#1201 Authentification failures result in 0.0.0.0 blacklist

open
nobody
8
2013-11-23
2012-11-18
Cali
No

When an attacker runs a brute force attack the server will attempt to blacklist the source IP, although instead of only blacklisting the attacker, 0.0.0.0 is blacklisted instead and permanently. There is no way to authenticate even after waiting:
"Too many authentication failures"

On the original Xvnc4 the logs used to show as well:
"Connections: blacklisted: 0.0.0.0"

This issue was reported already, but so far it has never been fixed. Both Tightvnc and Xvnc have this bug.

Discussion

  • Cali

    Cali - 2012-11-20

    Some logs of attacks producing the issue:

    19/11/12 22:40:16 (other clients 222.73.86.48 222.73.86.48 222.73.86.48 222.73.86.48)
    19/11/12 22:40:16 Got connection from client 222.73.86.48

    19/11/12 22:40:16 (other clients 222.73.86.48 222.73.86.48 222.73.86.48)
    19/11/12 22:40:16 Got connection from client 222.73.86.48

    19/11/12 22:40:16 (other clients 222.73.86.48 222.73.86.48)
    19/11/12 22:40:16 Got connection from client 222.73.86.48

    19/11/12 22:40:16 (other clients 222.73.86.48)
    19/11/12 22:40:16 Got connection from client 222.73.86.48

    19/11/12 22:40:16 Got connection from client 222.73.86.48

     
  • Cali

    Cali - 2012-11-20
    • assigned_to: const_k --> nobody
     
  • Cali

    Cali - 2012-11-20

    This is what I found in realvnc changelogs http://www.realvnc.com/products/vnc/documentation/5.0/release-notes/:

    "UNIX and Linux
    The VNC Server in Virtual Mode daemon (vncserver-virtuald) now respects the BlacklistThreshold and BlacklistTimeout parameters in order to prevent denial-of-service attacks."

    So obviously this issue has been fixed in 5.0.3, although the sources are not available and I would like to avoid setting up a non-free software on my machine...

     
  • Cali

    Cali - 2012-11-20
    • priority: 5 --> 8
     
  • Thomas Hartwig

    Thomas Hartwig - 2013-11-23

    Is there any progress in this issue. It is very easy to reproduce and annyoing. Is it fixed probably in new releases?

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks