Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Toll Fraud ...

Status
Not open for further replies.

MrConfusedBCM

Technical User
May 8, 2017
24
CA
I kinda worked for NT and this is copied straight out of the book ...

The OUTDIAL route determines which line or line pool the system uses when a subscriber uses:

- the Reply feature to reply to a message left by an external caller
- Off-premise Message Notification
- Outbound Transfer

The default for OUTDIAL route is NONE. The values available are None, Line, Pool or Route. UNTIL you assign a line or line pool as the Outdial route for a mailbox, the mailbox owner can use the Reply feature to reply to calls from internal extensions only, Off-premise Message Notification for internal extensions only and Outbound Transfer for internal extensions only.

When you assign an Outdial route, the dialing is done by the extension the system is connected to, not by the display telephone.


The remote restriction is applied to a trunk using a restriction filter.
 
(Was better to have continued that thread then start a new one.)

"I kinda worked for NT"
Sorry, not to disrespect you but that does not mean anything.
I have been installing, programming and supporting for 20 some odd years and I still need the forums or I am wrong time to time....and forgetfull.
What division? what title did you hold?
I knew the lead guys in the ITAS group in Brampton and have a lot of their old equipment....do I know you?

As for all that Outidal info you copied I am well aware of how it works and not sure why you posted it.
Perhaps you read my post wrong.

"The remote restriction is applied to a trunk using a restriction filter"
Where did you find this text?
This is the only thing I disagreed on.

Now maybe I am wrong but "From the book":
The remote restriction restricts the numbers that can
be dialed on an incoming auto-answer line.If a remote user then selects a line to place an external call, any filter used with the line still appies.


This to me means I when I dial into an Auto Answer line I can be reticted from dialing certian digets like somebodies DN for example.
If I grab a line to call out then Line Restrictions take over.

Perhaps I am missing something and need to read up on this.
I do not recall Callpilot needing it since Callpilot uses a port on the phone system (Application port on BCM) and this is where Set Restrictions is required (if not using Line Restrictions), not Remote Restrictions.

Perhaps somebody can set us straight.






________________________________________

Add me to LinkedIN

**New Allworx Forum**

small-logo-sig.png

=----(((((((((()----=
Toronto, CAN
 
A remote package is a logical entity that specifies the outgoing line circuits that inbound ones can utilize to tandem through the BCM. The outgoing trunks are added to the package. The package is assigned to the incoming trunks.

In this case, you use a couple of stupid analog loop start supervised lines -- Lines 061 and 062 -- put them in Line Pool A. In DMS-100, I go into servord and ado them with Denied Termination. They are outgoing only.

Create Remote Package 66 in BCM and add Line Pool A to it -- disable paging.

You then assign Package 66 to the inbound/outbound PRI (BlocA) that handles the entire system and you say, use Package 66 for remote-ins.

Package 66 will only allow inbounds to egress via Line Pool A. Line Pool A will only ever be used for Call Pilot external transfers, so you set the outdial in CP to Line Pool A.

You apply the dialing restrictions to Line 061 and 062 will inherit them because they are in the same pool.

Do you get it now? When you are physically at the office you are unrestricted on that PRI, but if you come in on that PRI, you cannot go out on that PRI -- you have to go through the analog lines that only allow local calls -- which doesn't hurt anybody.

Your hackers will love tandeming in for local calls and will treat your PBX with respect. If you're dumb enough to use SIP, well then, that's too bad.
 
Yes I already get/knew all that but again it applies to an Auto Answer lines is what I keep saying....and will no more.

How do you know the client has a PRI?
How do you know they have 1 or more Auto Answer Lines?
How do you know that this was the exact method they used in this case?
What division?
What title did you hold?
Which years did you work at NT?


Cheers
"Dumb" one who uses both "SIP" and "Stupid Analog Lines".






________________________________________

Add me to LinkedIN

**New Allworx Forum**

small-logo-sig.png

=----(((((((((()----=
Toronto, CAN
 
Ouch!

"Dumb" one who uses both "SIP" and "Stupid Analog Lines".

I have both on my system. However, I have removed any line pool from all Application DN's and do not have any analogue lines to use a line pool as they are all public to prevent hackers accessing them. Also international calls are denied in line programming along with premium rate numbers.

Firebird Scrambler

Nortel & Avaya Meridian 1 / Succession & BCM / Norstar Programmer

Website = linkedin
 
I'll explain it ONCE MORE ...

On trunks that are both inbound and outbound ...

A line restriction filter applied to an analog loop start "trunk", say, 061, refers to OUTBOUND numbers you can and cannot dial when that circuit is used for an OUTGOING CALL.

A remote restriction on 061 refers to the outgoing numbers you can and cannot dial when you are coming into the system on 061.

The outgoing circuits are restricted by a remote package THAT IS ASSIGNED to the inbound circuit or circuit group. So, package 77 can restrict anyone who calls in on 061 to dialing out on 062. 062's line restrictions are checked when you try to use it. They are additive -- A + B. People on the inside dialing out bypass A. People coming in have to go through A and B.

If somebody's DN is manual answer -- ie., not through a target line, he is still a remote as far as BCM is concerned, even when his line goes to Call Pilot when he does not answer!

Firebird -- what are you talking about. You just have to do it right -- not disable all access. I can't talk about SIP trunking and BCM's vulnerability on those.

No wonder telephony is in shambles. Geez.

 
I think I follow it now. I'm aware of the remote packages from the good old Norstar days. I tend to try and set up my system so that line pools for my analogue trunks can't be accessed as they are set to public and only accessible via digital phones. This is my choice and I'm happy with the setup. I've also added in restrictions on the analogue lines for international and premium rate destinations, but have allowed some access to certain places via one of my SIP accounts that I can control and monitor.

I used to use remote packages many years ago for customers who had private wires connected with analogue lines, long before the modern age with PRI's and SIP etc.

These days, we often have customers who you don't hear from one year to another and sometimes you don't even know if they still have the same telephone system. The responsibility for it's programming can lead to a grey area if access to that system is done by people other than yourself.

The good old Norstar has customer and admin access, but in most cases the passwords were never changed and the customer often know the config password or guessed it as it wasn't difficult.

These days, most customers have better control over their kit although this can lead to many situations where people leave and others log in and blindly make changes not fully knowing what they are doing. This depends on the security of the business.

I accept the views on previous comments on this thread and would rather leave it as it is as it's down to personal choice on what is, or what isn't the right method or procedure to follow.



Firebird Scrambler

Nortel & Avaya Meridian 1 / Succession & BCM / Norstar Programmer

Website = linkedin
 
It's a site choice and the needs of what they require.

Most sites do not really need remote packages or the Remote filters associated with them.

So bottom line is do not worry about Remote Restrictions as led to believe in his first thread unless packages/auto answer is put into play.




________________________________________

Add me to LinkedIN

**New Allworx Forum**

small-logo-sig.png

=----(((((((((()----=
Toronto, CAN
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top