Can't connect via VNC from work to home - Network

This is a discussion on Can't connect via VNC from work to home - Network ; Hi, I've been trying various versions of VNC (VNC, TightVNC, UltraVNC) to connect to my home PC from work -- with no success. Every version reports that it can't connect, and I get a "10061 Connection Refused" error. This occurs ...

+ Reply to Thread
Page 1 of 3 1 2 3 LastLast
Results 1 to 20 of 58

Thread: Can't connect via VNC from work to home

  1. Can't connect via VNC from work to home

    Hi,

    I've been trying various versions of VNC (VNC, TightVNC, UltraVNC) to
    connect to my home PC from work -- with no success. Every version reports
    that it can't connect, and I get a "10061 Connection Refused" error. This
    occurs whether I use the various "VNC Viewer" apps -or- the Java-based
    applet from within my workplace's web browser.

    At home, I did NOT have any firewalls running during the tests, so that
    can't be the problem. Further proof of this is the fact that even when
    I have ZoneAlarm ON, I can still connect UltraVNC to a friend's PC (and
    vice versa) with no problems. The problem is NOT due to my home PC not
    accepting incoming connections (eg. no "incoming prompt" timing out, etc).

    So... it appears my workplace has a firewall in place that is preventing
    the outgoing connection to my home. Any ideas on how I can get this
    working? I'll be using UltraVNC as I like that app the best. My work
    PC runs Win 2K Pro, and at home I have Win XP Pro with the Windows Firewall
    disabled but ZoneAlarm running.

    Thanks for any ideas!



  2. Re: Can't connect via VNC from work to home

    Grosby wrote:
    > So... it appears my workplace has a firewall in place that is preventing
    > the outgoing connection to my home. Any ideas on how I can get this
    > working? I'll be using UltraVNC as I like that app the best. My work
    > PC runs Win 2K Pro, and at home I have Win XP Pro with the Windows Firewall
    > disabled but ZoneAlarm running.


    You have almost sure a firewall that's preventing you to connect
    from your work to home. It's very common. You can use some programs
    that tunnels some protocols through the port 80 (like proxies), but
    you have to be sure that your boss it's not gonna fire you for doing
    that.

    If you had Linux maybe you could tunnel the VNC through SSH, that use
    to be open in the corporative firewalls, but I don't know if this can
    be done with Windows XP and any VNC clon or Cygwin.

    But anyway be very careful if you are using your network in a way you
    should not, your network administrator can hunt you for sure :-(

    > Thanks for any ideas!


    Regards.

    --

    Jose Maria Lopez Hernandez
    Director Tecnico de bgSEC
    jkerouac@bgsec.com
    bgSEC Seguridad y Consultoria de Sistemas Informaticos
    http://www.bgsec.com
    ESPAŅA

    The only people for me are the mad ones -- the ones who are mad to live,
    mad to talk, mad to be saved, desirous of everything at the same time,
    the ones who never yawn or say a commonplace thing, but burn, burn, burn
    like fabulous yellow Roman candles.
    -- Jack Kerouac, "On the Road"

  3. Re: Can't connect via VNC from work to home


    "Grosby" wrote in message news:420df314$1@dnews.tpgi.com.au...
    > Hi,



    > So... it appears my workplace has a firewall in place that is preventing
    > the outgoing connection to my home. Any ideas on how I can get this
    > working? I'll be using UltraVNC as I like that app the best. My work
    > PC runs Win 2K Pro, and at home I have Win XP Pro with the Windows


    It could also be your ISP too. ISPs tend to block incoming connections
    on the lowest tier of service. Try moving up one tier of service and try
    again.



  4. Re: Can't connect via VNC from work to home

    In article <420df314$1@dnews.tpgi.com.au>, Grosby wrote:

    >So... it appears my workplace has a firewall in place that is preventing
    >the outgoing connection to my home. Any ideas on how I can get this
    >working?


    Piece of cake - you talk to the network admin who runs the firewall at
    work, and ask him to open the appropriate hole. Probably only twenty
    seconds of typing commands, and the link works. Probably take him longer
    to log into the firewall than to actually enter the commands.

    Old guy


  5. Re: Can't connect via VNC from work to home

    ATTN: ejfudd820@hotmail.com

    This post proves that Google Groups has no such restriction on "newsgroup lines".
    Your trimming of the other groups from your reply was a direct result of your
    choice to trim them. Don't be a liar and blame Google, okay?

    Fred.




    Jose Maria Lopez Hernandez wrote in message news:<376cfaF5afj1lU2@individual.net>...
    > Grosby wrote:
    > > So... it appears my workplace has a firewall in place that is preventing
    > > the outgoing connection to my home. Any ideas on how I can get this
    > > working? I'll be using UltraVNC as I like that app the best. My work
    > > PC runs Win 2K Pro, and at home I have Win XP Pro with the Windows Firewall
    > > disabled but ZoneAlarm running.

    >
    > You have almost sure a firewall that's preventing you to connect
    > from your work to home. It's very common. You can use some programs
    > that tunnels some protocols through the port 80 (like proxies), but
    > you have to be sure that your boss it's not gonna fire you for doing
    > that.
    >
    > If you had Linux maybe you could tunnel the VNC through SSH, that use
    > to be open in the corporative firewalls, but I don't know if this can
    > be done with Windows XP and any VNC clon or Cygwin.
    >
    > But anyway be very careful if you are using your network in a way you
    > should not, your network administrator can hunt you for sure :-(
    >
    > > Thanks for any ideas!

    >
    > Regards.
    >
    > --
    >
    > Jose Maria Lopez Hernandez
    > Director Tecnico de bgSEC
    > jkerouac@bgsec.com
    > bgSEC Seguridad y Consultoria de Sistemas Informaticos
    > http://www.bgsec.com
    > ESPAŅA
    >
    > The only people for me are the mad ones -- the ones who are mad to live,
    > mad to talk, mad to be saved, desirous of everything at the same time,
    > the ones who never yawn or say a commonplace thing, but burn, burn, burn
    > like fabulous yellow Roman candles.
    > -- Jack Kerouac, "On the Road"


  6. Re: Can't connect via VNC from work to home

    Grosby wrote:

    > Hi,
    >
    > I've been trying various versions of VNC (VNC, TightVNC, UltraVNC) to
    > connect to my home PC from work -- with no success. Every version reports
    > that it can't connect, and I get a "10061 Connection Refused" error. This
    > occurs whether I use the various "VNC Viewer" apps -or- the Java-based
    > applet from within my workplace's web browser.
    >
    > At home, I did NOT have any firewalls running during the tests, so that
    > can't be the problem. Further proof of this is the fact that even when
    > I have ZoneAlarm ON, I can still connect UltraVNC to a friend's PC (and
    > vice versa) with no problems. The problem is NOT due to my home PC not
    > accepting incoming connections (eg. no "incoming prompt" timing out, etc).
    >
    > So... it appears my workplace has a firewall in place that is preventing
    > the outgoing connection to my home. Any ideas on how I can get this
    > working? I'll be using UltraVNC as I like that app the best. My work
    > PC runs Win 2K Pro, and at home I have Win XP Pro with the Windows
    > Firewall disabled but ZoneAlarm running.
    >
    > Thanks for any ideas!


    1) First find a port that is allowed outgoing (not via a application layer
    proxy).

    2) Change your server's VNC port to that port. (Could be FTP, HTTP, HTTPS
    (this is a good one to check as some web proxies can not handle https well)

    I am now going to slap myself since I am a corp security guy...

    P.S. A word of warning. As I told you how to do it. When I find people doing
    these things to try to bypass my security (and I do check; Daily). I DO
    HAVE THEM FIRED. Serious. Make sure it is really worth it...You know losing
    your job trying to look cool...and oh ya that unemployment thing suck
    too...

    --- Michael

  7. Re: Can't connect via VNC from work to home

    Duane Arnold wrote:

    > They are not going to let you make contact with your home network in
    > such a non-secure manner. If you do find some other software that's
    > going to allow you to connect out on port 80 to your home network,
    > they will know about it too. Network Security doesn't take it lightly
    > that someone at the job is trying to put the company's network into a
    > compromising position such as what you're trying to do and will
    > come down on you hard about it. You should abandon this and do what
    > the company is paying you to do, which I don't think is you trying to
    > make contact with your non secure home network that could lead to a
    > compromise of the company's network.


    Thanks to all who replied. As far as "security issues" are concerned,
    is there really a risk if I were using the VNC Java web browser applet?
    Surely it's no different to just browsing any web page? It's even safer
    because I'm not downloading any files or anything, isn't it?

    Anyway, as you've discovered it's not something I want to alert my I.T.
    department about. Looks like I'll have to give it a miss. I just thought
    there'd be a way to do it that was safe, but without them knowing. Never
    thought there'd be any problem if I did the web browsing version.



  8. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:

    > Duane Arnold wrote:
    >
    >> They are not going to let you make contact with your home network in
    >> such a non-secure manner. If you do find some other software that's
    >> going to allow you to connect out on port 80 to your home network,
    >> they will know about it too. Network Security doesn't take it lightly
    >> that someone at the job is trying to put the company's network into a
    >> compromising position such as what you're trying to do and will
    >> come down on you hard about it. You should abandon this and do what
    >> the company is paying you to do, which I don't think is you trying to
    >> make contact with your non secure home network that could lead to a
    >> compromise of the company's network.

    >
    > Thanks to all who replied. As far as "security issues" are concerned,
    > is there really a risk if I were using the VNC Java web browser applet?
    > Surely it's no different to just browsing any web page? It's even safer
    > because I'm not downloading any files or anything, isn't it?
    >
    > Anyway, as you've discovered it's not something I want to alert my I.T.
    > department about. Looks like I'll have to give it a miss. I just thought
    > there'd be a way to do it that was safe, but without them knowing. Never
    > thought there'd be any problem if I did the web browsing version.


    Anytime you expose your company to something they didn't authorize you
    risk their network. Many companies don't block/filter web sites because
    it's an expense to do so, others rely on the good nature of the employees
    to not do anything they aren't suppose to do.

    There are few instances where a person connects from work to home for
    Business reasons, fewer still that don't want to access a file at home
    from work sometime.

    --
    spam999free@rrohio.com
    remove 999 in order to email me


  9. Re: Can't connect via VNC from work to home


    "Leythos" wrote in message
    newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    > On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:
    > Anytime you expose your company to something they didn't authorize you
    > risk their network. Many companies don't block/filter web sites because
    > it's an expense to do so, others rely on the good nature of the employees
    > to not do anything they aren't suppose to do.
    >
    > There are few instances where a person connects from work to home for
    > Business reasons, fewer still that don't want to access a file at home
    > from work sometime.


    I'm interested to know what risks are incurred by remote controlling a
    machine at home, from within the corporate LAN. That's what the OP was
    trying to do.

    -Russ.



  10. Re: Can't connect via VNC from work to home

    > Anyway, as you've discovered it's not something I want to alert my I.T.
    > department about. Looks like I'll have to give it a miss. I just thought
    > there'd be a way to do it that was safe, but without them knowing. Never
    > thought there'd be any problem if I did the web browsing version.


    Map both the client and the server to port 80. Problem solved.

    -Russ.



  11. Re: Can't connect via VNC from work to home

    On Mon, 14 Feb 2005 19:26:46 -0500, Somebody wrote:


    > "Leythos" wrote in message
    > newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote: Anytime you expose
    >> your company to something they didn't authorize you risk their network.
    >> Many companies don't block/filter web sites because it's an expense to
    >> do so, others rely on the good nature of the employees to not do
    >> anything they aren't suppose to do.
    >>
    >> There are few instances where a person connects from work to home for
    >> Business reasons, fewer still that don't want to access a file at home
    >> from work sometime.

    >
    > I'm interested to know what risks are incurred by remote controlling a
    > machine at home, from within the corporate LAN. That's what the OP was
    > trying to do.


    Some remote control programs allow people to move files through the
    connection, while VNC doesn't allow files specifically, there is no reason
    that they could not email a file from their personal computer to their
    work account. There are a number of apps, like PcAnywhere, etc... that
    allow it, also if they setup a small web-server in their home and access
    that to get files it's a threat - the home environment is best described
    as the Wild-West where anything goes, the corporate environment is
    controlled, monitored, and better protected.

    Additionally, since it's a unauthorized use of company network resources
    it impacts all other users in the company trying to use the Internet at
    the same time.

    Since the OP has mentioned that he/she doesn't want the company IT people
    involved, it's obviously something they know they should not be doing.



    --
    spam999free@rrohio.com
    remove 999 in order to email me


  12. Re: Can't connect via VNC from work to home

    "Somebody" wrote in
    news:elbQd.91250$vO1.570441@nnrp1.uunet.ca:

    >
    > "Leythos" wrote in message
    > newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:
    >> Anytime you expose your company to something they didn't authorize
    >> you risk their network. Many companies don't block/filter web sites
    >> because it's an expense to do so, others rely on the good nature of
    >> the employees to not do anything they aren't suppose to do.
    >>
    >> There are few instances where a person connects from work to home for
    >> Business reasons, fewer still that don't want to access a file at
    >> home from work sometime.

    >
    > I'm interested to know what risks are incurred by remote controlling a
    > machine at home, from within the corporate LAN. That's what the OP
    > was trying to do.
    >


    At my job, we had a programmer who was a tele-commuter and was authorized
    with a VPN connection with a company laptop to make contact with the
    company's network. However, the machine didn't have a FW installed and the
    person didn't bother to let IT know that the machine had no FW. Needless to
    say, the machine was infected with a worm and that in turn lead to the
    company network being infected and they tracked it back to the programmer.
    Let me tell you that they went off not only on the programmer but anyone
    needing a remote connection and everyone was prohibited from doing anything
    with a remote connection of any type. They finally eased the restrictions
    and gave the programmer a router to use. I would hate to see what would
    happen to someone who has made an unauthorized connection to a home network
    and that lead to the compromise of the company's network. Knowing the
    mindset of management at my company, they would terminate that person on
    the spot.

    Duane

  13. Re: Can't connect via VNC from work to home

    "Somebody" wrote in
    news:elbQd.91250$vO1.570441@nnrp1.uunet.ca:

    >
    > "Leythos" wrote in message
    > newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:
    >> Anytime you expose your company to something they didn't authorize
    >> you risk their network. Many companies don't block/filter web sites
    >> because it's an expense to do so, others rely on the good nature of
    >> the employees to not do anything they aren't suppose to do.
    >>
    >> There are few instances where a person connects from work to home for
    >> Business reasons, fewer still that don't want to access a file at
    >> home from work sometime.

    >
    > I'm interested to know what risks are incurred by remote controlling a
    > machine at home, from within the corporate LAN. That's what the OP
    > was trying to do.
    >
    > -Russ.
    >
    >
    >


    At my job, we had a programmer who was a tele-commuter and was authorized
    with a VPN connection with a company laptop to make contact with the
    company's network. However, the machine didn't have a FW installed and
    the person didn't bother to let IT know that the machine had no FW.
    Needless to say, the machine was compromised by a worm and that in turn
    lead to the company network being compromised and they tracked it back to
    the programmer.

    Let me tell you that they went off not only on the programmer but all
    programmers and anyone needing a remote connection and everyone was
    prohibited from doing anything with a remote connection of any type.

    They finally eased the restrictions and gave the programmer a router to
    use. I would hate to see what would happen to someone who has made an
    unauthorized connection to a home network and that lead to the compromise
    of the company's network. Knowing the mindset of management at my
    company, they would terminate that person on the spot.

