Previous Thread
Next Thread
Print Thread
Rate This Thread
#614502 - 12/01/17 09:58 PM Nortel CICS Hack ??  
Joined: Jan 2007
Posts: 36
TelDog Offline
Member
TelDog  Offline
Member

Joined: Jan 2007
Posts: 36
Nixa, MO
I have a new customer with a hacking issue. I do have some experience on the Nortel systems , but I am more experienced with Panasonic. Its seems someone is calling in and calling back out using my customers numbers to solicit people. I have gone in to the Callpilot and turned off outbound calling option in class of service (1) & (2) which is what Mbx's are set too. Does anyone have any thoughts ??

Thanks

Google Telephone Equipment Search
#614503 - 12/01/17 10:17 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Jan 2004
Posts: 6,464
skip555 Offline
Moderator-Nisuko-Tie, General
skip555  Offline

Moderator-Nisuko-Tie, General
*****

Joined: Jan 2004
Posts: 6,464
Sarasota FL
did it continue after you disabled out bound calling ?


Skip
------------------------------------

Serving SW and West central Fl since 1984
#614504 - 12/01/17 10:26 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Dec 2003
Posts: 1,946
NTlayoff Offline
Moderator-Nortel
NTlayoff  Offline
Moderator-Nortel

Joined: Dec 2003
Posts: 1,946
Columbus, Ohio, USA
Yes, that is a good first step.
Most of the time it is because people use Mail Box passwords that are easy to crack.
In other words like: 1234 123456 1111 or their ext number twice.
Tell them to make all users change their passwords to a better secure number.
You can also use LINE Restriction that will disable calling overseas. Then also restrict area codes for the Carribean area.


If CON is the opposite of PRO
Then what is the opposite of Progress?
#614515 - 12/02/17 12:06 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Jan 2007
Posts: 36
TelDog Offline
Member
TelDog  Offline
Member

Joined: Jan 2007
Posts: 36
Nixa, MO
At first I thought the problem had been solved. Customer sent me email the other day, with the message from the person the outbound call went too. I did tell customer that all passwords should be changed, but you know how that goes. I made the class of service change though Callpilot Manager, the mbx's only used COS 1 & 2. that I could see. Maybe I missed one !? As far as overseas, have not had any issues with that. Strangely the calls are local and to a law firm, my customer is a law firm as while. (odd) Calls are not that often, the previous episode was two or three a month. ???

#614517 - 12/02/17 02:24 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Feb 2005
Posts: 1,412
Curlycord Online content
Member
Curlycord  Online Content

Member

Joined: Feb 2005
Posts: 1,412
Toronto, Canada
Make sure the CICS does not have DISA programmed

When removing "Outbound Transfer" also remove "Off Premise Notify" for all COS's that do or will not require it in future (including unused COS's)

Make sure General Delivery and System Manager do not have access either way.

Change Password Expiry to 0 so they do not have to keep changing passwords and muck things up.

Enable Trivial Password Checking in System Properties so they will not be allow passwords like 1234
Tell them to use 6,7 or 8 digit passwords.

Look at Reports/MailboxInformation and it will show any mailbox that has been dialing out and show the number....do ASAP as the reports last only a week.

Ask if they have ever seen the calls go out (shows lines in use)

If you do not see any evidence via visual or reports then know that it is possible the marketers are just spoofing their Caller ID.


=---()))))))))---=
www.curlycord.com


[Linked Image]

Toronto, Ontario
#614561 - 12/04/17 11:42 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Dec 2007
Posts: 2,558
Professor Shadow Online content
Moderator Sprint-Tadiran
Professor Shadow  Online Content

Moderator Sprint-Tadiran
*****

Joined: Dec 2007
Posts: 2,558
Canby, Oregon
Make sure there isn't a mailbox set up that shouldn't be there. Something beyond extension number range.


Dean

Please don't confuse your "Google Search" with my licenses, certifications and 30 years experience.
#614562 - 12/05/17 12:44 AM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Jun 2006
Posts: 8,311
MooreTel Offline
Moderator-Nortel, Computers, General
MooreTel  Offline

Moderator-Nortel, Computers, General
*****

Joined: Jun 2006
Posts: 8,311
Lennoxville, Quebec, Canada
....Unless that mailbox is a "Guest", "Info", Hunt Group", etc mailbox.


Scientists say that the universe is made up of Protons, Neutron & Electrons. They forgot "Morons".
Dave. (CTUB) Canadian Techs Use Bix!
#614578 - 12/05/17 05:01 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Aug 2002
Posts: 885
jsaad Offline
Member
jsaad  Offline

Member

Joined: Aug 2002
Posts: 885
Union NJ
I like to make a set filter to deny everything for the voicemail ports and then overrides for the local area codes to that customer .

