[Gloucs] SSH forwarding without a shell

Glyn Davies glynd at walmore.com
Tue Jul 3 22:00:30 BST 2007


Pete Wright wrote:
>>> Hmmmm and Hmmmm again. Just had another thought. The person connecting> > in has a fixed IP so I could set the Internet facing router to forward> > TCP packets on port 5901 from the fixed IP (and only that IP) to the> > Windows box. No SSH required. Question is, is that secure enough. The> > modem/router is pretty cheap (Zoom X5) so I doubt it set any records for> > security. Also, as described can it be easily fooled. One for all you> > security dudes.
>>>       
> If you plan to use a filtering rule to only allow the specific IP and Port access through your firewall then it means the only way someone can hack into the vnc would be from an ip address that matches the rule. im not too sure if IP spoofing could be used to gian access but thats a different security matter.
>   
That's kind of what I thought. However, I've no idea how easy it is to 
spoof in a way such that it is useful in a 'pwning' systems.



-- 
Best Regards
Glyn Davies



More information about the gloucs mailing list