Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] vnc masqueraded
>The path to success was given by Michael Appeldorn and Mark Robinson:
>To firewall2.rc.config, simply add
>
>FW_FORWARD_MASQ="0/0,192.168.0.<n>,tcp,590<n>
> 0/0,192.168.0.<n>,udp,590<n>"
>
>and give the vnc-server of 192.168.0.<n> the display number <n> for each
>local ip ending in <n> for which you want to have vnc access from outside.
>
>To remote control ip 192.168.0.3, e.g., issue "vncserver
><your-$EXT-ip>:3" et viola!
>
>To get rid of those "0/0" null-restriction from outer space, I'm afraid,
>there's no way than that suggestion of Mark Ruth, though.

You have a nerve [0/0]. Is pretty insecure. Guess would be easy to sniff the vnc
password and every guy with some ambitions will move the mouse only you
should move remotly.

Would suggest following simple way to make it more secure, also if you
have a static ip you can bind.

Find the position of the rules in /sbin/SuSEfirewall2 and modify this rules in order
to check the MAC-Adresse of your remote machine.

If you've further question how to, mail me.

Michael Appeldorn.




< Previous Next >
References