All Activity

This stream auto-updates   

  1. Last week
  2. Announcement: As of last week, the unofficial binrev IRC server has been decommissioned. I know that a few people still liked to hang out there, but honestly it just became too much to maintain. As of now, if you see the name "BinRev" or any other reference to the Binary Revolution, StankDawg, the Digital DawgPound, or any other similar reference anywhere out there, be aware that it is not endorsed or approved by us. The simple reason why is because there were a lot of accusations being made about people in our IRC channels. Since no one is actively managing and monitoring that channel, frankly we did not know what is or is not going on on that server. Rumors started, fingers were pointed, things were said that cannot be unsaid. For that reason, I decided that it was best to just shut it down to save everyone's reputation, even if i have no evidence of wrongdoing. I just don't have time for such nonsense. If people just behave better, then I wouldn't have to do this. Look, IRC is the wild west and people get pissed at each other and launch attacks and accusations at each other and that is what ruins reputations. Such is the nature of IRC. I do not want my reputation or the BinRev reputation to be tarnished by false accusations. I do not know who pissed who off or whether someone did or did not do anything. I do not know what is true or what is not true. I do not judge without evidence. All that I know is that bad accusations were made about some IRC users and I don't want any part of it. If people can't play nicely without fighting and accusing people of doing things, then I am tearing down the playground. So whatever rumors are out there about BinRev or me personally (or anyone else for that matter) take that with a grain of salt. Anyone who has been here for any length of time knows the integrity standards that we uphold here and I continue to be disappointed in this community an how badly we attack each other. DON'T BELIEVE EVERYTHING YOU HEAR! Some people just live to start drama. The continued attacks on my integrity, and some of our users integrity, should be something that you should be ashamed of. If people have evidence against INDIVIDUALS and want to present that evidence, then address them individually. But do not assume that we at BinRev approve or are related to any of it. Just because someone hangs out in our forums or our IRC servers or anything for that matter, that they are somehow endorsed or approved by us. We do our best to moderate our systems and we don't always catch everything, especially as shorthanded as we are. So for that reason, the IRC server is going down since we cannot moderate it properly. It is only a matter of time before this site and the forums go down next. Sad but true. My shift is over unless someone picks up the reigns. Will the last person to exit, please turn off the lights.
  3. Earlier
  4. If you like really obscure switches, you might want to give rural Alaska or Missouri a call. Despite the GX-5000 being ancient and end of lifed in like, 2001, I've been able to confirm that ACS of the Northland and the Choctaw Telephone company still use them. The ACS Northland GX-5000s, for whatever reason, ring a bunch of times and generate a reorder when you call a non-working number on them.
  5. So a bit of an update; I've got the aforementioned detection code running on analog JCT boards, and have been experimenting with implementing this as an ISDN thing on JCT T1 and DM3 boards. It's gone good so far (aside from a couple nasty bugs), and at the end of the day, is something I'm quite proud of. Namely because I had to do my own implementation of (most of) a Q.931 stack. For that reason, it's attached to the general Dialogic IVR/ISDN router/voicemail/whatever code I already have. One of these days, I'd like to make this a little more flexible in terms of configuration, add a few additional features (a couple projects in progress are conferencing and doing realtime processing/playback of streams from the internet, though I'd like to add a basic GR-303 phone switch to it in good time), make everything a little more presentable, and throw the source up for anyone to use. Especially since when you look at the software that's currently out there for these cards, it's one of the few things that takes real advantage of what they can do, and quite frankly, doesn't suck.To give you some context on this, I'll leave you with the like, one piece of software that actually, just barely, supports DM3 stuff, and only for basic functions: . Kinda makes a huge buzzkill out of $30 quad T1/E1 cards with their own, functionally independent OS/DSP/timeslot interchange/etc, doesn't it? Doubly so seeing as you have to run it in Windows. Anyway, I don't mean to derail the thread or anything. Are there any other tones that should be added to a wardialer? It's been a very, very long time coming to make wardialers useful for finding things that aren't modems. and whatever you're choosing to do it with, I think this is the thread for it. For that matter, can this detection be added to things like, say, Cisco routers (they can do a reasonable amount of IVR stuff with TCL scripts) or voice modems?
  6. Never reply to spammers. Moderators are highly effective at capturation and bannination of spammers. The most effective thing you as a user can do is select "Report post" next to the time/date stamp in the post header. 99% of spam posts are generated by automated means anyways so replying to them accomplishes nothing.

