QUESTION Call Forwarding

A

AndyInNYC

Active Member
Joined
May 23, 2013
Messages
828
Reaction score
133
It seems from my reading that the call forwarding allows one to set call forwarding from inside (i.e. at the extension). But there doesn't seem to be any way to set it from outside.

I'd like to be able to dial in to my voicemail, enter the password and be directed to 'press 9 to select or deselect call forwarding' and then either default to the number dialed in from or allow a number to be entered followed by a #. Obviously I need to be able to cancel the call forwarding from the phone - if I had some indication on the phone that calls were being forwarded that would be great too.

I'm willing to fund (or start to fund) a bounty; I'm not looking to own the code. I would like for it to be more module level than custom editing individual files (but hey, now I'm getting greedy) since I'd like to be able to deploy it easily.

Thoughts?


Andrew
 
Dangerous . . . . if someone gets your VM password they have free long distance.
 
I agree with atsak. If someone malicious had anyone VM password on your system, they could change the forwarding number to any number they wish. Then they call that extension and voila.. free calling to whereever they wish. This is a known issue, and many systems don't even allow external numbers to be forwarded period.
 
Someone changing the forwarding number would intercept calls coming to me. I'm not setting up DISA.
 
Speaking a little bit cheekily, the fact you don't get how this is a risk means I should tell you in no uncertain terms you don't want this feature :)
 
I'd like to be able to dial in to my voicemail, enter the password and be directed to 'press 9 to select or deselect call forwarding' and then either default to the number dialed in from or allow a number to be entered followed by a #.
Click to expand...
So if I called your number, got voicemail, hacked your vm password, dialed 9 to activate call forwarding and entered in 19005552222# , then called back to your number, what would I expect to get?
"Default to the number dialed in from" is just as unsafe, callerid spoofing is easy to do.
Do you now see how this is a risk?
 
I always understood the risk.

a) My dialplan wouldn't allow these types of calls
b) I have flowroute's fraud protection feature turned on to limit to a max call rate per minute
c) I use a low prepaid volume and don't have auto refill turned on.

The chance that someone is going to call my phone, spend the requisite time to hack my voicemail password to take at most $20 at a 3 cent per minute call rate is rather minimal/acceptable risk to me.

spoofing my callerid would require that they (in advance) know my cell phone number.

If someone is going to spend that much time studying me to hack me, they're going after my bank/brokerage account, not my prepaid balance at flowroute.

I'd be happy to have a larger than 4 digit password attached to the 'option 9' which would require additional hacking; since I see my CDR every day or so we're talking about hundreds of calls - each of which would show up on the phone's caller id as well as ring when I'm at my desk (far too much time unfortunately). This wouldn't be a 'stealth hack'.

So, yes I understand the risk (always did); it's just a fully acceptable risk for me given how I'd use the feature - which I still would like to implement.

Andrew
 
Were just saying why it's not implemented and why few will be willing to help do it. It's just plain bad practice. As an open source system you are free to modify it as you like. I'm sure since you are offering a bounty, someone may take you up on it, but please be careful of what you unleash to the world. Please make sure it's clear to others that there is a very real risk that could very likely get costly to someone.
 
No offense was ever taken. I understand why a mainstream system would loathe having this installed. My system sits in my basement and I'm typically the only user. When I run out to lunch and forget to forward the phone I find myself annoyed and end up returning calls I really wanted to take (invariably the guy I've been chasing for 3 weeks). I appreciate your concerns.

There's no way, however, that I'm going to accomplish this on my own. A sufficiently large PIN code would solve the problem (assuming 3 tries and you're out, perhaps). Even on a large system, someone will notice a phone ringing and ringing and ringing (oh, and ringing).

Andrew
 
You must log in or register to reply here.

Members online

Total: 29 (members: 1, guests: 28)

Latest Posts

Forum statistics

Threads
26,688
Messages
174,412
Members
20,259
Latest member
Fadeek86
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Verify your Email

Check your inbox!

We’ve sent you an email. Click on the button in the email body to verify your email address – (if you can not find it, check your spam folder).

Upon verification you will be directed to the 3CX setup wizard.

Back
Top