User login lockout feature on IR302_IR305_IR315

User login lockout feature on IR302_IR305_IR315

The user login lockout feature has been recently introduced to IR300 serial routers:
  1.    IR302, FW V3.5.102 or above
  2.    IR305 and IR315, FW V1.0.111 or above
The router temporarily locks a user account after a number of consecutive failed login attempts.

This feature is configured at System=>Admin Access page.

With the above settings, when the account "adm" login fails after 5x attempts, it will be locked for 600 seconds:


Handling Brute-Force Attacks on Devices with Public IP Addresses

If a device has a public IP address and is under a brute-force password attack, the legitimate user may not be able to log in because the default adm account becomes temporarily locked by the lockout policy.

Possible Solutions

  1. Reboot the device from the Device Manager portal
    You can try rebooting the device from the Device Manager portal. After the device comes back online, log in to the Web GUI immediately before another lockout is triggered.

  2. Changing the administrator username from Device Manager portal. 

      The default login user name on IR router is adm, which is commonly used. If this is the account under attack, you can change the username to a less common one. 

      3. Change the http or https port number
      Using a non-default port can reduce automated scanning and attack attempts. 

4. Disable or restrict remote access

If remote access from the public Internet is not required, it is recommended to disable Remote access entirely.

If remote access is needed but the source IPs are fixed or known, configure Allowed addresses from WAN (source IP restriction) so that only trusted IP addresses can access the device.