Support
Authorization

Newsletter

  Settings

Limit password guesses to deny brute force attacks

 

Forums list
Topics list
New topics
Search
Rules
Help
Login: 
Register

Pages: 1
  Views: 4762Topic:: «Limit password guesses to deny brute force attacks» on forum: Famatech Software Good Wishes
#1
I would like to see a seeting that says "after x unsuccesful logins ignore incoming ip for y minutes".
Cheers,
Michael
Profile
#2
Your suggestion is added to wishes list, but note, that brute-forcing even a simple password over network will take years to perform. So, if somebody don't know password and password length is greater then 6 characters there is definitely no way he or she can suggest it.

Best regards, Gregor Petrov, Famatech Support Team
Best regards, Gregor Petrov, Famatech
Profile
#3
Brute forcing... not true that it will take years. Since there is no perceptible delay imposed by the software, attempts are only limited by network speed, and these days most of us are on pretty fast connections. You could try thousands of words in a couple hours. With a long list of potential radmin hosts avaialable courtesy of your port scanner, anyone with half a brain would probably be able to hack 10-20% of the available hosts.

You don't need to try every single combination in the world to brute force a password. You use a dictionary of common words first. Sure, you can blame the user for using a guessable password -- but since you guys have said you won't ever make encryption optional because users are stupid, I would think that this logic ought to be continued to assume that users will not always use good passwords either.

Building in a timeout is an extrememly simple and common solution to prevent brute force attacks. There's no good excuse for not having it.
#4
>Since there is no perceptible delay imposed by the software,
>attempts are only limited by network speed

You are wrong - there IS a delay imposed by the software.

Best Regards,
Ilia Demenkov, Famatech support team (support@famatech.com).
Profile
#5
What is it? I see nothing in the documentation.
Pages: 1

Users browsing this topic
Number of guests: 1, registered members: 0, in total hidden: 0

Radmin 3.5 New!

Windows 8 Compatible

DOWNLOAD

Free for 30 days

BUY NOW

Only $49 per lifetime license
for  50 PCs - $29.8 per remote PC
for 100 PCs - $24.9 per remote PC
for 150 PCs - $23.3 per remote PC
from 200 PCs - $22 per remote PC
Follow us on Twitter
Famatech Corporation Copyright © 1999-2014 Famatech. All rights reserved.