> > I don't know how a VNC server handles session requests,
> > but I suppose a brute force robot tries one password before
> > trying another one instead of initiating n sessions at the
> > same time. Well, you know, iterative, or else it's not
> > called "brute force". And I suppose it needs 1 second to try
> > a password (ie request a session from client, reponse from
> > server to ask for password and a final refuse from server).
> > So in 3 minutes, it would have tried 300 passwords. Is it
> > too many?
>
> Your suppositions are incorrect.
>
> VNC includes code to prevent hosts from repeatedly trying to authenticate in
> order to perform a brute-force password attack.
I knew. Well, actually, I saw. There's the "too many security failures"
message. But I also saw that it would grant me chance to input password again. I'm
not sure, is it about after 20 seconds? And if I programme a robot to hack in a slow
manner, say one per 30 seconds, I'm 30 times slower to hack in. But it is still able
to hack in. No?
_______________________________________________
VNC-List mailing list
[EMAIL PROTECTED]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
