Hi,
I'm very impressed, having just installed UltraVNC. I had a couple of quick questions I haven't been able to answer from browsing messages.
It appears that I can not use the DSM plug in and the web-accessed viewer. Is that correct? I don't even get the page using the web-based viewer - I get a message that the server is not an RFB server.
I did have another quick question - if one doesn't use the DSM plug-in, and is using MS Login, is it safe to assume that at least the login is encrypted? Also, if one doesn't use the DSM plug-in, in what form is text transmitted between the viewer and the server -- is it in plain view, or in at least a binary format. I'm wondering how vulnerable I really am if I at least the authenitcation is encrypted.
Thanks very much,
Gordon
After more 2 000 000 (two million) views on forum for 1.5.0.x development versions... and 1.6.1.0, 1.6.3.0-dev versions
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
A new stable version, UltraVNC 1.6.4.0 and UltraVNC SC 1.6.4.0 have been released: https://forum.uvnc.com/viewtopic.php?t=38095
Feedback is always welcome
2025-12-05: Celebrating the 23th anniversary of the UltraVNC (26th anniversary since the laying of the foundation stone): https://forum.uvnc.com/viewtopic.php?t=38130
2025-12-03: Could you please complete our poll/survey? Renaming UltraVNC files and service to be more clear: https://forum.uvnc.com/viewtopic.php?t=38128
There was a problem to vote, it is solved now! Thanks in advance!
2025-12-02: We need help: English Wikipedia UltraVNC page has been requested to deletion: https://forum.uvnc.com/viewtopic.php?t=38127
Any help is welcome to improve the UltraVNC page and/or to comment on the Wikipedia Talk page
2025-05-06: Forum password change request: https://forum.uvnc.com/viewtopic.php?t=38078
2023-09-21: Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Development: UltraVNC development is always here... Any help is welcome
Feedback is welcome
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Question on use of DSM plug-in
Gordon,
#1. The Java viewer does not incorporate the DSM interface, so, No, the Java viewer can't connect to an encrypted server.
The plugin encrypts EVERYTHING including the initial RFB protocol negotiation, so that's why the Java viewer doesn't even recognize it as a VNC server.
#2. The password exchange is 3DES encrypted. 3DES is old...
#3. Text (keystrokes) are sent as key-codes. To the casual user, unintelligible. There are tools that can record and play-back VNC sessions though.
The biggest issue (in my mind) is that the unencrypted VNC server will respond with a password prompt to anyone with a VNC viewer. Sure there is some code in the server to "slow down" a dictionary attack, but the password is ONLY 8 characters.
Using the plugin, the server won't connect unless the viewer supports the plugin, and has your pre-shared key. Kinda stops dictionary attacks in their tracks.
Sean
#1. The Java viewer does not incorporate the DSM interface, so, No, the Java viewer can't connect to an encrypted server.
The plugin encrypts EVERYTHING including the initial RFB protocol negotiation, so that's why the Java viewer doesn't even recognize it as a VNC server.
#2. The password exchange is 3DES encrypted. 3DES is old...
#3. Text (keystrokes) are sent as key-codes. To the casual user, unintelligible. There are tools that can record and play-back VNC sessions though.
The biggest issue (in my mind) is that the unencrypted VNC server will respond with a password prompt to anyone with a VNC viewer. Sure there is some code in the server to "slow down" a dictionary attack, but the password is ONLY 8 characters.
Using the plugin, the server won't connect unless the viewer supports the plugin, and has your pre-shared key. Kinda stops dictionary attacks in their tracks.
Sean
Last edited by scovel on 2005-04-19 02:27, edited 1 time in total.