Limit attempt per IP network
A malicious hacker could flood the LoginAttempt table by sending failing request for different logins. Even if the size of the record is limited (#5381 (closed)) and the records are purged (#5377 (closed)) frequently and it is recommended to use a proxy which should detect and ban such requests, it is still good to limit the number of attempt per IP network.
We must limit per network because with IPv6 people receives usually a network range of 56 from providers. For IPv4 we can limit per IP as they are rare now (which means a range of 32).