Posted by Jerry Stuckle on 11/03/07 01:31

Sanders Kaufman wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> wrote in message
> news:A6adnVcvS9Fxr7fanZ2dnUVZ_o_inZ2d@comcast.com...
>> Sanders Kaufman wrote:
>
>>> The current user, of course. Or in a word... "currency".
>>> While it's true a user can come from any number of IP's - they can only
>>> come from one per session.
>>>
>> Another example would be if the user has a dynamic address and the lease
>> expires. There is nothing to indicate a new lease will get the same ip
>> address.
>
> That's only a problem if, between the time they login and the time they
> access secure data, the IP is renewed.
> Even then, the only "problem" is that they gotta login again.
>
> And that happens how often? Coupla hours? Coupla days? Sometimes less
> frequently?
>

It all depends. I've seen them go from 30 minutes (i.e. hotels who
obviously don't have enough IP addresses for all their customers) to
once a week or more.

> But you got me thinkin....
> I should be auto-checking to see if there's a brute-force attack, or if
> someone is desperately trying to access their own account.
>
> I don't KNOW that none of my users are getting a more frequent IP change - I
> just assume so, and have not heard otherwise.
> But my system should have a feature to tell when someone's login is getting
> hammered - especially if it's coming from multiple IP's.
>
>

IP's are *never* reliable.

Just keep track, and if they've failed 5 times in 15 minutes, disable
them for an hour.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]