Excessive Incomplete Voice Mail Accesses Alert - Nortel Meridian Mail User Manual

Meridian Mail Reporter 2.0 User's Guide
Displayed Report Fields
Date/Time:The date and time that the failed logon occurred.
Mailbox: The mailbox with the failed logon attempt.
Caller DN: The number that originated the attempt. This field can contain four
digits (mailbox), five or six digits (trunk group and member number), the last seven
digits of a telephone number, or asterisks (*) if the data coming from the switch is
null.
DN Type: For MM11 only. The Directory Number (DN) type as described in Table
5-1.
This report is sorted by either Date/Time or Mailbox. The default is by Date/Time,
then Mailbox.
Analysis and Corrective Actions
If the logon failures are spread among a large number of mailboxes, this may be
evidence of hacker activity.
Remind all mailbox owners that passwords should have some degree of difficulty
so that the system remains secure. Also, if this alert indicates that there is
systematic probing by a hacker, he or she may have been successful. Pay special
attention to the Excessive After-Hour Logons Alert for unusual activity.

Excessive Incomplete Voice Mail Accesses Alert

This alert report is used to notify you when there is a greater than usual number of
attempts to log on to an invalid mailbox number (for example, a nonexistent
mailbox). This activity could be an indication that a hacker is trying to gain access
to your system without prior knowledge of the mailbox numbering plan. The
hacker is likely to access invalid mailboxes causing this alert to be triggered. The
report is produced when the number of attempts to log on to an invalid mailbox
meets or exceeds the user-defined threshold.
5 - 14