💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › rascp1.txt captured on 2020-10-31 at 15:29:24.
-=-=-=-=-=-=-
=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$ \ / / R O U T I N G A N D S Y S T E M C O D E S \ \ / / Part I \ \ / / By The Doctor (Who) \ \ / / 7/10/85 \ =$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$=$ 1. Introduction The Bell system, as it is today, offers a wealth of opportunities for phreaks. However, Bell doesn't like us to have access to these nifties, so they hide many special services in that vast block of non-standard numbers which a customer cannot normally dial. That's what this tutorial is all about, the non-standard numbers which Bell hides from us. We'll take a look first at the Network structure, then the numbering plan for North America, then at Routing and System codes, including operators, test lines, OUTWATS, international calling, and more. 2. Structure of the Network The Bell system is organized as a hierarchic network with 5 levels. The lowest level, or class 5 office, is the End-Office (EO from here on). The EO is also called the central exchange, wire center, or central office. This is where all the subscriber lines are connected for a given exchange number. Each EO can handle at least 10,000 lines; #5 ESS can handle up to 100,000. Calls between subscribers in the same EO are connected internally and never leave the building whereas calls between subscribers in different EO's travel over inter-exchange trunk lines. Calls that never go higher than the class 5 office or Tandem office (hold on, I'm getting to it) are local and therefore free. In large NPA's that have many EO's, it is uneconomical for each EO to have at least 12 trunks (the minimum laid at a time) to every other EO. Imagine, in a city with 600 EO's, there would be 17970 inter-office trunk cables to maintain! There simply aren't that many simultaneous conversations going on at any given time, so many trunks would be unused. Instead, Bell has adopted an intermediate switching level called the Tandem Office. A tandem Office is to the EO's as a EO is to its subscribers. Local traffic between 2 EO's which don't have direct connecting trunk lines passes through the Tandem office. Under this scheme, a city of 600 EO's would only require 600 inter- office trunk cables, that is quite a reduction! Subscribers in different NPA's (Numbering Plan Areas, or area codes) are connected through the Toll Network. The first level in the Toll Network is the class 4 office, or Toll Center (TC from here on). Each exchange has dedicated trunks that connect it to the TC that serves it, so a cable map would look like a star with all the exchanges having a cable to a central point. Once a call has reached the TC, it does one of four things: 1. It immediately leaves the TC for the called exchange. This usually is the case if the parties are served by the same TC but are not local to each other. 2. It leaves the first TC over trunks in the High-Usage-Trunk-Group for the TC serving the called party where it then reaches the called exchange. This is the case during non-peak hours. 3. It leaves the TC over trunks in the Final-Trunk-Group for the primary center (to be discussed in a moment).This route is followed when all the High-Usage-Trunks are busy. 4. If none of the above choices were taken, then all the trunks are busy. The calling line either gets a re-order tone (fast busy), or a recording saying all circuits are busy. After the TC, there are three higher levels that function in exactly the same way. Each level can connect to any other level. As you can see, a call can climb a "communications ladder", going from Toll Center to primary center to sectional center to regional center and back down again to reach the called party. In order, the overall structure of the Network is: class 5 office - End office or Exchange class 4 office - Toll Center 508 as of 1983 class 3 office - Primary center 148 as of 1983 class 2 office - Sectional center 52 as of 1983 class 1 office - Regional center 10 as of 1983 3. Numbering Plan of North America When Bell introduced Direct Distance Dialing (DDD) in the 1960's, they set a standard for telephone numbers. Any subscriber anywhere in the United States can reach any other subscriber by dialing a 10 or 11 digit "Network Address". The format for a standard (that is, customer dialable) number is a three digit area code followed by a 3 digit End-office code followed by a 4 digit station number. In some areas, it is necessary to dial a preceding 1 to identify the call as long distance. Symbolically, numbers can be represented by: X - Any digit 0 to 9 N - any digit 2 to 9 Z - 0 or 1 area code - NZX exchange - usually NNX, but some are NZX (like an area code in appearance) station - XXXX Bell also defined 200 special codes in each area code that a customer cannot normally dial. These codes perform system functions, request operators, an influence the route a call takes. In addition, each Toll Center has a routing code that lets you force the call to pass through it (more on this later). They are in the format of: Special codes- ZXX (all routing and system codes are in this format) operators - 1X1 (such as 101, 121, 131, 141, 191, etc.) Toll centers - 0XX 4. Operators, routing codes, OutWats, and International calling Many special operators exist in the Bell system.Some of them, like CN/A operators, have standard, customer dialable numbers. However, many others can only be reached via the appropriate routing/system code. These are...... (an optional area code can be put in front of them.i.e. KP+301+121+ST to get an inward for Maryland): 101 - Toll Center test board (Toll maintenance personnel). These people are great for social engineering because they almost never get suspicious calls from phreaks. I think they can perform traces of customers lines for you. 121 - Inward operator. This operator assists the Toll and assistance ("0") operator in making emergency interruptions to numbers in other area codes. They can also complete a normal call or, if you ask them for "loop around" numbers, they will give you the numbers of working loops. To get an emergency interruption, say: "I need an emergency interruption on 301-555-1212. My party's name is Bill Smith." 