* Disconnect clients that attempt to login with banned usernames for Telnet as well

* Slow disconnects to thwart brute force attacks - these names won't exist anyway,
  but we want the attacking client to not DoS us

core/system_menu_method.js

@@ -34,6 +34,11 @@ function login(callingMenu, formData, extraArgs, cb) {
                 return callingMenu.gotoMenu(callingMenu.menuConfig.config.tooNodeMenu, cb);
             }
 
+            //  banned username results in disconnect
+            if(ErrorReasons.NotAllowed === err.reasonCode) {
+                return logoff(callingMenu, {}, {}, cb);
+            }
+
             const ReasonsMenus = [
                 ErrorReasons.TooMany, ErrorReasons.Disabled, ErrorReasons.Inactive, ErrorReasons.Locked
             ];