Mitel 3300 - Fraud Calls every 30 seconds! HELP...

[TPG2K]

We just finished migrating to a new Mitel 3300 in one of our main offices and converting all of the existing analogue lines onto a PRI. For over a year we had been getting reports that fraudulent activity was occuring on the old telco system. Since we migrated to the 3300 this issue is now emphasized and the calls are occuring on 30 second intervals. The anoyance is the sequence the "hackers" are using in order to potentially gain access to an outside line ends up constantly ringing the phones located in the security office with many guards who oversee over 1 million square feet of prime real estate. This has been happening for over a week now - basicly since we finalized the migration.

The provider is telling us that since the service is now digital "PRI" they can't block incoming calls. Mitel is also saying that the controller does not have any feature to block incoming calls. At this point I'm beyond myself with everyone saying nothing can be done.

In addition, the phone number that shows up on the call display is not operational. Says it's out of service when we attempt calling back, that was a given but worth trying, obviously a spoof/ghost number.

If anyone has any ideas how to block the incoming caller which is most likely another system on a Mitel 3300 controller running an allstream PRI circuit you would be my hero

Here are the logs from the controller:

04/11 21:21 0000:00:33 T1 001 4166233105 80834 777 S788 X 248 1 4166233105 80834
04/11 21:22 0000:00:00 T1 003 0 202 248 248 1 4166233105 80834
04/11 21:22 0000:00:33 T1 001 4166233105 80834 777 S789 X 248 1 4166233105 80834
04/11 21:23 0000:00:02 T1 003 0 202 248 248 1 4166233105 80834
04/11 21:23 0000:00:33 T1 002 4166233105 80834 777 S790 X 248 1 4166233105 80834
04/11 21:24 0000:00:01 T1 002 0 202 248 248 1 4166233105 80834
04/11 21:24 0000:00:33 T1 001 4166233105 80834 777 S791 X 248 1 4166233105 80834
04/11 21:25 0000:00:16 T1 017 0 202 248 777 792 1 4166233105 80834
04/11 21:25 0000:00:34 T1 001 4166233105 80834 777 S793 X 248 1 4166233105 80834
04/11 21:26 0000:00:16 T1 016 0 202 248 777 778 1 4166233105 80834
04/11 21:26 0000:00:33 T1 001 4166233105 80834 777 S779 X 248 1 4166233105 80834
04/11 21:27 0000:00:16 T1 017 0 202 248 777 780 1 4166233105 80834
04/11 21:28 0000:00:34 T1 001 4166233105 80834 777 S781 X 248 1 4166233105 80834
04/11 21:29 0000:00:17 T1 016 0 202 248 777 782 1 4166233105 80834
04/11 21:29 0000:00:34 T1 001 4166233105 80834 777 S783 X 248 1 4166233105 80834
04/11 21:30 0000:00:02 T1 003 0 202 248 248 1 4166233105 80834
04/11 21:30 0000:00:33 T1 001 4166233105 80834 777 S784 X 248 1 4166233105 80834
04/11 21:31 0000:00:17 T1 016 0 202 248 777 785 1 4166233105 80834
04/11 21:31 0000:00:34 T1 001 4166233105 80834 777 S786 X 248 1 4166233105 80834
04/11 21:32 0000:00:17 T1 016 0 202 248 777 787 1 4166233105 80834
04/11 21:32 0000:00:14 T2 009 4165975317 81111 770 S248 1 4165975317 81111
04/11 21:33 0000:00:33 T1 002 4166233105 80834 777 S788 X 248 1 4166233105 80834
04/11 21:34 0000:00:02 T1 010 0 202 248 248 1 4166233105 80834
04/11 21:34 0000:00:33 T1 001 4166233105 80834 777 S789 X 248 1 4166233105 80834
04/11 21:35 0000:00:17 T1 016 0 202 248 777 790 1 4166233105 80834

 

[sarond]

What is 80834?
Also check your speed calls.

 

[james1982]

unless the calls are successfully connecting the hackers generally get "bored" and move on.
The only way I know of to block incoming calls is via the use of NuPoint of IQ.

Are the attempted hacked calls successful?
Have you identified how the calls are being made?

 

[Supernova99]

One thing to start with you are not being hacked, another system or device is calling you at their expense!

Surely as you have the calling line ID (OLI) you should be able to find out who the caller is and get them to check their equipment.
Is it possibly a FAX machine that is set to poll until answer?

Share what you know - Learn what you don't

 

[TPG2K]

James1982 -

"Are the attempted hacked calls successful?
Have you identified how the calls are being made?"


