Just two thing I've been wondering about.
1: If i restrict the VNC server to only accept connections from a certain IP or IP-range it is still possible for me to bruteforce the password since it apparently check for the correct password before evaluating if the connecting IP is allowed to connect or not. I have tried this and if I connect from an illegal IP with the wrong password i get a reply that the password is incorrect for every incorrect guess until I hit the correct one and then the server says nothing and the connection dies by timeout. Would it not be better to check for the IP first or have I misconfigured or misunderstood the whole thing? 2: Would it be possible to have it support syslogd? Although VNC is probably never meant to exist in insecure/untrusted environments I am quite sure that it in reality does, and gathering the text logfiles from a few clients and parse them with some simple script is probably okay but for larger installations it would be really smooth if one could enable VNC to send the logoutput to a syslogd. Has anyone already done this? I am no programmer, atleast not good enough to fix these things, but perhaps someone else is and feel that this would be a good thing to implement? best regards Mattias Johnson --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
