informis/textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
278a90f7ce
textfiles/phreak/SWITCHES/bbfraud.txt

1261 lines
38 KiB
Plaintext
Raw Normal View History

Initial commit
2021-04-15 11:31:59 -07:00
TABLE OF CONTENTS BLUE BOX FRAUD DETECTION DESC
1001-132
NTP
NORTHERN TELECOM PRACTICE 297-1001-132
ISSUED: 87 04 24
RELEASE: 02.01 STANDARD
DIGITAL SWITCHING SYSTEMS
DMS*-100 FAMILY
BLUE BOX FRAUD DETECTION
FEATURE DESCRIPTION
* DMS-100 is a trademark of Northern Telecom
Page 1
21 pages
PRACTICE 297-1001-132
RELEASE: 02.01
(c) Northern Telecom 1980, 1987
Page 2
PRACTICE 297-1001-132
RELEASE: 02.01
CONTENTS
PAGE
1. INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . 4
General . . . . . . . . . . . . . . . . . . . . . . . . 4
Practice Application . . . . . . . . . . . . . . . . . . 4
Reason for Reissue . . . . . . . . . . . . . . . . . . . 5
Software Identification . . . . . . . . . . . . . . . . 5
Command Format Conventions . . . . . . . . . . . . . . . 5
References . . . . . . . . . . . . . . . . . . . . . . . 5
2. DESCRIPTION . . . . . . . . . . . . . . . . . . . . . . 7
Testing for Fraudulent Calls . . . . . . . . . . . . . . 10
Recording Fraudulent Calls . . . . . . . . . . . . . . . 11
Disposing of Fraudulent Calls . . . . . . . . . . . . . 12
Cut the Call . . . . . . . . . . . . . . . . . . . . 12
Continue the Call . . . . . . . . . . . . . . . . . 12
3. OPERATIONAL MEASUREMENTS . . . . . . . . . . . . . . . . 13
4. MAN-MACHINE INTERFACE . . . . . . . . . . . . . . . . . 14
Commands . . . . . . . . . . . . . . . . . . . . . . . . 14
Alarms . . . . . . . . . . . . . . . . . . . . . . . . . 17
Logs . . . . . . . . . . . . . . . . . . . . . . . . . . 17
5. GLOSSARY . . . . . . . . . . . . . . . . . . . . . . . . 20
FIGURES
FIG. TITLE PAGE
1 Fraudulent Call Setup . . . . . . . . . . . . . . . . . 8
2 The Extra Wink . . . . . . . . . . . . . . . . . . . . 9
3 The Reserved Multifrequency Receiver . . . . . . . . . 10
Page 3
INTRODUCTION BLUE BOX FRAUD DETECTION DESC
1001-132
NTP
PRACTICE 297-1001-132
RELEASE: 02.01
1. INTRODUCTION
GENERAL
1.01 This Practice describes the Blue Box Fraud Detection fea-
ture and its operation within the DMS-100 Family. A "blue
box" is any device, connected illegally to a subscriber's line,
that can produce both a 2600 Hz tone and multifrequency (MF) dig-
its.
1.02 To place a fraudulent call, the perpetrator performs two
steps:
1. Use a normal telephone to place a normal call. This call is
usually a free or inexpensive call, and uses a Single Fre-
quency (SF) trunk beyond the perpetrator's billing office.
2. Use a blue box to place the fraudulent call. This call uses
the SF trunk seized for the original, normal call.
1.03 Calls placed with a blue box are typically undetected by
the perpetrator's billing office, thus the term "blue box
fraud."
1.04 The Blue Box Fraud Detection feature attempts to discover
fraudulent MF signaling over Centralized Automatic Message
Accounting (CAMA) and SuperCAMA trunks; it does not detect frau-
dulent signaling over Traffic Operator Position System (TOPS)
trunks. This feature can alert the operating company of a frau-
dulent call attempt and either allow billing to be made for the
call or disconnect the call.
1.05 This feature detects fraudulent MF signaling but does not
detect fraudulent SF pulsing. No customer data schema is
required, because the feature is activated and deactivated using
the Command Interpreter (CI) facilities at the Maintenance and
Administration Position (MAP1). The feature implements the meth-
od of detection of fraudulent toll telephone calls described in
U.S. patent 4,001,513.
