All Activity

This stream auto-updates   

  1. Yesterday
  2. Oooh.. sorry you’re going through that. Hope you’re safe. I’m actually not in that bad of shape since I got a fresh translation card that had no gremlins left over like my other translation card. So the only thing that I’m just waiting to work on is the Audix thing... which is no big hurry.. you have far more important things to worry about now for sure!
  3. If I remember right, this was taken at Defcon around the turn of the decade or so. Someone was playing it on the bridge, so I don't have a solid reference for where it's from. Keep in mind even that can be a problem sometimes: 304-720-9915, 863-297-9998, 707-262-0086.
  4. I'd consider options other than waiting for a call for assistance for the moment. Sorry. For a lot of reasons, including being in northern Calfornia for those wildfires last week (evacuating tends not to be fun. Not so much because of the impending doom, but because of the obligatory people driving like absolute retards you see in disasters, and having to take a long car trip when you're least in the mood for one), I've had an unusual amount of things to deal with recently. If you want to hop on the bridge one night though, that might be a good way to look into this.
  5. The N4Es specifically have media gateways, so they could just use existing TDM trunks. I don't know what they're run over, but with things that are very clearly running over IP like the 4E-APS redesigns (notice in areas like Los Angeles and New York, the 800-223-1104 ANAC has a different voice. They don't seem to be actively adding these at the moment), I just sorta assume they're at least reachable on the public internet. Occasionally they'll have the sort of staggering packet loss that would imply a bunch of people trying to attack it or something.
  6. Last week
  7. Ha, i'd love to see this if you're able to find it. I guess this is exactly how I personally use WarVox...I let it make calls... then I take the list of 'answered' calls and manually dial them to confirm what they actually are. I also use it to 'sort' by the audio waveform.... it makes things like a bunch of "Voicemail Not Set Up" messages easy to find.
  8. The problem with WarVox and a lot of those other programs is it follows the mentality of people who equate this sort of dialing with a relatively menial practice, like nmapping but for phone calls (which to be fair, isn't to say that's not the case in some places. Learning to anticipate when you're going to be left with two wasted hours and a couple milliwatts is an important part of this), and are relatively inexperienced with phone networks to boot. For example, there's a video somewhere of the Warvox developer in particular getting a dialtone from some sketchy route his voip provider used, and mistaking it for something actually coming from what he was trying to call. Anyway, when you get rid of the tediousness of disconnected numbers and subscribers, it's a really enjoyable practice that helps you learn way more about the network than anything else; sort of like a huge improv exercise. Techniques like identifying switches based on the ringback sample they use never would've become a thing if there weren't people practicing hand scanning. There's also a fair number of things that automated analysis will very frequently miss. So the idea behind all this is to keep a level of automated detection for the purposes of indexing; so people know where to look and if they're in a mood for a particular sort of thing, finding them a range that has a lot of it. But also, ultimately, letting a caller be the ultimate judge of what's on the other end, and giving them maximum exposure to the network. So essentially to take the monotony out, keep all the good parts, and organize it in a way that works with a minimal amount of free time. Or to put it simply, I'm kinda tired of half the some numbers posts being mine .
  9. Please tell me they run these VOIP links over their existing physical trunk network and not the greater public Internet... Why "N4E"/"New 4ESS"? Wouldn't "4AESS" have better followed convention?
  10. Alright.. I got both cards. I just have to find a machine to put them in... almost there!
  11. No need for an apology at all, these numbers are outside of the general new "Some Numbers" post... Please consider my time on these a personal thank you to the many posts which I have enjoyed... and the fun numbers i've called (my favorite number being the "AM Transmitter" one). This scan gave me a bunch more interesting items than the previous scan... I've bolded the items I found the most interesting (modems are always interesting, so they haven't been bolded). Number Auto-Scan result Manual scan, comments 6309790003 VOICE Unassigned Extension / Unassigned Voicemail? 6309790051 VOICE …. seemed to be an auto-answer extension at the security desk? 6309790395 VOICE Subscriber 6309790752 VOICE Subscriber 6309790766 VOICE I'm pretty sure this is their "telemarketer torture" voicemail. Scared me at first, I was like "I swore I had the mute on here!". [note, I tried again and got a subscriber, so I'd try this one after hours] 6309791120 VOICE Unassigned Extension / Unassigned Voicemail? 