Matthew, Have a look at the following website:
http://www.smtechnologies.com/downloads.htm They have a version of VNC that uses NT Authentication, you could use NT's security to lock account after X attempts. Thanks Shola Ogunlokun IT Email Team -----Original Message----- From: Matthew Scholtz [mailto:[EMAIL PROTECTED]] Sent: Monday, May 20, 2002 7:09 PM To: [EMAIL PROTECTED] Subject: VNC security on Win Hello All, I'm sure this has been asked a million times before, but since there don't seem to be any archives available for this list, I have no choice but to ask it again. Forgive the redundancy. My main concern with VNC is the possibility for brute-force attacks on the password, since as far as I know VNC does not have any functionality to allow only x password attempts before taking some sort of defensive action. I'm not so worried about encrypting all of the traffic, since in most cases I can set it up so that sending truly sensitive text during a session is not necessary. But someone getting access via a brute-force attack would be a disaster. I know about the possibility of using SSH (and the possibilty of doing this on Win using CygWin.) What I'm wondering is: short of that, is there any reliable way under Win to protect against repeated password attempts? What about in any of the offshoot VNC distributions? How have others addressed this issue? TIA, Matthew ===================================================================== This email is confidential and may also be privileged. If you are not the intended recipient please notify us immediately by telephoning +44 (20) 7330 3000 and requesting the IT Helpdesk. You should not copy it or use it for any purpose nor disclose its contents to any other person. Allen & Overy One New Change London EC4M 9QQ Tel:+44 (20) 7330 3000 Fax: +44 (20) 7330 9999 General Email: [EMAIL PROTECTED] www: http://www.allenovery.com Allen & Overy is a solicitors' partnership. A list of the names of partners and their professional qualifications is open to inspection at the above office. The partners are either solicitors or registered foreign lawyers. IMPORTANT NOTICE: This is a legal communication not a financial communication. Neither this nor any other communication from this firm is intended to be, or should be construed as, an invitation or inducement (direct or indirect) to any person to engage in investment activity. The following information is provided in accordance with the Solicitors' Financial Services (Conduct of Business) Rules 2001. The provision of our legal services may relate to investments. We are not authorised by the Financial Services Authority, but we are regulated by the Law Society and we can undertake certain activities in relation to investments which are limited in scope and incidental to our legal services or which may reasonably be regarded as a necessary part of our legal services. If for any reason we are unable to resolve a problem between us and a client, our client may utilise the complaints and redress scheme operated by the Law Society. ===================================================================== --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