PRACTICE APPLICATION
1.06 The information contained in this Practice is applicable
to offices having Batch Change Supplement release 22
(BCS22) software. It is also applicable to offices having a BCS
release greater than 22 unless reissued. The application of all
Northern Telecom Practices (NTP) editions with respect to a given
BCS release is given in 297-1001-001.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
1 MAP is a trademark of Northern Telecom.
Page 4
PRACTICE 297-1001-132
RELEASE: 02.01
REASON FOR REISSUE
1.07 This Practice has been reissued to revise the content and
format of the existing document. Due to the extent of
these changes, revision bars are not included in the text.
SOFTWARE IDENTIFICATION
1.08 Software applicable to a specific DMS-100 Family office is
identified by a BCS release number and by Northern Telecom
(NT) Product Engineering Codes (PEC). The significance of the
BCS number and the PEC is described in 297-1001-450 (section
450/32) and in the Office Feature Record D-190.
1.09 A display of the BCS number and PEC for the NT feature
packages available in a specific office can be obtained by
entering the command string:
PATCHER;INFORM LIST;LEAVE
at a MAP.
COMMAND FORMAT CONVENTIONS
1.10 In this Practice, a uniform system of notation is used to
illustrate system commands and responses. It shows the
order in which command elements appear, the punctuation, and the
options. Where the conventions are not used, an explanation is
given in the text.
CAPITAL letters or show constants, commands, or keywords that
special characters the system accepts when entered as writ-
ten.
lowercase letters show a user- or system-supplied para-
meter. Definitions are given for each par-
ameter.
Brackets [ ] or <20> <20> enclose optional parameters. A vertical
<20> <20> list enclosed in brackets means that one
<20> <20> or more of the parameters may be selected.
REFERENCES
1.11 References listed as prerequisites are essential for an
understanding of this Practice. Those listed as inform-
ative contain detailed information concerning other items men-
tioned in this Practice, but are not essential. References are
inserted at the appropriate places in the text.
Page 5
PRACTICE 297-1001-132
RELEASE: 02.01
Note: The documents listed may exist in more than one version.
See 297-1001-001 to determine the release code of the version
compatible with a specific release of software.
Prerequisite References
DOCUMENT
NUMBER TITLE
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
297-1001-100 System Description
Informative References
DOCUMENT
NUMBER TITLE
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
GFXINDEX General Feature Description Index of Documents
297-1001-001 Master Index of Practices
297-1001-114 Operational Measurements (OM)
297-1001-119 Automatic Message Accounting - Northern Telecom
Format
297-1001-450 Provisioning
297-1001-510 Log Report Manual
Page 6
DESCRIPTION BLUE BOX FRAUD DETECTION DESC
1001-132
NTP
PRACTICE 297-1001-132
RELEASE: 02.01
2. DESCRIPTION
2.01 The Blue Box Fraud Detection feature allows the DMS-200 to
perform three fraud detection functions:
o test for fraudulent calls
o record fraudulent calls
o dispose of fraudulent calls (cut or continue).
2.02 Figure 1 on page 8 describes how a perpetrator initiates a
fraudulent call. Figure 2 on page 9 describes how the
system responds to a fraudulent call, and how the testing proce-
dure is invoked. Figure 3 on page 10 describes how the DMS-200
prepares to test for fraudulent calls.
Page 7
PRACTICE 297-1001-132
RELEASE: 02.01
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD>Ŀ
/O\ To place a fraudulent call,
<20> the perpetrator first
<20> places a normal call.
<20>
V The End Office sends the
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ digits to the CAMA office.
<20> <20>
<20> END <20> The CAMA office receives
<20> OFFICE <20> and translates the digits
<20> <20> from the End Office, and
<20> <20> seizes an outgoing trunk.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20> The office at the far end
<20> of the outgoing trunk winks
<20> in response, and the CAMA
CAMA <20> office sends the called
TRUNK <20> digits for this normal
<20> call.
