too many authentication errors

[Mark Rainford]

> joel "at" exc.com wrote:
> > I've been using VNC happily for for many years now, with a Xvnc server
> > (Xvnc version 3.3.3r2+tight1.1p9) and a variety of clients, most
> > recently RealVNC 4.1.2
> >
> > Last week, I found I could no longer connect, because of "too many
> > authentication errors."  It seems that someone has been trying, so far
> > unsuccessfully, to break into my Xvnc server.

This problem is present in AT&T Xvnc version 3.3.3r2 (dunno about other 
versions).

It's an attempt to protect against password guesses, but unhappily goes 
awry.

After 5 bad password attempts a back-off kicks in for a few minutes which 
refuses *all* new connections with error "Too many authentication 
failures".  The back-off period is re-doubled for each refused connection. 
It only takes a handful of these to lock the server out to new clients for 
hundreds of hours.

AFAIK the only cure is to fix your copy of the source code, or find a 
version which doesn't have this behaviour.  Alternatively, try to minimise 
exposure of your vnc port, eg by using a port number well out of the 
common range for scanners, or by restricting access at the network level.

-- 
Regards,  Mark.