I have a client whose system has been compromised to the tune of $50K in one month in international calls. We have checked all the obvious places like DISA and outbound voicemail transfers and have not been able to find the breach. Any input, no mater how obvious would be appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Toll Fraud. Please Help.
- Thread starter EGT
- Start date
Some hackers are brave enough to call into the company's
office and state they are with the phone company testing lines and ask to be transfered to extension 90.
On a PRI system this will give the outside caller an outside operator to dial anywhere.
Train the staff not to transfer anyone to a number starting
with a 9.
office and state they are with the phone company testing lines and ask to be transfered to extension 90.
On a PRI system this will give the outside caller an outside operator to dial anywhere.
Train the staff not to transfer anyone to a number starting
with a 9.
HAWKS, you can put restrictions on the b2 channels of the DN by the way.
EGT, you need to put restrictions on the lines themselves. DO not allow 0 and any and 1900/1800/1877/and any other long distant numbers. If you do need to dial international, override 1 number only or the numbers they need to dial. I would actually restrict 0 for the operator.
turn off all remote access to the system.
and finally just cancel international from the telco for the time being.
EGT, you need to put restrictions on the lines themselves. DO not allow 0 and any and 1900/1800/1877/and any other long distant numbers. If you do need to dial international, override 1 number only or the numbers they need to dial. I would actually restrict 0 for the operator.
turn off all remote access to the system.
and finally just cancel international from the telco for the time being.
phonebuster
Technical User
this fraud is coming out side your office they are hacking your voice mail auto attendant there is a piece of equipment on the internet that allows hacker to access nortel equipment probably made by an ex employee of nortel.they program from your auto attedant they use the default password. you must restrict the vm dns only way to keep them out i already went through this
ThePhoneGURU
Technical User
Would setting up account codes on the CO/TELCO side of things pose a solution?
ThePhoneGURU
Technical User
I work for a CLEC out in Canada. We do it all the time for our customers. Not sure of price but it must be pretty respectible. It could have possibly saved 50K for the above company..who knows.
This happened to us. The vmail boxes were breached from the outside. The ones that were breached had easy passwd - 1234. The violator accessed the admin functions of the mailbox and set up calls to transfer to the international operator. The mboxes were initally setup so that the outdial was set to a pool rather than None. This allows one to redirect calls to an external number when a call hits the mbox. Setting to None (F983, Change MBox, last feature change) should remove this ability but there is a feature that is normally inaccessable to regular system programming that our vendor turned off to secure system (sorry, do not know what it is). Also, I would follow the advice of others and set up restriction filters with '011' '1011' as well as the various caribbean country codes that do not require the above prefix.
Even if you had restricted the voicemail ports and removed outdial capabilities, there is still a way hackers can dial through a Norstar system. If you has a MICS 5.0 or greater, AND the destination code length matches the system DN length, a caller and reach the Automated Attendent and dial a destination code and access an outside line. Make sure that destination codes and DN lengths are different.
- Status
Similar threads
