[Gloucs] SSH forwarding without a shell
Glyn Davies
glynd at walmore.com
Tue Jul 3 22:00:30 BST 2007
Pete Wright wrote:
>>> Hmmmm and Hmmmm again. Just had another thought. The person connecting> > in has a fixed IP so I could set the Internet facing router to forward> > TCP packets on port 5901 from the fixed IP (and only that IP) to the> > Windows box. No SSH required. Question is, is that secure enough. The> > modem/router is pretty cheap (Zoom X5) so I doubt it set any records for> > security. Also, as described can it be easily fooled. One for all you> > security dudes.
>>>
> If you plan to use a filtering rule to only allow the specific IP and Port access through your firewall then it means the only way someone can hack into the vnc would be from an ip address that matches the rule. im not too sure if IP spoofing could be used to gian access but thats a different security matter.
>
That's kind of what I thought. However, I've no idea how easy it is to
spoof in a way such that it is useful in a 'pwning' systems.
--
Best Regards
Glyn Davies
More information about the gloucs
mailing list