[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections |
|
Date: |
Thu, 16 Oct 2014 12:46:29 +0200 |
Hi,
> > I try to prevent that by dropping the *oldest* connection, so you have a
> > chance to connect even if a unprivileged attacker tries to use up all
> > connection slots.
>
> Lets say the limit is 5. The bad guy has 5 open idle connections.
> The good guy opens a new one and pushes off one of the bad guy's
> connections. Fine so far. The bad guy though can simply open 5 more
> connections and he'll push the good guy's connection off again.
Correct. It can't fully prevent the attack, but makes it harder to pull
off. Just having $limit idle connects isn't enough any more, the bad
guy has to constantly bomb qemu with vnc connect requests, hoping this
kicks out the good guy before it managed to authenticate. The chances
for the good guy are a bit better and it is also more likely that the
attack sets off alarms in network monitoring.
cheers,
Gerd
- [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances., Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH 5/6] vnc: update docs/multiseat.txt, Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH 2/6] vnc: remove unused DisplayState parameter, add id instead., Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections,
Gerd Hoffmann <=
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/20
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Eric Blake, 2014/10/15