Solved: Unity connection 9.1 making international calls

Richard Bradfield · ‎06-01-2014

Our telephone system was hacked over the weekend( First time ever), I looks like a number was dialled from outside, it went to voicemail, then the Unity connection dialed an International number. We had about 3,000 hits over the weekend. Will blocking the international dialing code in the restriction tables stop this? Also how can this happen when I dial a VM port directly I just get the "enter pin followed by hash" message if I try and enter a telephone number it gets rejected.

any enlightment on this will be helpfull

David Hailey · ‎06-02-2014

A couple things:

First, when you configure Call Handlers there is a setting in the Caller Input options to allow users to dial extensions during the greeting. You can bypass that and other input type options there.

Second, restriction tables are useful here but if you want to ensure that Unity Connection cannot dial to undesired locations then you should set class of restriction within the CUCM and apply that CSS to the VM ports for outbound calls.

Hailey

View solution in original post

Jaime Valencia · ‎06-01-2014

Yes, make sure restriction tables do not allow these calls, and also the VM integration does not have access to the RP for international calls.

If you have the allow transfer to numbers that do not belong to a subscriber, they can try this from any call handler that allows caller input.

HTH

java

if this helps, please rate

AskQ2Forum_2 · ‎06-02-2014

Hi Jamie and all,

the default behaviour will allow you to dial any number during a greeting (restriction tables permitting) - is there any way of stopping that normal behaviour - for example my greeting says 'press 1 for sales, 2 for marketing, etc' but if i ignore that and just dial any number then it will dial the number . whereis this setup and how can we stop it. (will help us preventing international fraudulent activity using the user system transfer feature)....TIA, JagS

David Hailey · ‎06-02-2014

A couple things:

First, when you configure Call Handlers there is a setting in the Caller Input options to allow users to dial extensions during the greeting. You can bypass that and other input type options there.

Second, restriction tables are useful here but if you want to ensure that Unity Connection cannot dial to undesired locations then you should set class of restriction within the CUCM and apply that CSS to the VM ports for outbound calls.

Hailey

Rolando Valenzuela · ‎06-02-2014

David/Jaime,

I was wondering if this behavior only applies if you have a option menu as greeting?, what about the default settings? when you are forwarded to the Voicemail box directly?

Thanks.

David Hailey · ‎06-02-2014

I think there is probably more to this story and the devil is in the details. When you are forwarded to a user greeting, there are still similar options available in terms of input and etc. There are also ways to back out and possibly move around within menus by using the star key, entering extensions, etc. Setting the COR in the PBX is the way to go IMO.

Hailey

Richard Bradfield · ‎06-02-2014

Thanks for every ones input, I think the main way of stopping unwanted outgoing calls is to setup the CSS in the CUCM which I have done only allowing internal calls from the Unity Connections