Jump to content


Photo
* * * * * 2 votes

Switch bugs


  • Please log in to reply
36 replies to this topic

#21 ThoughtPhreaker

ThoughtPhreaker

    DDP r0x0rz my s0x0rz

  • Members
  • 1,243 posts
  • Gender:Male

Posted 16 January 2009 - 02:49 PM

Seriously? I thought all switches did it with internal announcement systems (except GTD-5s, since they're cool enough to be integrated with EASes) to queue calls? Try placing two calls up to the recording at once. Generally, at least on smaller switches, you'll get the recording on the second line as soon as the first goes to reorder/drops.

#22 invalid_route

invalid_route

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 18 posts
  • Location:203/413

Posted 16 January 2009 - 07:26 PM

The EWSD I was served out of as a kid never rang for anything but an actual number. The first time I ever heard a switch do this was when I was playing with the phone at my grandma's (5ess) and it rang after leaving the phone off the hook too long (this scared me since I thought an operator was going to come on). The EWSD just would always dump you right into a recording, or in the case of perminant signal play a few seconds of high tone first.

#23 Kayara

Kayara

    DDP Fan club member

  • Members
  • 49 posts

Posted 21 January 2009 - 12:50 PM

JmanA9,

I was listening to your recordings and had a few questions:
503-697 anac: What kind of dialtone is that/how did you get it?

Also, does the 724-548-5864 ANAC read out your ANI? It sounds like Verizon voice talent.

#24 JmanA9

JmanA9

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 438 posts
  • Location:NPA 724

Posted 21 January 2009 - 01:13 PM

JmanA9,

I was listening to your recordings and had a few questions:
503-697 anac: What kind of dialtone is that/how did you get it?

Also, does the 724-548-5864 ANAC read out your ANI? It sounds like Verizon voice talent.

Kayara,
That dialtone is coming from my VoIP adapter. I changed it to sound like that so I could easily distinguish between my POTS line and my VoIP line. On a Sipura VoIP adapter, you can make the dialtone any combination of tones you'd like.

That ANAC does read your ANI. It's actually owned by Windstream, and the lady who does the recording is Pat Fleet. She's probably the most widely used voice on the network.

Let me know if you have any more questions.

#25 Kayara

Kayara

    DDP Fan club member

  • Members
  • 49 posts

Posted 22 January 2009 - 09:38 AM

When you dialed 503-697-0053, you used MF tones afterward, and I assume you were signaling the desired ANI information to the VOIP adaptor. When I dialed normally, without MF tones, I got a reorder that was sampled a bit differently. Does this mean the ANAC doesn't work anymore, or that I also need to use the MF tones to get it to speak any numbers?

#26 JmanA9

JmanA9

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 438 posts
  • Location:NPA 724

Posted 22 January 2009 - 02:20 PM

When you dialed 503-697-0053, you used MF tones afterward, and I assume you were signaling the desired ANI information to the VOIP adaptor. When I dialed normally, without MF tones, I got a reorder that was sampled a bit differently. Does this mean the ANAC doesn't work anymore, or that I also need to use the MF tones to get it to speak any numbers?

The MF tones were being sent to the ANAC on the other end. After the touchtones stop, the VoIP adapter basically drops out, and nothing is being sent to it anymore. The reorder just means that something went wrong with the signaling. However, since you can tell that the reorder is being sampled differently, you know it's coming from the ANAC (I guess you decoded the DTMF digits :) ). The standard signaling is KP + 3 + 7 digits + ST if you want the number to be looked up. I believe it's KP + 0 + 7 digits + ST if you just want the machine to tell you that the number isn't valid. That was done usually if the number was in an invalid thousands block, and a lookup wasn't necessary. I'm pretty sure I didn't mix up the 3 and the 0, so someone please correct me if I'm wrong.

#27 ThoughtPhreaker

ThoughtPhreaker

    DDP r0x0rz my s0x0rz

  • Members
  • 1,243 posts
  • Gender:Male

Posted 23 July 2013 - 04:43 PM

So I don't mean to pull a thread from the grave here, but I got to use an EWSD for the first time not too long ago. To make things more interesting, this switch is from my understanding, AT&T's red-headed step child. Finding an in-house tech who has a comprehensive understanding of how to deal with it is like finding a hipster in North Korea.

