"Too Many Security Failures" with v4.1

[Scott C. Best]

Wez:

 	Heya. So exactly what qualifies as a "failed authentication 
attempt"? I was trying to connect to a 4.1.1 server (Free edition)
using a tunneling application, and I saw the same error message.
It's possible the tunneling application connects to the VNC Server
with some NULL characters at initiation; is that enough to trigger
an "authentication attempt"?

thanks,
Scott

> "Too many security failures" indicates that the IP address from which you
> are connecting has been making lots of connections to the VNC Server that
> didn't end up being successfully authenticated.
>
> This is a security feature designed to prevent dictionary attacks on
> servers, by preventing machines from making large numbers of connections to
> a server over a short period of time.
>
> The message is triggered by 5 failed authentication attempts, at which point
> a 10 second lockout is applied before the next attempt is permitted.  The
> next failed attempt causes the timeout to be doubled.
>
> Given that (I assume) you are seeing this message in spite of supplying
> correct credentials each time you try to log in, and that once you see the
> message you never again get the chance to enter a password, it sounds like
> something is connecting to the server from the same IP address as your
> viewer machine and is not authenticating, hence causing the failures.
>
> VNC 4.0 was less secure in this respect, by default, hence the different
> behaviour.
>
> Cheers,
>
> Wez @ RealVNC Ltd.