6309791616 VOICE IVR providing different numbers to call, then an inband reorder. 6309792000 VOICE Nokia Main IVR 6309792458 VOICE Subscriber 6309792496 VOICE Subscriber 6309793151 VOICE Subscriber (Security Desk!) 6309794040 VOICE Subscriber (Security Desk!) 6309794732 VOICE RNA -> Reorder 6309795550 VOICE Subscriber 6309796216 VOICE Answers, Dials DTMF. If you send DTMF, it seems to dial the same series again. 6309796322 MODEM Modem tones. 6309796487 VOICE Garage Elevator. Wow. This is the most sophisticated elevator phone I've ever encountered. 6309796515 VOICE Subscriber Voicemail 6309796800 VOICE Subscriber (Security Desk!) 6309796945 VOICE Unassigned Extension / Unassigned Voicemail? 6309796946 VOICE Subscriber 6309796947 VOICE Subscriber 6309796948 VOICE Subscriber 6309796950 VOICE Unassigned Extension / Unassigned Voicemail? 6309796951 VOICE Unassigned Extension / Unassigned Voicemail? 6309796952 VOICE Unassigned Extension / Unassigned Voicemail? 6309796953 VOICE Unassigned Extension / Unassigned Voicemail? 6309796954 VOICE Unassigned Extension / Unassigned Voicemail? 6309796957 VOICE Subscriber 6309796959 VOICE Unassigned Extension / Unassigned Voicemail? 6309796960 VOICE Unassigned Extension / Unassigned Voicemail? 6309796961 VOICE Unassigned Extension / Unassigned Voicemail? 6309796962 VOICE Unassigned Extension / Unassigned Voicemail? 6309797079 VOICE Answered, gave euro ringback tone, subscriber answered? 6309797659 VOICE Subscriber 6309797890 VOICE Subscriber 6309797997 VOICE A weird one. Answers, give an 'elevator phone' like ringback, then provides a very odd tone… Seems to wait for something, then hangs up. 6309798335 MODEM Modem tones. 6309798510 VOICE Subscriber Voicemail 6309799038 VOICE Seems to answer, dial DTMF, and wait for something…. Also, if you dial in to this same # on another phone, you can hear a 'call waiting' beep from the FAR side… # ends the call. 6309799447 VOICE Subscriber 6309799519 MODEM Modem tones. 6309799564 VOICE Subscriber (Security Desk!) 6309799572 VOICE Subscriber (Security Desk!) 6309799608 VOICE Seems to answer, dial DTMF, and wait for something…. Also, if you dial in to this same # on another phone, you can hear a 'call waiting' beep from the FAR side… # ends the call. 6309799622 VOICE Seems to answer, dial DTMF, and wait for something…. Also, if you dial in to this same # on another phone, you can hear a 'call waiting' beep from the FAR side… # ends the call. 6309799624 VOICE Seems to answer, dial DTMF, and wait for something…. Also, if you dial in to this same # on another phone, you can hear a 'call waiting' beep from the FAR side… # ends the call. 6309799627 VOICE Seems to answer, dial DTMF, and wait for something…. Also, if you dial in to this same # on another phone, you can hear a 'call waiting' beep from the FAR side… # ends the call. 6309799635 VOICE Seems to answer, dial DTMF, and wait for something…. Also, if you dial in to this same # on another phone, you can hear a 'call waiting' beep from the FAR side… # ends the call. 6309799649 VOICE Seems to answer, dial DTMF, and wait for something…. Also, if you dial in to this same # on another phone, you can hear a 'call waiting' beep from the FAR side… # ends the call. 6309799713 VOICE Answers, Dials DTMF. If you dial back, it seems to dial the same series again.
  12. No need to invent the wheel, this already exists -- I can assure you I didn't manually dial all 20,000 numbers for the Alcatel-Lucent/Nokia Lab exchange (Speaking of that, I got the other 10,000 recently, i'll post the results in that thread, once I manually go through the results -- things have been very busy for me lately). The software I've been using is WarVox2 along side an Asterisk PBX: https://github.com/rapid7/warvox. (it looks like this software was abandoned from further development about a year ago -- ruby is a bit above my head... but if someone else could take a look and possibly make improvements...?) You set it up and let it run with your parameters -- Once complete, I've been going through and manually re-dialing the numbers, and categorizing (Subscriber/Modem/etc)... It brought manually dialing those Lab exchanges from 20k+ to about ~100. The first round of 10k took the software about 15 hours, and the second round of 10k, after a bunch of tweaking, took nearly 5.5 hours. I've also been using two SIP Trunking providers which seem to allow an unlimited number of simultaneous calls (my record is 200 simultaneous calls -- not for WarDialing, but another project). I'd be happy to share those SIP Provider names with you privately (and you may use your discretion on who to share with further). Also, the cost associated is essentially nothing. Running both the first and second round of 10k cost me only about $0.60 (keep in mind, an uncompleted call is free, and my provider charges in 6 second increments). Would it help if I whipped up a basic guide for a full setup...?
  13. Earlier
  14. - cue Paranoid by B. Sabath.
    - Python DNS audit script running
    - scan for port 1723
    - scan results for open 21
    - admin:admin, admin:password,admin:1234,admin:12345,admin:123456
    - I pwn your PPTP and they cant find me........

