Quantcast

vncserver block by ip

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

vncserver block by ip

Emre Brookes

I ran into a problem with someone trying to hack a vncserver, so it got
blocked with too many retries for everyone.
I didn't want to go down the path of tcpd, so I modified the 1.3.10 code.
Attached are my changes (from Xvnc/program/Xserver/hw/)
The idea is each max retry failure adds to a blocklist.
The blocklist is in memory and gets put in ~/.vnc/blockip (configurable
in rfb.h)
The blocklist is reread with a kill -HUP on Xvnc (so you can remove a
block without restarting)
Once in the blocklist, the client is is refused in socket.c (so the
normal  timer resets will work).

I have only tested in linux.

Possible improvements:
Also optionally(?) read hosts.deny
Make the blockedIPs array dynamic in size (currently static with #define
MAX_BLOCK_IP in rfb.h)
The blocking in auth.c is done in 2 places, but probably just needs to
be in one of them.

Cheers,
-E.



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel

block_by_ip.tar.bz2 (35K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: vncserver block by ip

Emre Brookes

> Possible improvements:
> Also optionally(?) read hosts.deny
> Make the blockedIPs array dynamic in size (currently static with
> #define MAX_BLOCK_IP in rfb.h)
> The blocking in auth.c is done in 2 places, but probably just needs to
> be in one of them.
>
>
Additional possible improvements:

Could put MAX_BLOCK_IP as a token in the blockip file.
Should probably clear "max retries" flag instead of awaiting for the timer,
since the ip is immediately blocked.

-E.



------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
VNC-Tight-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/vnc-tight-devel
Loading...