We had hackers come into the switch and made international calls out on every CallPilot port. All 96 channels. It seems I remember a Security Audit document that gave info on what to check and how to set the CallPilot to prevent not only Thru dialing but a lot of other things. Does any one know how I can get this document or have any suggestions?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How can I prevent hacking into my CallPilot? 1
- Thread starter ss341
- Start date
-
1
- #3
look at your rpl's in the cp server.. as well as ncos on your cp ports, another thing is get those casual passwords out of the system.. push it out to six digits and lock people out after 3 retries.. if a person uses there dn or there dn backwards, your going to get hacked.. the restriction permission list are the best place to start, you can kill ld with one command.. allow 9 2, thru 9 9, don't allow 9 1.. ld goes away.. for users that HAVE to have ld numbers, build an maxp 1 acd or a soft set that forwards to that number... the cp can dial 3001, if that is a maxp 1 acd ncfw to 9 1 xxx plus 7, it works as a dial around but still stops a hacker from dialing into your cp and back out ld.. easy way to hack any cp, get the did range out of the phone book,or the web.. after hours start dialing all the did numbers, get cp, hit *, log in with the dn or the dn backwards.. if not that try 1111, then dial the next number in the did range... guess ONE password, now i can change that mb zero out option at will, call the did, mb answers press 0 talk to china, give that did to anyone that wants to use it, change the zero out any time i please..
i'm not giving away secrets, the hackers taught me how to hack, now if you know how they are doing it, fight back
john poole
bellsouth business
columbia,sc
i'm not giving away secrets, the hackers taught me how to hack, now if you know how they are doing it, fight back
john poole
bellsouth business
columbia,sc
If you can live WITHOUT outcalling
-Each port should be CLS of SRE
-Apply Flexible Trunk to Trunk Connections on the voice mail TNs (CLS=FTTR), and verify FTOP in the CDB (this FTOP change will turn the actual "feature" on and then all TNs will be able to use FTTU, FTTC, FTTR - so be careful that you have all system TNs (ALL) set with the CLS they need before activating)
-Each voice mail TN should be NCOS 0 - NCOS 0 must be known to be too low to pass any call.
-Each voice mail TN should be TGAR 1 (all trunk routes must be TARG 1 also)
If you REQUIRE outcalling
-Each voice mail TN should be CLS of CTD
-Still - do apply Flexible Trunk to Trunk Connections on the TNs (CLS=FTTR), and verify FTOP in the CDB
-SET NCOS of each voice mail TN as low as you can to pass the outcalls
-Each port should be TGAR 1 (all trunk routes must be TARG 1 also)
You should also review every trunk route - if ANY arer set up as "TIE" - convert them to "DID" - no elco of hardware changes are required. It is simply a administrative change. Reason being, TIE is not included in many of NTs CLS restrictions - DID is
In the feature books, this is a great CLS overview
Then add John's list of items as additional layers...
~
-Each port should be CLS of SRE
-Apply Flexible Trunk to Trunk Connections on the voice mail TNs (CLS=FTTR), and verify FTOP in the CDB (this FTOP change will turn the actual "feature" on and then all TNs will be able to use FTTU, FTTC, FTTR - so be careful that you have all system TNs (ALL) set with the CLS they need before activating)
-Each voice mail TN should be NCOS 0 - NCOS 0 must be known to be too low to pass any call.
-Each voice mail TN should be TGAR 1 (all trunk routes must be TARG 1 also)
If you REQUIRE outcalling
-Each voice mail TN should be CLS of CTD
-Still - do apply Flexible Trunk to Trunk Connections on the TNs (CLS=FTTR), and verify FTOP in the CDB
-SET NCOS of each voice mail TN as low as you can to pass the outcalls
-Each port should be TGAR 1 (all trunk routes must be TARG 1 also)
You should also review every trunk route - if ANY arer set up as "TIE" - convert them to "DID" - no elco of hardware changes are required. It is simply a administrative change. Reason being, TIE is not included in many of NTs CLS restrictions - DID is
In the feature books, this is a great CLS overview
Then add John's list of items as additional layers...
~
Hawks, you are correct about the pic (Primary Interexchange Carrier for the curious) That pic block can save a lot of worry but of course the LEC has to be proactive about updating the lists.
The problem is worse now that you can call a carrier 800 number and get op-assist calls. Lots of folks still have toll free prefixes classified as low restriction - to me, it is the same FRL/NCOS as any general area code. I have some NPAs that are less restricted than toll free too
I can just imagine johnpoole thinking of the horror health care and lodging must live with, since the FCC requires that guests be able to select the carrier they want -- any carrier.
~
The problem is worse now that you can call a carrier 800 number and get op-assist calls. Lots of folks still have toll free prefixes classified as low restriction - to me, it is the same FRL/NCOS as any general area code. I have some NPAs that are less restricted than toll free too
I can just imagine johnpoole thinking of the horror health care and lodging must live with, since the FCC requires that guests be able to select the carrier they want -- any carrier.
~
- Thread starter
- #8
Thanks guys!
I have made corrections suggested and tested. I can no longer get through the mail to the outside. (Atleast for now) All is good information. We are now basically not allowing any thru-dial out of the switch. None of the RPL's will allow 9 anything.
This is a federal facility and they don't want user's doing anything but the standard local and ld calls from their stations. Nothing fancy. Nothing through mail. Reverting only on switch.
Thanks again.
I have made corrections suggested and tested. I can no longer get through the mail to the outside. (Atleast for now) All is good information. We are now basically not allowing any thru-dial out of the switch. None of the RPL's will allow 9 anything.
This is a federal facility and they don't want user's doing anything but the standard local and ld calls from their stations. Nothing fancy. Nothing through mail. Reverting only on switch.
Thanks again.
ss341, remember that "layers" of security keep you safe when you cant audit the system weekly... If for example, you just changed the NCOS and didn't do the RPL in the mail system...sure, it would work. But one error could mean wide open calling.
Also, if you just implement the security measures in the mail system, you have nothing to fall back on if someone inavertantly makes a change that opens a hole.
"Security that is hard to screw up" is what I am writing for a well known publication right now...hope I can fool'em
~
Also, if you just implement the security measures in the mail system, you have nothing to fall back on if someone inavertantly makes a change that opens a hole.
"Security that is hard to screw up" is what I am writing for a well known publication right now...hope I can fool'em
~
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question
