tightvnc authentication failure

Posted by broiyan on Super User See other posts from Super User or by broiyan
Published on 2012-05-18T06:09:26Z Indexed on 2012/06/06 10:44 UTC
Read the original article Hit count: 2082

Filed under:
|

When I run a tightvnc client to establish a VNC session I sometimes receive an error message that suggests there are repeated failed VNC login attempts or a brute force attack.

The message dialog title is "unsupported security type" and the text content is "too many authentication failures, try another connection? yes/no". This problem goes away if I reboot the Ubuntu server and reload the VNC server program and try again. From that point, it will work for multiple VNC sessions. My VNC sessions are typically about 20 minutes. At some time in the future, the problem may recur so it seems correlated to the time the server has been up or the time tightvnc has been loaded. Typically it takes only a day or so before the problem comes back.

I am using tightvnc 1.3 on an server running Ubuntu 12.04. The version of vncserver is rather dated because that seems to be all that is available from tightvnc for linux servers. On the client side I use the newest Java-based VNC client (version 2.5) for both Windows access and Ubuntu access. All my VNC sessions are via SSH. I am the only user and I will typically use only the same client computer.

How can I stop this problem from recurring?

Edit I found the log file. This is a small excerpt of what I am seeing. Essentially, various IPs, not my own, are attempting to connect. What is the practical solution for this?

05/06/12 20:07:32 Got connection from client 69.194.204.90
05/06/12 20:07:32 Non-standard protocol version 3.4, using 3.3 instead
05/06/12 20:07:32 Too many authentication failures - client rejected
05/06/12 20:07:32 Client 69.194.204.90 gone
05/06/12 20:07:32 Statistics:
05/06/12 20:07:32   framebuffer updates 0, rectangles 0, bytes 0

05/06/12 20:24:56 Got connection from client 79.161.16.40
05/06/12 20:24:56 Non-standard protocol version 3.4, using 3.3 instead
05/06/12 20:24:56 Too many authentication failures - client rejected
05/06/12 20:24:56 Client 79.161.16.40 gone
05/06/12 20:24:56 Statistics:
05/06/12 20:24:56   framebuffer updates 0, rectangles 0, bytes 0

05/06/12 20:29:27 Got connection from client 109.230.246.54
05/06/12 20:29:27 Non-standard protocol version 3.4, using 3.3 instead
05/06/12 20:29:28 rfbVncAuthProcessResponse: authentication failed from 109.230.246.54
05/06/12 20:29:28 Client 109.230.246.54 gone
05/06/12 20:29:28 Statistics:
05/06/12 20:29:28   framebuffer updates 0, rectangles 0, bytes 0

© Super User or respective owner

Related posts about authentication

Related posts about brute-force