My telco keeps dropping all the registrations for our DID phone numbers. For the last two months, they wouldn't say why. The phones would magically start working, and they claimed they were doing nothing...and kept blaming our PBX.
Today, I talked to a rep who said our circuits were showing our DIDs calling themselves. Including DIDs that haven't been assigned internally, or are assigned to phones that have been unused for days or weeks.
Our PBX is not showing this traffic. The telco techs on the last 4 support tickets have admitted that inbound calls are not terminating at the T1 router.
Here's the kicker: one DID tried to repeatedly register itself with the telco 24,000 times. So, they booted all of our numbers again.
They won't tell me the source of the traffic. They put a block on one IP, then restored the numbers temporarily, until it happens again. Since they are changing nothing, this is pretty much 100% certain that our inbound/outbound lines will go down again in the near future.
How do speak the language here? They seemed unconcerned. They say that it does look like another attack (has happened in the past, including a breach). But, their official advice is to scan our computers with anti-virus software to prevent this from happening in the future.
How does desktop anti-virus software factor into this? These are PRI handoffs over a T1. I think I am seriously missing something in the telco-speak. It's like we are using different languages.
Any advice from people with relevant telco experience?