dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
16
share rss forum feed


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to jaynick

Re: How to secure VNC and port 5900

The only thing I can think of, offhand, is to

• Enable port forwarding for 5900.

• Create a firewall rule to block (or only allow) port 5900 accesses from the internet for a single or small range of IP's.

Of course you'd have to know what internet IP(s) you may have (i.e. what are you). The firewall will prevent any port scanners from even reaching your LAN while you'll get through.
--
Don't feed trolls--it only makes them grow!



jaynick
lit up
Premium
join:2001-02-06
Sterling Heights, MI
kudos:2
Reviews:
·Comcast

said by StuartMW:

Of course you'd have to know what internet IP(s) you may have (i.e. what are you). The firewall will prevent any port scanners from even reaching your LAN while you'll get through.

Yes, that's the problem with that.


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by jaynick:

Yes, that's the problem with that.

Yup. Well port forwarding is just a limited workaround to NAT. The intended purpose is to allow servers to appear as though they're directly on the internet (i.e. open to all comers).

Again if you secure VNC (or whatever) then any bad guys won't be able to get into your LAN box although any and all requests will get to that box (and rejected if you have good authentication).

The choice is up to you.
--
Don't feed trolls--it only makes them grow!


jaynick
lit up
Premium
join:2001-02-06
Sterling Heights, MI
kudos:2

Bottom line is that all those entries were probes and attempts but not actual access. Correct? and a 63 char random password like I use for my wireless key would be as secure as it could get other than using other ways like mentioned above?



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by jaynick:

Bottom line is that all those entries were probes and attempts but not actual access. Correct?

Correct.

As for passwords it really depends if all 63 chars are being used as angussf See Profile pointed out.
--
Don't feed trolls--it only makes them grow!