| |||||||||
 |
| ||||||||
| |||||||||||||||
| |||||||||||||||
| BCM and Norstar ICS, CICS, MICS, BCM, BCM 50 BCM 200 and BCM 400, Startalk Voicemail call pilot 150 |
| Tags: call, fraud, help, nvm, outbound, stopping |
 |
| | LinkBack | Thread Tools | Display Modes |
| |||||||||
|
| ||||||||
| |||||||||||||||
| |||||||||||||||
| BCM and Norstar ICS, CICS, MICS, BCM, BCM 50 BCM 200 and BCM 400, Startalk Voicemail call pilot 150 |
| Tags: call, fraud, help, nvm, outbound, stopping |
|
| | LinkBack | Thread Tools | Display Modes |
 08-11-2004, 08:31 PM | #1 (permalink) | ||||||||
| Guest
| I have Nortstar VoiceMail 4.0, with mailboxes setup to COS=13 and Outdial=Line Pool A. I'm getting hacked by phreakers calling New Zealand and Phillipines using our system. Here's some lines from my SMDR log showing that ports 424 and 206 are calling out using 1010* dialing strings: S 083 00 T052000 DN0206 08/06 23:14 E 084 00 T052000 DN0424 08/06 23:16 S 085 00 DN0424 T058000 08/06 18:19 10109480116329155037 E 086 00 T058000 T057000 08/07 01:27 S 087 00 DN0206 T057000 08/06 18:20 14147271234 E 088 00 T057000 T058000 08/07 01:27 N 089 00 T052000 DN0206 08/07 04:25 00:02:23 N 090 00 DN0424 T059000 08/07 04:25 00:01:18 1010948011639164857621 N 091 00 DN0206 T059000 08/07 04:41 00:01:18 1010948011639164857621 N 092 00 T052000 DN0424 08/07 04:43 00:02:55 N 093 00 DN0206 T059000 08/07 04:43 00:01:03 1010070011639164857621 N 094 00 DN0206 T059000 08/07 04:59 00:01:03 1010070011639164857621 N 095 00 DN0206 T059000 08/07 05:15 00:00:58 1010070011639164857621 N 096 00 DN0206 T059000 08/07 05:31 00:00:51 1010070011639164857621 N 097 00 DN0206 T059000 08/07 05:46 00:00:59 1010070011639164857621 In the meantime, I changed COS to 11, and Outdial to None for all VM users to block more fraud. I would like to leave on Target Attendant, so callers can get to operator for more assistance. Does anyone know how phreakers accomplish such hacks? Better way to secure my system from fraud? P.S. One of the outdials was to 14147271234, another companies voice mail system. Curious. | ||||||||
 |
| 04-12-2005, 02:02 PM | #4 (permalink) | ||||||||
| Junior Member
Location: Richmond, Va. Rep Power: 0  | The ULTIMATE "Pot HEAD" I've had this happen to a couple of my customers. The hackers are using toll free autoattendent answered trunks and the outbound transfer feature of the mailbox, usually used to transfer callers to the mailbox owners cellphone. It's been my experence that they pick on mailboxes with either a 1111 or a 1234 passwords. They then gain access to the mailbox and change the outbound transfer target to suit their needs, usually 9011. The best defense is to have everyone change their mailbox password to a 6 digit password (not 123456). You have to check everyone's outbound transfer because once it's programed they don't need a password to use it. This also applies to the Call Pilot voice mail systems too. Hope this helps. | ||||||||
 |  |
| 04-12-2005, 06:14 PM | #5 (permalink) | ||||||||
| Guest
| All of the above suggestions are absolutely correct. I would just add that, when setting up COS filters on the VM ports, if it is necessary for the VM to dial a LD number (a remote user's cell phone), remember that it is possible to allow ONLY the numbers that are necessary, and block everything else. You can get VERY granular with your filters. Mactecinc is right about the way that it is done. If I had to guess, I would say that the mailbox belonging to President of your company (or another executive) was the one that got hacked. There is typically a lot of public information available on these individuals (company website), making there extension a target. Executives usually have the easiest of passwords, and the most priveleges (outbound transfer allowed). As for the call to another companies mail, the phreakers will bounce these calls from one hacked system to another, in and out of various countries, to make them harder to trace. One last thing, you might want to disconnect all of your lines from the system momentarily, just to be sure all of the calls are down. I had this happen once, implemented the appropriate restrictions, and had another call show up in the log the next day. The thing was, the call was up when the restrictions were added. It turned out to be a 36.5 hour call to the Philipines. I hope this helps. | ||||||||
| |
|
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| Display Modes | |
| |
 Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Changing the number a set is forwarded to from off site. | pcutler | Meridian Systems | 7 | 11-28-2007 11:56 AM |
| SPRE codes | ycoder | Meridian Systems | 11 | 12-11-2006 01:29 AM |
| Reverse Call Pickup | twscrb | Meridian Systems | 10 | 08-26-2006 08:14 PM |
| FFC's not working | switch | Meridian Systems | 4 | 04-17-2003 08:51 AM |
| Trunk to Trunk connection woes... | Hi-Tech | Meridian Systems | 2 | 02-05-2003 08:25 PM |
Linear Mode
