Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Basic Norstar Programming

Toll Fraud - Preventative Measures by curlycord
Posted: 22 Oct 09 (Edited 4 Oct 19)

How was the phone system hacked?
Usually voice mail is the culprit from an outside hacker by using Outbound Transfer or Off Premise Notify features.
-Outbound Transfer - When a user allows callers to press 7 from their mailbox to reach their mobile, the hacker will change this number
-Off Premise Notification - a Hacker will program *72 plus a number, this will forward the phone line and they have also programmed another mailbox to cancel it in the morning using *73
-DISA (Auto Answer) if enabled on one of the lines it can allow a remote user via password to dial into the system to make Long Distance calls
-Forwarded Sets - An unruly employee paid to forward a set after hours then turns it off in the morning

These are guides lines only
Every site is setup different or has different software so you will need to do what suits the client.
Some of the tips below will block features for some users such as "Off Premise Notification" and "Outbound Transfer" from the voice mail systems....in this case rely on just programming a Restriction Filter and applying it to the voice mail DN's.
Below will also show ways to block voice mail from any access to the lines, while this is overkill it does not hurt to do so.

See also Tip FAQ http://www.tek-tips.com/faqs.cfm?fid=7280 for those with a NAM

-Have Installer change Configuration and Administration passwords - in case of unruly employee tampering.
-Disable DISA and/or change COS password to something more secure - DISA is used for remote users to access the phone system.
-Setup restriction filters and have them applied to voice mail ports/DN's - This is for older Voice Mail systems
-Setup restriction filters and have them applied to lines and/or sets and/or setup COS passwords to bypass restrictions on sets.
Concerning above two lines about restrictions:
1. On older versions of voice mail such as NAM 3.0 you could restrict voice mail, only the primary DN (Feature 985 to see) needs to be restricted
2. On newer voice mails the restrictions are ignored when you apply them to voice mail primary DN (Feature 985 to see)
Instead you can apply the restrictions to the lines or you can apply restrictions to the DN # that matches the mailbox #
This means if you are DN222 with Mailbox 222 you can restrict 011 for oversea calls and apply the given filter to DN222, this will not let the set or the mailbox to dial 011 however the set can override this if you setup a COS password.
Feel free to post in the forum for more explanation if needed.
-Disable Allow Redirect option for all sets - This prevents a user from redirecting one line to another or Call Forwarding the phone to an external number.
Restriction example- Restrict 0 for overseas, * (or *72), 10 for those 10XX type services.

BCM Update:
-Note that if your BCM allows users access to Mailbox Manager then you are at risk of being hacked.
-The login via the browser does not have a maximum attempts setting so it can be hacked easily from the outside world by an automated script
-The hacker will then change your Outbound Transfer number
-Port 80 and 443 are web browser ports that should be blocked in your router, VPN is a more secure choice from outside your network.
-More importantly via Callpilot Manager denying the mailbox or Class of Service access to any Pools or Outbound Transfer as well restrictions on the sets or lines will stop Toll Fraud

Voice Mail
-Norstar Application Module (NAM) run the Toll Fraud Patches, see this link http://www.tek-tips.com/faqs.cfm?fid=7280 - Note that you can post in forum asking for a link for patch.
-Callpilot 100/150 upgrade software to 3.1
-BCM's with Callpilot make sure you are upgraded to the latest BCM patches.
-Delete all unused mailboxes
-Have ALL users change mailbox passwords to 6 or 8 digit non-trivial passwords, including General Delivery and System manager mailboxes.
-Disable Outbound Transfer and Off premise Notification in admin programming of Class Of Service(COS).
-Remove any valid entries under Outdial in admin programming of mailboxes
-Disable the "disable External Initialization" feature in COS
-Change maximum number of password attempts under COS
-Set "Return to AA to No" to prevent ** access (remote access to mailbox), note that this will effect what happens to callers after listening to an info mailbox.

-Have the carrier restrict oversea calls if you do not ever call overseas and/or have them setup passwords.
They maybe also be able to restrict certain digits (filter).

Suggested restrictions (use all or some depending on environment) based on North America:

* - Will prevent any attempt to override restrictions and prevent the use of Call Forward (*72)
0 - Will prevent Overseas calls
10 - Will prevent 10XX numbers

Other Restrictions you might be intrested in:
1 - Will prevent local long distance (Exceptions to add are toll free numbers 1800,1888,1887,1866,1855,1844)
411 - Will prevent charges for using the service local Directory Assistance
1555 - Will prevent charges for using the service abroad Directory Assistance
700, 900, 976 (1700, 1900, 1976) Will prevent charges for using the Premium Rate Services

For those whom need Off Premise Notify or Outbound Transfer it is recommended these user are in their own Class Of Service and that they use 8 digit complex passwords with a short Password Attempts setting before it locks the mailbox.

You would need to setup an SMDR to see what ext. made the call or run reports from voice mail system....see your vendor for more details.

Back to Nortel: Norstar systems FAQ Index
Back to Nortel: Norstar systems Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close