Technical information

ManualsBrandsAT&T ManualsNetwork RouterDEFINITY Remote Port Security Device

151

152

153

154

155

156

157

158

159

160

MERLIN LEGEND/MAGIX Toll Fraud

Issue 7 June 2001

5-23

 If the Automated Attendant prompts callers to use Remote Call Forwarding

(RCF) to reach an outside telephone number, the system may be

susceptible to toll fraud. An example of this application is a menu or

submenu that says, “To reach our answering service, select prompt

number 5,” and transfers a caller to an external telephone number. Remote

Call Forwarding can be used securely only when the central office provides

“reliable disconnect” (sometimes referred to as forward disconnect or

disconnect supervision), which guarantees that the central office does not

return a dial tone after the called party hangs up. In most cases, the central

office facility is a loop-start line/trunk which does not provide reliable

disconnect. When loop-start lines/trunks are used, if the calling party stays

on the line, the central office does return a dial tone at the conclusion of the

call, enabling the caller to place another call as if it were being placed from

your company. Ground-start trunks provide reliable disconnect and should

be used whenever possible.

Preventive Measures

Take the following preventive measures to limit the risk of unauthorized use of the

Automated Attendant feature by hackers:

 Do not use Automated Attendant prompts for Automatic Route Selection

(ARS) codes or Pooled Facility codes.

 Assign all unused Automated Attendant selector codes to zero, so that

attempts to dial theseare routed to the system attendant.

 If Remote Call Forwarding (RCF) is required, MERLIN MAGIX Integrated

System owners should coordinate with their Avaya Account Team or

authorized dealer to verify the type of central office facility used for RCF. If

it is a ground-start line/trunk, or if it is a loop-start line/trunk and central

office reliable disconnect can be ensured, then nothing else needs to be

done. In most cases, these are loop-start lines/trunks without reliable

disconnect. The local telephone company must be involved in order to

change the facilities used for RCF to ground-start line/trunks. Usually, a

charge applies for this change. Also, hardware and software changes may

be necessary in the MERLIN MAGIX Integrated System. The MERLIN

Messaging Automated Attendant feature merely accesses the RCF feature

in the MERLIN MAGIX Integrated System. Without these changes being

made, this feature is highly susceptible to toll fraud. These same

preventive measures must be taken if the RCF feature is active for

MERLIN MAGIX Integrated System extensions, whether or not it is

accessed by an Automated Attendant menu.