So I guess it's only natural I heard a couple of pretty weird things. For one, you didn't even need to use a CAC to get around the 0xx/1xx  blockade. While this is more an oversight then a bug, it gave kind of an interesting result. Since the call was placed on the "new" AT&T network (goes via ex-SBC/Bellsouth LD equipment), a DMS-250 decided this was a bad thing, and gave me a recording instead.

 

Also, a friend also gave me a recording of OSPS losing it's mind a while back. Usually dialing 101-0288-00 isn't a big deal; the extra zero is stripped out. But for whatever reason, the DMS-10 handling the call wasn't setup to do this, so the OSPS switch decided to go completely off it's rocker and give them an emergency call failure recording instead.

 

Sorry about the EWSD recording, by the way. The voice modem I had with me was the best option, and it kinda screwed up the sound of going offhook.

Attached Files



#28 dmine45

dmine45

    Mack Daddy 31337

  • Members
  • 225 posts

Posted 26 July 2013 - 08:33 AM

EWSD, DCO and GTD-5EAX switches are strange animals compared to 5ESS and DMS type switches. When we had something called pay phones (remember those?) it was fun going to places you've never been and explore these strange beasts. But now it's almost impossible to experiment.



#29 ThoughtPhreaker

ThoughtPhreaker

    DDP r0x0rz my s0x0rz

  • Members
  • 1,243 posts
  • Gender:Male

Posted 27 July 2013 - 05:19 AM

EWSD, DCO and GTD-5EAX switches are strange animals compared to 5ESS and DMS type switches.

 

You don't even have to look that far - try using a DMS-100 configured by Qwest sometime, they can be pretty strange.

 

It'd be nice if DECT base stations could help pick up where payphones left off. Especially now; there's a sudden very serious concern for privacy, and aggressive telco bundling at the same time. There could be demand for a network of public base stations. The implications of letting someone have at your phone line - spare or otherwise are pretty strong though. Still, it sounds like a great improvement over COCOTs, right? I can't count how many times a Protel phone has refused to dial a 958/959 number normally.


Edited by ThoughtPhreaker, 27 July 2013 - 05:39 AM.


#30 scratchytcarrier

scratchytcarrier

    H4x0r

  • Members
  • 31 posts
  • Gender:Not Telling
  • Location:LATA 672

Posted 13 December 2014 - 01:20 AM

On ORCHWA01DSO (5E) you can sometimes(eh, fuck that) usually hold up another line in your exchange by calling it and staying on the line. The guy on the other end may physically hang up, but when he picks it up again, here you are tying his line up. This weird bug has been around for something like 20 years and is still a popular prank high-school kids play to get back at each other for whatever.

I once had an older neighbor on my exchange (254, at the time) who had a habit of forgetting to shut off her cordless phone when she was done talking to me (so she'd just set it down on the table and walk away from it). Five minutes later I'd go to make another call and there it was, picking up her TV set audio blasting away in the next room. I'd sometimes go hoarse yelling into my phone to get her attention so she'd hang up...

As far as I know this only works within the same exchange in that office (e.g. 254 to 254), not across exchanges (e.g. 256 to 892, or even 254 to 256).

Edited by scratchytcarrier, 13 December 2014 - 01:23 AM.


#31 ThoughtPhreaker

ThoughtPhreaker

    DDP r0x0rz my s0x0rz

  • Members
  • 1,243 posts
  • Gender:Male

Posted 15 December 2014 - 09:40 PM

Wow, that's awesome. Someone told me not too long ago that BT reconfigured all their switches to have much shorter release guard now as a response to scammy sorts giving people incoming calls with fake dialtones. It was long (three minutes-ish?), but not indefinite like on that switch.



