VNC Authentication - Login Denial?

William Hooper
Tue Jul 29 22:02:00 2003

Switzer, Bill said:
> I see from:
>>The VNC Authentication is already designed so that many logins from one
> source will cause further logins to be denied
> Could someone point me to documentation describing this?
"WinVNC 3.3.3R6 already includes simple detection of dictionary attacks -
it will only allow one connection attempt from each host every ten seconds
if they appear to keep failing."

> i.e. It would seem reasonable to me that after X unsuccessful attempts to
> log in to VNC, it would shut itself down - requiring a local user to
> restart
> the service, reboot the machine, or in some other manner kick it back into
> action.

You may want this, but I don't.  You have just given the definition of a
Denial of Service attack.  Anything that prevents me from having
legitimate access to the VNC server is a bad thing, even if it is in the
name of stopping a break-in attempt.

William Hooper