. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 09:34:54 -0800, ejfudd820 wrote:

    >
    > Leythos wrote:
    >> On Tue, 15 Feb 2005 07:54:05 -0800, Elmer J Fudd wrote:
    >>
    >> > Another method, that one lady I was chatting with the other day

    > was using,
    >> > was to log onto AOL to chat from work. She uses AOL for broadband,

    > signs onto
    >> > AOL, and then comes onto the chat room. Her boss has no CLUE as to

    > what she
    >> > is up to. She also brings her own laptop, and connects to the

    > company's
    >> > wireless access point (WAP). The only way they could figure out

    > where the
    >> > connection was coming from would be to bring in a spectrum analyser

    > and
    >> > trace the connection that way.

    >>
    >> That's so lame - the AOL chat can been seen in the firewall. The

    > laptop,
    >> being hers, is also easy to spot in several places on the network,
    >> including the firewall - no fancy anything needed.

    >
    >
    > She is not connecting to an AOL chat room. What she is doing is
    > connecting to AOL, and then connecting to the IRC chat room via AOL.
    > Also, you did not read the entire message. She is bring her OWN
    > LAPTOP, and connecting it to the company's WIRELESS network. It is
    > becuase of this that they would have to bring in a spectrum analyser
    > in order to be able to trace the offending computer. They can spot
    > it on the firewall, but to find the offending computer would require
    > a spectrum analyser and a tracking antenna.


    They could just block her MAC, which is the least I would do. In fact, if
    they are open without any key or anything else and no MAC filtering they
    kind of deserve what they get.

    Also, unless she's locked down her laptop they can see the workgroup and
    name of the system.

    One other thing - any company that sees outbound AOL connections should
    shoot the employee using it

    --
    spam999free@rrohio.com
    remove 999 in order to email me


  17. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 09:55:29 -0800, Charles Newman wrote:

    >
    > wrote in message
    > news:1108488894.436460.87650@z14g2000cwz.googlegro ups.com...
    >
    >> She is not connecting to an AOL chat room. What she is doing is
    >> connecting to AOL, and then connecting to the IRC chat room via AOL.
    >> Also, you did not read the entire message. She is bring her OWN
    >> LAPTOP, and connecting it to the company's WIRELESS network. It is
    >> becuase of this that they would have to bring in a spectrum analyser
    >> in order to be able to trace the offending computer. They can spot
    >> it on the firewall, but to find the offending computer would require
    >> a spectrum analyser and a tracking antenna.
    >>

    >
    > Hey dipwad,
    >
    > She would not get out on any network that I ran, becuase I would have
    > ports 1000 through 5300 blocked, to block Kazaa, and AOL IM
    > and AOL for Broadband, at port 5190 would fall within that range.
    >
    > You and your online girlfriends can obviously get past hardware
    > appliances, but you would not get past my firewall setup. Hardware
    > firewalls dont offer the flexibility that software firewalls, such as
    > SyGate and Tiny offer. On my setup, Tiny can be modified to
    > block Kazaa on the Socks server, including port 80, while
    > allowing the HTTP proxy to get out on port 80. AOL, Yahoo,
    > and MSN IM can be blocked in the same way.


    Wrong, firewall appliances, and we're not talking ROUTERS with NAT, can
    block all of that and more, and it's easy, we do it all the time. You must
    be talking about the so-called firewall devices that are really just home
    user routers that provide NAT.

    --
    spam999free@rrohio.com
    remove 999 in order to email me


  18. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 12:52:42 -0500, Somebody wrote:

    >> As for back-ending the connection, there is more than one version of VNC,
    >> and some versions allow file sharing, if you can share files then you
    >> create a threat by that simple action alone.

    >
    > I'm not aware of that version of VNC. Linkage? The answer I was waiting
    > for was a patched/hacked version of VNC being used, which of course could be
    > a threat, but for that matter, any hackerware could use port 5900, 25, 80,
    > 21, whatever you like anyway, some of those are surely permitted through the
    > firewall. The VNC that I know and love, does not allow any such security
    > risks when used for an outgoing connection. Which was what the OP was going
    > to do, use vanilla VNC for an outbound connection. As a security officer I
    > would have allowed him to do that as it poses no risk to the security of the
    > network, if he showed me the build of VNC he was using.


    I believe that TightVNC allows for it, but I'm not 100% sure.

    While there may be minimal risk, it's still a risk. Once they start
    tunneling out through port 80 (and VNC can be set to use it) who knows
    what else they will do - there are simple means to stop port 80 tunnelers
    as long as you have a quality firewall.

    I look at it like this, as a business owner I pay my people to WORK when
    they are at work, not to relax, play games, do personal email, etc... If
    they want to use a PC to access personal stuff, well, that's what they
    have a home life for, and it can be done after hours. I allow a small
    amount of personal email from the company addresses, but we actually
    monitor it and when it gets out of hand or their spam level increases we
    take measures to fix it. We don't allow free access to the web or any
    other services. People have to get back into the frame of mind that they
    OWE the company for what they are PAID, not the company owing them money
    for showing up.


    --
    spam999free@rrohio.com
    remove 999 in order to email me


  19. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 12:54:11 -0500, Somebody wrote:

    >
    > "Leythos" wrote in message
    > newsan.2005.02.15.16.55.20.399129@nowhere.lan...
    >> On Tue, 15 Feb 2005 07:54:05 -0800, Elmer J Fudd wrote:
    >>
    >> > Another method, that one lady I was chatting with the other day was

    > using,
    >> > was to log onto AOL to chat from work. She uses AOL for broadband, signs

    > onto
    >> > AOL, and then comes onto the chat room. Her boss has no CLUE as to what

    > she
    >> > is up to. She also brings her own laptop, and connects to the company's
    >> > wireless access point (WAP). The only way they could figure out where

    > the
    >> > connection was coming from would be to bring in a spectrum analyser and
    >> > trace the connection that way.

    >>

    >
    > Connections to a WAP are dead easy to trace/filter/block, just by
    > configuring the WAP properly.
    >
    > Failing that, you DMZ it on a proper firewall and filter/block/analyse the
    > traffic at that point.
    >
    > If you're doing neither of those things, then shame on you, take your lumps.


    Russ, just so you know, it was not me that advocated those things - it
    looks like you quoted it to me. I agree, it's easy to detect and determine
    who the thief is, and they should be reprimanded on the spot.


    --
    spam999free@rrohio.com
    remove 999 in order to email me


  20. Re: Can't connect via VNC from work to home

    "Somebody" wrote:

    >> As for back-ending the connection, there is more than one version of
    >> VNC, and some versions allow file sharing, if you can share files
    >> then you create a threat by that simple action alone.

    >
    > I'm not aware of that version of VNC.


    IIRC UltraVNC allows file transfers. Or was it TightVNC? So many
    versions, I'm staying with RealVNC :-)

    > Which was what the OP was going to do, use vanilla VNC
    > for an outbound connection. As a security officer I would have
    > allowed him to do that as it poses no risk to the security of the
    > network, if he showed me the build of VNC he was using.


    I'd at the very least caution him that this makes his home PC very
    vulnerable. For a case of beer, I'd show him how to use VNC over a SSH
    tunnel :-)


    Juergen Nieveler
    --
    My hard disk is full! Maybe I'll try this message section thing.

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast