[TriLUG] requirements for classes...
Timothy A. Chagnon
tchagnon at nc.rr.com
Thu Apr 29 15:24:10 EDT 2004
On Thu, 2004-04-29 at 14:22, Brian A. Henning wrote:
> I remember hearing VNC wasn't safe to do in-the-clear on an unsecured
> network... Or is that just X? At any rate, it would simplify your port
> issues (at the router, at least) if you tunneled vnc through ssh anyhow..
> or will that be too much of a performance hit? Not that I know how to do
> that.. just that it can be done. :-)
Yes, the protocol (rfb?) that vnc uses is wicked simple and can be
snooped by just capturing the data stream and playing it back with a
slightly modified vncviewer. Really just mouse & keyboard to server and
chunks of image to client. You need a man-in-the middle sort of proxy.
I set it up for a client last year that wanted to keep records of
emergency (fix-the stupid M$-SQL server) off-hours vnc stuff.
SSH tunneling it is easy, just port forward. Certainly a performance
hit, maybe a couple hundred miliseconds added latency and 25% extra
bandwidth usage. That's just guessing about some testing I did over a
year ago. Probably not worth it for non-sensitive educational data.
-Tim
--
Timothy A. Chagnon <tchagnon at nc.rr.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20040429/41006b26/attachment.pgp>
More information about the TriLUG
mailing list