DoS attack VNC 4.0
sasson "at" insideout.co.il
Tue Aug 31 15:07:01 2004
As said numerous times before (along the years of VNC..) :
Do NOT use the VNC strait open to the Internet or any unsecured network for
It means that the VNC connection should be encapsulated inside an encrypted
tunnel of some kind (SSH, Stunnel .. ).
Therefore, you can limit the simultaneous connections to max less than 60
(as I think you should anyway) in the tunneling connection.
Good to know though.
Ran Sasson @ I.O. Ltd.
----- Original Message -----
From: "Mike Miller" <mbmiller "at" taxa.epi.umn.edu>
To: "VNC List" <vnc-list "at" realvnc.com>
Sent: Monday, August 30, 2004 11:18 PM
Subject: Re: DoS attack VNC 4.0
> On Wed Aug 25 23:49:00 2004, b kwok wrote:
> > Want to verify and confirm if this attack sucess by sending more than 60
> > connections request to VNC server on windows platforms, any fix for
> > http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1068.html
> I hope this will be fixed soon. It seems to be real because it was picked
> up by SANS, as reported below.