While using VNC I open up port 5900 which I assume is the default port for VNC (I made no changes) and of course now my router has a hole in it when VNC is running...

I use a strong password for VNC so am I safe to leave the port open at all times or is it better to close it when I don't need it? Will leaving the port open allow anyone in?

Thanks for any clues you can give me :)

Only if they portscan will they find that port open... as well as the others you have open.

Strong password is a good idea, makes them work hard to use your vnc for their own ends

Only if they portscan will they find that port open... as well as the others you have open.

Strong password is a good idea, makes them work hard to use your vnc for their own ends

Only port 5900 is open when I enable it via the router. The rest of the time everything is locked down as good as I can lock everything down...

As for the strong password, it is similar in theory to a car alarm? That the script kiddie looking for open computers will move on to a easier target? That said, would you leave your port open at all times with the strong password?

short answer, if you park your car in a public carpark unlocked - how long do you expect it to stay there against a car that is locked and alarmed?

Trying a crack on vnc is time consuming. If you are paranoid then change the password often and you should be fine. Most people will just keep looking if somebody in fact is looking. Also you could just enable and disable the port on the router when you know your gonna be out. Makes for a harder target. Me I leave vnc running all the time and have yet to have problems with it.

Trying a crack on vnc is time consuming. If you are paranoid then change the password often and you should be fine. Most people will just keep looking if somebody in fact is looking. Also you could just enable and disable the port on the router when you know your gonna be out. Makes for a harder target. Me I leave vnc running all the time and have yet to have problems with it.

Thanks (both Gollo and NooNoo!) For the most part I am going to disable the router function and only enable it at times when I think I'll need access to VNC... now I'll I have to do is figure out how to change the default port numbers for multiple computers. The VNC FAQ explains it well enough, though I wont dismiss my coming back to the experts :)

Thanks (both Gollo and NooNoo!) For the most part I am going to disable the router function and only enable it at times when I think I'll need access to VNC... now I'll I have to do is figure out how to change the default port numbers for multiple computers. The VNC FAQ explains it well enough, though I wont dismiss my coming back to the experts :)
It's very easy. In the server properties of vnc there is an option to select an ID number (on ultra vnc you can select a port number but it's the same thing). The ID number is just the last number of the port. On auto it will automaticaly hook you up and your all set. So let's say you have two computers. One you would setup with an id of 1 and the other 2 (no brainer right ;) you can put any number less than 99 in there and your good or like I said ultra vnc gives you the option to select a non standard port). Anyways in your router you would forward port 5901 to the computer with ID 1 and 5902 to the computer with the ID of 2. If you use the web based interface then you need to forward 5801 and 5802 respectively. That's it. Very simple straightforward. To access the computer with the vncviewer you would instead of putting in computername or ip.address.of.computer you would have to put in computername:1 or ip.address.of.computer:1 (or 2 if it's the other computer).
Now if you have a router that supports it (like freesco (http://www.freesco.org)) you can leave all of your vncservers to auto and then at the router forward port 5901 to computer1 at 5900 and port 5902 to computer2 at port 5900. This makes adding more vncservers inside your network a breeze and when you are on your local lan you don't have to type in the :x after the computer name. Anyways.......

(Boy did I just ramble or what!?!? :D )

It's very easy. In the server properties of vnc there is an option to select an ID number (on ultra vnc you can select a port number but it's the same thing). The ID number is just the last number of the port. On auto it will automaticaly hook you up and your all set. So let's say you have two computers. One you would setup with an id of 1 and the other 2 (no brainer right ;) you can put any number less than 99 in there and your good or like I said ultra vnc gives you the option to select a non standard port). Anyways in your router you would forward port 5901 to the computer with ID 1 and 5902 to the computer with the ID of 2. If you use the web based interface then you need to forward 5801 and 5802 respectively. That's it. Very simple straightforward. To access the computer with the vncviewer you would instead of putting in computername or ip.address.of.computer you would have to put in computername:1 or ip.address.of.computer:1 (or 2 if it's the other computer).
Now if you have a router that supports it (like freesco (http://www.freesco.org)) you can leave all of your vncservers to auto and then at the router forward port 5901 to computer1 at 5900 and port 5902 to computer2 at port 5900. This makes adding more vncservers inside your network a breeze and when you are on your local lan you don't have to type in the :x after the computer name. Anyways.......

(Boy did I just ramble or what!?!? :D )

No rambling at all! Thanks! I only use VNC for two computers so your method worked great! I can't believe how nice VNC is as well as easy to use...

I may be late to the game, but certain flavors of vnc allow for a web based interface to be used. You can try using that (which will leave your port 80 open) if you feel unsafe with 5900 open.

I may be late to the game, but certain flavors of vnc allow for a web based interface to be used. You can try using that (which will leave your port 80 open) if you feel unsafe with 5900 open.
I mentioned it in my post. And it is port 580x not port 80. Cheers.