using repeater, but restrict viewer access connections..

[thor918]

Hi.
I'm a little confused on how to make this work good in a tech support envirment.

Ok.
so I package a server package (to my clients), I put this package with preentered ID, and password. anyone can download this package from my webpage.

is it correct that if someone evil gets a hold of the server package (for my clients), and then gets the password out of that package. since this password is shared with both tech guys and users. a evil user could just run up a viewer himself, with the ID, and the password he found in the server package, and then if he is lucky, he can snatch up one of my clients that wants help.

after testing repeater it looks like anyone can use the repeater if one put that out on the net. there is not realy a good administraton of that server from my point of view.

I just tried the echoserver, and comparing to this, I can see that helpware was much faster, but seemed like it had a little more control on the connections.

[Cortexwayne]

I'm not a pro and I just started using this, but the server side and the client side must have different port for connection.

So if they manage to decrypt the exe file and get the IP and the port (lets say 5555) of the repeater. (wich is useless because a repeater just foward a connection) for a viewer to take control of that sever he will have to take another port (lets say 6567) to remotly take control. After that you can choose that the server side (with PcHelpWare) have to enter an ID manually at each connection so the password change each time.

For me it cannot be more secure than that.

[thor918]

I'm not a pro and I just started using this, but the server side and the client side must have different port for connection.

So if they manage to decrypt the exe file and get the IP and the port (lets say 5555) of the repeater. (wich is useless because a repeater just foward a connection) for a viewer to take control of that sever he will have to take another port (lets say 6567) to remotly take control. After that you can choose that the server side (with PcHelpWare) have to enter an ID manually at each connection so the password change each time.

For me it cannot be more secure than that.

Okey. First of all. Thank you for replying

the exe is infact not encryptet. just use 7zip, and presto you got all info you need(not the viewer port if not in https proxy mode). the password seems to be scramled, but dosent look like it would be so difficult to figure out. but you pointed out something for me. that it's two different ports. I'm behind a firewall, so I could infact restrict access to who can connect as support techs on the controlers port (viewer)... however if I exposed both ports to the internet. anyone can connect to the viewer port.

hmm according to how I setuped my viewer and server:
[topic=8395][/topic]
https proxy uses 443 both on viewer and server.

still thinking on this....

edit:
okey. I tested without https proxy mode. and it works okey. but still...

edit again:
[topic=10844][/topic]
password is an md5 hash. so that's one way. but still, the hash can probably be used in the viewer connection.