|
Thank you again everyone.
LBBV you just mentionned something that I heard from Pennywise also, about preventing Brute Force.
Look like this is an imprtant issue in my decision.
However, when I asked Password Sentry I get an answer saying that they don't provide protection against directory/brut force attacks. That they did before but found that such CGI-Perl based strategies were flawed, that it made the web server crash during intense attacks - especially when the cracker ("password guesser") spoofs (fakes) their IP address (often rotating through IPs every 3-5 guesses).
And that in this case it's also uneffective because their program just switch IP constantly. But they say that you can use other server-friendly strategies.
Also that you might even end up blocking good users or traffic that use IP's which varies dynamically. (AOL ect..)
So now I am probably more mess-up than before, but at less I start to understand better. What are peoples toughts on that?
With ot without Brutal Force protection ?
Thanks again to everyone.
Jon
|