    :shuriken:

  15. @ThoughtPhreakerOk... I ordered one of the cards you listed. I put in an offer for the other card for experimental purposes. It says there is one other offer out there, so I'm not sure I'll get it. But I'll keep an eye out for those type in the future to try out. I also sent you a PM...
  16. For anybody else interested in ASA, here's a copy: http://www87.zippyshare.com/v/5KLQq8cL/file.html https://openload.co/f/Vmg1F004bdM/siteadmin.zip I think the command to grab the translations from the Definity to a computer is 'upload translations'. I'm honestly a little confused; I've never seen it barf out something blank like that before. If you could try again, that'd be great; there's a checksum for like every block in the xmodem protocol, so there's no chance of it uploading something it shouldn't. Well, not without Hyperterminal (or the Definity) raising a huge stink anyway. No worries! It might be a while before I can get a normal machine to run this with (the machine that currently runs my Dialogic code gets pretty frequent use right now, and being headless, it's hardly a normal install case) though, so let me know if you want me to just help you remotely for now. I know enough by memory to get it working for that and improvise the rest. For starts, you'll need a Dialogic card. This is the particular model I have. It's cheap and works with normal POTS stations. Occasionally you'll see them go for a little cheaper on eBay, but this is pretty good: http://www.ebay.com/itm/D41JCTLSW-Dialogic-4-Port-Analog-Loop-Start-PCI-SP-Voice-Interface-Card-/272816283916?epid=1656832384&hash=item3f851e210c:g:K98AAOSw4DJYf22m . It's about a foot long, so finding a machine it physically fits in (most off the shelf ATX machines will do) is going to be your biggest bottleneck. Any Pentium 3 (or later 2)-era thrift store/yard sale/dumpster machine with 256 or so MB RAM will run the software perfectly fine. After booting the install CD, keep in mind it'll overwrite your hard disk without asking too. Once it boots, you may need to set the root password and start up an SSH server (beware that leaving any system running a Linux distro this old on the public internet is an extreme liability. Since it was convenient, I was using a dial-up modem to run mine for a while) before installing the Audix software packages. If you need any help with that, just let me know. That's right; the formatting stuff the Definity spits out with the dump isn't part of what's in RAM. But by pasting all that in a hex editor, you're converting ASCII to hex data, though. The RAM location with the passwords changes with each build. My way of figuring out where is to just search for the string 'inads' until I find what looks like passwords. From the TCM shell (which I *think* exists in release 6. At least, there's a TCM process. I don't think you can type 'go tcm' until 7 or 8 though), you can get a fairly solid example from the Definity itself of what the location with passwords looks like: That's a good question - I don't think the keys are necessarily in the RAM, but the program that validates them definitely is. I honestly don't have any idea how to do it. EDIT: Here's some cheaper Dialogic cards. Like I said, they go for peanuts: http://www.ebay.com/itm/Dialogic-D-41JCT-LS-4-port-Combined-Media-Board-Voice-Interface-Card-/263201498830?epid=86074960&hash=item3d480826ce:g:AZoAAOSwZr9ZtxdD http://www.ebay.com/itm/DIALOGIC-4-PORT-ANALOG-VOICE-FAX-COMBINED-MEDIA-BOARD-D-41JCT-LS-/162099670042?epid=86074960&hash=item25bde4ac1a:g:PVIAAOSwbwlXCsoz http://www.ebay.com/itm/Dialogic-D-41JCT-LS-Combined-Media-Board-Voice-Interface-Card-/332385891932?epid=86074960&hash=item4d63be365c:g:sm4AAOSwo4pYCRGh It's a little strange; these go for like, $5,000 brand new, and some of them weren't even opened. From the auction descriptions, it sounds like some people are mistaking these for dial-up modems. If you're willing to go through the trouble to develop software for them, it's a ridiculously good deal. There's also another card you can occasionally find that's smaller and should be runnable using the same API. I haven't tested it, but if anybody wants to give it a try, here's one: http://www.ebay.com/itm/DIALOGIC-D-4PCIU-D4PCIUFW-44-0053-02-4-PORT-VOICE-FAS-MEDIA-PCI-E-CARD-/272741298914?epid=80086610&hash=item3f80a5f2e2:g:bPQAAOSwnK9ZVTr0
  17. oh.... snap.  Didn't see that one coming. :-/

  18. Well I was looking around in the switch today just doing some exploring, and came across change system-parameters special-applications. There was one option that looked interesting in there that I wanted to try out. Now at the top of the first page, it looks like it wants a password and key to change those features. Is that something that is hidden in the ram as well? Anyone have experience with these?
  19. "Filler" noise to jam the trunk so kids can't make a party line on it by yelling through the crosstalk? "Dig this timely announcement for the 2010s!" I duno. Something about these modern-sounding announcers doing old-fashioned announcements like that just seems.... really wrong.
  20. Maybe. Got time and CPU cycles for 360-25x (ORCHWA01) and 69x (VANCWA01DS0)? All I know is now this stupid mandatory "having to dial the NPA code locally" bullshit just adds an unnecessary number of repetitive keystrokes and layer of complexity in scanning. I still say the phone company completely blew it with the area codes. I wonder if there were ever scans of my COs in Bell's Mind. I regrettably found out about that site too late as it had just gone ttys up by the time I first had heard about it. (and the ones stored on Wayback Machine don't seem to actually do anything useful.)
  21. So today, I was thinking about a few people I'd talked to recently - they told me they were into the idea of scanning, but because of their lack of free time/direction, it was hard to find space in their lives for this sort of thing. So I was thinking; should I build a thing with my Dialogic box that automatically dials ranges that look potentially fun, and let people review the recordings/manually make a description of what's actually on the line? There could be a rough level of signal detection using the DSP; enough to let you search by what you'd like to see most; whether it be recordings, VMBs, modems or dialtones or whatever, and let you select by region or operating company. Maybe some more powerful signal detection could be tacked on at a later point that could recognize certain manufacturers or switch types. This would be a pretty significant undertaking, so I'd like to know if anybody is interested before I actually do this. If you don't actively scan and would like to, would this help turn the tide for you a little?
  22. Yes, some models of motocross boots take forever and a month to dry out inside, but don't put them in your clothes dryer. You won't have much of a dryer left by the end of the day.

    1. scratchytcarrier

      scratchytcarrier

      And don't play with blasting caps!

