Technical information
Detecting Toll Fraud
Issue 7 June 2001
4-63
For DEFINITY ECS and DEFINITY G3:
Use monitor security-violations for a real-time report of invalid attempts
to log in, either through system administration or through remote access
using invalid barrier codes. For G3V3 and later, the
monitor
security-violations
command has been split into three separate
commands:
monitor security-violations
— <login>
— <remote-access>
— <authorization-code>
The four resulting Security Violations Measurement Reports provide
current status information for invalid DEFINITY ECS and DEFINITY
Generic 3 Management Applications (G3-MA) login attempts, Remote
Access (barrier code) attempts, and Authorization Code attempts.
The report titles are as follows:
1. Login Violations Status Report
2. Remote Access (barrier code) Violations Status Report
3. Authorization Code Violations Status Report
4. Station Security Code Violations Report
NOTE:
The data displayed by these reports is updated every 30 seconds.
Sixteen entries are maintained for each type of violation in the
security status reports. The oldest information is overwritten by the
new entries at each 30 second update.
The Login Violations Status report has the following fields:
— Date: The day that the invalid attempt occurred
— Time: The time the invalid attempt occurred
— Login: The invalid login that was entered as part of the login violation
attempt. An invalid password may cause a security violation. If a
valid login causes a security violation by entering an incorrect
password, the Security Violation Status report lists the login.
— Port: The port on which the failed login session was attempted
The following abbreviations are used for DEFINITY G3i:
MGR1: The dedicated Management terminal connection (the
EIA connection to the Maintenance board)
NET-N: The network controller dialup ports
EPN: The EPN maintenance EIA port