On Mon, 19 Jun 2017 12:51:30 +0930
Tim <ignored_mailbox(a)yahoo.com.au> wrote:
Really, what ought to get tightened up is the software accepting
logons. There should be a limited number of attempts (3 goes and your
out for a significant time limit). Any system that lets a cracker
hammer away with repeated attempts is the thing that is broken.
I don't think it has to be as low as 3. It could be 100 or 1000, a
restriction that a human will never hit, but a cracking program will
hit almost immediately. This makes it easy to separate attackers from
legitimate users, and take appropriate action against the attackers.
Ban their IP address? Notify their ISP? Track their botnet and
disable it? I'm not sure there are effective defenses.
An alternative is to look for frequency of login attempts. More than 1
every second implies a bot, not a human.