Exponential Login Backoff - Alcatel-Lucent 7450 System Management Manual
Ethernet service switch
Hide thumbs
Also See for 7450:
- Quality of service manual (912 pages) ,
- Manual (816 pages) ,
- Configuration manual (778 pages)
Table of Contents
Advertisement
Exponential Login Backoff
A malicious user may attempt to gain CLI access by means of a dictionary attack using a
script to automatically attempt to login as an "admin" user and using a dictionary list to test all
possible passwords. Using the exponential-backoff feature in the config>system>login-
control context the OS increases the delay between login attempts exponentially to mitigate
attacks.
A malicious user may attempt to gain CLI access by means of a dictionary attack using a
script to automatically attempt to login as an "admin" user and using a dictionary list to test all
possible passwords. Using the exponential-backoff feature in the config>system>login-
control context the OS increases the delay between login attempts exponentially to mitigate
attacks.
When a user tries to login to a router using a Telnet or an SSH session, there are a limited
number of attempts allowed to enter the correct password. The interval between the
unsuccessful attempts change after each try (1, 2 and 4 seconds). If the system is configured
for user lockout, then the user will be locked out when the number of attempts is exceeded.
However, if lockout is not configured, there are three password entry attempts allowed after
the first failure, at fixed 1, 2 and 4 second intervals, in the first session, and then the session
terminates. Users do not have an unlimited number of login attempts per session. After each
failed password attempt, the wait period becomes longer until the maximum number of
attempts is reached.
The OS terminates after four unsuccessful tries. A wait period will never be longer than 4
seconds. The periods are fixed and will restart in subsequent sessions.
Note that the config>system>login-control>[no] exponential-backoff command works in
conjunction with the config>system>security>password>attempts command which is also
a system wide configuration.
For example:
*A:ALA-48>config>system# security password attempts
- attempts <count> [time <minutes1>] [lockout <minutes2>]
- no attempts
<count>
<minutes1>
<minutes2>
Exponential backoff applies to any user and by any login method such as console, SSH and
Telnet.
Refer to
Telnet, SSH and FTP Commands on page
7450 ESS System Mangement Guide
: [1..64]
: [0..60]
: [0..1440]
Configuring Login Controls on page
96. The commands are described in
122.
Security
Login,
Page 57
Advertisement
Table of Contents
