Celebrating the 22th anniversary of the UltraVNC: https://forum.uvnc.com/viewtopic.php?t=38031
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Bluesky/AT Protocol: https://bsky.app/profile/ultravnc.bsky.social
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
How to prohibit unauthorized repeater use?
How to prohibit unauthorized repeater use?
I've made repeater accessible on publi cIP and ChuckVNC works fine.
Now, i am conserned that someone unauthorised may use my router. I have limited and costly resources, so I would like to be able to control it's usage.
Is there a way to limit viewer connections somehow? I guess if unknown users cannot connect using viewer, I am good.
Limiting by IP will not work, as whole point of chuchVNc is to be used from everywhere.
I am considering using, VPN but that would be quite limiting factor.
Now, i am conserned that someone unauthorised may use my router. I have limited and costly resources, so I would like to be able to control it's usage.
Is there a way to limit viewer connections somehow? I guess if unknown users cannot connect using viewer, I am good.
Limiting by IP will not work, as whole point of chuchVNc is to be used from everywhere.
I am considering using, VPN but that would be quite limiting factor.
Re: How to prohibit unauthorized repeater use?
The easiest way is to block connections to the repeater on the viewer port (5901).
If you need to use the viewer outside of your LAN after blocking the viewer port you'll have to setup a simple VPN.
If you need to use the viewer outside of your LAN after blocking the viewer port you'll have to setup a simple VPN.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: How to prohibit unauthorized repeater use?
The Linux version of the repeater that I use allows you to restrict connections based upon ID.
If you modify ChunkVNC to allow a very limited range of IDs and (possibly) not even display them to the end user you can get a degree of security... not perfect of course.
JonD
If you modify ChunkVNC to allow a very limited range of IDs and (possibly) not even display them to the end user you can get a degree of security... not perfect of course.
JonD
Last edited by JonD on 2010-11-28 23:50, edited 1 time in total.
Re: How to prohibit unauthorized repeater use?
Well, blocking port leads to the same problem as blocking IP, it would not be accessible from everywhere. I would like to avoid VPN.
I saw TeamViewer, asks passwords along with ID, which helps at least in manner that i protects accessing servers by anyone.
I notied in SRC\InstantSupport_Files\ultravnc.ini there is
[ultravnc]
passwd=DE1D75CB847AB2FAD7
passwd2=BEB49784199CB48172
Can I change these passwords? Would that prevent third party to use his own VNC viewer?
I saw TeamViewer, asks passwords along with ID, which helps at least in manner that i protects accessing servers by anyone.
I notied in SRC\InstantSupport_Files\ultravnc.ini there is
[ultravnc]
passwd=DE1D75CB847AB2FAD7
passwd2=BEB49784199CB48172
Can I change these passwords? Would that prevent third party to use his own VNC viewer?
Re: How to prohibit unauthorized repeater use?
With version 3.1 for someone to take control of a server they would need to know the ID# and have access to the encryption key. Both possible.
With version 3.2 someone would need to know the ID# of the server, have the correct version of SecureVNC and decrypt the password. All possible.
Really there isn't much stopping a skilled hacker from gaining access, it's a fine line between ease of use and security.
Nothing is better than securing the operating system when installing remote applications.
Since ChunkVNC is currently more focused on quick support calls and less so on permanent installs the security is considered "good enough". For now.
With version 3.2 someone would need to know the ID# of the server, have the correct version of SecureVNC and decrypt the password. All possible.
Really there isn't much stopping a skilled hacker from gaining access, it's a fine line between ease of use and security.
Nothing is better than securing the operating system when installing remote applications.
Since ChunkVNC is currently more focused on quick support calls and less so on permanent installs the security is considered "good enough". For now.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: How to prohibit unauthorized repeater use?
I'm not sure but I think what he is concerned about is someone using the repeater... not necessarily connecting to one of the clients. In other words another individual setting up server/viewers on his repeater???
This is a different issue, I think.
JonD
This is a different issue, I think.
JonD
Re: How to prohibit unauthorized repeater use?
Thanks for the clarification, I understand the issue now.
At this time there isn't much you can do with a repeater in a public location.
In the future more security will be built into the repeater.
At this time there isn't much you can do with a repeater in a public location.
In the future more security will be built into the repeater.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: How to prohibit unauthorized repeater use?
That's why I like the repeater application that I use since you can restrict in various ways access... the restriction I use is the range of ID's.
I only ever need about 3 IDs for my support at any one time and I chose #'s that could (eventually) be found but it would take a while.
I don't display the #'s at the server end either.
JonD
I only ever need about 3 IDs for my support at any one time and I chose #'s that could (eventually) be found but it would take a while.
I don't display the #'s at the server end either.
JonD
Re: How to prohibit unauthorized repeater use?
How do you deal with issue that ChunkVNC server generates ID on his own?
Re: How to prohibit unauthorized repeater use?
Pedja,
I'm sure JonD just modified SRC\InstantSupport.au3 to only connect with the ID numbers that he wants.
I'm sure JonD just modified SRC\InstantSupport.au3 to only connect with the ID numbers that he wants.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: How to prohibit unauthorized repeater use?
You would have to make changes to InstantSupport.au3.
I've made a number of different changes for my own situation... however, I think that the following might work for you. They are based upon v3.2:
Line 42:
Global $GenerateID = False
Line 45:
Global $IDNumber = the number you want
You may also need to enter the number in instantsupport.ini unless you make other mods as well.
A better method, would be to simply adjust the range to be more restrictive:
Lines 177 & 178
$LowerLimit = 417655
$UpperLimit = 417656
would force the value to 417655
or
$LowerLimit = 417655
$UpperLimit = 417656
would allow a limited range
Then compile.
Neither of these changes have been tested by me. You will find the source code quite logically laid out with descriptive variables and comments that make it fairly easy to make these kind of small adjustments. Just make sure you keep backup copies of before and after changes.
JonD
I've made a number of different changes for my own situation... however, I think that the following might work for you. They are based upon v3.2:
Line 42:
Global $GenerateID = False
Line 45:
Global $IDNumber = the number you want
You may also need to enter the number in instantsupport.ini unless you make other mods as well.
A better method, would be to simply adjust the range to be more restrictive:
Lines 177 & 178
$LowerLimit = 417655
$UpperLimit = 417656
would force the value to 417655
or
$LowerLimit = 417655
$UpperLimit = 417656
would allow a limited range
Then compile.
Neither of these changes have been tested by me. You will find the source code quite logically laid out with descriptive variables and comments that make it fairly easy to make these kind of small adjustments. Just make sure you keep backup copies of before and after changes.
JonD
Last edited by JonD on 2010-11-30 18:07, edited 3 times in total.
Re: How to prohibit unauthorized repeater use?
Wow, what a compliment!JonD wrote:You will find the source code quite logically laid out with descriptive variables and comments that make it fairly easy to make these kind of small adjustments.
That was the idea.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
Re: How to prohibit unauthorized repeater use?
Yes indeed, an attacker can learn the name of the server, it can configure it for themselves.
The only solution to run multiple repeater, configured with different ports and configure InstantSupport.exe with one id.
Run the repeater.exe must be from the new folder (1) (2) (3 )....
The only solution to run multiple repeater, configured with different ports and configure InstantSupport.exe with one id.
Run the repeater.exe must be from the new folder (1) (2) (3 )....