#32 d3crypt

d3crypt

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Country:
  • Gender:Male
  • Location:Los Angeles, California

Posted 17 December 2014 - 05:42 PM

Wow, it had that much of an impact? Awesome! smile.gif

There's also another bug on the DMS-100, but if I understand correctly, it only works on ones that have old software/that were configured by doug. It's not fraudulent, but because it's way too leet to be posted out in an open forum, I'll just say that you might've tried it if you dial with CACs a lot.

Also, I really need to update that article sometime :/ .

Could you tell me what carrier access codes do exactly? I get that they change you a different long distance carrier for the duration of the call, but how exactly does it work. I would try it but I'm worried about getting billed a lot, since the landlines at my house are my parents's.


Edited by d3crypt, 17 December 2014 - 05:59 PM.

  • ramsaso likes this

#33 ThoughtPhreaker

ThoughtPhreaker

    DDP r0x0rz my s0x0rz

  • Members
  • 1,243 posts
  • Gender:Male

Posted 17 December 2014 - 08:21 PM

Basically, it's just a code that tells your switch which long distance carrier should place your call. If you dial a long distance call without it, it'll use whichever carrier access code you're pre-subscribed to. So for example, if you 229-430-0002 and you have Sprint long distance, your switch will act as if you dialed 101-0333-1-229-430-0002. That particular number is pretty safe to casual dial if you want to try it.

 

That's all well and good - you can use these to play with long distance equipment in whatever way you want. But it can also be a little like walking through a minefield, so you always have to be careful. If you're playing a call on a long distance network without subscribing to it, you're doing something called casual dialing. Since phone companies generally don't like casual dialing, the rates are usually insane for it. Like, $5 for a two minute call insane. So there's a few things to keep in mind;

 

1) Casual dialing is fun, but you have to be absolutely sure the call doesn't supervise. Usually this means calling it on whatever long distance carrier you're subscribed to normally. One good way to test - at least on a 5ESS or DMS-100 is to try flashing during the call. If you don't get a stutter dialtone, it hasn't suped yet.

 

2) Beware of Alaska and rural areas. Since it can be expensive to terminate calls there, some cheaper carriers use what're known as black or grey routes to re-originate traffic. Basically, it means offloading traffic onto something that can make the call look local so they don't have to pay termination fees. Or sometimes, placing the call over a residential/business long distance account. Sometimes though, they'll put you on regular phone lines or cell phones, which can't convey supervision properly. Basically what this means is it'll look like the call has supervised right away. In practice, most of the time you'll see this on cheap calling cards and voip providers.

 

The AT&T (0288), Verizon ex-MCI (0222), Verizon ex-Worldcom (0555), and Sprint (0333) long distance networks basically never do this in my experience.

 

3) The stakes are even higher with international calls. If you're calling an expensive country, well, yeah. Black/grey routes are out there no matter what carrier you use. Also, fraud is sometimes done via casual dialing, so if you make a lot of calls, even if they don't supe, expect someone to block you. A few years ago, I was trying to make a recording of Morocco's international gateway switches via MCI. It didn't supe on the calling card platform, but the call timed out faster on there then on the long distance network. So I made a few casual dialed calls to the same number. Those didn't supe either, but they did block me for it.

 

4) There are some things that're free to call, like UIFNs (country code 800). That's a whole other story altogether, but it's one place where casual dialing is basically zero risk.

 

If you do get a bill for a casual dialed call you didn't place, you can usually just call customer service, explain that to them, and they'll likely just tell you to tear the bill up. But if you go that route, they'll probably block you anyway. Alternatively, if you really want to use the carrier, ask if they have any long distance plans without monthly fees. For example Sprint will give you some small amount of mintues per month, like 50 for free if you have a cell phone plan with them. Just be sure to tell them you don't want your line to be pre-subscribed to their CAC if you have some other long distance plan.



#34 ramsaso

ramsaso

    DDP Fan club member

  • Members
  • 41 posts
  • Gender:Male

Posted 17 December 2014 - 09:24 PM

Since phone companies generally don't like casual dialing, the rates are usually insane for it.

 

..." but you have to be absolutely sure the call doesn't supervise."

