A.2.1.3. Lengthy International Calls
This type of call could indicate that a hacker has obtained an access code for your outside line
and is using the line to place lengthy international calls.
This clue requires that you are familiar with the average duration for international calls placed
in the course of a normal day. For example, if your average international call lasts about 10
minutes, and you are suddenly billed for a two hour call, it could be an indication that a hacker
has gained access to the PBX.
The clue will be named "LONG_INTL" and the critical counter value will be set at 5 calls.
|17:28|092|T.WILLIAMS |OUT|011811234567 |51:35|44.50|
Where Eis the field that lists the call duration.
LONG_INTL is the Alarm Clue Name.
5is the number of calls required to generate an alarm.
D=011---- Tells PollCat III to count calls where the first three digits of the number
dialed are "011". The remaining 4 digits of the variable are entered as
wild card characters (-).
E>=20:00 Tells PollCat III to count calls that lasted 20 minutes or longer.
Note: When the comparative operators (>,<,>=, and <=) are used, the clue may
also count headers, summaries, and other non-data. Refer to Appendix A.3 for
instructions on how to avoid counting these items.
PollCat III - Pollable Call Accounting Terminal, User's Guide Appendices