Page 540 of 910 IP Line 4.5 administration
553-3001-365 Standard 4.00 August 2005
Password Guessing Protection
IP Line 4.5 provides protection against password guessing. This protection
helps to block a hacker from attempting to log into the Voice Gateway Media
Card’s shell by making repeated attempts to guess the shell user ID and
password.
The password guessing protection is applicable to either a tip session (direct
maintenance port-connected TTY session) or a Telnet session.
The password guessing protection feature is described as follows:
• There is a login failure threshold of 3 and a lockout period of 10 minutes.
This is not user-configurable.
• Password guessing protection is enabled by default when the card starts
the first time. The protection can be disabled and re-enabled at the
VxWorks shell. Entering the shellLoginProtectSet 0 command disables
the protection and shellLoginProtectSet 1 enables it.
• When the login failure threshold is exceeded (by 3 consecutive failed
login attempts), the system raises an “ITG1038” critical alarm. This
alarm is sent to indicate the card’s login has been locked due to too many
incorrect password entries.
Alarm value = ITG alarm 38
perceivedSeverity = Critical
probableCause = Unauthorized maximum access attempts
Alarm text = IPL login protection (login locked)
When the 10 minute timer expires for the lockout period, the system
raises an “ITG5038” cleared alarm. The clear message is sent after the
lockout period expires.
perceivedSeverity = Cleared
probableCause = Unauthorized maximum access attempts
Alarm text = IPL login protection (login available)
• There is no online indication or warning during the failed login attempt
lockout state. Everything appears the same to the user trying to login. The
user is not informed that login blocking has been activated. The login is
ignored for 10 minutes.