Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864

Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc

How to prohibit unauthorized repeater use?

Simple, Free, Open Source UltraVNC Wrapper Supporting Windows and Mac OSX
Post Reply
Pedja
8
8
Posts: 15
Joined: 2005-06-30 14:22

How to prohibit unauthorized repeater use?

Post by Pedja »

I've made repeater accessible on publi cIP and ChuckVNC works fine.

Now, i am conserned that someone unauthorised may use my router. I have limited and costly resources, so I would like to be able to control it's usage.

Is there a way to limit viewer connections somehow? I guess if unknown users cannot connect using viewer, I am good.

Limiting by IP will not work, as whole point of chuchVNc is to be used from everywhere.

I am considering using, VPN but that would be quite limiting factor.
User avatar
supercoe
400
400
Posts: 1732
Joined: 2009-07-20 21:27
Location: Walker, MN
Contact:

Re: How to prohibit unauthorized repeater use?

Post by supercoe »

The easiest way is to block connections to the repeater on the viewer port (5901).
If you need to use the viewer outside of your LAN after blocking the viewer port you'll have to setup a simple VPN.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
JonD
40
40
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Post by JonD »

The Linux version of the repeater that I use allows you to restrict connections based upon ID.

If you modify ChunkVNC to allow a very limited range of IDs and (possibly) not even display them to the end user you can get a degree of security... not perfect of course.

JonD
Last edited by JonD on 2010-11-28 23:50, edited 1 time in total.
Pedja
8
8
Posts: 15
Joined: 2005-06-30 14:22

Re: How to prohibit unauthorized repeater use?

Post by Pedja »

Well, blocking port leads to the same problem as blocking IP, it would not be accessible from everywhere. I would like to avoid VPN.

I saw TeamViewer, asks passwords along with ID, which helps at least in manner that i protects accessing servers by anyone.

I notied in SRC\InstantSupport_Files\ultravnc.ini there is

[ultravnc]
passwd=DE1D75CB847AB2FAD7
passwd2=BEB49784199CB48172


Can I change these passwords? Would that prevent third party to use his own VNC viewer?
User avatar
supercoe
400
400
Posts: 1732
Joined: 2009-07-20 21:27
Location: Walker, MN
Contact:

Re: How to prohibit unauthorized repeater use?

Post by supercoe »

With version 3.1 for someone to take control of a server they would need to know the ID# and have access to the encryption key. Both possible.

With version 3.2 someone would need to know the ID# of the server, have the correct version of SecureVNC and decrypt the password. All possible.

Really there isn't much stopping a skilled hacker from gaining access, it's a fine line between ease of use and security.

Nothing is better than securing the operating system when installing remote applications.

Since ChunkVNC is currently more focused on quick support calls and less so on permanent installs the security is considered "good enough". For now. ;)
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
JonD
40
40
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Post by JonD »

I'm not sure but I think what he is concerned about is someone using the repeater... not necessarily connecting to one of the clients. In other words another individual setting up server/viewers on his repeater???

This is a different issue, I think.

JonD
User avatar
supercoe
400
400
Posts: 1732
Joined: 2009-07-20 21:27
Location: Walker, MN
Contact:

Re: How to prohibit unauthorized repeater use?

Post by supercoe »

Thanks for the clarification, I understand the issue now.

At this time there isn't much you can do with a repeater in a public location. :(

In the future more security will be built into the repeater.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
JonD
40
40
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Post by JonD »

That's why I like the repeater application that I use since you can restrict in various ways access... the restriction I use is the range of ID's.

I only ever need about 3 IDs for my support at any one time and I chose #'s that could (eventually) be found but it would take a while.

I don't display the #'s at the server end either.


JonD
Pedja
8
8
Posts: 15
Joined: 2005-06-30 14:22

Re: How to prohibit unauthorized repeater use?

Post by Pedja »

How do you deal with issue that ChunkVNC server generates ID on his own?
User avatar
supercoe
400
400
Posts: 1732
Joined: 2009-07-20 21:27
Location: Walker, MN
Contact:

Re: How to prohibit unauthorized repeater use?

Post by supercoe »

Pedja,

I'm sure JonD just modified SRC\InstantSupport.au3 to only connect with the ID numbers that he wants.
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
JonD
40
40
Posts: 121
Joined: 2006-12-24 16:46
Location: Canada

Re: How to prohibit unauthorized repeater use?

Post by JonD »

You would have to make changes to InstantSupport.au3.

I've made a number of different changes for my own situation... however, I think that the following might work for you. They are based upon v3.2:
Line 42:
Global $GenerateID = False
Line 45:
Global $IDNumber = the number you want
You may also need to enter the number in instantsupport.ini unless you make other mods as well.

A better method, would be to simply adjust the range to be more restrictive:
Lines 177 & 178
$LowerLimit = 417655
$UpperLimit = 417656
would force the value to 417655
or
$LowerLimit = 417655
$UpperLimit = 417656
would allow a limited range

Then compile.

Neither of these changes have been tested by me. You will find the source code quite logically laid out with descriptive variables and comments that make it fairly easy to make these kind of small adjustments. Just make sure you keep backup copies of before and after changes.



JonD
Last edited by JonD on 2010-11-30 18:07, edited 3 times in total.
User avatar
supercoe
400
400
Posts: 1732
Joined: 2009-07-20 21:27
Location: Walker, MN
Contact:

Re: How to prohibit unauthorized repeater use?

Post by supercoe »

JonD wrote:You will find the source code quite logically laid out with descriptive variables and comments that make it fairly easy to make these kind of small adjustments.
Wow, what a compliment!
That was the idea. :D :D :D
http://www.chunkvnc.com - ChunkVNC - Free PC Remote control with the Open Source UltraVNC wrapper InstantSupport!
RUS
8
8
Posts: 10
Joined: 2010-12-16 19:52

Re: How to prohibit unauthorized repeater use?

Post by RUS »

Yes indeed, an attacker can learn the name of the server, it can configure it for themselves.
The only solution to run multiple repeater, configured with different ports and configure InstantSupport.exe with one id.
Run the repeater.exe must be from the new folder (1) (2) (3 )....
Post Reply