VNC Authentication - Login Denial?

William Hooper whooper@freeshell.org
Tue Jul 29 22:02:00 2003


Switzer, Bill said:
> I see from:
> http://www.realvnc.com/pipermail/vnc-list/2000-July/015286.html
>
>>The VNC Authentication is already designed so that many logins from one
> source will cause further logins to be denied
>
> Could someone point me to documentation describing this?

http://www.realvnc.com/pipermail/vnc-list/2000-May/014378.html
"WinVNC 3.3.3R6 already includes simple detection of dictionary attacks -
it will only allow one connection attempt from each host every ten seconds
if they appear to keep failing."

> i.e. It would seem reasonable to me that after X unsuccessful attempts to
> log in to VNC, it would shut itself down - requiring a local user to
> restart
> the service, reboot the machine, or in some other manner kick it back into
> action.

You may want this, but I don't.  You have just given the definition of a
Denial of Service attack.  Anything that prevents me from having
legitimate access to the VNC server is a bad thing, even if it is in the
name of stopping a break-in attempt.

--
William Hooper