I have a customer in Collierville, TN that is having problems with international long distance hacking. I have always sold through the grey market using Hi-Line Supply and lately gotten tech support from a guy named Harvey. Recently Harvey and I went through the MICS settings (version 4ish)and he assured me that the only ways the calls could be made was from the inside. Since it is an AT&T PRI with Touch Tone as their provider and I suck at toll restriction I did what I have done for years. We had account codes added to their long distance. We thought that had it handled however the problem is back and they are telling my customer that the hacker is dialiing a 1010 code from the outside. I just spoke with my at&t rep he assures me the PRI is an old style non-VOIP. The customer just told me that AT&T tech support is telling him to check settings in his router which souds like a VOIP PRI to me. The truth is they have had about 5 different service providers in as many years and I can't get back in until 7 a.m. central tomorrow to see for myself. I put in my first phone system in 1981 and this is my first post on any forum ever so hope you people out their are kind to me. Thanks for any suggestions in advance.

Is there a VM attached to the MICS? If so, have you checked the settings on the VM?

you can do some system wide blocking of international calls and 1010 calls. I would do that to ad a level of protection.

Yes there is a voice mail and we have gone through every mail box to make sure they have pass good passwords and out dial is turned off.

This company is a manufacturer and they must call internationally to their plants in South America and overseas / However this is what we will try.

I am hoping to find a router in front of the PRI this morning which will mean to me that the hackers are hitting the VOIP side of the PRI.

Thanks for your posts!

Check the system admn (102) mailbox. Had the same problem and that's how they were doing it.

You might put a SMDR on it and log all calls, that would tell what port was making the calls.

Which mailboxes have you checked, just the known users? The "hackers" could have set up a mailbox you aren't aware of. What voicemail do you have? On a CallPilot you can easily look at the mailbox list to see any renegade mailboxes.

Search this forum and you'll see numerous posts on this subject.

I also go onto the voicemail ports and take out the line appearances and don't allow access to the line pools unless I have to. Then I set permissions to only dial phone numbers that are necessary. Probably not right or wrong, just the way I do it.