11 The information presented here is based on Data of :
\r
13 þ Bellcore (Bell Communication Research) - USA
\r
14 þ Mercury Communications - United Kingdom
\r
16 þ AcceSS 7 - Hewlett Packard Research CCiTT #7 Monitoring System
\r
19 Note that some of the data presented in this article might be
\r
20 classified material by some of those companies.
\r
28 CCiTT #7 is the newest signalling system also called SS7 (or also Common
\r
29 Channel Signalling No.7). It uses two channels for communication.
\r
30 The first is the voice channel (or what ever you are transmitting over it)
\r
31 and the second is the data channel. This data channels is completly seperated
\r
32 from the voice channel and holds all calling information in it plus has got
\r
33 the advanced features of caller ID, call forwarding, conference calling,
\r
34 credit card calls, collect calls etc.
\r
35 This extra data channel was put in since ccitt #6 because first it disables
\r
36 now the "famous" blueboxing possiblity, second enhances line quality and
\r
37 third expands possiblities for new features like caller ID etc.
\r
39 It is used in nearly all west european countries, but now more and more
\r
40 other countries change to this system as well like israel for example.
\r
48 Monitoring Systems for CCiTT #7
\r
49 -------------------------------
\r
50 As far as i know the following Monitoring Systems are in existance and
\r
51 available for telecommunication companies :
\r
53 þ Bellcore : Davin and NetMavin
\r
54 þ Hewlett Packard : HP E4250A, also known as AcceSS 7
\r
55 þ Unisys : NIRIS Information Platform
\r
58 þ Bellcore's monitoring system is based on unix and is programmed in C using
\r
59 the X11 Unix Window System but can also be run on vt100 terminals and soon
\r
60 on Macintoshs too. It can run on any workstation which is Unix compactible.
\r
61 It has got also the possbility to work with data from other
\r
62 Monitoring Systems like AcceSS 7 from HP and also use the C libraries from
\r
64 It's easy to use with mouse support, Window graphic displays in realtime,
\r
67 Interesting Options are for example :
\r
68 Monitoring calls from a specific telephone number
\r
69 Automatic Fraud Detection
\r
70 Multiple simultaneos call traced (up to 100)
\r
71 Bellcore's Davin and NetMavin is used by Bell and Mercury Telecommunication.
\r
74 þ Hewlett Packards monitoring system is more general than Bellcore's.
\r
75 It's based on HP unix machines (Apollos I think) running HPUX Unix.
\r
76 It is very flexible and can link in any CCiTT #7 system.
\r
77 Everything is written in C and the customer can program, enhance and tune
\r
78 the monitoring tools as they like. Basic Tools are implemented so is the
\r
79 monitoring data collection tools, but everything else must be programmed
\r
80 by the customer or by an HP service team - but be sure they know what they
\r
81 can do and will program everything to get you.
\r
82 HP's AcceSS 7 System is used by the german Telecom.
\r
83 (Installed in Frankfurt, Duesseldorf, Stuttgart and Nuernberg with
\r
84 Controll Centers in Frankfurt and Bamberg)
\r
87 þ Sorry, on the two others i haven't got any information, and i don't know
\r
88 if other monitoring systems exist.
\r
91 Of course Fraud Detection is not the main point of CCiTT #7 Monitoring.
\r
92 It's more gathering traffic statistics for network planning, optimizing,
\r
93 error controlling & detecting, and market decicions - but fraud detection
\r
94 is an important part.
\r
99 How does CCiTT #7 Fraud Detection work
\r
100 --------------------------------------
\r
101 Automatic Fraud Detection is based on pattern matching.
\r
102 Patterns must first be measured for each every communication network/area.
\r
103 Everything which is out of this pattern triggers an alarm.
\r
104 Out-of-Pattern are :
\r
105 identify calls of long duration
\r
106 repeated calls to a particular dialed number from the same area of origin
\r
107 repeated calls from the same area of origin to different numbers
\r
108 long/many calls from an unbillable number
\r
109 dialing special numbers
\r
110 dialing many toll free numbers
\r
112 A triggered alarm can result in anything, also depending on type of alarm :
\r
114 continued electronical oberservation to detect more out-of-pattern behavior
\r
121 XXXXXXXXXXXXXXXX \
\r
122 XXXXXXXXXXXXXXXX \ Out-of- --> XXXXXXXX \ Continues --> XX
\r
123 XXXXXXXXXXXXXXXX - Pattern --> XXXXXXXX - Out-of-Pattern --> XX
\r
124 XXXXXXXXXXXXXXXX / XXXXXXXX / or
\r
125 XXXXXXXXXXXXXXXX / Manual
\r
126 XXXXXXXXXXXXXXXX / Inverstigation
\r
129 Calls going Monitoring Alarms of Continued FRAUD
\r
130 though Monitoring system Monitoring Out-of-Pattern CASES
\r
131 system Analyzing system or
\r
132 Manual Investigation
\r
137 Yes thats all ... there aren't much information available and even those
\r
138 mentioned here are only known to a small group, although someone could
\r
139 logically think it would be this way, but now you know it for sure ;-)
\r
142 Please note that some data might be wrong or outdated (also it should not).
\r
143 If so please tell me and in the next issue I'll present the new/corrected data.
\r
144 If you got additional data, do something for the phreaker community and
\r
145 send it me to release it in the next magazine or release it on your own!
\r