Home WTI User's Guides
cover
1. Introduction
2. Unit Description
2.1. Front Panel Indicators
2.2. Back Panel
3. Hardware Installation
3.1. Set-Up Switches
3.1.1. Default Baud Rate for Computer
3.1.2. Default Baud Rate for PBX Input Ports A and B
3.1.3. Direct Connect Mode
3.1.4. Computer Port Password
3.1.5. Power Up Default
3.2. Connecting the Data Cables and Telephone Line
3.2.1. PBX Inputs A and B
3.2.2. Modem Port
3.2.3. Computer Port
3.3. Connect the AC Power Cable
4. Program Set-Up
4.1.1. Reset Default Parameters - Clear Memory
4.1.2. Set General Parameters
4.1.2.1. Select Duplex Mode
4.1.2.2. Set Clock and Calendar
4.1.2.3. Set Communication Parameters
4.2. Define PBX Data Input Format
4.2.1. Define End-of-Record Character
4.2.2. Strip Non-Printable Codes Function
4.2.3. Time-Date Stamp Function
4.2.4. Enable-Disable Wrap Around Mode
4.3. Define Data Output Format
4.3.1. Select-Configure Data Output Mode
4.3.1.1. ASCII Record Mode
4.3.1.2. ASCII Block Mode
4.3.1.3. Binary Block Mode
4.3.1.4. XMODEM Mode
4.3.2. The CRC Function
4.3.3. The Line I.D. Function
4.3.4. Select Compression Mode
4.3.1.2. ASCII Block Mode
4.3.1.4. XMODEM Mode
4.3.2. The CRC Function
4.3.3. The Line I.D. Function
4.3.1.1. ASCII Record Mode
4.3.1.2. ASCII Block Mode
4.3.1.3. Binary Block Mode
4.3.1.4. XMODEM Mode
4.3.2. The CRC Function
4.3.3. The Line I.D. Function
4.3.4. Select Compression Mode
4.3.5. Release Data with Command B02
4.3.6. Hold END DATA Message
4.4. Callback Features
4.4.1. Define Callback Parameters
4.4.2. Scheduled Callback
4.4.3. 80 Full Callback
4.4.4. Immediate Callback
4.4.5. No-Data Alarm
4.4.6. Toll Fraud Alarm
4.5. Define Header Message-Auto Execute Command-Report Mode Command String
4.5.1. Header Message
4.5.2. The Auto Execute Command
4.5.3. The Report Mode Command String
4.6. The Data Filter
4.7. The Alarm Filter
5. The No-Data Alarm
5.1. Timer Schedules
5.2. Enabling the No-Data Alarm
6. The Data Filter
6.1. Defining the Data Filter Format
6.2. Defining Data Filter Parameters
6.3. Enabling the Data Filter
6.4. Logical and Relational Operators
6.4.1. Equal To Conditions
6.5. Logical AND OR Conditions
6.5.1. AND Conditions
6.5.2. OR Conditions
6.6. Data Filter Parameter Definition Examples
7. The Alarm Filter
7.1. The Alarm Filter Format
7.1.1. Common Types of Suspect Phone Activity
7.1.2. Defining the Alarm Filter Format
7.2. Alarm Clues
7.2.1. Alarm Clue Definition
7.2.2. Enabling the Alarm Filter
7.2.3. Logical and Relational Operators
7.2.3.1. Logical AND-OR Conditions
7.2.4. Real-Time Variables
7.2.5. Testing Alarm Clues
7.3. Selecting an Alarm Notification Method
7.3.1. Alarm Off
7.3.2. Local Alarm
7.3.3. Remote Alarm
7.3.4. Pager
7.3.5. Report
7.3.6. Pager
7.3.7. Switching Alarm Methods
7.3.8. The Alarm Message
7.4. Responding to a Toll Fraud Alarm
7.4.3. Reset ALM LED and Alarm Port
7.4.4. Displaying Alarm Data
7.4.5. Clear Alarm Condition
7.4.6. Resetting Alarm Clue Counters
7.4.7. The Pass-Through Mode and the Monitor Mode
8. Saving PollCat III Parameters
8.1. B99 Command Options
8.2. Saving Parameters to an ASCII File
8.3. Configuring PollCat III with Saved Parameters
9. Polling Accumulated Data
9.1. The Data Release Mode
9.1.1. Data Release Command Options
9.2. Polling
9.2.1. Example 1 Polling Device Calls PollCat III Via Modem
9.2.4. Example 4 XMODEM Polling
10. Command Reference Guide
10.1. Access to Command Mode
10.2. Command Syntax
10.3. Command Summary
A. Advanced Format and Clue Definition
A.1. Alarm Filter Format Definition
A.2. Alarm Clue Definition
A.2.1. Alarm Clue Examples
A.2.1.1. Repeated Attempts to Access Voice Mail
A.2.1.4. Unusual International Calls
A.2.1.5. Calls to Your Competitors
A.2.1.6. Calls to 900 Numbers
A.2.1.7. Calls From a Particular Extension
A.2.1.8. The Contains String Operator
A.3. Clue Definition Logic
A.3.1. Headers Banners and Other Non-Data
A.3.2. The Comparative Operators
A.3.2.1. Limit the Scope of Comparisons
A.3.2.2. Exclude Non-Data Characteristics
A.3.3. Exact Match with PBX Call Record Format
A.4. Programming Support
B. Cable Installation
C.3. Alarm Port
D. PollCat II Compatibility
D.1. Alarm Filter
D.2. Port Modifications
D.3. Status Screens
D.4. Connection
D.5. Other Modified or Eliminated Commands
E. LED Indicators
F. Specifications
G. Customer Service
H. FCC Statement
I.1. Response Message Summary
Index
4.4.3. Console Port
8.6. Assigning the Data Filter to a Port
14. Scheduled Actions
PollCat III B

