I have a CM with legacy PRI's and it looks like these were somehow compromised during a period of time the other day where calls were made to a few sketchy countries. The carrier noticed the pattern and blocked international calling. Our team has been trying to track the chain of events but aren't having any luck. Can anyone recommend some areas to look and/or even simulate where someone could have gotten access to dial tone and made those calls?
We thought it was potentially breaking out via voicemail, but that doesn't prove to be possible. Our CDR reports show the calls, but what's happening to make the calls isn't included. Without being able to prove, it seems as if whomever was able to get additional dial tone somehow, which we are stumped. For now we have done a few things:
1. disabled dial access on the TG
2. disabled trunk to trunk xfer in sys features
3. blocked the country code in ars
Not even sure if any of those have made a difference.
We thought it was potentially breaking out via voicemail, but that doesn't prove to be possible. Our CDR reports show the calls, but what's happening to make the calls isn't included. Without being able to prove, it seems as if whomever was able to get additional dial tone somehow, which we are stumped. For now we have done a few things:
1. disabled dial access on the TG
2. disabled trunk to trunk xfer in sys features
3. blocked the country code in ars
Not even sure if any of those have made a difference.