As said numerous times before (along the years of VNC..) : http://www.uk.research.att.com/archive/vnc/sshvnc.html http://www.realvnc.com/swish-e/search/vnc-list?pos=0&action=search&query=SSH http://www.realvnc.com/swish-e/search/vnc-list?pos=0&action=search&query=STu nnel
Do NOT use the VNC strait open to the Internet or any unsecured network for that matter. It means that the VNC connection should be encapsulated inside an encrypted tunnel of some kind (SSH, Stunnel .. ). Therefore, you can limit the simultaneous connections to max less than 60 (as I think you should anyway) in the tunneling connection. Good to know though. Ran Sasson @ I.O. Ltd. ----- Original Message ----- From: "Mike Miller" <[EMAIL PROTECTED]> To: "VNC List" <[EMAIL PROTECTED]> Sent: Monday, August 30, 2004 11:18 PM Subject: Re: DoS attack VNC 4.0 > On Wed Aug 25 23:49:00 2004, b kwok wrote: > > > Want to verify and confirm if this attack sucess by sending more than 60 > > connections request to VNC server on windows platforms, any fix for that? > > > > http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1068.html > > > I hope this will be fixed soon. It seems to be real because it was picked > up by SANS, as reported below. > > Mike _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
