Re: vnc remote dictionary based cracker

[peterw () USA NET (Peter W)]

At 9:36am May 23, 2000, Patrick Oonk wrote:

> With this patch applied, the vncviewer turns into
> a neat dictionary based remote cracker. The fun with vnc is
> that the password is 8 characters or smaller, and that vnc
> has no concept of users, which brings down the number of
> possibilities to try.

VNC hints:

1) Use Unix -localhost or Windows LoopbackOnly or kernel packet filters
(ipfilter, ipchains, whatever you have) to restrict access to TCP
services, e.g. to force users to tunnel their VNC sessions through SSH for
more security (effectively making attackers obtain local user privileges
before trying to connect to your VNC server, as well as encrypting data).

2) On the *nix ports of the VNC server, authentication uses the _current_
contents of ~/.vnc/passwd. To prevent logins, `chmod 0 ~/.vnc/passwd`.
This will also prevent VNC DoS attacks; that is, when a VNC viewer
attaches to a VNC server, any other viewer connections to that server
processs are broken. An attacker who sniffs/guesses/cracks a VNC password
can hijack your VNC session, and change the passwd ownership to lock you
out! For this reason, you might want to chown the VNC passwd file as soon
as you log in to the VNC server session. This disconnect behavior can be
changed, too. WinVNC server users see the docs on ConnectPriority; Unix
users see the docs on -dontdisconnect and -nevershared.

Sure, 2) means you need an alternate way to log in (or to change the perms
on ~/.vnc/passwd), but IMO, VNC is better suited to running GUI apps
remotely than general remote access. Clearly, having VNC server listening
for logins 24x7 is risky. ;-)

Win32 users might want a port of sshd for tunneling and starting the VNC
server, e.g. http://web.mit.edu/pismere/ssh/ssh-port.html (I haven't
tested that, and there may be licensing issues for many sites, since it's
based on SSH 1.2.26 rather than OpenSSH, LSH, etc.)

-Peter

http://www.bastille-linux.org/ : working towards more secure Linux systems