Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Security? | 31 comments | Create New Account
Click here to return to the 'Security?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security?
Authored by: osxpounder on Oct 21, '04 05:58:10PM

I tried editing com.apple.sharing.firewall.plist, which has a clearly labeled entry for the ports used by ARD. I tried changing the default port 5900 to a non-standard one, and saved the file. I reloaded the file to ensure that my change was saved. Nevertheless, VNC is still being served on port 5900, and not on my specified port. I confirmed this by connecting via a VNC client from another machine. It worked for their port #, but not mine. After trying, I looked again -- yep, the port I specified is still in the .plist file.

And, btw, I did have the firewall open on that port.

---
--
osxpounder



[ Reply to This | # ]
Security?
Authored by: osxpounder on Oct 24, '04 01:52:28AM

OK, I'm carrying on this conversation by myself, but someday, someone will care to know this: the AppleVNC server, found in:

/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/

... only takes an 8-character password. More characters are a waste; it only looks at the first 8.

Also, I can't find a way to get AppleVNCServer to tell me if it has any command line switches. /? and /help did nothing.

---
--
osxpounder



[ Reply to This | # ]
re: Security?
Authored by: nicksay on Oct 24, '04 04:51:23AM

in reply to editing the com.apple.sharing.firewall.plist file...

As far as I can tell, that is a file that is generated/updated by the Sharing Preference Pane when you make changes. Then, I think, the Pane calls the "firewalltool" program, located in "/System/Library/PrivateFrameworks/NetworkConfig.framework/Versions/A/Resources/". This tool, I think, flushes the ipfw rules, adds a default restrictive set of rules, then adds "allow" rules for each port listed in the com.apple.sharing.firewall.plist file.

I deduced this from the "NetworkExtensions" StartupItem, located in "/System/Library/StartupItems/NetworkExtensions/".

So, to summarize, changing the port in that plist file will only change the firewall entry, not the VPN server.



[ Reply to This | # ]