Author Topic: Internal Phantom calls  (Read 3132 times)

Offline zelda5613a

  • Contributer
  • *
  • Posts: 6
  • Country: us
  • Karma: +0/-0
    • View Profile
Internal Phantom calls
« on: November 25, 2015, 05:58:04 PM »
We have a 200 ICP that is receiving calls to the console from within the system on and extension that does not exist.  Nothing is showing on the SMDR logs.

We recently moved the system to PRI and the instances of these calls has increased to a daily occurrence.  Any ideas for troubleshooting this would be most welcome.


Offline acejavelin

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4100
  • Country: us
  • Karma: +133/-0
  • High-tech, heavy metal redneck!
    • View Profile
    • Like what I do and wanna help out? Send me a donation!
Re: Internal Phantom calls
« Reply #1 on: November 26, 2015, 01:48:50 AM »
Calls cannot come from inside the system from an extension that does not exist... if they are truly internal calls, the device exists somewhere, but the clue here is probably that you just went to a PRI, which sends DNIS digits for each incoming call, and you are probably getting the incorrect number of digits or do not have one of the DID digit strings defined properly so it is rerouting to the attendant or some other destination and appears to be an internal call.

Tracking these down can be tough if they don't know up in SMDR, are you looking at raw SMDR data or a report from call accounting software? Sometimes CCA software will discard very short calls such as those under 5 seconds.

Offline zelda5613a

  • Contributer
  • *
  • Posts: 6
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Internal Phantom calls
« Reply #2 on: December 02, 2015, 07:14:17 PM »
We are looking at the raw data.  There is nothing on the line once answered, just the constant ringing.  We contacted the carrier and they are running intrusive testing on the lines.  Today the ringbacks have not occurred.  Once i find out what they have discovered, I will post.

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Internal Phantom calls
« Reply #3 on: December 03, 2015, 08:20:52 AM »
I've seen something similar.
In my case the PRI was brought into the prem via IP from the carrier and handed off to us via PRI.
What happened was there was an attempt to hack the router the carrier used.
This caused phones and keys to ring that would not normally ring.
The tool the hacker was using is called SipVicious. 

I wrote about it more here: mitelforums.com/forum/index.php?topic=3619.0

Ralph
« Last Edit: December 03, 2015, 08:23:06 AM by ralph »

Offline zelda5613a

  • Contributer
  • *
  • Posts: 6
  • Country: us
  • Karma: +0/-0
    • View Profile
Re: Internal Phantom calls
« Reply #4 on: December 03, 2015, 02:38:38 PM »
Thanks for the information, Ralph.  Initially there was some hacking taking place.  And this may still be the case, but we actually had a tech on site when the issue wastaking place and could not find evidence that someone was in the system.  We called the carrier and they told me that the circuit was missing a policy that could be related to the problem.  We will monitor it tonight to see if the issue persists.  In the mean time, we will check out your link.

Online ralph

  • Mitel Forums Admin
  • Hero Member
  • *****
  • Posts: 5767
  • Country: us
  • Karma: +469/-0
  • Published Author: http://amzn.to/2dcYSY5
    • View Profile
Re: Internal Phantom calls
« Reply #5 on: December 03, 2015, 03:13:46 PM »
Bear in mind the hacking would not have been against your PBX but against the carrier's router.
Something you would have no control over or your PBX vendor would have no control over.
It does make sense that the carrier would say that it was missing a policy.  That would have be a policy that only let their router talk to their back office and not the hacker.
I now suspect you'll be fine.

Ralph


 

Sitemap 1 2 3 4 5 6 7 8 9 10