VNC 4.0 already uses a better scheme than the one you describe. It provides exponential lock out of bad hosts, and only zeroes their failed login count if they successfully login. This is what is referred to in the release-notes summary as "Improved and more configurable brute-force protection".
You can find the VNC documentation at http://www.realvnc.com/documentation.html Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: 28 June 2004 01:39 > To: [EMAIL PROTECTED] > Subject: Re: VNC Security > > Would be better if the lock-out policy was implemented like > Windows server does. > > You have so many attempts then the account get's locked out > for the nominated duration, but there is also a counter of > attempts that only gets zeroed after another set duration. > > > > At 00:30 28/06/2004, William Hooper wrote: > >[EMAIL PROTECTED] said: > >[snip] > >> > >> Should be configurable. For instance, two bad password > attempts and > >> VNC server will then give a bad password response even if the > >> password is correct, but then you have to leave VNC server > alone for, > >> say 3 minutes, before the lock out is release and another > two attempts are allowed. > > > >There is already a limit on the speed of password attempts. > > > >http://www.realvnc.com/pipermail/vnc-list/2000-May/014378.html > > > >-- > >William Hooper > >_______________________________________________ > >VNC-List mailing list > >[EMAIL PROTECTED] > >To remove yourself from the list visit: > >http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > [EMAIL PROTECTED] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
