123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 |
- CCiTT #7 Monitoring
- The information presented here is based on Data of :
- þ Bellcore (Bell Communication Research) - USA
- þ Mercury Communications - United Kingdom
- þ Telekom - Germany
- þ AcceSS 7 - Hewlett Packard Research CCiTT #7 Monitoring System
- Note that some of the data presented in this article might be
- classified material by some of those companies.
- What is CCiTT #7
- ----------------
- CCiTT #7 is the newest signalling system also called SS7 (or also Common
- Channel Signalling No.7). It uses two channels for communication.
- The first is the voice channel (or what ever you are transmitting over it)
- and the second is the data channel. This data channels is completly seperated
- from the voice channel and holds all calling information in it plus has got
- the advanced features of caller ID, call forwarding, conference calling,
- credit card calls, collect calls etc.
- This extra data channel was put in since ccitt #6 because first it disables
- now the "famous" blueboxing possiblity, second enhances line quality and
- third expands possiblities for new features like caller ID etc.
- It is used in nearly all west european countries, but now more and more
- other countries change to this system as well like israel for example.
- Monitoring Systems for CCiTT #7
- -------------------------------
- As far as i know the following Monitoring Systems are in existance and
- available for telecommunication companies :
- þ Bellcore : Davin and NetMavin
- þ Hewlett Packard : HP E4250A, also known as AcceSS 7
- þ Unisys : NIRIS Information Platform
- þ Algen : Probe
- þ Bellcore's monitoring system is based on unix and is programmed in C using
- the X11 Unix Window System but can also be run on vt100 terminals and soon
- on Macintoshs too. It can run on any workstation which is Unix compactible.
- It has got also the possbility to work with data from other
- Monitoring Systems like AcceSS 7 from HP and also use the C libraries from
- HP's system.
- It's easy to use with mouse support, Window graphic displays in realtime,
- Zooming etc.
- Interesting Options are for example :
- Monitoring calls from a specific telephone number
- Automatic Fraud Detection
- Multiple simultaneos call traced (up to 100)
- Bellcore's Davin and NetMavin is used by Bell and Mercury Telecommunication.
- þ Hewlett Packards monitoring system is more general than Bellcore's.
- It's based on HP unix machines (Apollos I think) running HPUX Unix.
- It is very flexible and can link in any CCiTT #7 system.
- Everything is written in C and the customer can program, enhance and tune
- the monitoring tools as they like. Basic Tools are implemented so is the
- monitoring data collection tools, but everything else must be programmed
- by the customer or by an HP service team - but be sure they know what they
- can do and will program everything to get you.
- HP's AcceSS 7 System is used by the german Telecom.
- (Installed in Frankfurt, Duesseldorf, Stuttgart and Nuernberg with
- Controll Centers in Frankfurt and Bamberg)
- þ Sorry, on the two others i haven't got any information, and i don't know
- if other monitoring systems exist.
- Of course Fraud Detection is not the main point of CCiTT #7 Monitoring.
- It's more gathering traffic statistics for network planning, optimizing,
- error controlling & detecting, and market decicions - but fraud detection
- is an important part.
- How does CCiTT #7 Fraud Detection work
- --------------------------------------
- Automatic Fraud Detection is based on pattern matching.
- Patterns must first be measured for each every communication network/area.
- Everything which is out of this pattern triggers an alarm.
- Out-of-Pattern are :
- identify calls of long duration
- repeated calls to a particular dialed number from the same area of origin
- repeated calls from the same area of origin to different numbers
- long/many calls from an unbillable number
- dialing special numbers
- dialing many toll free numbers
- A triggered alarm can result in anything, also depending on type of alarm :
- saving data to log
- continued electronical oberservation to detect more out-of-pattern behavior
- autotrace
- alarm operator
- XXXXXXXXXXXXXXXX
- XXXXXXXXXXXXXXXX \
- XXXXXXXXXXXXXXXX \
- XXXXXXXXXXXXXXXX \ Out-of- --> XXXXXXXX \ Continues --> XX
- XXXXXXXXXXXXXXXX - Pattern --> XXXXXXXX - Out-of-Pattern --> XX
- XXXXXXXXXXXXXXXX / XXXXXXXX / or
- XXXXXXXXXXXXXXXX / Manual
- XXXXXXXXXXXXXXXX / Inverstigation
- XXXXXXXXXXXXXXXX
- Calls going Monitoring Alarms of Continued FRAUD
- though Monitoring system Monitoring Out-of-Pattern CASES
- system Analyzing system or
- Manual Investigation
-
- Yes thats all ... there aren't much information available and even those
- mentioned here are only known to a small group, although someone could
- logically think it would be this way, but now you know it for sure ;-)
- Please note that some data might be wrong or outdated (also it should not).
- If so please tell me and in the next issue I'll present the new/corrected data.
- If you got additional data, do something for the phreaker community and
- send it me to release it in the next magazine or release it on your own!
- Ciao...
- van Hauser
|