Re: FEMA/DHS phones hacked
- Yes, old school. I guess some folks never learn.
I had a project early 1990's with similar problems. I wrote several
programs and scripts that sat on a then 80486 P.C. running Coherent
(old clone of Unix with 'C' complier and Database).
It sat on the the SMDR ports of multiple switches and monitored calling
patterns looking for things like trunk to trunk calls. Tandem calls
after normal business hours. Dialed number patterns. All tests could
have their thresholds set. I.E. 10 calls in 5 minutes trunk to trunk
after hours. All call records were converted to an easily read ASCII
format (Start record, End record, Auth Code record, etc.) and stored in
a database on the P.C.
Rather then using lots of disk files I used linked lists in menory to
store call states. If a threashold was violated it would initiate an
alarm (another task) to call the regional call center for our company.
Displaying calling site ID, Date, Time and alarm message.
The remote P.C. could also be used locally as the access port for the
PBX/Switch/Voice Mail systems.
The remote monitoring P.C. was backed up by UPS. It would phone in the
event of a power failure and routinely once a day for the I'm alive and
OK test with the HP Unix box. Oh, yea, if someone unplugged the RS-232
cable from the SMDR port a special alarm was generated.
Alarms not acknowleged within a variable time period would be resent.
The person on duty in the regional call center using their P.C. simply
entered the site ID and called the monitoring computer. Logged in and
reviewed the alarm detail and its associated call records.
The regional center used HP Unix mini computers backed up by UPS and
generator. The equipment in the alarm center was also on UPS.
As far as I know only two sites triggered alarms and one was on a
Saturday triggered by trunk to trunk calls to south america via the
voice mail system. Someone had call forwarded their phone to the trunk
access code. That got shut down pretty quick after the on duty support
person called me at home explaining he had never seen this type of
alarm before. I had her follow the detailed procedures on here alarm
P.C. We got to the root of the problem and switch security was fixed.
As a quick fix I had the support person disable the forwarded line then
change the number to a RAN recording using Debug. Monday security fixed
and no more forwarding to trunk access codes and one lost job.
That was I think one of the most complex projects I did (both ends).
--- In firstname.lastname@example.org, Michael Harpe <mharpe79@...> wrote:
> Heh heh
> Mike Harpe