Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

NEC SV9100 Phantom Calls and Odd Voice Mail Transfers appearing in display.

NEC SV9100 Phantom Calls and Odd Voice Mail Transfers appearing in display.

NEC SV9100 Phantom Calls and Odd Voice Mail Transfers appearing in display.

Hello everyone,I have a hospital customer of mine that has a SV9100 with a PRI that recently is getting phantom calls and strange voice mail transfers on the operators phone display (picture below). The problem also happens when she puts the phone in Night mode to ring the nurses station. Thanks for your help.

RE: NEC SV9100 Phantom Calls and Odd Voice Mail Transfers appearing in display.

Either a mistake in programming or you possibly have been hacked.

RE: NEC SV9100 Phantom Calls and Odd Voice Mail Transfers appearing in display.

Hacked is what I figured. Just suddenly started happening.Most likely coming in through the voice mails UM port. Thanks!

RE: NEC SV9100 Phantom Calls and Odd Voice Mail Transfers appearing in display.

We discovered the hard way early on that the 9100 is easy to hack. Fortunately, it is easy to secure.

Do you have any NAT set up to access admin from outside? If you do, change to lesser known ports. Even better, disable that and use remote access to a PC on site via TeamViewer or Google Chrome remote since a port scanner will easily show which ports are used for this.

Disable any trunk to trunk transfer unless a compelling need for it is required. If you must set up trunk to trunk transfer, make it as restrictive as possible. Local calls only or drill down to specific numbers. Especially on the voice mail ports.

If possible, don't allow international calls. If there is a compelling need for it, only allow to users that need it, and set up a verified code. Make it as difficult as possible since these can become costly calls very quickly.

Change all user's access codes to web programming in 90-28. Ideally, blank it. Hackers use these to set up off site forwarding.

Change all admin security codes. Especially the "necii" login. You can't do this unless you are logged in as necii. The default password for the login is easily found on Google. Compound this with remote access to WebPro and, yeah... Good hackers will bury some of their tricks deep in programming and escape any casual attempts to mitigate. With necii, the system is their oyster.

Check Modification history and make sure you recognize all users and recent changes made. This is how we discovered the necii and user hacks. It was a hard lesson and I share this to save anyone pain.

If you have IP phones accessing the system via NAT, check 15-05. Make sure someone hasn't set up a SIP phone and is using that to make calls or set up forwarding. If you have SIP phones, require authentication and make complex user names and passwords. Also make sure someone hasn't set up Mobile Extension to do the same thing. If you see an unauthorized SIP phone, delete it in 90-23, find the port in 11-02 (this can be a pain since a good hacker will hide it in the higher numbered ports), and remove it. In 15-01, check the extension list and make sure there aren't any mobile extensions set up that you don't recognize.

Carefully comb through ALL ports in 11-02 and remove something that is unrecognized. Note down what you removed just in case it was set up for something that was forgotten about.

If the system is licensed for InControl, you can use the reports to help you figure out if this is simply a spam or nuisance caller. I see what appears to be a 10-digit Caller ID (albeit a non-valid number). If this is a robo call, then you can block calls by Caller ID. If you don't have InControl, set up SMDR and use Putty to capture SMDR to a file. Takes a little work but you can get a surprising amount of insight into what is happening

While I haven't run across it, I understand Find Me Follow Me can also be used to set up unauthorized transfers.

I am not proud of this list. Many of these are on my wall of shame. I hope you find out what is going on.

RE: NEC SV9100 Phantom Calls and Odd Voice Mail Transfers appearing in display.

My usual recommendation is do not change passwords on the system. The NEC only allows numeric passwords and they are the easiest to hack. What you should do is change the user names as they can be as complex as you want, uppercase, lowercase, numerical and special characters. The added advantage of this is if you loose the username you can log in from a phone (which is presumably secure on your site) using just the standard passwords and look up the username so you can't get locked out of your own system. Also check voicemail passwords as many people (for some reason) use their extension number as the VM password leaving another doorway open.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close