[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections
|
From: |
Gonglei |
|
Subject: |
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections |
|
Date: |
Tue, 21 Oct 2014 14:06:09 +0800 |
|
User-agent: |
Mozilla/5.0 (Windows NT 6.1; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 |
On 2014/10/20 15:02, Gerd Hoffmann wrote:
>
> Hi,
>
>> If we set the max trying times, and then
>> There are some concepts:
>> - INTERVAL_TIME: a time window that user can connnet vnc server
>> - REJECT_TIME: the time of reject any connection
>> - MAX_TRY_TIMES: the times that user can connect vnc server in
>> INTERVAL_TIME,
>> if attach the MAX_TRY_TIMES, the server will lock, any user can not
>> connect again
>> before REJECT_TIME attached. The old connected client will not be
>> influenced.
>
> i.e. effectively rate-limit login attempts. Makes sense to have an
> option for that, although I'm not sure it is worth the trouble doing
> something beyond a simple "one attempt per second allowed" (i.e. stop
> polling the listening socket for a second after each accept).
>
Hi,
"one attempt per second allowed" is just reduce the frequency for attack,
but I don't think the effect is very well. It can limit the login attempts for
attack problem from a flood of attack to "one attempt per second" (not
the same magnitude with my approach for security). However,
For it is not effective for bad guys, whose operation time is greater than one
second per login attempt usually.
Best regards,
-Gonglei
- [Qemu-devel] [PATCH 2/6] vnc: remove unused DisplayState parameter, add id instead., (continued)
- [Qemu-devel] [PATCH 2/6] vnc: remove unused DisplayState parameter, add id instead., Gerd Hoffmann, 2014/10/15
- [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/15
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/16
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Daniel P. Berrange, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/17
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/20
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections,
Gonglei <=
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gerd Hoffmann, 2014/10/21
- Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Gonglei, 2014/10/21
Re: [Qemu-devel] [PATCH 6/6] vnc: track & limit connections, Eric Blake, 2014/10/15
[Qemu-devel] [PATCH 1/6] vnc: remove vnc_display global, Gerd Hoffmann, 2014/10/15
[Qemu-devel] [PATCH 3/6] vnc: switch to QemuOpts, allow multiple servers, Gerd Hoffmann, 2014/10/15
[Qemu-devel] [PATCH 4/6] vnc: allow binding servers to qemu consoles, Gerd Hoffmann, 2014/10/15
Re: [Qemu-devel] [PATCH 0/6] vnc: add support for multiple vnc server instances., Daniel P. Berrange, 2014/10/15