Hello list.
After a few tries, my stunnel configuration is working well. I am using
it to tunnel my vnc connections to my winXP box.
Now I have a question about how the software is working.
In the past, when I was using VNC at port 5900 and I did a telnet to
that box with port 5900, VNC was answering with something like 003005
which was the VNC protocol version the server was able to communicate.
Now because of the tunneling effect, my vnc server still listens at
127.0.0.1:5900 but is expecting ssled connections at xxx.xxx.xxx.xxx:9999.
When I do a telnet at xxx.xxx.xxx.xxx at port 9999 my box is answering
something like: Connected to xxx.xxx.xxx.xxx Escape character is ...
Now if enter something like "test" the telnet window shows me that the
connection is closed by foreign host (means: my xp box).
Lets assume, someone is trying to hack my computer and doing a port
scan. She/he will find out for sure, that my port 9999 is opened.
Usually the server listening behind the port is sending something the
attacker could use to point to the software running behind the port. In
this case, as far as I can see nothing is sent to give a hint that
stunnel is waiting there to route my connection attempt to 127.0.0.1:5900.
Is it right, that this is the magic - for sure besides encryption and
all the algorithms necessary to do the port forwarding - stunnel
provides? I mean as long as an attacker doesnt know what is hiding
behind the port he/she also doesnt know how to attack or how to get
through. Is that conclusion right?
Please tell me, if my conclusions are wrong or if I got something wrong.
Stefan