Logo of the European Computer Security Incident Response Team Network (eCSIRT.net)

WP5 Alert Function

eCSIRT.net > Service > Documents > WP5 Alert Policy  

WP5 Alert Function: Out-of-band communication




System description

In addition and as backup for the internet based alert function a second system was implemented which is based on POTS ("plain old telephone service") or ISDN telecommunication networks. The foundation for the out-of-band alert function is given from GNU Bayonne, the telecommunications application server of the GNU project. The alert system works partial like an answering machine (recording of messages, remote play-back, ...) but was extended by important functions:

The service runs on a LINUX based server placed in a safe environment. The application server is connected with the ISDN telecommunication network and has an additional GSM device for the SMS service.



For the participation in this service only low technical requirements have to be fulfilled: just a functional telephone number. Furthermore, the provision of specific contact information about a team is required.

The correctness of the most important contact information is ensured either by the TI accreditation framework or by the eCSIRT.net project management (for partners and liaisons). A detailed description of the procedure is available from eCSIRT.net WP5 Alert Policy.

If all prerequisites are fullfilled, the following information is distributed by the management:


Participation in the Alert Function is restricted to teams that either are:

All participating CSIRTs must sign the eCSIRT.net Code-of-Conduct and fill out the registration form.


User guide



Incoming calls / User Identification

You are welcomed by the system directly after the connection is established and prompted to enter your UID and PIN. The UID and PIN (nine-digit number combination) must be entered sequently without a break. Identification and authorization aren't split. You have three attempts to enter a valid number combination, after this the system will abort the session.

Figure 1: Session establishment

Please note, for all calls the date, the time, the duration of the connection and the phone numbers (source, if available and target) will be logged. New messages are held up 72 hours for hearing, after this they will be archived. This time period is neccessary to span the weekend.


Main menu

The main menu is very simple: the caller can select, whether he would like to record or play back messages.

Figure 2: Main menu

Of course you can close the session at any time. Just hang up or press the end button of your celluar phone.



If you have decided not to break off and select the menu "play-back", you are informed whether messages are available or not. You reach automatically the main menu, if there are no new messages available. In the other case the message is played. Afterwards you can navigate with the following buttons:

Figure 3: Play back


Recording and sending

In the case of an emergency reports can be produced with the help of this menu item. In the beginning the recording is working as in the case of an answering machine. After an announcement and a beep a message can be recorded. However, the length of the recording is limited to two minutes. If you don't need that time you can stop the recording by pressing an arbitrary button. After this the recording will be confirmed and the following actions can be taken:

Please, waste no time for the production of a perfect message, a fast dispatch is more important. It could be helpful to read the message simply which has been produced for e-mail dispatch.

Figure 4: Recording

Afterwards the message will be delivered to all participating teams. If an incoming call isn't accepted or the telephone is occupied, another team will be called immediately. If the end of the call list is reached, all teams will be called again which haven't been reached before. A team is called at most three times, the time between the calls amounts at least 5 minutes. It is meaningful to make calls also outside the office hours. In this case the caller list can be evaluated later (if possible).

Each team which has registered a mobile phone gets in addition to the voice-mail a SMS with the following text: "eCSIRT.net alert function - a new voice-mail was received.".


Outgoing calls

If an incoming call is accepted, you are welcomed by the voice mail system and asked to press a button. An acknowledgement of receipt is necessary for different reasons. On the one hand this is required for the proper operation of the system, on the other hand the receipt of the news can be restricted to certain employees. Therefore, two versions were implemented:

Figure 5: simple acknowledgement

At acknowledgement and authorisationa pin must be entered first before the message(s) will be played. The rules correspond to these, as in the case of recording messages. However, you have to enter only four digits. Through this the possibility to establish different user groups is given.

Figure 6: Acknowledgement and authorisation

After a reception confirmation has been handed, the sender of the message will be mentioned. After this the message will be immediately played. After completion of the message a menu will be offered, similar as in the case of recording messages. You can navigate with the following buttons:

Figure 7: Play back


Related documents


Future Extensions


Revision History


eCSIRT.net > Service > Documents > WP5 Alert Policy  
eCSIRT.net eCSIRT.net
The European Computer Security Incident Response Team Network
News | Sitemap | Imprint | Privacy Statement | Contact | Top
Last changed: December 30, 2003 / JS
Copyright © 2002-2003 by PRESECURE Consulting GmbH, Germany
Signed with PGP!This page is digitally signed with PGP! eCSIRT.net