CCiTT #7 Monitoring


   The information presented here is based on Data of :

        þ Bellcore (Bell Communication Research) - USA
        þ Mercury Communications - United Kingdom
        þ Telekom - Germany
        þ AcceSS 7 - Hewlett Packard Research CCiTT #7 Monitoring System


Note that some of the data presented in this article might be
classified material by some of those companies.





 What is CCiTT #7
 ----------------
CCiTT #7 is the newest signalling system also called SS7 (or also Common
Channel Signalling No.7). It uses two channels for communication.
The first is the voice channel (or what ever you are transmitting over it)
and the second is the data channel. This data channels is completly seperated
from the voice channel and holds all calling information in it plus has got
the advanced features of caller ID, call forwarding, conference calling,
credit card calls, collect calls etc.
This extra data channel was put in since ccitt #6 because first it disables
now the "famous" blueboxing possiblity, second enhances line quality and
third expands possiblities for new features like caller ID etc.

It is used in nearly all west european countries, but now more and more
other countries change to this system as well like israel for example.







 Monitoring Systems for CCiTT #7
 -------------------------------
As far as i know the following Monitoring Systems are in existance and
available for telecommunication companies :

   þ Bellcore : Davin and NetMavin
   þ Hewlett Packard : HP E4250A, also known as AcceSS 7
   þ Unisys : NIRIS Information Platform
   þ Algen : Probe

þ Bellcore's monitoring system is based on unix and is programmed in C using
  the X11 Unix Window System but can also be run on vt100 terminals and soon
  on Macintoshs too. It can run on any workstation which is Unix compactible.
  It has got also the possbility to work with data from other
  Monitoring Systems like AcceSS 7 from HP and also use the C libraries from
  HP's system.
  It's easy to use with mouse support, Window graphic displays in realtime,
  Zooming etc.

  Interesting Options are for example :
     Monitoring calls from a specific telephone number
     Automatic Fraud Detection
     Multiple simultaneos call traced (up to 100)
  Bellcore's Davin and NetMavin is used by Bell and Mercury Telecommunication.


þ Hewlett Packards monitoring system is more general than Bellcore's.
  It's based on HP unix machines (Apollos I think) running HPUX Unix.
  It is very flexible and can link in any CCiTT #7 system.
  Everything is written in C and the customer can program, enhance and tune
  the monitoring tools as they like. Basic Tools are implemented so is the
  monitoring data collection tools, but everything else must be programmed
  by the customer or by an HP service team - but be sure they know what they
  can do and will program everything to get you.
  HP's AcceSS 7 System is used by the german Telecom.
  (Installed in Frankfurt, Duesseldorf, Stuttgart and Nuernberg with
   Controll Centers in Frankfurt and Bamberg)


þ Sorry, on the two others i haven't got any information, and i don't know
  if other monitoring systems exist.


Of course Fraud Detection is not the main point of CCiTT #7 Monitoring.
It's more gathering traffic statistics for network planning, optimizing,
error controlling & detecting, and market decicions - but fraud detection
is an important part.




 How does CCiTT #7 Fraud Detection work
 --------------------------------------
Automatic Fraud Detection is based on pattern matching.
Patterns must first be measured for each every communication network/area.
Everything which is out of this pattern triggers an alarm.
Out-of-Pattern are :
   identify calls of long duration
   repeated calls to a particular dialed number from the same area of origin
   repeated calls from the same area of origin to different numbers
   long/many calls from an unbillable number
   dialing special numbers
   dialing many toll free numbers

A triggered alarm can result in anything, also depending on type of alarm :
   saving data to log
   continued electronical oberservation to detect more out-of-pattern behavior
   autotrace
   alarm operator


 XXXXXXXXXXXXXXXX
 XXXXXXXXXXXXXXXX \
 XXXXXXXXXXXXXXXX  \
 XXXXXXXXXXXXXXXX   \  Out-of-   -->  XXXXXXXX \   Continues        -->   XX
 XXXXXXXXXXXXXXXX    - Pattern   -->  XXXXXXXX  -  Out-of-Pattern   -->   XX
 XXXXXXXXXXXXXXXX   /                 XXXXXXXX /       or
 XXXXXXXXXXXXXXXX  /                                Manual
 XXXXXXXXXXXXXXXX /                                Inverstigation
 XXXXXXXXXXXXXXXX

    Calls going      Monitoring       Alarms of     Continued           FRAUD
 though Monitoring     system         Monitoring   Out-of-Pattern       CASES
       system         Analyzing        system           or
                                                  Manual Investigation




Yes thats all ... there aren't much information available and even those
mentioned here are only known to a small group, although someone could
logically think it would be this way, but now you know it for sure ;-)


Please note that some data might be wrong or outdated (also it should not).
If so please tell me and in the next issue I'll present the new/corrected data.
If you got additional data, do something for the phreaker community and
send it me to release it in the next magazine or release it on your own!


Ciao...
                         van Hauser