atcomsystems.ca/forum Forums Other TDM Phone Systems Telrad Telephones & Systems someone using our PBX to call cuba!

Can anyone tell me where I would look for open or default access passwords for my telrad digital 400 PBX? Our LD vendor called today and said we had billed over 3K in calls to Guantanamo last month. I don't beleive that they are originating within the building, as they are all through the day and night.
For now I have shut down international calling, but that is not a viable option for the long term as we have offices in Europe.

I think there must be some open access that I don't know about.

The system:
Digital 400 3 t-1's about 40 pots lines, version is PCP DB6.05

VM is also telrad 6.00D USA

Any thoughts on what I have done wrong? Whatever it is I think has been wrong for a long time and someone has just found it.

thanks
ayb

Turn off forwarding calls access to I for internal It's in Class of Services and says FWD COR. If you do that no one will be able to call out for the outside. Meaning a HACKER. Then if it's an internal problem you have to set-up toll Restriction. And for your calls to Europe offices set-up toll plans or do VOIP or a t-1 to connect the systems (you can ste-up t-1 to t-1 using two diffrent systems), it will save you money in the long run.

Thanks,
I will check it tomorrow and report back what I find.
ayb

1.Are all these calls being metered on one POTS line only .(Your vendor can tell you what phone number the metering is occurring on)
2.Is that line actually connected to your system(ring the phone number and check that it rings into your system.)
3.Get the line checked to ensure there isn't a tail jointed into the cable at the Main frame (I think you call them the closet)-where the cable network enters the building.Could be paralleled to another part of the building and active at another outlet.Could even be tailed off in the street to another address.Stranger things have happened.
4.If all else fails connect an SMDR(System Management Detail Recorder)at the system and it will track and record ALL calls made through the system and what numbers have been dialled from what xtn ,at what time etc.Do this on the quiet so the offender doesn't become aware and ceases.
5.I don't know the system but similar problems occur here if the system has 3 way conference (1 xtn to 2 exch lines)activated,OR has external call transfer activated(call comes into system-at the cost of a local call-and is transferred to another number anywhere) .May only be to another local number BUT may also be international.
You will need an SMDR to chase the xtn user doing this .

POTS lines are being used, but these lines are picked to our LD provider for any LD calls that go out over them. Usually LD calls are routed to the T-1's via LCR so I don't understand how they are forcing them out the POTS lines.

The lines are connected to the system an AA answers when you dial them.

We own the building alone so if someone is tapping, it has to be from the outside. Of course anything is possible.

Can you explain[if it is someone remotley accessing] how they actually do it? I would like to understand the mechanics of it as well.
i.e. they dial one of these POTS and hit some sequence to get another outside line or to connect their current line to another placed call?


We do have numbers that when left a VM will dial pagers, or other numbers. Is this considered call forwarding as well? That is a functionallity we really need.

We do have SMDR and I will be checking that as well.

Thanks to everyone again, I really appreciate it!
ayb

If your Long Distance calls are being correctly routed via your LD Provider it most probably means that the calls are being originated from within .
I assume there is a Carrier override code programmed into your system to route calls to your long distance provider which means the code is inserted BY THE SYSTEM prior to digits being sent to line.
Check your system speed dial entries and check if the number is in speed dial store-for no other reason than to remove it.The person responsible may simply have it in their personal speed dial .
If you don't normally call Guantanamo, and have to dial an access code to ring there, bar this code in the system .
But, I feel sure,once you analyze you SMDR records you will find the culprit.

Check your SMDR!!!!!!!!!!

Then beat them with a stick!!!!!!!!!!

Also set-up some toll restriction

we have tapit2000 as our smdr, it is painful to use but what we seem to see is that valid users show their name and extension when making international calls. invalid users show a trunk number where the extension should be.

Can I get raw data in comma delimited txt format from that software?

my theory:
What I was guessing that these aholes were doing is dialing one of our 800 numbers getting to the AA then doing something[what I have no idea] that would allow them to dial out again. I figured they are not going to want to pay for the call in or out, [of course they are probably stealing that outbound line from some other person anyway. I was just hoping I could track the bastards. A pipe dream I know.]

So that would allow me to align an inbound 800 call to an outbound guantanamo call, and get the number they are calling from as all our 800 billing shows the calling number.

We changed the passwords in 2 places in the PBX configuration and 1 place in the VM system. My vendor assumes it is access via the VM system with someone adding a followme number, but I looked at each and every VM box and there are only the pagers we know about with followme's.

Again I don't understand the mechanics of how they are doing it but since we changed the passwords we have no data in smdr logs that shows calls after the time we changed them.

does that shed any light to you experts?
thanks
ayb

do you have disa set up?
Which has to do with remote system access.

question to the guru's...should he also change his system password? I don't think they can do it from voicemail, it's from the systems.