Benedict et al, Yes, there is a problem in the way that the current release of VNC Server 4 for Windows handles excessive connection attempts. Note that the free VNC release is not designed for use on untrusted networks - if you need to access a free VNC Server across the Internet then you should use a system such as SSH to "tunnel" the connections securely between sites.
The upcoming VNC Server Enterprise Edition ( http://www.realvnc.com/products/enterprise/ ) includes protection from this and a class of similar but more advanced attacks. This protection will also be included in the next VNC Server 4 GPL release. Cheers, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of B Kwok > Sent: 25 August 2004 23:48 > To: [EMAIL PROTECTED] > Subject: DoS attack VNC 4.0 > > Want to verify and confirm if this attack sucess by sending > more than 60 connections request to VNC server on windows > platforms, any fix for that? > > > http://archives.neohapsis.com/archives/fulldisclosure/2004-08/ > 1068.html _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
