ThoughtPhreaker

Scanning IVR

6 posts in this topic

So today, I was thinking about a few people I'd talked to recently - they told me they were into the idea of scanning, but because of their lack of free time/direction, it was hard to find space in their lives for this sort of thing. So I was thinking; should I build a thing with my Dialogic box that automatically dials ranges that look potentially fun, and let people review the recordings/manually make a description of what's actually on the line? There could be a rough level of signal detection using the DSP; enough to let you search by what you'd like to see most; whether it be recordings, VMBs, modems or dialtones or whatever, and let you select by region or operating company. Maybe some more powerful signal detection could be tacked on at a later point that could recognize certain manufacturers or switch types.

 

This would be a pretty significant undertaking, so I'd like to know if anybody is interested before I actually do this. If you don't actively scan and would like to, would this help turn the tide for you a little?

2

Share this post


Link to post
Share on other sites

Maybe. Got time and CPU cycles for 360-25x (ORCHWA01) and 69x (VANCWA01DS0)?

All I know is now this stupid mandatory "having to dial the NPA code locally" bullshit just adds an unnecessary number of repetitive keystrokes and layer of complexity in scanning. I still say the phone company completely blew it with the area codes.

I wonder if there were ever scans of my COs in Bell's Mind. I regrettably found out about that site too late as it had just gone ttys up by the time I first had heard about it. (and the ones stored on Wayback Machine don't seem to actually do anything useful.)

0

Share this post


Link to post
Share on other sites

No need to invent the wheel, this already exists -- I can assure you I didn't manually dial all 20,000 numbers for the Alcatel-Lucent/Nokia Lab exchange :)

(Speaking of that, I got the other 10,000 recently, i'll post the results in that thread, once I manually go through the results -- things have been very busy for me lately).

 

The software I've been using is WarVox2 along side an Asterisk PBX: https://github.com/rapid7/warvox.

(it looks like this software was abandoned from further development about a year ago -- ruby is a bit above my head... but if someone else could take a look and possibly make improvements...?)

 

You set it up and let it run with your parameters -- Once complete, I've been going through and manually re-dialing the numbers, and categorizing (Subscriber/Modem/etc)... It brought manually dialing those Lab exchanges from 20k+ to about ~100.

The first round of 10k took the software about 15 hours, and the second round of 10k, after a bunch of tweaking, took nearly 5.5 hours.

 

I've also been using two SIP Trunking providers which seem to allow an unlimited number of simultaneous calls (my record is 200 simultaneous calls -- not for WarDialing, but another project).

I'd be happy to share those SIP Provider names with you privately (and you may use your discretion on who to share with further).

Also, the cost associated is essentially nothing. Running both the first and second round of 10k cost me only about $0.60 (keep in mind, an uncompleted call is free, and my provider charges in 6 second increments).

 

Would it help if I whipped up a basic guide for a full setup...?

0

Share this post


Link to post
Share on other sites
Quote

No need to invent the wheel, this already exists -- I can assure you I didn't manually dial all 20,000 numbers for the Alcatel-Lucent/Nokia Lab exchange

 

The problem with WarVox and a lot of those other programs is it follows the mentality of people who equate this sort of dialing with a relatively menial practice, like nmapping but for phone calls (which to be fair, isn't to say that's not the case in some places. Learning to anticipate when you're going to be left with two wasted hours and a couple milliwatts is an important part of this), and are relatively inexperienced with phone networks to boot. For example, there's a video somewhere of the Warvox developer in particular getting a dialtone from some sketchy route his voip provider used, and mistaking it for something actually coming from what he was trying to call.

Anyway, when you get rid of the tediousness of disconnected numbers and subscribers, it's a really enjoyable practice that helps you learn way more about the network than anything else; sort of like a huge improv exercise. Techniques like identifying switches based on the ringback sample they use never would've become a thing if there weren't people practicing hand scanning. There's also a fair number of things that automated analysis will very frequently miss.

 

So the idea behind all this is to keep a level of automated detection for the purposes of indexing; so people know where to look and if they're in a mood for a particular sort of thing, finding them a range that has a lot of it. But also, ultimately, letting a caller be the ultimate judge of what's on the other end, and giving them maximum exposure to the network. So essentially to take the monotony out, keep all the good parts, and organize it in a way that works with a minimal amount of free time.


Or to put it simply, I'm kinda tired of half the some numbers posts being mine :P .

Edited by ThoughtPhreaker
0

Share this post


Link to post
Share on other sites
1 hour ago, ThoughtPhreaker said:

For example, there's a video somewhere of the Warvox developer in particular getting a dialtone from some sketchy route his voip provider used, and mistaking it for something actually coming from what he was trying to call.

Ha, i'd love to see this if you're able to find it.

 

1 hour ago, ThoughtPhreaker said:

So the idea behind all this is to keep a level of automated detection for the purposes of indexing; so people know where to look and if they're in a mood for a particular sort of thing, finding them a range that has a lot of it. But also, ultimately, letting a caller be the ultimate judge of what's on the other end, and giving them maximum exposure to the network. So essentially to take the monotony out, keep all the good parts, and organize it in a way that works with a minimal amount of free time.

I guess this is exactly how I personally use WarVox...I let it make calls... then I take the list of 'answered' calls and manually dial them to confirm what they actually are. I also use it to 'sort' by the audio waveform.... it makes things like a bunch of "Voicemail Not Set Up" messages easy to find.

0

Share this post


Link to post
Share on other sites

Ha, i'd love to see this if you're able to find it.

 

If I remember right, this was taken at Defcon around the turn of the decade or so. Someone was playing it on the bridge, so I don't have a solid reference for where it's from.

 

I guess this is exactly how I personally use WarVox...I let it make calls... then I take the list of 'answered' calls and manually dial them to confirm what they actually are.

 

Keep in mind even that can be a problem sometimes: 304-720-9915, 863-297-9998, 707-262-0086.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now