No, the calls are not successful. Since implementing the 3300 ZERO calls from this number have successfully reached an outside line. As Supernova99 has mentioned it's most likely an auto dialer system that is programmed and is calling the line non stop.


Supernova99 - I've provided all of this info to Allstream and to Mitel and I keep getting the same answers that know one seems to know how to trace back the information, it might also be a case where they simply don't want to be bothered with the request.

 

[dryaquaman]

If it's a fax line then when you answer it you should hear a CNG tone. Try answering the call and then transferring to a fax machine. I've stopped several of these types of calls this way.

As for blocking incoming calls, it can be done, but with SIP and and SBC.

Dry Aquaman

http://www.university-music-on-hold.com

 

[TPG2K]

Dry Aquaman - Unfortunately it's not a fax, when the call is answered the line hangs up.

 

[LoopyLou]

If the outside "thing" is dialing a legitimate number on your system there is not much you can do without identifying the called number. If you can do that then a Nupoint voicemail or a Prairie Fyre IQ can block calls from the number.

I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.

 

[Waldosworld]

Have you tried contacting Telus?
Not sure how accurate but a search says they own the number.

 

[dryaquaman]

In the 'old days' I saw this problem with auto dialers.
The auto dialer interpreted the double ring as a busy so hung up and dials again. over and over and over and over....

Dry Aquaman

http://www.university-music-on-hold.com

 

[SXWizard]

It it is a "double ring" issue you can enable the COS option External Trunk Standard Ringback in the trunk (PRI) COS. This will stop the double ring to outside callers and present a "normal" single ring.

 

[TPG2K]

Waldosworld - How did you figure out it's Tellus? I just did a search using an online service and it says it's registered to Bell. I will contact both carrier in the morning to see what comes out of it.



4162333105 Profile
City: Toronto
State: Ontario
County:
County Population: 0
Latitude:43.65
Longitude:-79.38
Company/Carrier:Bell Canada - On
Phone Type:Landline
LATA:888

 

[Nathyd06]

We are experiencing the exact same problem. We migrated to a Mitel 3300 3 months ago and since last tuesday April 10 we have anonymous call from VM every minute or so. Bell, Mitel and our Vendor says nothing can be done at thise point since we don't have a number to trace it back to!

 

[LoopyLou]

I guess to go back to the original post why are is the security office getting the "hacker" calls? Are they the dial 0 destination for the Nupoint?

I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.

 

[mikehtt]

Obviously, the calls are being made to a D.I.D. number if the call rings directly to security, correct? I'm not a programmer but why can't you change DID and extension numbers for security and leave ext 248 as a psuedo/phantom extension with no forwarding / voice mail coverage? Won't stop incoming calls but should just ring open and then timeout. I'm sure one of the techs can respond if this is workable.

 

[LoopyLou]

I don't see anywhere that he has defined what the extension is. Yes it sounds like its the DID of the security phone but who knows.

I'd tell you a UDP joke but I'm afraid you won't get it. TCP jokes are the best because you always get them.

 

[esfatman]

If this is coming in on a pri then there should be a dnis number coming in from telco. Your telco co should be able to trap it for you then build a phanthom ext to receive and do nothing else.
This also sound like an old problem where a copper trunk has a ground on it. It would ring and ring when answered it just cuts off.

 

[TPG2K]

I wanted to thank everyone for their comments and feedback. Saround ask an important question early on in the thread. He/She was questioning the 80834 in the logs and after further analysis it was concluded that 0834 is the last four digits to the DID number that was being dialed by the caller. Lucky for us this number is not associated to our main number. We proceeded and deleted the number from the controller, the issue was immediately resolved
I encourage anyone having the same issues to enable logging on the controller and review the logs with the person who has programmed your system. Calling any of the providers for assistance is unfortunately an annoyance and a significant waste of time.
Log Entry: 04/11 21:21 0000:00:33 T1 001 4166233105 80834 777 S788 X 248 1 4166233105 80834

 

[KE407122]

Carrier Facilities when pic'd to another LD Provider and then offloaded back onto the PSTN will sometimes display a number that cannot be dialed.

416 623 is a TELUS facility, (TPG2K searched the wrong exchange-- 416 233. Right City, wrong CO.)

80834...DID.Almost sounds like an old centrex dialup Datapath unit with a wrong number programmed in. It keeps trying to establish a Data-connection to a router or IBM 3745.

KE407122

"The phone was working fine before it knocked over my coffee.