<20>
<20> No fraud has taken place
V yet.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> CAMA <20>
<20> OFFICE <20>
<20> <20>
<20> DMS <20>
<20> 200 <20>
<20> <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20>
OUTGOING<4E> A
TRUNK<4E> <20>WINK
<20> <20>
<20>
V
Fig. 1 - Fraudulent Call Setup
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Page 8
PRACTICE 297-1001-132
RELEASE: 02.01
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD>Ŀ
/O\ Either before or after the
<20> original, normal call is
<20> answered, the perpetrator
<20><><EFBFBD><EFBFBD><EFBFBD>Ŀ <20> uses the blue box to place
<20>BLUE <20><><EFBFBD><EFBFBD><EFBFBD>><3E> a fraudulent call.
<20>BOX <20> <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> This fraudulent call causes
<20> the office at the far end
<20> of the outgoing trunk to
V wink, again, in response.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> <20> To the office at the far
<20> END <20> end of the outgoing trunk,
<20> OFFICE <20> the wink is normal. To the
<20> <20> CAMA office, however, the
<20> <20> wink is unexpected.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20> It is this extra wink that
<20> invokes the blue box fraud
CAMA <20> testing procedure.
TRUNK <20>
<20> Without the Blue Box Fraud
<20> Detection feature, the CAMA
<20> office ignores the wink.
<20>
<20>
<20>
<20>
V
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> CAMA <20>
<20> OFFICE <20>
<20> <20>
<20> DMS <20>
<20> 200 <20>
<20> <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20>
OUTGOING<4E> A
TRUNK<4E> <20>
<20> <20>
<20> WINK
V
Fig. 2 - The Extra Wink
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Page 9
PRACTICE 297-1001-132
RELEASE: 02.01
TESTING FOR FRAUDULENT CALLS
2.03 Triggered by the unexpected wink, the DMS-200 begins to
test the suspected call.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20><><EFBFBD>Ŀ
/O\ To test the call, the DMS-
<20> 200 establishes a broadcast
<20> network connection from the
<20><><EFBFBD><EFBFBD><EFBFBD>Ŀ <20> suspected incoming CAMA
<20>BLUE <20><><EFBFBD><EFBFBD><EFBFBD>><3E> trunk to a reserved MF
<20>BOX <20> <20> receiver (MFR).
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>
<20> These MFR are reserved when
V the feature is activated.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> <20> As long as the feature is
<20> END <20> active, the reserved MFR
<20> OFFICE <20> are not available for
<20> <20> standard call processing.
<20> <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> NOTE: The number of MFR set
<20> in reserve depends on the
<20> number of simultaneous
CAMA <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ fraud attempts expected.
TRUNK <20> <20>reserved<65> For provisioning MFR refer
<20>broadcast <20> <20> to 297-1001-450.
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ĵ MFR <20>
<20>connection<6F> <20> Following is a description
<20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> of the events that occur
<20> <20> after the MFR is attached.
<20> d<>
<20> i<>
<20> g<>
<20> i<>
<20> t<>
<20> s<>
V V
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> CAMA <20>
<20> OFFICE <20>
<20> DMS <20>
<20> 200 <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<20>
OUTGOING<4E>
TRUNK<4E>
<20>
<20>
V
Fig. 3 - The Reserved Multifrequency Receiver
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Page 10
PRACTICE 297-1001-132
RELEASE: 02.01
2.04 After attaching the MFR, the DMS-200 waits for one of the
following events:
EVENT EXPLANATION AND SYSTEM RESPONSE
Wink Wink on the same trunk again.
System Response: Reset the MFR timeout and continue
to wait.
Digits A fraudulent set of called digits has been
received.
System Response: Provide the charge utility with
these digits and use the Automatic Message Account-
ing (AMA) Event Information Digit to flag this call
as a Blue Box call.
Release the MFR.
If the CUT option was specified from the MAP, dis-
connect the call. Refer to Commands on page 14 for
information about the CUT option.
Call failure Mutilated digit(s) detected by the MFR. Several
things could cause this:
o the call may have released
o there may be a real transmission problem
o the perpetrator may be using SF pulsing.
System Response: Release the MFR and assume no
fraud has taken place.
MFR Timeout The time allowed to detect possible fraudulent MF
digits has expired.
System Response: Release the MFR and assume no
fraud has taken place.
