vnc所有帐号登陆的时候: 1.加入ip到一个列表(黑名单), 并记录时间, 在这个时间上+10s钟作为下一次连接拒绝时间。 2.登陆次数限制, 如果失败超过5次, 则加入黑名党, 再等10s后才能登陆。 请 ...
vnc所有帐号登陆的时候:
1.加入ip到一个列表(黑名单), 并记录时间, 在这个时间上+10s钟作为下一次连接拒绝时间。
2.登陆次数限制, 如果失败超过5次, 则加入黑名党, 再等10s后才能登陆。
请看下面代码:
void
vncServer::AddAuthHostsBlacklist(const char *machine)
{
omni_mutex_lock l(m_clientsLock);
// -=- Is the specified host blacklisted?
vncServer::BlacklistEntry *current = m_blacklist;
// Get the current time as a 64-bit value
SYSTEMTIME systime;
FILETIME ftime;
LARGE_INTEGER now;
GetSystemTime(&systime);
SystemTimeToFileTime(&systime, &ftime);
now.LowPart=ftime.dwLowDateTime;now.HighPart=ftime.dwHighDateTime;
now.QuadPart /= 10000000; // Convert it into seconds
while (current)
{
// Is this the entry we're interested in?
if (_stricmp(current->_machineName, machine) == 0)
{
// If the host is already blocked then ignore
if (current->_blocked)
return;
// Set the RefTime & failureCount
current->_lastRefTime.QuadPart = now.QuadPart + 10;
current->_failureCount++;
if (current->_failureCount > 5)
current->_blocked = TRUE;
判定函数代码:
while (current)
{
// Has the blacklist entry timed out?
if ((now.QuadPart - current->_lastRefTime.QuadPart) > 0) {////当前时间超过隔离时间?即如果10s钟后
// Yes. Is it a "blocked" entry?
if (current->_blocked)
{
// Yes, so unblock it & re-set the reference time
current->_blocked = FALSE; ///超过10s, 解除黑名单
current->_lastRefTime.QuadPart = now.QuadPart + 10;
} else
{
// No, so remove it
if (previous)
previous->_next = current->_next;
else
m_blacklist = current->_next;
vncServer::BlacklistEntry *next = current->_next;
free(current->_machineName);
delete current;
current = next;
continue;
}
}
// Is this the entry we're interested in?
if ((_stricmp(current->_machineName, hostname) == 0) &&/////比较是否再黑名单里面
(current->_blocked))
{
// Machine is blocked, so just reject it
vnclog.Print(LL_CONNERR, VNCLOG("client %s rejected due to blacklist entry\n"), hostname);
return vncServer::aqrReject;
}
previous = current;
current = current->_next;
}
// Has a hostname been specified?
if (hostname == 0) {
vnclog.Print(LL_INTWARN, VNCLOG("verify failed - null hostname\n"));
return vncServer::aqrReject;
}
==================
以上原因决定了vnc弱口令扫描的特点:
1.密码最多只能超过5次出错, 然后就会被锁定, 需要10s钟解锁。
2.出错超过5次后每猜解一个密码, 都会被锁定, 所以后面的密码猜解非常慢(每一个隔10s)。
……