Intrusion attempt handling, Intrusion attempt handling 2-134 – Nortel Networks OPTera Metro 3500 User Manual
Page 172
2-134 Operation, administration, and maintenance (OAM) features
OPTera Metro 3500 Multiservice Platform NTRN10AN Rel 12.1 Standard Iss 1 Apr 2004
For remote login, for example, a remote login from telnet port 10001, the
intrusion detection feature will not block the intermediate nodes, instead the IP
address from the telnet connection from which the request was initiated will be
blocked.
For more information about intrusion detection feature, please see
attempt handling on page 2-134
Intrusion attempt handling
Intrusion attempts on the OPTera Metro 3500 network elements are alarmed
and displayed when incoming access is attempted but fails due to incorrect
user-ID or password. This alarm alerts administrators of intrusion after a
provisionable number of failed login attempts.
Every time users log in to a shelf they must give a user ID and a password. If
the information they enter corresponds to a valid userid and password they are
allowed access to the shelf. If the user ID or password is wrong, they are
allowed to re-enter the user information to try again and a counter is advanced
incrementally by one. The provisionable range of invalid logins is between 2
and 9 before the port is locked out. The default value is 5 login attempts.
Users are locked out based on their originating address. Once the counter
reaches the maximum number of invalid attempts the port is locked out for the
required amount of time. An alarm is then raised to inform the system
administrator that an intrusion attempt has occurred. Security logs will record
the originating address and connection type of invalid access attempt to the NP
or SP.
Logical flow of intrusion attempt handling
shows how the
mechanism works.
Intrusion attempt handling is disabled by default.