home *** CD-ROM | disk | FTP | other *** search
-
-
- CCiTT #7 Monitoring
-
-
- The information presented here is based on Data of :
-
- ■ Bellcore (Bell Communication Research) - USA
- ■ Mercury Communications - United Kingdom
- ■ Telekom - Germany
- ■ AcceSS 7 - Hewlett Packard Research CCiTT #7 Monitoring System
-
-
- Note that some of the data presented in this article might be
- classified material by some of those companies.
-
-
-
-
-
- What is CCiTT #7
- ----------------
- CCiTT #7 is the newest signalling system also called SS7 (or also Common
- Channel Signalling No.7). It uses two channels for communication.
- The first is the voice channel (or what ever you are transmitting over it)
- and the second is the data channel. This data channels is completly seperated
- from the voice channel and holds all calling information in it plus has got
- the advanced features of caller ID, call forwarding, conference calling,
- credit card calls, collect calls etc.
- This extra data channel was put in since ccitt #6 because first it disables
- now the "famous" blueboxing possiblity, second enhances line quality and
- third expands possiblities for new features like caller ID etc.
-
- It is used in nearly all west european countries, but now more and more
- other countries change to this system as well like israel for example.
-
-
-
-
-
-
-
- Monitoring Systems for CCiTT #7
- -------------------------------
- As far as i know the following Monitoring Systems are in existance and
- available for telecommunication companies :
-
- ■ Bellcore : Davin and NetMavin
- ■ Hewlett Packard : HP E4250A, also known as AcceSS 7
- ■ Unisys : NIRIS Information Platform
- ■ Algen : Probe
-
- ■ Bellcore's monitoring system is based on unix and is programmed in C using
- the X11 Unix Window System but can also be run on vt100 terminals and soon
- on Macintoshs too. It can run on any workstation which is Unix compactible.
- It has got also the possbility to work with data from other
- Monitoring Systems like AcceSS 7 from HP and also use the C libraries from
- HP's system.
- It's easy to use with mouse support, Window graphic displays in realtime,
- Zooming etc.
-
- Interesting Options are for example :
- Monitoring calls from a specific telephone number
- Automatic Fraud Detection
- Multiple simultaneos call traced (up to 100)
- Bellcore's Davin and NetMavin is used by Bell and Mercury Telecommunication.
-
-
- ■ Hewlett Packards monitoring system is more general than Bellcore's.
- It's based on HP unix machines (Apollos I think) running HPUX Unix.
- It is very flexible and can link in any CCiTT #7 system.
- Everything is written in C and the customer can program, enhance and tune
- the monitoring tools as they like. Basic Tools are implemented so is the
- monitoring data collection tools, but everything else must be programmed
- by the customer or by an HP service team - but be sure they know what they
- can do and will program everything to get you.
- HP's AcceSS 7 System is used by the german Telecom.
- (Installed in Frankfurt, Duesseldorf, Stuttgart and Nuernberg with
- Controll Centers in Frankfurt and Bamberg)
-
-
- ■ Sorry, on the two others i haven't got any information, and i don't know
- if other monitoring systems exist.
-
-
- Of course Fraud Detection is not the main point of CCiTT #7 Monitoring.
- It's more gathering traffic statistics for network planning, optimizing,
- error controlling & detecting, and market decicions - but fraud detection
- is an important part.
-
-
-
-
- How does CCiTT #7 Fraud Detection work
- --------------------------------------
- Automatic Fraud Detection is based on pattern matching.
- Patterns must first be measured for each every communication network/area.
- Everything which is out of this pattern triggers an alarm.
- Out-of-Pattern are :
- identify calls of long duration
- repeated calls to a particular dialed number from the same area of origin
- repeated calls from the same area of origin to different numbers
- long/many calls from an unbillable number
- dialing special numbers
- dialing many toll free numbers
-
- A triggered alarm can result in anything, also depending on type of alarm :
- saving data to log
- continued electronical oberservation to detect more out-of-pattern behavior
- autotrace
- alarm operator
-
-
- XXXXXXXXXXXXXXXX
- XXXXXXXXXXXXXXXX \
- XXXXXXXXXXXXXXXX \
- XXXXXXXXXXXXXXXX \ Out-of- --> XXXXXXXX \ Continues --> XX
- XXXXXXXXXXXXXXXX - Pattern --> XXXXXXXX - Out-of-Pattern --> XX
- XXXXXXXXXXXXXXXX / XXXXXXXX / or
- XXXXXXXXXXXXXXXX / Manual
- XXXXXXXXXXXXXXXX / Inverstigation
- XXXXXXXXXXXXXXXX
-
- Calls going Monitoring Alarms of Continued FRAUD
- though Monitoring system Monitoring Out-of-Pattern CASES
- system Analyzing system or
- Manual Investigation
-
-
-
-
- Yes thats all ... there aren't much information available and even those
- mentioned here are only known to a small group, although someone could
- logically think it would be this way, but now you know it for sure ;-)
-
-
- Please note that some data might be wrong or outdated (also it should not).
- If so please tell me and in the next issue I'll present the new/corrected data.
- If you got additional data, do something for the phreaker community and
- send it me to release it in the next magazine or release it on your own!
-
-
- Ciao...
- van Hauser
-
-
