--- /dev/null
+\r
+\r
+\r
+\r
+ CCiTT #7 Monitoring\r
+\r
+\r
+\r
+\r
+\r
+ The information presented here is based on Data of :\r
+\r
+ þ Bellcore (Bell Communication Research) - USA\r
+ þ Mercury Communications - United Kingdom\r
+ þ Telekom - Germany\r
+ þ AcceSS 7 - Hewlett Packard Research CCiTT #7 Monitoring System\r
+\r
+\r
+Note that some of the data presented in this article might be\r
+classified material by some of those companies. \r
+\r
+\r
+\r
+\r
+\r
+ What is CCiTT #7\r
+ ----------------\r
+CCiTT #7 is the newest signalling system also called SS7 (or also Common\r
+Channel Signalling No.7). It uses two channels for communication. \r
+The first is the voice channel (or what ever you are transmitting over it) \r
+and the second is the data channel. This data channels is completly seperated\r
+from the voice channel and holds all calling information in it plus has got\r
+the advanced features of caller ID, call forwarding, conference calling, \r
+credit card calls, collect calls etc.\r
+This extra data channel was put in since ccitt #6 because first it disables\r
+now the "famous" blueboxing possiblity, second enhances line quality and\r
+third expands possiblities for new features like caller ID etc.\r
+\r
+It is used in nearly all west european countries, but now more and more\r
+other countries change to this system as well like israel for example.\r
+\r
+\r
+\r
+\r
+\r
+\r
+\r
+ Monitoring Systems for CCiTT #7\r
+ -------------------------------\r
+As far as i know the following Monitoring Systems are in existance and \r
+available for telecommunication companies :\r
+\r
+ þ Bellcore : Davin and NetMavin\r
+ þ Hewlett Packard : HP E4250A, also known as AcceSS 7\r
+ þ Unisys : NIRIS Information Platform\r
+ þ Algen : Probe\r
+\r
+þ Bellcore's monitoring system is based on unix and is programmed in C using\r
+ the X11 Unix Window System but can also be run on vt100 terminals and soon\r
+ on Macintoshs too. It can run on any workstation which is Unix compactible.\r
+ It has got also the possbility to work with data from other \r
+ Monitoring Systems like AcceSS 7 from HP and also use the C libraries from\r
+ HP's system. \r
+ It's easy to use with mouse support, Window graphic displays in realtime,\r
+ Zooming etc.\r
+\r
+ Interesting Options are for example : \r
+ Monitoring calls from a specific telephone number\r
+ Automatic Fraud Detection\r
+ Multiple simultaneos call traced (up to 100)\r
+ Bellcore's Davin and NetMavin is used by Bell and Mercury Telecommunication.\r
+\r
+\r
+þ Hewlett Packards monitoring system is more general than Bellcore's. \r
+ It's based on HP unix machines (Apollos I think) running HPUX Unix.\r
+ It is very flexible and can link in any CCiTT #7 system. \r
+ Everything is written in C and the customer can program, enhance and tune\r
+ the monitoring tools as they like. Basic Tools are implemented so is the\r
+ monitoring data collection tools, but everything else must be programmed\r
+ by the customer or by an HP service team - but be sure they know what they\r
+ can do and will program everything to get you.\r
+ HP's AcceSS 7 System is used by the german Telecom.\r
+ (Installed in Frankfurt, Duesseldorf, Stuttgart and Nuernberg with\r
+ Controll Centers in Frankfurt and Bamberg)\r
+\r
+\r
+þ Sorry, on the two others i haven't got any information, and i don't know\r
+ if other monitoring systems exist.\r
+\r
+\r
+Of course Fraud Detection is not the main point of CCiTT #7 Monitoring.\r
+It's more gathering traffic statistics for network planning, optimizing,\r
+error controlling & detecting, and market decicions - but fraud detection\r
+is an important part.\r
+\r
+\r
+\r
+\r
+ How does CCiTT #7 Fraud Detection work\r
+ --------------------------------------\r
+Automatic Fraud Detection is based on pattern matching.\r
+Patterns must first be measured for each every communication network/area.\r
+Everything which is out of this pattern triggers an alarm.\r
+Out-of-Pattern are :\r
+ identify calls of long duration\r
+ repeated calls to a particular dialed number from the same area of origin\r
+ repeated calls from the same area of origin to different numbers\r
+ long/many calls from an unbillable number\r
+ dialing special numbers\r
+ dialing many toll free numbers\r
+\r
+A triggered alarm can result in anything, also depending on type of alarm :\r
+ saving data to log\r
+ continued electronical oberservation to detect more out-of-pattern behavior\r
+ autotrace\r
+ alarm operator\r
+\r
+\r
+ XXXXXXXXXXXXXXXX\r
+ XXXXXXXXXXXXXXXX \\r
+ XXXXXXXXXXXXXXXX \ \r
+ XXXXXXXXXXXXXXXX \ Out-of- --> XXXXXXXX \ Continues --> XX\r
+ XXXXXXXXXXXXXXXX - Pattern --> XXXXXXXX - Out-of-Pattern --> XX\r
+ XXXXXXXXXXXXXXXX / XXXXXXXX / or\r
+ XXXXXXXXXXXXXXXX / Manual \r
+ XXXXXXXXXXXXXXXX / Inverstigation\r
+ XXXXXXXXXXXXXXXX\r
+\r
+ Calls going Monitoring Alarms of Continued FRAUD\r
+ though Monitoring system Monitoring Out-of-Pattern CASES\r
+ system Analyzing system or \r
+ Manual Investigation\r
+ \r
+\r
+\r
+\r
+Yes thats all ... there aren't much information available and even those\r
+mentioned here are only known to a small group, although someone could\r
+logically think it would be this way, but now you know it for sure ;-)\r
+\r
+\r
+Please note that some data might be wrong or outdated (also it should not).\r
+If so please tell me and in the next issue I'll present the new/corrected data.\r
+If you got additional data, do something for the phreaker community and\r
+send it me to release it in the next magazine or release it on your own!\r
+\r
+\r
+Ciao...\r
+ van Hauser\r
+\1a
\ No newline at end of file
projects / oweals / thc-archive.git / blobdiff