Wez:
I agree it *slows down* a dictionary attack, but it cannot
prevent one. I also agree it's a good idea, but not a "free" one: by
adding Blacklisting, you've of course created a denial-of-service
vulnerability (e.g., an applet that did nothing but repeatedly open
and close TCP sockets to 127.0.0.1:5900 would prevent legitimate,
SSH-tunneled VNC connections).
cheers,
Scott
On Wed, 1 Jun 2005, James Weatherall wrote:
Scott & Lee,
Blacklisting prevents individual hosts from being used to dictionary attack
a VNC Server. It's a security feature and disabling it is A Bad Thing.
Regards,
Wez @ RealVNC Ltd.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Scott C. Best
Sent: 01 June 2005 17:33
To: [email protected]
Cc: [EMAIL PROTECTED]
Subject: Re: Blacklisted IP address
Lee:
Heya. Blacklisting only happens if a client tries
and fails to connect repeatedly -- it seems to be about
5 times in a 10 second interval (empirical data, here;
I'm not actually sure what the "interval" for failures
is). Once blacklisting is triggered, it takes the
"BlacklistTimeout" number of seconds until the server will
again accept connections from that IP address.
To effectively disable this feature, you can set
the "BlacklistTimeout" registry key in ../WinVNC4 to "0".
But...your email suggests that an IP address is being
"blocked", so maybe it's really an AuthHosts problem, not
a blacklisting one?
Along these lines...I'm not sure I see the point
of blacklisting the loopback interface. That's like making
sure the front door is securely locked after the bad guys
are already in the house. :)
-Scott
Does anyone know how to unblacklist an IP address that is
being blocked.
_______________________________________________
VNC-List mailing list
[email protected]
To remove yourself from the list visit:
http://www.realvnc.com/mailman/listinfo/vnc-list
