pc软件 文章资讯 手机软件

您当前的位置→图文中心安全防范vnc登陆口令猜解研究
阅读排行

vnc登陆口令猜解研究


2009/6/30  编辑:佚名 来源:本站整理

vnc所有帐号登陆的时候:  1.加入ip到一个列表(黑名单), 并记录时间, 在这个时间上+10s钟作为下一次连接拒绝时间。   2.登陆次数限制, 如果失败超过5次, 则加入黑名党, 再等10s后才能登陆。     请 ...

  vnc所有帐号登陆的时候:

  1.加入ip到一个列表(黑名单), 并记录时间, 在这个时间上+10s钟作为下一次连接拒绝时间。

  2.登陆次数限制, 如果失败超过5次, 则加入黑名党, 再等10s后才能登陆。

  

  请看下面代码:

  void

  vncServer::AddAuthHostsBlacklist(const char *machine)

  {

  omni_mutex_lock l(m_clientsLock);

  // -=- Is the specified host blacklisted?

  vncServer::BlacklistEntry *current = m_blacklist;

  // Get the current time as a 64-bit value

  SYSTEMTIME      systime;

  FILETIME      ftime;

  LARGE_INTEGER     now;

  GetSystemTime(&systime);

  SystemTimeToFileTime(&systime, &ftime);

  now.LowPart=ftime.dwLowDateTime;now.HighPart=ftime.dwHighDateTime;

  now.QuadPart /= 10000000; // Convert it into seconds

  while (current)

  {

  // Is this the entry we're interested in?

  if (_stricmp(current->_machineName, machine) == 0)

  {

  // If the host is already blocked then ignore

  if (current->_blocked)

  return;

  // Set the RefTime & failureCount

  current->_lastRefTime.QuadPart = now.QuadPart + 10;

  current->_failureCount++;

  if (current->_failureCount > 5)

  current->_blocked = TRUE;

  判定函数代码:

  while (current)

  {

  // Has the blacklist entry timed out?

  if ((now.QuadPart - current->_lastRefTime.QuadPart) > 0) {////当前时间超过隔离时间?即如果10s钟后

  // Yes. Is it a "blocked" entry?

  if (current->_blocked)

  {

  // Yes, so unblock it & re-set the reference time

  current->_blocked = FALSE;   ///超过10s, 解除黑名单

  current->_lastRefTime.QuadPart = now.QuadPart + 10;

  } else

  {

  // No, so remove it

  if (previous)

  previous->_next = current->_next;

  else

  m_blacklist = current->_next;

  vncServer::BlacklistEntry *next = current->_next;

  free(current->_machineName);

  delete current;

  current = next;

  continue;

  }

  

  }

  

  // Is this the entry we're interested in?

  if ((_stricmp(current->_machineName, hostname) == 0) &&/////比较是否再黑名单里面

  (current->_blocked))

  {

  // Machine is blocked, so just reject it

  vnclog.Print(LL_CONNERR, VNCLOG("client %s rejected due to blacklist entry\n"), hostname);

  

  return vncServer::aqrReject;

  }

  

  previous = current;

  current = current->_next;

  }

  

  // Has a hostname been specified?

  if (hostname == 0) {

  vnclog.Print(LL_INTWARN, VNCLOG("verify failed - null hostname\n"));

  return vncServer::aqrReject;

  }

  

  ==================

  以上原因决定了vnc弱口令扫描的特点:

  1.密码最多只能超过5次出错, 然后就会被锁定, 需要10s钟解锁。

  2.出错超过5次后每猜解一个密码, 都会被锁定, 所以后面的密码猜解非常慢(每一个隔10s)。

相关文章

全球10大IT中心排行榜(Vnunet 2009):英国著名IT网站Vnunet近日评选出全球10大IT中心,分别是美国硅谷、中国台湾、印度班加罗尔、日本、美国旧金山、中国的中关村、芬兰、美国马里兰州FortMeade、罗马尼亚和美国波士顿。

发表评论
网站帮助 - 广告合作 - 下载声明 - 网站地图