RECORDING FRAUDULENT CALLS
2.05 The DMS-200 performs the following actions after detecting
a fraudulent call:
o If the CUT option was not specified, replace the original
digits in the charge buffer with the fraudulent digits.
Note: If the perpetrator places more than one fraudulent
call, only the last call appears in the charge buffer.
Page 11
PRACTICE 297-1001-132
RELEASE: 02.01
o Set the AMA event information digit to mark the call as a
Blue Box call. See 297-1001-119.
o If the office is performing AMA recording for this call, gen-
erate a log to alert the operating company office that a Blue
Box call is in progress. See Logs on page 17.
o If the ALARM option was specified at the MAP, generate a
visual/audible minor alarm.
DISPOSING OF FRAUDULENT CALLS
2.06 There are two options for disposing of fraudulent calls:
cut the call or continue the call.
Cut the Call
2.07 To cut a fraudulent call, the DMS-200 performs the follow-
ing actions:
o releases the MFR
o releases the connection between the originating and terminat-
ing agents of the call
o processes the AMA information
o deallocates the terminator
o sets treatment for the originator.
Continue the Call
2.08 If the CUT option was not specified, the DMS-200 releases
the MFR and the call continues. The perpetrator is billed
based on the fraudulent digits.
2.09 When the subscriber disconnects the call, the system gen-
erates a log and turns off the alarm if the ALARM option
was specified.
Page 12
OPERATIONAL MEASUREMENTS BLUE BOX FRAUD DETECTION DESC
1001-132
NTP
PRACTICE 297-1001-132
RELEASE: 02.01
3. OPERATIONAL MEASUREMENTS
3.01 The Operational Measurement BLUEBOX is associated with the
Blue Box Fraud Detection feature (see 297-1001-114 for
more information). The CI command OMSHOW BLUEBOX will display
the contents of each field.
3.02 BLUEBOX has the following fields:
FIELD DESCRIPTION
BBWinks Number of unexpected winks detected on incoming CAMA
trunks. These winks could indicate fraudulent calls.
BBAttach Number of successful MFR attachments to suspected
trunks.
BBDetect Number of fraudulent calls detected.
Page 13
MAN-MACHINE INTERFACE BLUE BOX FRAUD DETECTION DESC
1001-132
NTP
PRACTICE 297-1001-132
RELEASE: 02.01
4. MAN-MACHINE INTERFACE
4.01 The Blue Box Fraud Detection feature is activated by a CI
command issued at the MAP. The same command can be used
to query the status of the feature. The following section
describes the syntax and options of the commands.
COMMANDS
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> <20> <20>
<20> <20> <20>
<20> <20> <20> <20> <20><><EFBFBD> <20> <20>
<20> BLUEBOX <20> <20>ACT [nmfr [timeout <20>ALARM<52><4D><EFBFBD> <20> <20>
<20> <20> <20> <20>CUT <20><><EFBFBD> <20> <20>
<20> <20> <20> <20> <20><><EFBFBD> <20> <20>
<20> <20> <20>CLR <20> <20>
<20> <20> <20> <20> <20>
<20> <20> <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
activates, clears, or queries the status of the Blue Box Fraud
Detection feature. Activating the feature reserves the specified
number of MFR. Clearing the feature returns the MFR to the common
pool.
Where:
ACT activates the Blue Box feature and reserves the speci-
fied number of MFR.
CLR deactivates the Blue Box feature and returns the MFR to
the common pool.
nmfr specifies the number of MFR to be reserved.
o Range: 1 through 3.
o Default: 1.
timeout specifies the number of seconds the MFR will wait for
digits.
o Range: 5 through 35.
o Default: 30.
ALARM specifies that an audible/visual alarm will be generated
when a Blue Box call is detected.
CUT specifies that fraudulent calls will be disconnected.
If this parameter is not specified, the fraudulent call
will continue.
Page 14
PRACTICE 297-1001-132
RELEASE: 02.01
Notes:
1. The activation parameters are position-dependent. That is,
nmfr must be specified before timeout; both nmfr and timeout
must be specified before ALARM or CUT.
2. The BLUEBOX command issued without any parameters queries the
system for the feature status.
