Authentication happens prior to some other checks.
If the database is in restricted mode, the non-existent user login will still return a ORA-1017, even though real users will be unable to logon to the database.
Other problems (archive space full, etc) may cause this as well, though I have not tested them.
Jared
Far safer than connecting as a non-privileged user is attempting to connect as a non-existent user. If the database instance is up and running and working normally, you'll just get the ORA-01017 error ("username or password incorrect"), which is normal and expected. This tests IP connectivity, TNS Listener availability, instance availability/function/response, all without jeopardizing security. Or at least minimal jeopardy.
-- Jared Still Certifiable Oracle DBA and Part Time Perl Evangelist