Mark Rainford <[EMAIL PROTECTED]> writes:
> Ewan
>
> > I'm running VNC 3.3.3r2 under Solaris.
> >
> > If I have a client watching my session and someone telnets to port 5901
> > (corresponding to my display :1), my client hangs until the telnet session
> > stops.
> >
> > This seems like a rather easy denial-of-service attack. Am I doing
> > something wrong?
>
> No - it's not you. The http port is a similarly vulnerable d-o-s target.
>
> The hang happens because Xvnc receives some bytes (when your telnetting
> friend hits <return>) and enters a blocking read for the client's RFB
> protocol/version. When 12 bytes have been received the telnet session
> will (almost always) be unceremoniously disconnected with Xvnc reporting
> "not a valid RFB client".
The "-rfbwait" argument to Xvnc is a crude attempt to alleviate this problem.
Xvnc doesn't actually do a blocking read - it only waits for the time in
milliseconds specified by the -rfbwait parameter before giving up on the
connection. This defaults to 20 seconds if you run Xvnc directly, but I set it
to 2 minutes in the vncserver script because people on really slow links were
getting caught by it.
Of course this timeout was designed to catch errors in the protocol, not for
denial-of-service attacks. I agree Xvnc should be much more robust when an
as-yet unauthenticated connection does something like this.
Cheers
Tristan
---------------------------------------------------------------------------
Tristan Richardson [EMAIL PROTECTED] www.uk.research.att.com/~tjr
---------------------------------------------------------------------------
AT&T Laboratories Cambridge, 24a Trumpington Street, Cambridge, CB2 1QA, UK
Tel: +44 1223 343000 Fax: +44 1223 313542 www.uk.research.att.com
---------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