Examples
1. Activate the Blue Box feature using only the default parame-
ters. The user inputs the following CI command:
BLUEBOX ACT
The system responds with the feature status and parameters:
Bluebox Fraud Detection Feature Status:
Active.
1 MFR reserved, timeout set to 30 seconds.
2. Activate the Blue Box feature and reserve two MFR. The user
inputs the following CI command:
BLUEBOX ACT 2
The system responds with the feature status and parameters:
Bluebox Fraud Detection Feature Status:
Active.
2 MFR reserved, timeout set to 30 seconds.
3. Activate the Blue Box feature and reserve three MFR with a
timeout of 22 seconds. The user inputs the following CI com-
mand:
BLUEBOX ACT 3 22
The system responds with the feature status and parameters:
Bluebox Fraud Detection Feature Status:
Active.
3 MFR reserved, timeout set to 22 seconds.
4. Activate the Blue Box feature with the ALARM option. Reserve
one MFR with a timeout of 30 seconds. The user inputs the
following CI command:
BLUEBOX ACT 1 30 ALARM
The system responds with the feature status and parameters:
Page 15
PRACTICE 297-1001-132
RELEASE: 02.01
Blue Box Feature Status:
Active.
1 MFR reserved, timeout set to 30 seconds.
Detection will report alarm.
5. Activate the Blue Box feature with the CUT option. Reserve
two MFR with a timeout of 25 seconds. The user inputs the
following CI command:
BLUEBOX ACT 2 25 CUT
The system responds with the feature status and parameters:
Bluebox Fraud Detection Feature Status:
Active.
2 MFR reserved, timeout set to 25 seconds.
Detection will cut off call.
6. Determine the status of the Blue Box feature. The user inputs
the following CI command:
BLUEBOX
If the feature is not active, the system responds with:
Bluebox Fraud Detection Feature Status:
Inactive.
If the feature is active, the system responds with the fea-
ture status and parameters:
Bluebox Fraud Detection Feature Status:
Active.
2 MFR Reserved, timeout set to 35 seconds.
Detection will cut off call.
7. Deactivate the Blue Box feature and return the MFR to the
common pool. The user inputs the following CI command:
BLUEBOX CLR
The system indicates command execution with the response:
Bluebox Detection Feature Cleared.
Page 16
PRACTICE 297-1001-132
RELEASE: 02.01
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ
<20> <20> <20>
<20> Q <20> BLUEBOX <20>
<20> <20> <20>
<20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
queries the system for the syntax of the BLUEBOX command.
Example:
Display the BLUEBOX command syntax.
The user inputs the following CI command:
Q BLUEBOX
The system responds with the following syntax diagram:
Parameters for Bluebox Fraud Detection
Parms: [<Active Status> {CLR,
ACT [<Number of MFRs> {1 TO 3}]
[<Timeout Value> {5 TO 35}]
[<Notification Option> {ALARM,
CUT}]}]
ALARMS
4.02 If the ALARM option is specified, a minor office alarm is
activated whenever a Blue Box call is detected. The
office alarm is deactivated at call disconnect.
LOGS
4.03 The following six logs are associated with the Blue Box
Fraud Detection feature:
o AUDT118
o EXT106
o TRK151
o TRK152
o TRK153
o TRK154.
Page 17
PRACTICE 297-1001-132
RELEASE: 02.01
4.04 The following is a brief description and example of each
log. See 297-1001-510 for more detailed information.
LOG DESCRIPTION
AUDT118 The Audit subsystem generates this log when Blue Box
Fraud Detection feature data is inconsistent with the
corresponding MFR data. The identified MFR cannot be
used for fraud detection until the problem is cleared.
Example:
AUDT118 APR12 12:00:00 2112 FAIL BLUEBOX MFR LOST
CKT RCVRMF 1
EXT106 The External Alarms subsystem generates this log when a
fraudulent call is detected and when that call discon-
nects.
Example:
*EXT106 MAR14 12:00:00 2112 INFO BLUEBOX ON
CALL DETECTED
*EXT106 MAR14 12:05:00 2113 INFO BLUEBOX OFF
CALL DISCONNECTED
TRK151 The Trunk Maintenance subsystem generates this log when
the Bluebox Fraud Detection feature is activated.