  7. Hello Everyone, I was active years ago on this thread as t3st.s3t but have long lost my credentials. Here's an Ameritech coin deposit recording I found recently while scanning: 906-226-0000
  8. Still, this is a very interesting idea. I didn't realize strcmp worked that way.
  9. New member, enjoying your forum, thanks!
  10. give second dial tone with 2222
  11. 0051 give second dial tone with 1111
  12. A friend of mine more into the computer side of things mentioned that there's some attacks based on strcmp (basically, a string compare function) and the amount of time it takes for the function to execute; basically, the function only executes until it finds a character that doesn't match. So for example, if you enter a password of 12345 but a computer is expecting 12335, strcmp will stop after the second three since no matter what, it's not going to match. So this got me thinking; in a TDM network, there's basically no varying latency once a connection is set up. A lot of IVR platforms like to return strings too, and strcmp is used very extensively for comparing them in exactly that circumstance. If you were to record the amount of time it took to compare passcodes, I'm willing to bet you'd see a tiny difference (as in, maybe a nanosecond or two) in how fast it responds with a recorder. So while if you have a nice network connection without any sort of packetization or anything this could be perfect, the flipside of this is there's a lot of IVR applications that are single threaded; basically, only one request executes at a time. So if someone else is using another channel on it, it might finish up their request before getting to yours. So this may be an attack that works significantly better late at night. EDIT: Heh, yeah,so it occurred to me that measuring nanoseconds over an 8000 samples/second medium might not be a good idea. Not that I'm still not going to see if there's any measurable difference in execution time.
  13. It's definitely worth scanning, once I find some time to get going on it. In fact I started doing one 4-5 years ago or so (think it was 696-9xxx) but stopped after a couple dozen lines for some unknown reason. I did post a few from that scan in one of the "some numbers" threads. My main focus back in the day was on BBSes just because that's what I was into at the time, I don't think I was really aware of infrastructure and SCADA on the open PSTN then. Fax machines, don't know about today but as I remember they were all over the place a couple decades ago. Probably aren't nearly as many as there were but there's guaranteed to be a bunch -- VANCWA01DS0 services the downtown area where several law firms, insurance offices and a hospital are based (as well as the Clark County courthouse and all the area's administrative services), and a fax of a document is still legally considered admissible in court. It would really be a trip to find a working telautograph in the wild and on the network, assuming there are still any of those left.
  14. So I just finished up doing a basic run-through of beep tones for various voicemail and answering machines. Keep in mind if you're implementing this on something like Dialogic hardware and actually want to measure the time of the tone (you're awesome for going the extra mile if you do), you'll have to account for how long the voicemail system will listen for silence before waffling on with menu options or hanging up or whatever; it's not considered the end of a cadenced tone until it hears something else. Since this is user definable, I'd suggest testing with a nice average, like 9 seconds of silence after the tone with five second deviation (so 4 through 14 seconds of silence before it hears something else). Bear in mind too that if you're going to use any sort of IP trunking, packet loss is going to hamper performance quite a bit; if there's packet loss in the tone, it'll be considered two short tones instead of one long one. If there's packet loss concealment, it's going to stretch the samples out to an inconsistent length. Anyway, I'll probably update this with more stuff in time. Octel - 385 hertz, 250 milliseconds non-Dialogic Audix - 850 hertz, 480 milliseconds Anypath - 850 hertz, 400 milliseconds Dialogic DM3/HMP,JCT - 1000 hertz, 400 milliseconds (JCT is quieter, has non-sine waveform. There are a number of voicemail systems that're based on these cards and simply use the beep tones baked into the firmware) Avaya Aura - 1000 hertz, 380 milliseconds Newer NEC Univerge systems - 1000 hertz, 550 milliseconds Verizon Wireless VMS (Comverse?) - 1000 hertz, 200 milliseconds (this one is weird; it's composed of four studders that're each ~45 milliseconds long with 5 millisecond spaces. Whoever made this is stupid. Have your detector ready to account for this) Qwest/AT&T UM - 440 hertz, 140 milliseconds (sometimes it studders too, but this shouldn't hurt detection) APMax, AP? - 440 hertz, 280 milliseconds Comcast - 1650 hertz, 140 milliseconds Nortel Callpilot, key systems - 500 hertz, 550 milliseconds Ringcentral - 620 hertz, 300 milliseconds Google Voice - 585 hertz, 360 milliseconds Cisco Unity - 425 hertz, 500 milliseconds Metaswitch - 440 hertz, 150 milliseconds Newer Toshiba Strata - 790 hertz, ~480 milliseconds (this one fades out, so you may have to give whatever detector you're using some grace period; it probably won't hear the whole thing) Cox - 1400 hertz, 480 milliseconds Middle-aged Panasonic answering machines - 1040 hertz, 800 milliseconds Rolm Phonemail - 950 hertz, 125 milliseconds GTE (custom Glenyare?) - 1330 hertz, 400 milliseconds Stock Glenayre - 1400 hertz, 240 milliseconds Shoretel - 2000 hertz, 200 milliseconds ESI - 620 hertz, 395 milliseconds Newer Panasonic answering machines - 1000 hertz, 420 milliseconds Older (late nineties to mid 2000s) Panasonic answering machines - 1000 hertz, 1000 milliseconds Older Intertel - 650 hertz, 220 milliseconds Newer Mitel Express Messenger/Nupoint systems - 795 hertz, 380 milliseconds (like the newer Stratas, this one fades down) Middle-aged Toshiba Strata - 440 hertz, 490 milliseconds (this one fades *in* for...reasons) Older Centigram/Mitel Nupoint systems (same thing) - 1000 hertz, 200 milliseconds Some Comdial systems (mid-nineties or so) - 650 hertz, 500 milliseconds (this one fades down) Some Avst systems - 1000 hertz, 450 milliseconds T-Mobile - 1000 hertz, 200 milliseconds
  15. Adding another from NANPA - the toll-free (800/877/etc) carrier list and which carriers claims what. 800855_Assignments.pdf
  16. What's the fax line count? Don't forget there is SCADA systems out there using modems along with alarm systems and other dialup infrastructure. Just because the BBS is gone, doesn't mean that it's not worth scanning. I guess the key phrase is to be `selective`.
  17. Most do, yes. But it's touch and go in detection. Hardware works better than software of course but software like Warvox has tone detection at the core of it's detection logic.
  18. I remember scanning out then 206-694 and -696 on a metal-geared WE 500 rotary fone in the early 90s, looking for carrier tones (this was during the heyday of BBSes and the emerging commercial ISP industry and I was sort of into BBSing back then). I also remember my right index finger getting quite sore after about 75 numbers or so. What I would have given to have had an operator's dialing tool back then. I think I only did about 200 numbers or so on either, but gave up when I found that some phreak in GTE land (probably Camas) had already done the work for me and posted a full scan of VANCWA01CG0 to a local BBS. To this day I have no idea if they did it manually or by computer and I wish I had thought to ask. I think I may still have that half a ream of tractor-fed printout somewhere even though I probably haven't looked at it in 25 years. Hmmm, I still have that fone and 360-694/6 haven't gone anywhere. There are no more dialup BBSes around here that I'm aware of but I know there are a bunch of test lines and recordings on there... Of course back then we didn't have fancy things like electricity or indoor plumbing, the train brought us our mail once every two weeks and we walked 5 miles every day in waist-deep snow to get to school.
  19. I think what they do is submit a "prototype" with full RF filter complement to the F¢¢ for approval then actually manufacture them without, to cut cost. Supposedly that's been done a lot with compact fluorescent lights. I have Cree BA19-08027OMF LEDs in use and the ballasts in those things are effectively little solid-state wideband jammers below about 350 MHz, including airband (AM). An Energizer NiMH charger I have, when it's charging I can hear pulses of static over any transmission on VHF. Really makes it a pain in the ass when I'm monitoring Gifford Pinchot dispatch on 172.225. Those LEDs aren't nearly as noisy as fluoros were (nor do they put out as much UV to discolor plastic telephone housings in the vicinity!) but they're still far from silent. I was on a 58-mile bike ride today that took me into the Van Mall area and I went by the local Comcast headend. The building looks like it hasn't had any real maintenence since TCI was in there 20 years ago. They have an antenna tower out back and there's actually a small satellite dish (looks like a 1-meter unit (a.k.a. a "Muzak dish")) hanging off it by the coax! It's really and truly Comcastic.
