Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Calls come in and forward Out????

Status
Not open for further replies.
rachelle

rachelle

Technical User
Jul 30, 2003
220
0
0
US
Was talking to a friend and he had the strangest issue. A customer's site seems to have been hacked but, how? They have a Norstar,key system. They couldn't remember the release. Analog trunks. 10 phone lines. A call will come in from the outside world and you will see it flashing on a set. Then, another line will pick-up and that first call is going out to another number. In the first instance of this, many $$$ were charged for international calls (all to same country). In the second instance of this, calls out were going to actual client numbers. No one could tell him what the clients heard when they answered the phone.

How would you find out how they are exploiting this site? This is a puzzler!!!



rlc

no matter where you go, there you are.
 
Sort by date Sort by votes
Is there a RAD hooked up and is the password still default or relatively easy? That would be the easy way in from the outside. Also, for someone with a little knowledge, it is pretty easy for someone inside to forward off site.
 
Upvote 0 Downvote
Check to see if Disa is turned on as well, turn it off if is and not needed.
 
Upvote 0 Downvote
There may be a mailbox setup to dial out to another number or another norstar voicemail
 
Upvote 0 Downvote
Toll Fraud Lock Down:

Disable DISA
Disable Allow Line Redirect on sets
Put Restriction filters on Lines and/or sets (including the voice mail ports)

Disable Outdial on mailbox's or C.O.S.
Use 6 digit non-trivial passwords on mailboxes(not 1234 1111 etc.)

On NAM's install the Toll Fraud patch.

Thats all I can think of but I know I am missing something.






=----(((((((((()----=
curlycord
 
Upvote 0 Downvote
They can do it through mbox's with access to line pools or routes

most people use 1111 or 1234 for passwords.
Easy to get in other peoples mboxs when you know norstars


 
Upvote 0 Downvote
The CICS had IRAD answer turned on by default on some sw revisions. It sounds like you have a MICS, but for those others reading this, make sure you set the IRAD to answer- NONE.
 
Upvote 0 Downvote
Refer to Nortel ITAS tip 315NA for any info needed.

OLD ROLMEN WORKING ON NORTELS AND AVAYA
 
Upvote 0 Downvote
look first at mailboxes 100 and 102 and turn off external transfer. That is where I caught hackers on a couple of systems. (I listened to one of the calls and heard the call as it progressed and simply changing the password on the 102 mailbox stopped it right then)

If someone within the site actually forwarded a phone out you can tap the busy lamp of the outgoing line and see which extension initiated the transfer.

----------------------------
Hill?? What hill??
I didn't see any $%@#(*$ Hill!!
----------------------------
JerryReeve
Communication Systems Int'l
com-sys.com

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

trslater1
  • Question
911 out-dial access number
Replies
5
Views
310
curlycord
curlycord
Michael OConnor
  • Locked
  • Question
Norstar MICS Extension Call Forward External 4
Replies
12
Views
146
ttEstiNg2023
ttEstiNg2023
icmpflood
  • Locked
  • Question
Copper to Fiber switch on Nortel ICS /appr&ring on/in-calls neither appearing or ringing on hand 2
Replies
6
Views
110
Tele-tech
Tele-tech
messi10
  • Locked
  • Question
How to Remove Make Calls First Message
Replies
3
Views
71
messi10
messi10
Wyod_Broh
  • Locked
  • Question
Internal calls not going to phones Voicemail
Replies
2
Views
73
curlycord
curlycord

Part and Inventory Search

Sponsor

Back
Top