#615395 - 01/13/18 11:26 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Feb 2010
Posts: 270
teldata1 Offline
Member
teldata1  Offline
Member

Joined: Feb 2010
Posts: 270
Boston
I had a service call this week that the customer was being hacked
It was on Norstar Flash
They were using General Dilivery MB 100
Using the Message Notication feature
The password was 1234
They put a *72 plus phone number called back in to system
Left message and all calls were forwarded



And because it’s a flash I couldn’t deny the B Chanel’s
From line access

So they only way is to make sure there’s a good password

On all MBs

#615413 - 01/14/18 03:52 AM Re: Nortel CICS Hack ?? [Re: teldata1]  
Joined: Dec 2003
Posts: 1,946
NTlayoff Offline
Moderator-Nortel
NTlayoff  Offline
Moderator-Nortel

Joined: Dec 2003
Posts: 1,946
Columbus, Ohio, USA
Originally Posted by teldata1
........
And because it’s a flash I couldn’t deny the B Chanel’s
From line access

So they only way is to make sure there’s a good password
On all MBs


That is why I put restrictions on the LINES not on Users.
I also restrict the STAR and the NUMBER sign (pound sign)

But a good password is where it starts.


If CON is the opposite of PRO
Then what is the opposite of Progress?
#615416 - 01/14/18 03:03 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Feb 2010
Posts: 270
teldata1 Offline
Member
teldata1  Offline
Member

Joined: Feb 2010
Posts: 270
Boston
Good to know

#615422 - 01/14/18 07:27 PM Re: Nortel CICS Hack ?? [Re: TelDog]  
Joined: Feb 2005
Posts: 1,412
Curlycord Online content
Member
Curlycord  Online Content

Member

Joined: Feb 2005
Posts: 1,412
Toronto, Canada
All voice mails use both A and B channels...not just the Flash
The B channel shall follow the restrictions of the A channel however best to restrict all A channels (port DN's) on the voice mail.
If it's a 4 channel flash then that is 2 DN's that need restricting.

I personally leave lines last but it all depends on the sites dialing habits
-I program a filter only for voice mail with *, 0, 10....this leaves them the option to use Outdial still with a stern warning to use an 8 digit complex password
-Sets I program 411, 976, 900, 700 plus any other restrictions that are ask of such as *, 0, 1, 10 etc
-As for Lines I ask if they ever make over sea's call's and if no then I also restrict *, 0, 10 as well, and if they say the odd time then I create a COS password to override the restriction.

I am thankful that in over 20 years I have never had a callback after locking down a system after a hack, it's almost worrisome when you leave the site because then the onus is on you but sticking to your same setup on each site as best you can helps.


=---()))))))))---=
www.curlycord.com


[Linked Image]

Toronto, Ontario

Moderated by  MooreTel, NTlayoff, Z-man 

Refurbished Phones & Equipment Search
TARGETED LEADS Telephone Installers, System Installation & Phone System Sales!
Technician Search, enter State or Zip Code
Shout Box
FREE DESI Labeling System Software!
FREE DESI Labeling Software - Click Here!
Most Recent 5 Post
iDCS key prorgamming
by Keyset6. 01/18/18 01:27 AM
Auto Attendant programming
by tim01. 01/17/18 10:28 PM
Omni PCX PRI Garbled Calls
by Shawane. 01/17/18 10:15 PM
SBX with AutoAttendant unanswered to attendant
by RUSS K.. 01/17/18 01:27 PM
SL1100 Call forward off premise
by Mickamg. 01/17/18 01:14 PM
Who's Online Now
22 registered members (Curlycord, Mercenary Roadie, Touch Tone Tommy, phonemeister, aplustechnicians, Test-ok, pvj, CableTech2020, hbiss, usedphones, John807, jb-alert@live.com, Professor Shadow, Yoda, hitechcomm, DD782, pdxjim911, dexman, Keyset6, rotarydialtommy, 2 invisible), 332 guests, and 424 spiders.
Key: Admin, Global Mod, Mod
Tech Support Line 1.800.766.3425
Over the Phone Tech Support for your Phones and Business Phone Systems
Popular Topics(Views)
Newest Members
stewartp, LightningDemon, zelon88, suisse, DaleThePhoneGuy
48397 Registered Users
Forum Statistics
Forums60
Topics90,234
Posts614,800
Members48,398
Most Online4,713
Apr 2nd, 2014
Today's Birthdays
compu_85, Gordon Gekko, Helmut Suppan, Juan Valdez, mws62
Top Posters(30 Days)
dexman 55
hbiss 22
pvj 18
Yoda 18
John807 15
Free Voip phone with every line!
FREE Voip Phone - Click Here!
RESPONSIVE WEBSITE DEVELOPMENT
Ad Spot for sale $299 This spot gets 5 million page loads per month! Call 1-800-766-3425
Free Phone Repair Diagnostic
Website for sale!
Business and website or sale!
Contact Us | Telephone System Tech Support | Terms of Service

Sundance Communications is not affiliated with any of the above manufacturers.
©Copyright Sundance Communications 1998-2018
Website Malware Scan




Trusted Partners
Sitemap