> I don't know how a VNC server handles session requests, > but I suppose a brute force robot tries one password before > trying another one instead of initiating n sessions at the > same time. Well, you know, iterative, or else it's not > called "brute force". And I suppose it needs 1 second to try > a password (ie request a session from client, reponse from > server to ask for password and a final refuse from server). > So in 3 minutes, it would have tried 300 passwords. Is it > too many?
Your suppositions are incorrect. VNC includes code to prevent hosts from repeatedly trying to authenticate in order to perform a brute-force password attack. Wez @ RealVNC Ltd. _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
