Scanning Questions

[scoobydooble 5]

Hi, all.

This is my first time posting a topic and I'm excited to see what I learn. I'm very new to phreaking but I've recently discovered a hobby: hand scanning! That is, calling many numbers manually in hopes to find cool recordings and sounds. I've found some pretty cool things so far but don't really understand them. I'll just post all my questions in this thread and if you know the answer it would be much appreciated.

1. What is a carrier?
2. Do carriers still exist?
3. If so, how can I identify and connect to them?
4. What kind of cool stuff is possible to find?
5. How do you find out who someone works for if they randomly pick up and say "Hello?"

Thanks in advance,
Scoobydooble

[ThoughtPhreaker 156]

1. A carrier in the context of a scan can either be a long distance carrier or a carrier tone from a modem, depending on where it's being said.

2. Yes. Very much yes.

3. In the case of long distance carriers, they have access codes that can be dialed from POTS lines. If you're talking about modems, if you have a modem yourself, usually there shouldn't be any problem connecting to the one on the distant end.

4. It depends. Traditionally, phone companies want you to dial a carrier access code with a destination at the end - like, 101-0222-0 or 101-0725-1-202-484-0000. There are some cases where you can just dial # after the carrier access code (101-0725# is actually one that'll work with this) and get a dialtone from the toll switch. What you can do with it really depends on the carrier and how they have it set up. In that particular carrier's case, the only thing I know for sure you can dial are toll-free numbers that're run by that particular carrier. 800-711-3408 comes to mind. If you subscribe to a carrier or call it in an area with a different kind of toll switch, sometimes you'll get a dialtone where you couldn't before.

 

That being said, if you're calling something that isn't free (like a number that doesn't answer or that toll-free number I posted. On most switches you can flash, and if you get a stutter dialtone, the call has answered), they'll send you a relatively hefty bill, like $5 for a 1 minute call - or outright block you from the network for using it without a subscription. It depends on the carrier; some are more reasonable than others. But it's best not to be in that position to begin with. So just be really careful when you're messing around with that sort of thing.

 

As for scanning itself, it really depends on what you're looking for and where. In the traditional phone company test range, usually you'll find a bunch of recordings that're slapped on the announcement device. Usually there's a couple modems, maybe a DATU depending on the company, an ANAC, a loop (mostly on DMS-10s, since they can do it in software), elevators, and all sorts of other stuff. Sometimes you'll get lucky, and find some one of a kind stuff that isn't anywhere else.

 

If you're looking on a PBX, some companies have really nice things depending on the industry they're in. For example, CNN's Atlanta PBX has a bunch of patches that let you hear network feeds, depending on the time of day; 404-878-9901. 8042, 6040, and 9982 will all give you different content, but just keep in mind that they're silent when not in use.

 

5. Usually, it's a good idea to just hang up if you get a random person. Most of them will answer and say what or where they are if it's a business, unless it's someone's desk or something.

Edited August 29, 2016 by ThoughtPhreaker

[I-baLL 5]

Yeah, if you're looking at old scan textfiles then a carrier is a modem carrier. You can identify them by their metal screeching though you should find recordings to differentiate between a fax carrier and a modem carrier signal. You could connect to them over voip, I think, using a terminal program like Term90 or HyperTerminal. Okay, okay, I don't know offhand of any modern dial-up terminal programs. Guess I should research that. Might be a ton of BBSes under my nose and me without a trusty US Robotics.

[tekio 117]

Was war-dialing once and found a Telco switch with common or no credentials (unsure but can remember the first thing I tried logged me into it). Just logged in and looked around for about 5 minutes at different stuff connecting then logged out and never went back. Sure I could have caused some serious mayhem (but also done some serious time).

 

Unsure what it was - but pretty sure it was Telco. Could see different numbers and stuff connecting. Would have taken a screenshot but was too worried about being able to deny it ever happened (LoL).

