VNC: Invalid Client Request

This protocol anomaly triggers when it detects a VNC client request that is sent by a VNC server. VNC servers should receive VNC requests, not send them. Triggering this protocol anomaly can indicate that the VNC client is invalid, or that the VNC client is sending nested requests to the VNC server.

Extended Description

Detection of a VNC session initiation request originating from a VNC server may indicate that a software or network transmission error has occurred. It may also indicate that a malicious user is running a nested session in an attempt to bypass access control policies and/or mask a malicious user's true originating IP address.

Short Name
VNC:INVALID:CLIENT-REQUEST
Severity
Warning
Recommended
False
Recommended Action
Drop
Category
VNC
Release Date
04/22/2003
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3324
False Positive
Unknown

Found a potential security threat?