Heed his warning. One time, I called Missouri (573 NPA) from a part of Houston, Texas (713 NPA) using Sprint and they had the decency to charge me $5.92 for a one-minute call.Attached File  Sprint2.png   78.67KB   6 downloads <----

 

"If you don't get a stutter dialtone, it hasn't suped yet."

 

However, if you're in AT&T's area and your parents subscribe to Complete Choice Enhanced or All Distance (perhaps even an older plan), you WILL get the stuttered dial tone for every call whether it's a supervised call or not. (I don't know if that happens outside of Texas or maybe because of the Three-Way feature...)(I'll update this if I stand corrected)

 

Also, if you really want to make sure if your call hasn't supervised, use a calling card. Why?

Calling cards generally report the balance it has remaining for use so... use it to your advantage (though I wouldn't recommend using it even if for a domestic call costing 1 cent or 2, assuming you have no long distance provider). 

Ex. Using a calling card from IDT, I dial Hotel Pennsylvania (PE6-5000) which uses up 5 cents = ($1 - 0.05 = 0.95) 

Attached File  14121708.MP3   4.49MB   0 downloads(apologies if it sounds robotic)

 

The reason why I chose PE6-5000 was because it is a supervised number and since my calling card deducts the cost for the call as soon as it supervises, it's a great way to tell the difference (however, using calling cards from callingcardplus.com "might" not be as informative since it deducts after a half-minute or full minute has passed)



#35 d3crypt

d3crypt

    I broke 10 posts and all I got was this lousy title!

  • Members
  • 12 posts
  • Country:
  • Gender:Male
  • Location:Los Angeles, California

Posted Yesterday, 03:25 AM

My carrier must block cacs <_<. Can't even make a call with one to a 1-800 number.



#36 ThoughtPhreaker

ThoughtPhreaker

    DDP r0x0rz my s0x0rz

  • Members
  • 1,243 posts
  • Gender:Male

Posted Yesterday, 06:45 AM

If it's a POTS line, they're legally obligated to allow CACs. But you can't do toll-free over a CAC; the way it works is when you dial a toll-free number, your switch does a lookup in a toll-free database called SMS-800. From there, it gets a destination to route the call to, and a long distance carrier to route it with. Long distance tandems can't do SMS-800 dips, and it wouldn't really make sense for them to since they'd be just turning around and sending traffic back to another long distance carrier a lot of the time.

 

But if you have a chance to enter a toll-free directly into a long distance tandem, you can get lucky sometimes. For example, on Verizon's ex-MCI/0222 network, the DMS-250s (but not the DEXes. You can usually tell from the recording) will send the toll-free number to a few different CLEC end offices MCI owned: New York, Chicago, Portland, Dallas, and...crap, I can't remember the other one. But there's at least one more. I'm not sure what circumstances the DMS-250s will give you dialtone from. It might be like Sprint where they'll only give you one if you subscribe to one of their plans.

 

And then there's AT&T. There's some circumstances where you can just pick up, dial 101-0288# and get a dialtone even if you're not a subscriber. I think only in places where they have 5ESS "edge" tandems. You can give the switch a toll-free number, but it doesn't do SMS-800 dips. So it'll mostly just complete calls to AT&T toll-frees, but if you try calling other toll-frees, sometimes you'll get weird things. Like 800-244-1111, one of Qwest's toll-frees, will get you a CBCAD recording from a McleodUSA DMS-500. My guess as to why this happens is when Qwest was US West, they had no long distance network; Qwest was a long distance company that acquired US West and ported all their toll-frees to their own network. Anyway, before that they probably had an AT&T toll-free. With time, that old data just sat there unchanged in AT&T's long distance switches, and there was an area code change or two. So we're just hearing the results.



#37 scratchytcarrier

scratchytcarrier

    H4x0r

  • Members
  • 31 posts
  • Gender:Not Telling
  • Location:LATA 672

Posted Yesterday, 03:57 PM

But you can't do toll-free over a CAC


Well, you *can* call 0288 0, give the operator the number and have her dial it, but that's not entirely the same thing you guys are talking about...

Edited by scratchytcarrier, Yesterday, 03:58 PM.





BinRev is hosted by the great people at Lunarpages!