  23. No dice . Maybe! I wonder if a slow sweep tone or something would be in order. The pause/repeat thing sounds like it may be your long distance carrier changing routes. If you're okay with casual dialing (should be safe; I'd be sure, but I don't think it supes), try seeing if AT&T or MCI do the same. I'd be really disappointed if it was the case, but I was thinking this might just be the Nortel announcement card making that tone; they sometimes end calls with that same (or at least a similar) cause code. 706-219-0002 - Windstream NOC 434-223-6399 - Newer Otis elevator at university, on Meridian. 7200 is a Siemens elevator. 706-865 1112 - Ringout bridge 1113 - rec, "The number you have dialed is a party on your own line. Please hang up and allow the phone to ring several times before lifting the handset to talk." 1117 - Ringout 1118 - Ringout to Meatwitch VMB, Windstream Cleveland CO 1119 - Business 1120 - Ringout to Meatwitch VMB (CNAM: WINDSTREAM) 1121 - Loud, 20 hertz ringing x1 + hang up 1122 - Mitel PBX ringout to Express Messenger VMB, answers with **93604 1123 - Ringout 1124 - Ringout 1125 - Ringout 1126 - Ringout 1127 - Ringout 1128 - Ringout 1129 - Ringout 1130 - Modem 1131 - Ringout 1133 - Ringout 1134 - Ringout 1135 - Ringout 1136 - Ringout 1137 - Ringout to Meatwitch VMS 1138 - Ringout to Meatwitch VMS 1139 - Ringout 1140 - Ringout 1141 - Rings x1, hangs up quickly 1142 - Ringout 1143 - Ringout 1144 - Ringout 1145 - Ringout 1146 - Ringout 1147 - Modem 1148 - Modem 1149 - Ringout 1150 - Ringout 1151 - Ringout 1152 - Ringout 1153 - Ringout 1154 - Ringout 1155 - Ringout 1156 - Modem 1157 - Ringout 1158 - Ringout 1159 - Ringout 1160 - Ringout 1161 - Modem 1162 - Ringout 1163 - Ringout 1164 - Ringout to Meatwitch VMB 1166 - Ringout to Meatwitch VMB 1170 - Ringout 1171 - Ringout to Meatwitch VMB 1180 - Meatwitch VMB 1183 - Meatwitch VMB 1184 - Meatwitch VMB 1186 - Meatwitch VMB 1187 - Ringout 1190 - Really old AIS. Cognitronics? NIS report. 1191 - Same as 1190 1192 - Same as 1190 1193 - Same as 1190 1194 - Same as 1190 1195 - Same as 1190 1196 - Ringout 1197 - Ringout 1198 - Same as 1190
  24. @MakeAvayaRedGreatAgain Yeah, because all of the work I've done was for small businesses that friends of mine had, and just did work unpaid as a favor to people (and because I am a nerd and secretly like doing the work). Since I'm a nerd and always had an interest in phone switching systems, I decided to try to learn Definity to satisfy my curiosity and to run at home. But I've never worked in a professional capacity with phone systems. I'm actually a tower controller for a railroad (long story on how I got here). So all of this is just side dabbling for my nerdy side.
  25. Oh already I have that, and had to go to my State Library to find it locally. I had been trying to digitize it over the last couple of years and life got in the way. I had Avaya sources contact on my site that the DCP was an ISDN varient before the ISDN was finalized (a comment still is there). But some boards are harder to find. I take that to be an insult. I'm not an engineer but a professional, so I don't go and insult systems other than calling Nortel Nerdtel. That's the only line I cross.. Easy to say when this information wasn't around a few years ago. And the individual who gave me his CMC is a sever administrator with already a high stress job. And the system couldn't be put into a decent location. I believe he lives in some townhouse. He doesn't apparently have the time like you folks just creeping around the internals. It's within the realm of the topic. You do know that the UCX supports Meridian 1 (the PBX line) sets, right? So your argument is actually counterproductive. Yes the Avaya PBX boxes was most often found in midline setups, but again, I think you missed my point of what the UCx can do, the ability to add IP sets without worrying about licenses, and I just see the resistance because I am not a technical person and no one else is interested...whatever. I see you folks more interested in resuscitating old TDM boxes and questionable PPNs that are sadly becoming more and more rare. Fair point and understand your counter.
  26. This licensing thing someone with a bigger brain than I have should really look into it beyond the Definity but in the Aura world too. A source had contacted me recently of having a G250 at home and had the ability to get find a S8500 server to run Aura and was talking to their Business Partner (Avaya's =/ VARs) of trying to get some license and the BP had basically went silent and gave a half answer if it could be possible. It's apparently cheaper to not acquire a new license and just copy the crypto from one PPN or server to another when it's done by Avaya or a BP; and that's why mine had the 30 day countdown. I'd rather not go into details of why I am not a genius in hex and TLAs, and other nerdy things because to be honest it goes over my head when it's spitted out randomly, especially when some will use vague language. (Basically I should just disclose, my IQ level on technology is at the "management" level. It's the differences that makes the world go 'round right?) I also feel a little pushed to be honest by some of the replies. I'm known to be a clutz and been taught to not be risky with "expensive" gear.
  27. Oh so you're experienced on the Key systems. They are pretty less open than a proprietary PBX. I am no nerd and these hex codes and cracking and stuff is way over my head. (hence please create a sticky with a walkthrough! A lot of us in tech do love visual documentations!) Also my G3 R9 is back on a production system - another VOIP fail in the house - don't have time anymore to deal with these finkeny systems. In re to the ASA - PM'd you. Check your inbox.
  28. @ThoughtPhreaker A bottle of Grey Goose La Vanille it is! That file I uploaded was the file that HyperTerminal output to the target folder (which was just the program file folder). Did I do something wrong or use an incorrect setting? I followed instructions you had given in the beginning of the thread of using xmodem in HyperTerminal. I can try to download the translation from the switch again if there’s something I should have done differently. As far as setting up AUDIX like that, I would definitely appreciate being walked through the process. I am fairly new to running a Definity switch. I just got my first “lab switch” a few months ago and have pretty much just been feeling my way through and googling a lot of what I’ve encountered (Which is how I found this thread). All of my experience with switches up until this point has been primarily Nortel Norstar or occasionally Avaya Partner & Merlin Legend/Magix systems. Definity has always been something I’ve wanted to tackle and dabble around in. So I’m sorry if I’m being a little needy here, I’m just not 100% sure of what I’m doing. But I want to learn so I can do these things for myself. So what I think I’m understanding is that I’d have to do some cleanup of that ram dump to get rid of some of the extra data that it spit out. Then convert the hex to binary. I’m guessing you know which memory locations to look at to find the password then. And one one other thing.. any word on ASA? Like I said in the last reply, I can’t find a copy for sale anywhere. And the only thing I found was some website that had it which I’m sure would infect me. I sincerely appreciate all of the help. I wish there was something I could do to return the favor.
  1. Load more activity