Mitel Forums - The Unofficial Source
Mitel Forums => Mitel SX200, SX2000, and older SX platforms => Topic started by: zelda5613a on November 25, 2015, 05:58:04 PM
-
We have a 200 ICP that is receiving calls to the console from within the system on and extension that does not exist. Nothing is showing on the SMDR logs.
We recently moved the system to PRI and the instances of these calls has increased to a daily occurrence. Any ideas for troubleshooting this would be most welcome.
-
Calls cannot come from inside the system from an extension that does not exist... if they are truly internal calls, the device exists somewhere, but the clue here is probably that you just went to a PRI, which sends DNIS digits for each incoming call, and you are probably getting the incorrect number of digits or do not have one of the DID digit strings defined properly so it is rerouting to the attendant or some other destination and appears to be an internal call.
Tracking these down can be tough if they don't know up in SMDR, are you looking at raw SMDR data or a report from call accounting software? Sometimes CCA software will discard very short calls such as those under 5 seconds.
-
We are looking at the raw data. There is nothing on the line once answered, just the constant ringing. We contacted the carrier and they are running intrusive testing on the lines. Today the ringbacks have not occurred. Once i find out what they have discovered, I will post.
-
I've seen something similar.
In my case the PRI was brought into the prem via IP from the carrier and handed off to us via PRI.
What happened was there was an attempt to hack the router the carrier used.
This caused phones and keys to ring that would not normally ring.
The tool the hacker was using is called SipVicious.
I wrote about it more here: mitelforums.com/forum/index.php?topic=3619.0 (http://mitelforums.com/forum/index.php?topic=3619.0)
Ralph
-
Thanks for the information, Ralph. Initially there was some hacking taking place. And this may still be the case, but we actually had a tech on site when the issue wastaking place and could not find evidence that someone was in the system. We called the carrier and they told me that the circuit was missing a policy that could be related to the problem. We will monitor it tonight to see if the issue persists. In the mean time, we will check out your link.
-
Bear in mind the hacking would not have been against your PBX but against the carrier's router.
Something you would have no control over or your PBX vendor would have no control over.
It does make sense that the carrier would say that it was missing a policy. That would have be a policy that only let their router talk to their back office and not the hacker.
I now suspect you'll be fine.
Ralph