131 - Directory assistance for Toll and Assistance operators. This is just a suped up version of the 555-1212 directory assistance operator. The only difference that I know of is that they can do emergency interruptions. 141 - Rate & Route operator. Reach at 800-141-1212. To find out... (quoted from Bioc's Basic Telecommunications VII) 1)Area codes say: "Miami, Florida (any city), numbers route please." response: "305 plus" (meaning 305 is the area code) 2)Inward operator numbers (usually 121, but can have a prefix) say: "916-756 (any NPA-EXG), operator route please" response: "916 plus 001 plus" (meaning 916-001-121) 3)City names say: "Place name, 301-340 (any NPA-EXG), please" response: "Rockville, Maryland" 4)International Directory Assistance numbers say: "International, London, England (any city), TSPS directory route, please" response: "Directory to London, England. Country code 44 plus 1 plus 986 plus 3611" 5)Country and City codes say: "International, Sydney, Australia (any city), TSPS numbers route, please." response: "Country code 61 plus 2" 6)International inward operators say: "International, London, England (any city), TSPS inward route, please." response: "Country code 44 plus 121" 7)Language Assistance operators (use with foreign inward, not R&R) say: "United States calling. Language assistance in completing a call to <called person's name> at <person's number>." 151 - Overseas incoming (NPA 212 and 914) 161 - Trouble reporting operator. Reach at 800-161-1212 The following operators only exist in certain area codes (212 for example): 11501 - Universal cordboard operator 11511 - TSPS conference operator (not the same as an Alliance operator) 11521 - Mobile operator 11531 - Marine operator 11541 - Long Distance incoming switchboard 11551 - Leave word for time and charges 11561 - Same as above but for Hotels/Motels 11571 - Overseas operator. Language assistance. The Bell system also hides many test and routing numbers from its customers in the ZXX series. A few of them are listed below. 001 - Trunk access system. Usually used as a prefix before another code. 009 - Rate quote system. Gives the toll and assistance operator rate information. Although I don't know the command format, I know it accepts MF for control. Most area codes have this system function, but 713 does for sure. 011 - prefix for international calling 080 - Alliance Teleconferencing Toll Center code in many areas. (213) 100 - loop, tone side 103 - loop, dead side 105 - verification (Long-Short beep) 191 - International operator in some areas, 911 emergency system in others 11601 - another inward in some areas (212) 11611 - Computer that checks Calling Cards in 212. After the bong, enter the calling card number in DTMF and if it's valid you will get a message saying so. As mentioned previously, each Toll Center in the network has a 3 digit code in the form of 0XX. This is used primarily when dealing with area codes that cover more than 1 major city. For example, Alaska has just the 907 area code, but more than 1 major city. To reach an inward or Toll Center test board for the appropriate city, you have to enter the Toll Center code for that city. Otherwise, the switching equipment won't know which of the major cities is wanted. KP+907+101+ST won't work, you have to dial KP+907+054+101+ST if you want to reach the Test board in Anchorage. The 054 code forces the call to go through the Toll Center there. International dialing in the Bell system is accomplished by calling up one of the 7 international senders and then dialing the international number. The sender codes and their locations are: 182 - White Plains, New York 183 - New York, New York 184 - Pittsburg, Pennsylvania 185 - Orlando, Florida 186 - Oakland, California 187 - Denver, Colorado 188 - New York, New York (again) There are two ways to get to a sender. The simplest way is to dial KP+sender code+ST (i.e. KP+188+ST). A prefix area code is sometimes required (i.e. KP+213+188+ST). Another way which arouses less suspicion, is to use the 011 international dialing prefix. To use it, dial KP+011+0+country code+ST (i.e. KP+011+081+ST for Japan). Again, a prefix area code is often required as in KP+213+011+081+ST. Once you have reached a sender, you will get a 440 hz. dial tone. Now you enter KP+country code+city code+number+ST. For example, to get a nifty sounding recording in Japan, dial KP+81+3+8132542+ST. In addition to the above routing and system codes, OUTWATS numbers are also non-standard. OutWats are 800 numbers that make only outgoing calls and get billed at a bulk rate. Their area code is always 800 and the exchange code always begins with a 0. For example, 800-047-6287 could be an OUTWATS number (no guarantees, though). Sometimes, when you suspect that the person you are calling will trace your call, it is helpful to route you call through several cities. This trick is called multiple routing and is accomplished by putting an area code in front of the number. For example, if I wanted to call Joe Shmo at 301-340-9999 and I wanted the call to pass through Los Angeles, I could dial KP+213+301+121+ST. This would route my call to LA (because of the 213 prefix), then to a Maryland inward (because of 301-121). When the inward comes on, just say: "I need assistance in completing a call to 301-340-9999". Walla! Your call is just about untraceable! Note that more than 2 area codes CANNOT be strung together because there must be fewer than 12 digits between KP and ST. Well, that about wraps up this tutorial. Tune in next time for the next edition of the most complete Telecommunications tutorial ever written! (Complements of The Doctor (Who)).