A.2.1.1. Repeated Attempts to Access Voice Mail

 

This Alarm Clue counts short calls to voice mail. This type of call could indicate that a Toll Fraud hacker is dialing into your voice mail and randomly trying access codes in an attempt to find an outside line.

The clue will be named "VMAIL" and the critical counter value will be set at 50 calls. Assume you have configured the PollCat III for Pager (Alpha) alarm notification, and you want to use Pager

I.D. numbers one and three.

 

Where: C is the user name. E is the call duration.

Clue Definition:

^B81,VMAIL[13]\50\C=VMAIL*E<=00:30

Where: VMAIL is the Alarm Clue Name.

[13] is the Pager I.D. Number specifier. In this case, the clue will use PAGER ID#1 and PAGER ID#3 for alarm notification.

50 is the number of calls required to generate an alarm. C=VMAIL Tells PollCat III to count calls with the text "VMAIL" in the user name field (C).

* is the "AND" operator.

E<=00:30 Tells PollCat III to count calls which last 30 seconds or less.

Note:

When the comparative operators (>, <, >=, and <=) are used, the clue may also count headers, summaries, and other non-data. Refer to Appendix A.3 for instructions on how to avoid counting these items.

A.2.1.2. After Hours Long Distance Calls.

This clue counts long distance calls placed after 6:00 pm or before

7:00 am. This type of call could indicate that a hacker has obtained an access code for an outside line and is using the line to dial long distance numbers after work hours.

The clue will be named "LD_NITE" and the critical counter value will be set at 20 calls.

 

Where: A is the call time. D is the first seven digits of the number dialed.

Clue Definition:

^B81,LD_NITE\20\(A>18:00+A<07:00)*D=1-----­

Where: LD_NITE is the Alarm Clue Name.

20 is the number of calls required to generate an alarm.

(A>18:00+A<07:00)

Tells PollCat III to count calls placed after

18:00 or before 07:00.

D=1------Tells PollCat III to count calls where the first digit of the number dialed is the number "1". Note that the remaining 6 digits of the variable are entered as wild card characters (-).

Note:

When the comparative operators (>, <, >=, and <=) are used, the clue may also count headers, summaries, and other non-data. Refer to Appendix A.3 for instructions on how to avoid counting these items.

A.2.1.3. Lengthy International Calls

This type of call could indicate that a hacker has obtained an access code for your outside line and is using the line to place lengthy international calls.

This clue requires that you are familiar with the average duration for international calls placed in the course of a normal day. For example, if your average international call lasts about 10 minutes, and you are suddenly billed for a two hour call, it could be an indication that a hacker has gained access to the PBX.

The clue will be named "LONG_INTL" and the critical counter value will be set at 5 calls.

Format:

|17:28|092|T.WILLIAMS |OUT|011811234567 |51:35|44.50| -AAAAA-BBB-CCCCC------------DDDDDDD-------------EEEEE------­

Where E is the field that lists the call duration.

Clue Definition:

^B81,LONG_INTL\5\D=011----*E>=20:00

Where: LONG_INTLis the Alarm Clue Name. 5 is the number of calls required to generate an alarm. D=011----Tells PollCat III to count calls where the first

three digits of the number dialed are "011". The remaining 4 digits of the variable are entered as wild card characters (-).

E>=20:00 Tells PollCat III to count calls that lasted 20 minutes or longer.

Note:

When the comparative operators (>, <, >=, and <=) are used, the clue may also count headers, summaries, and other non-data. Refer to Appendix A.3 for instructions on how to avoid counting these items.