104 Chapter 7 Security recommendations• custom applications that hackers may be using for unauthorized thru-dialactivities• SMTP/VPIM IP addresses, user IDs, and FQDNs• the number of successful and unsuccessful logins to CallPilot Managerand Application BuilderNotification of suspicious activityYou can find out about the generated alarms by• viewing the Alarms Monitor regularly to learn of new alarms• setting up an alarm mailbox so that whenever an alarm is generated, thesystem sends a voice message to the mailbox to alert you• enabling remote notification for the alarm mailbox so you are notified ofnew alarm messages immediately at a specified number, such as apager or cell phoneMonitoring mailbox logon and thru-dialing activitiesIf you suspect abuse of mailbox privileges, you can monitor mailbox logonand thru-dialing activities. After you determine the cause of suspiciousactivity and resolve the problem, remove the corresponding mailboxes fromthe monitoring list.Note: An event code is generated each time someone logs on to amailbox or the thru-dial process transfers a call from it.Alarms that can be generatedThe following alarms are generated whenever a logon or thru-dial attemptoriginates from a monitored mailbox:Event number Description55703 Unknown system error occurred while attempting totransfer a call for an Application Builder applicationORUnknown system error occurred in the Call Transferblock of an Application Builder application.55717 A thru-dial block uses name or both name and numberdialing, but no name prefix is defined for the namedialing service.55750 Successful login to a mailbox from a directory number(DN) monitored by Hacker Monitor.Nortel CallPilotAdministrator GuideNN44200-601 01.11 Standard5.0 9 November 2007Copyright © 2007, Nortel Networks.