Scott, The blacklisting algorithm uses exponential back-off, so it really *does* prevent dictionary attacks from being viable.
As regards the possibility of DoS attacks - yes, they are possible but the DoS attack you describe prevents anyone on the attacking host from accessing it, while a dictionary attack would actually grant the attacker access to that server, which is clearly worse! Regards, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Scott C. Best > Sent: 01 June 2005 19:42 > To: James Weatherall > Cc: [email protected]; [EMAIL PROTECTED] > Subject: RE: Blacklisted IP address > > Wez: > > I agree it *slows down* a dictionary attack, but it cannot > prevent one. I also agree it's a good idea, but not a "free" one: by > adding Blacklisting, you've of course created a denial-of-service > vulnerability (e.g., an applet that did nothing but repeatedly open > and close TCP sockets to 127.0.0.1:5900 would prevent legitimate, > SSH-tunneled VNC connections). > > cheers, > Scott > > On Wed, 1 Jun 2005, James Weatherall wrote: > > > Scott & Lee, > > > > Blacklisting prevents individual hosts from being used to > dictionary attack > > a VNC Server. It's a security feature and disabling it is > A Bad Thing. > > > > Regards, > > > > Wez @ RealVNC Ltd. > > > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On Behalf Of Scott C. Best > >> Sent: 01 June 2005 17:33 > >> To: [email protected] > >> Cc: [EMAIL PROTECTED] > >> Subject: Re: Blacklisted IP address > >> > >> Lee: > >> > >> Heya. Blacklisting only happens if a client tries > >> and fails to connect repeatedly -- it seems to be about > >> 5 times in a 10 second interval (empirical data, here; > >> I'm not actually sure what the "interval" for failures > >> is). Once blacklisting is triggered, it takes the > >> "BlacklistTimeout" number of seconds until the server will > >> again accept connections from that IP address. > >> > >> To effectively disable this feature, you can set > >> the "BlacklistTimeout" registry key in ../WinVNC4 to "0". > >> But...your email suggests that an IP address is being > >> "blocked", so maybe it's really an AuthHosts problem, not > >> a blacklisting one? > >> > >> Along these lines...I'm not sure I see the point > >> of blacklisting the loopback interface. That's like making > >> sure the front door is securely locked after the bad guys > >> are already in the house. :) > >> > >> -Scott > >> > >>> Does anyone know how to unblacklist an IP address that is > >>> being blocked. > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
