Repeated login attempts...

shaibn · Post by **shaibn** » 2004-12-15 07:21

Hi,

I wanted to know if there is a way to make VNC disable login for a while if someone is trying to guess my password to it...

I woke up this morning and my screen was flashing every 2-3 seconds.. I looked at my firewall (Sygate Personal Firewall - Free) and noticed that VNC Server was having some activity, so I went to the logs and saw that someone was trying from lastnight every few seconds to guess my password and tried for about... hmm... LOTS of time

What can I do against this? Is there some IP based lock that can be done to not allow an IP to login if it fails after like 3 attempts and disable that IP for about, say, 5min?

Cheers,
Shai

NightRyder · Post by **NightRyder** » 2004-12-15 12:05

hmm, what version are you using?
Look here.
[topic=1407][/topic]
Sam says theres a black list feature.. so maybe it's in a newer version then yours? Or.. I donno.

Guest · Post by **Guest** » 2004-12-15 12:16

Blacklist exist, but is does not prevent the connection try..
It only aswer "not allowed" without doing any passwd check.

A good server test for memory leaks

If he is still runnning, can you check the used memory...

shaibn · Post by **shaibn** » 2004-12-15 12:41

NightRyder wrote:hmm, what version are you using?
Look here.
[topic=1407][/topic]
Sam says theres a black list feature.. so maybe it's in a newer version then yours? Or.. I donno.

Great, so there is a built in mechanism but can that mechanism be configured? I noticed that if I try 3 or 4 times, it'll lock me out but if I wait for around 5 sec. it'll allow me to put a password in.

Another thing is that even if the IP is being blocked, I still get a flashing desktop effect when the attempt is being made and that's really disturbing.

Any thoughts?

Guest · Post by **Guest** » 2004-12-15 13:54

Timeout=10sec
Better 30 or 60 sec ?

The flashing effect warned you about the login tries...
I'm checking to remove the effect, but still want something
when the vnc server is under attack.

Better something disturbing and know that something happen.
Beep on connection try ?

Guest · Post by **Guest** » 2004-12-15 14:07

Anonymous wrote:Timeout=10sec
Better 30 or 60 sec ?

The flashing effect warned you about the login tries...
I'm checking to remove the effect, but still want something
when the vnc server is under attack.

Better something disturbing and know that something happen.
Beep on connection try ?

Are you just a guest here? Or are you a developer?

I would say that the timeout should be something I can configure.

About the alerts, I think they are not needed at all as there are logs to view and that'll be good enough. Have you ever seen a software (firewall for example) that'll flash your screen or beep on each "attack" attempt?

shaibn · Post by **shaibn** » 2004-12-15 14:09

That last reply was me, btw

shaibn · Post by **shaibn** » 2004-12-16 07:18

IMHO, the behavior of the VNC server on repeated tries from the same IP/period of time/number of attempts should be like any other server-type application.

Taking an FTP for example, if someone has repeated tries to the FTP then it is configurable to allow a ban of the IP for X amount of time and there is no flickering of the screen when that is being done.

I'm sure the same type of "banning" can be done here as well and I would like to hear any of the developers speak their mind on this matter

Cheers,
Shai