3 machine running VNC behind NAT router?

[Kevin Smathers]

My error.  Except for the password, every thing else is sent in the 
clear, including any passwords you might type after your initial connection.

Scott C. Best wrote:
> Kevin:
>
>     Heya. I felt compelled to reply, as your VNC password
> information is very misleading.
>
>     Telnet and FTP actually *do* send passwords in the clear.
> That is, if you actually captured packets in transit, you'd see
> the password right there. However, VNC absolutely does not do this.
> VNC uses challenge-response authentication, well decribed here:
>
> http://en.wikipedia.org/wiki/Challenge-response_authentication
>
>     In VNC, I believe it works as follows: the server generates
> a random value "N", and encrypts it using the saved VNC password.
> When a VNC client connects, it receives this "encrypted challenge".
> The Viewer then decrypts the value "N" using the password provided by
> the user into the Viewer. It then performs a simple operation (eg,
> calculates "N+1"), encrypts that and sends it back as the "response".
> If the "response" is correct, the Server knows that the Viewer user
> knows the correct password. And while enough information has gone
> by in the wires for someone to *deduce* the password (ie, if a
> malicious user knows the challenge string, the response string,
> and the exact "simple operation" in the source), the password itself
> cannot fairly be said to be "in the clear".
>
>     Otherwise...I agree with your assertion that leaving any
> service open to direct connections from the Internet is asking
> for trouble. I use EchoVNC to avoid this.
>
> cheers,
> Scott
>
>> That is a pretty dangerous configuration you have there.  VNC transfers
>> passwords in the clear, so it is no more save as a WAN protocol than
>> 'Telnet' or 'FTP'...
> <snip>
> _______________________________________________
> VNC-List mailing list
> VNC-List "at" realvnc.com
> To remove yourself from the list visit:
> http://www.realvnc.com/mailman/listinfo/vnc-list