ARP联盟图文中心下载中心手机频道最近更新软件最近更新文章网络热点
您当前的位置→图文中心安全防范vnc登陆口令猜解研究
站内搜索:

vnc登陆口令猜解研究


2009/6/30  编辑:佚名 来源:本站整理 

vnc所有帐号登陆的时候:  1.加入ip到一个列表(黑名单),并记录时间,在这个时间上+10s钟作为下一次连接拒绝时间。  2.登陆次数限制,如果失败超过5次,则加入黑名党,再等10s后才能登陆。    请 ...

参考消息:http://www.arpun.com/  vnc所有帐号登陆的时候:
  1.加入ip到一个列表(黑名单),并记录时间,在这个时间上+10s钟作为下一次连接拒绝时间。
  2.登陆次数限制,如果失败超过5次,则加入黑名党,再等10s后才能登陆。
  
  请看下面代码:
  void
  vncServer::AddAuthHostsBlacklist(const char *machine)
  {
  omni_mutex_lock l(m_clientsLock);
  // -=- Is the specified host blacklisted?
  vncServer::BlacklistEntry *current = m_blacklist;
  // Get the current time as a 64-bit value
  SYSTEMTIME      systime;
  FILETIME      ftime;
  LARGE_INTEGER     now;
  GetSystemTime(&systime);
  SystemTimeToFileTime(&systime, &ftime);
  now.LowPart=ftime.dwLowDateTime;now.HighPart=ftime.dwHighDateTime;
  now.QuadPart /= 10000000; // Convert it into seconds
  while (current)
  {
  // Is this the entry we're interested in?
  if (_stricmp(current->_machineName, machine) == 0)
  {
  // If the host is already blocked then ignore
  if (current->_blocked)
  return;
  // Set the RefTime & failureCount
  current->_lastRefTime.QuadPart = now.QuadPart + 10;
  current->_failureCount++;
  if (current->_failureCount > 5)
  current->_blocked = TRUE;
  判定函数代码:
  while (current)
  {
  // Has the blacklist entry timed out?
  if ((now.QuadPart - current->_lastRefTime.QuadPart) > 0) {////当前时间超过隔离时间?即如果10s钟后
  // Yes. Is it a "blocked" entry?
  if (current->_blocked)
  {
  // Yes, so unblock it & re-set the reference time
  current->_blocked = FALSE;   ///超过10s,解除黑名单
  current->_lastRefTime.QuadPart = now.QuadPart + 10;
  } else
  {
  // No, so remove it
  if (previous)
  previous->_next = current->_next;
  else
  m_blacklist = current->_next;
  vncServer::BlacklistEntry *next = current->_next;
  free(current->_machineName);
  delete current;
  current = next;
  continue;
  }
  
  }
  
  // Is this the entry we're interested in?
  if ((_stricmp(current->_machineName, hostname) == 0) &&/////比较是否再黑名单里面
  (current->_blocked))
  {
  // Machine is blocked, so just reject it
  vnclog.Print(LL_CONNERR, VNCLOG("client %s rejected due to blacklist entry\n"), hostname);
  
  return vncServer::aqrReject;
  }
  
  previous = current;
  current = current->_next;
  }
  
  // Has a hostname been specified?
  if (hostname == 0) {
  vnclog.Print(LL_INTWARN, VNCLOG("verify failed - null hostname\n"));
  return vncServer::aqrReject;
  }
  
  ==================
  以上原因决定了vnc弱口令扫描的特点:
  1.密码最多只能超过5次出错,然后就会被锁定,需要10s钟解锁。
  2.出错超过5次后每猜解一个密码,都会被锁定,所以后面的密码猜解非常慢(每一个隔10s)。

更多精彩,请查看本类栏目: 安全防范
除非注明,ARP联盟文章来于网络,投稿原创等,转载请以链接形式标明本文地址。
本文地址:http://www.arpun.com/article/3900.html

相关文章
  • ·vnc登陆口令猜解研究
  • ·全球10大IT中心排行榜(Vnunet 2009)
  • 发表评论
    栏目列表
    阅读排行
    本类最新
    网站帮助 - 广告合作 - 下载声明 - 网站地图