Hi Mitch I'm not fully sure whether the remote IP address is available through the socket. If it is, then we could probably fetch it in some way.
A possible workaround would be to avoid banning 0.0.0.0. Patches are welcome. Best regards, // Ola On Thu, Jun 9, 2016 at 5:23 PM, Mitch Deoudes <mi...@houseofpain.org> wrote: > Apparently, this is still an issue as of Xvnc 4.1.1. (Up to date on Linux > Mint / Ubuntu.) > > Last week, I started getting vnc password attempts from an unknown IP, > resulting in the "blacklisted: 0.0.0.0" messages in the log, and the server > refusing all connections. > > I would prefer not to disable blacklisting, as that just gives the attacker > a free hand to try and brute-force my password all day. (And it seems that > there's no way to use an encryption key instead of a password?) > > Is there any other way to determine the actual IP of the attacker? I could > set up a fail2ban jail for vnc, if I could get that info from some other > log. > > mitch -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
