Author Topic: Help with Toll Fraud and SMDR  (Read 2152 times)

Offline edmicra

  • Contributer
  • *
  • Posts: 27
  • Karma: +2/-0
    • View Profile
Help with Toll Fraud and SMDR
« on: July 16, 2014, 07:59:39 AM »
Hi all

We may have an issue with calls made to Ethiopia. Embedded VM did have access to PSTN and COR was not applied. The system has been administered by the company IT dept. I have since locked down all VM ports so now there is no access to PSTN what so ever via the VM ports



Can anyone who is better versed at reading SMDR please advise.

4400 is menu mode with the following options associated

1 4410
2 4440
3 4450
4 2301


VM options was set to not allow digit 9


7 A
07/08 12:33:50 0000:00:01 T7 **** P403 001 P403
I 4400 001 00251917102052 2300 A001820 


Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Help with Toll Fraud and SMDR
« Reply #1 on: July 18, 2014, 09:14:16 PM »
I looks to me as if the call can in in Trunks 7 and rang to an ACD path. from there it went to 4400 and was transferred out to 00251917102052.

I'm not sure what 2300 is.

Are you sure your VM ports are locked down and not able to xfer out?
COR, COS and perhaps Interconnect Restriction?
My instincts tell me that a VM box was hacked and an external cell phone was put in that points to the Ethiopia number.
You may also want to block the country code for Ethiopia.

Ralph

Offline edmicra

  • Contributer
  • *
  • Posts: 27
  • Karma: +2/-0
    • View Profile
Re: Help with Toll Fraud and SMDR
« Reply #2 on: July 19, 2014, 11:34:36 AM »
Ralph

You are correct. Found that MB 2335 had been compromised and personal contacts were used. The passcode for the offending MB was 2335 !!!

This system has been administered by the company’s IT dept and was wide open. EVM COR had access to all ARS routes and the COS was also allowing access to the PSTN and public network to public network access was enabled.

We have since locked it down and changed VM passcodes to 6 digits. They are now discouraging users from using personal contacts and for those who insist speed calls to override toll control will be used


Offline ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Help with Toll Fraud and SMDR
« Reply #3 on: July 19, 2014, 03:38:54 PM »
Glad you found it.
Just for reference and closure of this thread, I posted an article on how to set up ARS for security:  www.mitelforums.com/articles/mitel_ars_programming.php

Ralph


 

Sitemap 1 2 3 4 5 6 7 8 9 10