[ThoughtPhreaker 156]

Talk about winning the hax0r lottery. Do you remember any details about it? Like, did it have a fancy UI with the switch's CLLI code in the upper left corner? Did it return annoyingly unintuitive, numeric error codes and only accept four character commands? According to someone I talked to who worked at a phone company, a lot of the user interfaces for these things are shockingly distinct; the last thing you can expect from most of them is a normal login prompt.

Edited September 13, 2016 by ThoughtPhreaker

[JCSwishMan33 34]

Posting here as this is related to scanning / janning / wardialling.

 

Thinking about repurposing an old Asus EEE PC netbook for some flavor of Linux, to install iWar / WarVOX for autojanning via VoIP (IAX2 is allegedly supported on both programs).

 

Has anyone used either program, or know anything about them? Wanting call progress detection and logging, simple interface, ability to set NPA-NXX-YYYY parameters and control randomness and timing of calls.

 

Thanks!

[resistorX 4]

Personally, I prefer hand scanning since any software cannot do for me what manual scanning does such as enabling me to at the spur of the moment change what number to scan, for example I may start with 303-232-0000 through 303-232-0100, find an interesting one then suddenly decide to try scanning other possibilities around it and with added digits at the back end of it like this :

 

start with 303-232-0000

then try 303-232-0000*

then try 303-232-0000#

 

I've done this more than once, so for me I cannot have a program make sudden unexpected decisions like this, only a manual scan works for it.

 

 

[JCSwishMan33 34]

16 hours ago, resistorX said:

Personally, I prefer hand scanning since any software cannot do for me what manual scanning does such as enabling me to at the spur of the moment change what number to scan, for example I may start with 303-232-0000 through 303-232-0100, find an interesting one then suddenly decide to try scanning other possibilities around it and with added digits at the back end of it like this :

 

start with 303-232-0000

then try 303-232-0000*

then try 303-232-0000#

 

I've done this more than once, so for me I cannot have a program make sudden unexpected decisions like this, only a manual scan works for it.

 

Honestly I'm the same way, but I feel like a good software scanner can be a useful tool to narrow a search. If you have a program that captures call progress and a snippet of audio, you can always note interesting things, and go back to them later.

 

A fine example (and one I'm hoping to find software for) is getting all the interesting things out of the remaining 1A switches. Time is of the essence, so I need to be able to scan faster than I could hand-scanning... So I can spend the time hand-scanning the interesting stuff before it goes away forever.

[resistorX 4]

2 hours ago, JCSwishMan33 said:

 

Honestly I'm the same way, but I feel like a good software scanner can be a useful tool to narrow a search. If you have a program that captures call progress and a snippet of audio, you can always note interesting things, and go back to them later.

 

A fine example (and one I'm hoping to find software for) is getting all the interesting things out of the remaining 1A switches. Time is of the essence, so I need to be able to scan faster than I could hand-scanning... So I can spend the time hand-scanning the interesting stuff before it goes away forever.

 

I haven't thought about it in a while but I see the usefulness of a program like you said but a while back I tried getting a program for what you mentioned but wasn't been able to find one.  I'm using Linux which is good since from what I've seen a while back any programs work on it, but I had some issue(s) and don't recall now what it was.  In any case I'd be interested in looking into it since you brought up how it can come handy with certain things.

 

 

[ThoughtPhreaker 156]

Quote

A fine example (and one I'm hoping to find software for) is getting all the interesting things out of the remaining 1A switches. Time is of the essence, so I need to be able to scan faster than I could hand-scanning... So I can spend the time hand-scanning the interesting stuff before it goes away forever.

 

That's a fair example of where this sort of thing might make sense. For whatever it's worth, I made a program for my Dialogic box to three-way stuff in when I was living in the hotel. It's been a huge help for places where toll calls cost actual money, but as sort of a compromise like the one you describe, I made a command that makes it increment the destination by 100 numbers, hang up on the existing call, and three-way the next number in. Like for example, 432-332-0000, 0100, 0200, etcetera. It'll be a few days before I'm home. Lemme know if you want to use it for investigating the 1AESS.

 

Also, fuck Texas/Georgia and their confusing test numbers .

Edited May 8, 2017 by ThoughtPhreaker