Example:
TRK151 APR11 12:00:00 2112 INFO BLUEBOX DETECTION ACTIVE
# OF MFRS = 2 ALARM ENABLED
CKT RCVRMF 0 CKT RCVRMF 1 CKT RCVRMF 2
TRK152 The Trunk Maintenance subsystem generates this log when
the Bluebox Fraud Detection feature is deactivated.
Example:
TRK152 APR04 12:00:00 2112 INFO BLUEBOX DETECTION CLEARED
TRK153 The Trunk Maintenance subsystem generates this log when
the Bluebox Fraud Detection feature is active and a
fraudulent call is detected.
Example:
TRK153 APR16 12:00:00 2112 INFO BLUEBOX CALL DETECTED
IC TRUNK = CKT RTP2W 1 CALLING # = 9197811199
OG TRUNK = CKT CARY2W 2 CALLED # = 61247418888
CALLED # REPLACED BY 3152651234
CALLID = 123456
TRK154 The Trunk Maintenance subsystem generates this log when
the Bluebox Fraud Detection feature is active and a
fraudulent call is disconnected.
Page 18
PRACTICE 297-1001-132
RELEASE: 02.01
Example:
TRK154 APR11 12:00:00 2112 INFO BLUEBOX CALL DISCONNECT
CKT APEX2W 1
CALLING # = 6133628669 2 CALLED # = 6124741888
CALLID = 123456
Page 19
F0184 BLUE BOX FRAUD PREVENTIONN NTX044AA CAMA FDM
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD>Ŀ
<EFBFBD> DMS ALL BCS27 Feature Description Manual <20>
890120 <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD>Ŀ
<EFBFBD> Package NTX044AA04 CENTRAL AUTOMATIC MESSAGE ACCOUNTING (CAMA)
<20>
<EFBFBD> Feature set ADMINISTRATION
<20>
<EFBFBD> Feature BLUE BOX FRAUD PREVENTIONN
<20>
<EFBFBD> Feature no F0184
<20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD>Ŀ
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD> DESCRIPTION
<20>
<EFBFBD> -----------
<20>
<EFBFBD>
<20>
<EFBFBD> "Blue Box" fraude prevention depends upon an in-band signalling link
(SF) <20>
<EFBFBD> being present in an end-to-end call connection. This signalling link
is <20>
<EFBFBD> relealsed by the calling party using a blue box before or after the
called <20>
<EFBFBD> subscriber answers. The signalling link is then re-seized by the
calling <20>
<EFBFBD> party and a new destination directory number outpulsed (MF) using the
blue <20>
<EFBFBD> box. This operation, except for the wink start or delay dial signal,
is <20>
<EFBFBD> transparent to the offices preceding the in-band signalling link.
<20>
<EFBFBD>
<20>
<EFBFBD> In order to detect this type of fraud, DMS-200 will detect a seocnd
pro- <20>
<EFBFBD> ceed to send signal from the incoming SF unit at the distant office,
i.e. <20>
<EFBFBD> a signal having a nominal duration of 200 msec. (greater than 75 msec.
and <20>
<EFBFBD> less than 2 sec.). Upon detection of the second proceed to send
signal, <20>
<EFBFBD> DMS-200 will connect an MF receiver to the incoming CAMA trunk for a
pe- <20>
<EFBFBD> riod of 30 sec. If digits are not received within this 30 sec.
period, <20>
<EFBFBD> the second number is entered on tape, together with an identifying code.
<20>
<EFBFBD>
<20>
<EFBFBD> At this point the call may be dropped or allowed to proceed, the
operating <20>
<EFBFBD> company having the necessary data to correctly bill the call. There is
no <20>
<EFBFBD> danger of the fraudulent call proceeding after time-out of the DMS-200
MF <20>
<EFBFBD> receiver, as the MF receiver at the distant office will time out after
25 <20>
<EFBFBD> sec. If this occurs, the fraudulent call must re-instate his call,
in <20>
<EFBFBD> which case the detection is repeated.
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD>
<20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD>Ŀ
<EFBFBD> Section B Available Features NTX044AA04 Feat: F0184 <20> Page
1093 <20>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>

Reference in New Issue Copy Permalink