[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections
|
From: |
Gerd Hoffmann |
|
Subject: |
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections |
|
Date: |
Tue, 21 Oct 2014 10:57:23 +0200 |
On Di, 2014-10-21 at 14:06 +0800, Gonglei wrote:
> On 2014/10/20 15:02, Gerd Hoffmann wrote:
>
> >
> > Hi,
> >
> >> If we set the max trying times, and then
> >> There are some concepts:
> >> - INTERVAL_TIME: a time window that user can connnet vnc server
> >> - REJECT_TIME: the time of reject any connection
> >> - MAX_TRY_TIMES: the times that user can connect vnc server in
> >> INTERVAL_TIME,
> >> if attach the MAX_TRY_TIMES, the server will lock, any user can not
> >> connect again
> >> before REJECT_TIME attached. The old connected client will not be
> >> influenced.
> >
> > i.e. effectively rate-limit login attempts. Makes sense to have an
> > option for that, although I'm not sure it is worth the trouble doing
> > something beyond a simple "one attempt per second allowed" (i.e. stop
> > polling the listening socket for a second after each accept).
> >
>
> Hi,
>
> "one attempt per second allowed" is just reduce the frequency for attack,
Yes. Which is common practice, to slow down dictionary attacks.
> but I don't think the effect is very well. It can limit the login attempts for
> attack problem from a flood of attack to "one attempt per second" (not
> the same magnitude with my approach for security).
Problem with rejecting is any login attempts for REJECT_TIME is that you
also lock out the good guys.
cheers,
Gerd
- [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, (continued)
- [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/16
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/20
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections,
Gerd Hoffmann <=
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Eric Blake, 2014/10/15
[Qemu-devel] [PATCH 1/6] vnc: remove vnc_display global, Gerd Hoffmann, 2014/10/15
[Qemu-devel] [PATCH 3/6] vnc: switch to QemuOpts, allow multiple servers, Gerd Hoffmann, 2014/10/15
[Qemu-devel] [PATCH 4/6] vnc: allow binding servers to qemu consoles, Gerd Hoffmann, 2014/10/15
Re: [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances., Daniel P. Berrange, 2014/10/15