RE: (ASCEND) Outgoing calls happening w/no callback enabled?

[basher@alpha.ces.cwru.edu (Tim Basher)]

> Bell Atlantic insists that $4000 worth of calls are going out on our PRI's

When are the calls being made?
Is there a cluster to the times of the calls?
If so, then you might try to monitor the equipment more closely at that time.

> Almost all of the numbers being called answer with a modem.

Do any of the numbers match the numbers recorded in the RADIUS Accounting
details file?

> If we do set up a callback account, then sure enough the outgoing call
> is logged to our access logs.

Do you mean the "Syslog" information or the Accounting information?

> This makes me suspect perhaps someone has managed to connect to our
> MAX's and then leap elsewhere with an outbound call.  Possible?

There are a number of ways that you can cause a MAX to dial out and
a number of security points you should check.

Dialout #1 - Setting up an Dialout user with a local profile
Dialout #2 - Setting up an Dialout user with a RADIUS profile and route
Dialout #3 - Setting up a Callback profile (local or RADIUS)
Dialout #4 - The "immediate modem" feature
	note- Although this can be default disabled with the "Modem Dialout"
	paramter, the default can be over-ridden using the RADIUS attribute
	Ascend-Dialout-Allowed.
Dialout #5 - terminal server (termsrv) "open" command
Dialout #6 - terminal server (termsrv) "test" command
Dialout #7 - Enabling either MPP or BACP protocols for a connection

You should try to follow the basic steps to secure your MAX to prevent
people from modifying your configuration.

Security #1 - Make sure you enable Telnet Security and install a Telnet PW.
Security #2 - Make sure you disable the Operations, Edit *, and * Diag
              functions in the Default Security profile.
Security #3 - Make sure you either disable the SNMP R/W Community or
              change the default SNMP R/W Community or that you enable
              SNMP security and define the WR Mgr addresses
Security #4 - Read the MAX Security Supplement for more tips

Some steps you might take to try to see what is happening.  Make sure
that you enable syslog on the MAX.  Enable the "mdialout" Diagnostic 
command.  Periodically use the "mdialsess" Diagnostic command to check
for dialout sessions.

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

Follow-Ups:

• RE: (ASCEND) Outgoing calls happening w/no callback enabled?
• From: Rob Francis <rfrancis@dti.net>

---

• Prev by Date: (ASCEND) 2.1.9 for MaxTNT
• Next by Date: RE: (ASCEND) T1 PRI pinouts
• Prev by thread: RE: (ASCEND) Outgoing calls happening w/no callback enabled?
• Next by thread: RE: (ASCEND) Outgoing calls happening w/no callback enabled?
• Index(es):
  • Main
  • Thread