    Duane

  14. Re: Can't connect via VNC from work to home


    "Somebody" wrote in message
    news:elbQd.91250$vO1.570441@nnrp1.uunet.ca...
    >
    > "Leythos" wrote in message
    > newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    >> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote:
    >> Anytime you expose your company to something they didn't authorize you
    >> risk their network. Many companies don't block/filter web sites because
    >> it's an expense to do so, others rely on the good nature of the employees
    >> to not do anything they aren't suppose to do.
    >>
    >> There are few instances where a person connects from work to home for
    >> Business reasons, fewer still that don't want to access a file at home
    >> from work sometime.

    >
    > I'm interested to know what risks are incurred by remote controlling a
    > machine at home, from within the corporate LAN. That's what the OP was
    > trying to do.


    I would suppose it would depend on what you are doing. If you are
    using Remote Desktop, your work PC wold be no more than a
    "dumb terminal" to your home PC, with no file transfer capability of
    any kind between the two machines, so there would be no real
    risk to the network as far as security goes. And do remember that
    inbound connections are blocked on the lowest tiers of DSL and
    cable service. If you want to connect inbound, you will need to
    upgrade to one of the more expensive tiers on most cable and
    DSL services.


    >
    > -Russ.
    >
    >




  15. Re: Can't connect via VNC from work to home


    "Leythos" wrote in message
    newsan.2005.02.15.00.44.03.184994@nowhere.lan...
    > On Mon, 14 Feb 2005 19:26:46 -0500, Somebody wrote:
    >
    >
    >> "Leythos" wrote in message
    >> newsan.2005.02.14.21.44.31.551111@nowhere.lan...
    >>> On Tue, 15 Feb 2005 06:21:48 +1100, Grosby wrote: Anytime you expose
    >>> your company to something they didn't authorize you risk their network.
    >>> Many companies don't block/filter web sites because it's an expense to
    >>> do so, others rely on the good nature of the employees to not do
    >>> anything they aren't suppose to do.
    >>>
    >>> There are few instances where a person connects from work to home for
    >>> Business reasons, fewer still that don't want to access a file at home
    >>> from work sometime.

    >>
    >> I'm interested to know what risks are incurred by remote controlling a
    >> machine at home, from within the corporate LAN. That's what the OP was
    >> trying to do.

    >
    > Some remote control programs allow people to move files through the
    > connection, while VNC doesn't allow files specifically, there is no reason
    > that they could not email a file from their personal computer to their
    > work account. There are a number of apps, like PcAnywhere, etc... that
    > allow it, also if they setup a small web-server in their home and access
    > that to get files it's a threat - the home environment is best described
    > as the Wild-West where anything goes, the corporate environment is
    > controlled, monitored, and better protected.


    Well, Remote Desktop can be restricted so that no file transfers
    between the two machines are possible, and that client machine
    is no more than a dumb terminal to the hosting machine. IT can
    tweak Remote Desktop on the PCs, so a connection in either
    direction will not allow transfer of any files.



  16. Re: Can't connect via VNC from work to home

    Somebody wrote:

    > Map both the client and the server to port 80. Problem solved.


    Tried that but didn't work. 10061 connection error.



  17. Re: Can't connect via VNC from work to home

    Leythos wrote:

    > Since the OP has mentioned that he/she doesn't want the company IT
    > people involved, it's obviously something they know they should not
    > be doing.


    Not necessarily. Web browsing is permitted during off-periods, as I
    originally stated, for example during lunch and before/after work.
    However, for the reasons mentioned by some people here, they might
    not like "remote control" web pages going on. Personally, I see no
    risk. BUT, if they (I.T.) decide it IS a risk, then they might take
    steps to stop it. The ideal solution would be for me to be able to
    do it until actually told to stop. That was the point of this thread.
    Some say I might get sacked over it, but that's a risk I'm prepared
    to take -- their web policy (which is in writing) does NOT state that
    you CAN'T visit certain types of web pages. So basically I'd be able
    to claim that "remote desktoping" via a web page is within the rules
    of the policy.