  20. Just dialing 101-0288-0 from a phone line. I get around a lot. That being said, it seems like OSPS translations have been updated to make these routings a lot more common. If you checked it before and it failed, I'd encourage you to check it again. That being said, I've tried this from payphones I've confirmed use this routing pattern, and it doesn't seem to work. EDIT: If you want to use the old routing pattern, various AT&T/SBC CACs still use it.
  21. I've been doing development on and off of things of this nature for the Diva and JCT/DM3 cards with a friend - and hopefully more platforms soon. If I can get results I'm happy with relative to handscanning, I'll post some more about it. For the interim though, here's a partial wardial of a DMS-500, and what results I get from calling the numbers normally: PAMD means Positive Answering Machine Detection, PVD is Positive Voice Detection (these are the stupid Dialogic marketing terms that come back from the call progress detector. I should really change that), CB is cadence break (for example, something answered in the middle of a ring cycle, and no other tones were detected). The code has since been updated to differentiate between modems and faxes. One thing I'd like to do next is voicemail tone recognition to differentiate between unique systems. I'll post the frequencies here if you'd like to do the same. There's some things though, like distinguishing between different ringback tones, that I doubt the DSP will ever be able to do. While it sounds annoying to have to pull together, other software on the host computer could very well do it. One more frustrating thing about the JCT cards is their ability (by default anyway) to tell the difference between different SITs is limited, so they're not of much help in finding interesting error recordings. Honestly, I have really mixed feelings about this. I don't want to get lazy and stop looking at ranges by hand, but this has proven really useful for finding test ranges on obscure switches like this one. The DSPs are fast, flexible and ruthlessly efficient. Back to voice modems though, don't some of them have tone recognition features? I'd assume at least with the Diva, you can adjust what tones it comes back with from the AT interface. With the code I pasted - and presumably other things since it uses the default tone definitions, if you happen to have the misfortune of hitting a Definity over a trunk with something horrible like g.729, it'll sometimes mistake the warble/intercept tone (the thing that goes back and forth between 620 and 440 hertz) for a dialtone.
  22. 206-204-6198 - Dialtone via ? 416-640-0468 - Dialtone via thingie. Likes to generate offhook tone for presumably invalid numbers. 206-576-7201 - Room monitor. At parking garage? Awesome reverb. 612-349-4045 - Definity conference bridge. On a hotel PBX. For...reasons. 612-349-4077 - rec, "Hello, this is your wakeup call. Today is Saturday, August 12th. Today's weather is partly cloudy with a high of 81 and a low of 59. Thank you so much for staying with us here at the Marriott City Center and have a wonderful day." 612-349-4017 - Modem 612-349-4031 - 300 baud modem 612-349-4072 - Modem 612-349-4073 - Modem 612-349-4096 - Modem 847-954-7205 - Modem 847-954-7095 - Room monitor. In switchroom? 847-954-7093 - Modem 847-954-7041 - Ringout bridge 847-954-7011 - Modem 847-954-7506 - Ringout bridge 847-954-7512 - Ringout bridge 847-954-7599 - Time and temperature announcement, has weird, dying old people ads 847-954-7731 - Modem 847-954-7799 - Ringout bridge 970-547-4098 - Modem 970-547-4096 - Modem 970-547-4092 - DISA on Definity PBX
  23. In a related vein, I was /P on 20 meters this past spring running an FT-817 off of a GoalZero Sherpa pack, and wondering why net control on 14300 KHz. was buried down in the noise. For those not knowing, 14300 KHz. is the frequency for the maritime mobile net and its net control operators are running legal limit QRO into some large beams so they can work maritime mobiles running 20 watts into a wire tied the mast. Figuring the band was truly dead, as I went to shut down the station I first unplugged the Sherpa to hear net control coming in S9+. Worked him using 3 watts and a dipole off the internal pack in the '817. Plugged in the Sherpa again and watched the noise floor go up 9 s-units. When I got home, I plugged the Sherpa into an O'Scope to find quite a bit of AC hash on the output. Have since discovered the same with most cheap "wal-wart" power supplies.
  24. Hey, Greetings from your neighbor to the southeast.
  25. Missed it this year, but hopefully will make it back east for 2020.
  26. Issue #28 is out. Or locally here. issue28_28JUL2018_by_Ticom.pdf
  27. if you want to buy new. Every hamfest I've been to has had a few handheld frequency counters for sale cheap.
  1. Load more activity