  18. Re: Can't connect via VNC from work to home

    On Tue, 15 Feb 2005 21:01:00 +1100, Grosby wrote:

    > Some say I might get sacked over it, but that's a risk I'm prepared
    > to take -- their web policy (which is in writing) does NOT state that
    > you CAN'T visit certain types of web pages. So basically I'd be able
    > to claim that "remote desktoping" via a web page is within the rules
    > of the policy.


    Don't bet on it - RD is not web browsing, and if they happen to see you
    asking about it here they might just put 4 & 4 together enough to use it
    against you.

    Maybe you could answer this for the group: What's so important at home
    that you're willing to subvert company policy to use?


    --
    spam999free@rrohio.com
    remove 999 in order to email me


  19. Re: Can't connect via VNC from work to home

    "Grosby" wrote in message news:<4211c85a@dnews.tpgi.com.au>...
    > Leythos wrote:
    >
    > > Since the OP has mentioned that he/she doesn't want the company IT
    > > people involved, it's obviously something they know they should not
    > > be doing.

    >
    > Not necessarily. Web browsing is permitted during off-periods, as I
    > originally stated, for example during lunch and before/after work.
    > However, for the reasons mentioned by some people here, they might
    > not like "remote control" web pages going on. Personally, I see no
    > risk. BUT, if they (I.T.) decide it IS a risk, then they might take
    > steps to stop it. The ideal solution would be for me to be able to
    > do it until actually told to stop. That was the point of this thread.
    > Some say I might get sacked over it, but that's a risk I'm prepared
    > to take -- their web policy (which is in writing) does NOT state that
    > you CAN'T visit certain types of web pages. So basically I'd be able
    > to claim that "remote desktoping" via a web page is within the rules
    > of the policy.


    You might want to try MyWebExPC, a Web-based solution. It comes in both
    free and paid versions. The paid version uses SSL encryption, so the admins
    cannot sniff your connection. We recommend it to people who access our online
    sports coverage from their workplace. Because the encryption is connected,
    Snort, and sniffing programs cannot get anything, unless someone has figured
    out how to crack and sniff SSL.
    Another method, that one lady I was chatting with the other day was using,
    was to log onto AOL to chat from work. She uses AOL for broadband, signs onto
    AOL, and then comes onto the chat room. Her boss has no CLUE as to what she
    is up to. She also brings her own laptop, and connects to the company's
    wireless access point (WAP). The only way they could figure out where the
    connection was coming from would be to bring in a spectrum analyser and
    trace the connection that way.

  20. Re: Can't connect via VNC from work to home


    "Leythos" wrote in message
    newsan.2005.02.15.00.44.03.184994@nowhere.lan...
    > On Mon, 14 Feb 2005 19:26:46 -0500,

    Somebody wrote:
    >
    >


    > > I'm interested to know what risks are incurred by remote controlling a
    > > machine at home, from within the corporate LAN. That's what the OP was
    > > trying to do.

    >
    > Some remote control programs allow people to move files through the
    > connection, while VNC doesn't allow files specifically, there is no reason
    > that they could not email a file from their personal computer to their
    > work account. There are a number of apps, like PcAnywhere, etc... that
    > allow it, also if they setup a small web-server in their home and access
    > that to get files it's a threat - the home environment is best described
    > as the Wild-West where anything goes, the corporate environment is
    > controlled, monitored, and better protected.


    I understand PCAW, etc. I'm asking what the risk of VNC is. Emailing in a
    file is not a risk, it could be emailed before one leaves, or by anyone
    outside. Emails are subject to network controls.

    VNC does not open any new conduits *in to* the network. Hence it is not a
    risk, outbound.

    > Additionally, since it's a unauthorized use of company network resources
    > it impacts all other users in the company trying to use the Internet at
    > the same time.


    Ok, I'll grant you that the tiny amount of bandwidth it uses is worth
    something. Less than an average browsing session I'd say.

    -Russ.




+ Reply to Thread
Page 1 of 3 1 2 3 LastLast