home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Hacker Chronicles - A…the Computer Underground
/
The Hacker Chronicles - A Tour of the Computer Underground (P-80 Systems).iso
/
miscpub1
/
lodtj4.4
< prev
next >
Wrap
Text File
|
1992-09-26
|
33KB
|
724 lines
The LOD/H Technical Journal, Issue #4: File 04 of 10
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
$ $
$ Central Office Operations $
$ Western Electric 1ESS,1AESS, $
$ The end office network environment $
$ $
$ Written by Agent Steal 1989 $
$ $
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Topics covered in this article will be:
Call tracing
RCMAC
Input/output messages
SCC and SCCS
COSMOS and LMOS
BLV, (REMOB) and "No test trunks"
Recent change messages
Equal Access
Did I get your attention? Good, everyone should read this. With the time,
effort, and balls it has taken me compile this knowledge it is certainly worth
your time. I hope you appreciate me taking the time to write this.
I should point out that the information in this article is correct to the
best of my knowledge. I'm sure there are going to be people that disagree
with me on some of it, particularly the references to tracing. However, I
have been involved in telecommunications and computers for 12+ years.
I'm basing this article around the 1AESS since it is the most common
switch in use today.
** OUTSIDE PLANT **
This is the wiring between your telephone and the central office. That is
another topic in itself. If you are interested read Phucked Agent 04's article
on The Outside Loop Distribution Plant (OLDP) in the LOD/H Technical Journal,
Issue #1. The article explains those green boxes you see on street corners,
aerial cables, manholes etc. So where that article stops, this one starts.
** CABLE VAULT **
All of the cables from other offices and from subscribers enter the
central office underground. They enter into a room called the cable vault.
This is a room generally in the basement located at one end or another of the
building. The width of the room varies but runs the entire length of the
building. Outside cables appear through holes in the wall. The cables then run
up through holes in the ceiling to the frame room.
Understand that each of these cables consist of an average of 3600 pairs
of wires. That's 3600 telephone lines. The amount of cables obviously depends
on the size of the office. All cables (e.g. interoffice, local lines, fiber
optic, coaxial) enter through the cable vault.
** FRAME ROOM **
The frame is where the cable separates into individual pairs and attach
to connectors. The frame runs the length of the building, from floor to
ceiling. There are two sides to the frame, the horizontal side and the
vertical side. The vertical side is where the outside wiring attaches and the
protector fuses reside. The horizontal side is where the connectors to the
switching system reside. Multi-conductor cables run from the connectors to
actual switching equipment. So what we have is a large frame called the Main
Distribution Frame (MDF) running the entire length of the building. From floor
to ceiling it is 5 feet thick. The MDF consists of two sides, the VDF and the
HDF. Cables from outside connect on one side and cables from the switching
equipment connect to the other side and jumper wires connect the two. This way
any piece of equipment can be connected to any incoming "cable pair". These
jumper wires are simply 2 conductor twisted pair, running between the VDF and
the HDF.
What does all this mean? Well if you had access to COSMOS you would see
information regarding cable and pair and "OE" (Office Equipment). With this
information you could find your line on the frame and on the switch. The VDF
side is clearly marked by cable and pair at the top of the frame, however the
HDF side is a little more complicated and varies in format from frame to frame
and from switch to switch. Since I am writing this article around the 1AESS,
I will describe the OE format used for that switch.
OE ABB-CDD-EFF
Where..
A = Control Group (when more than one switch exists in that C.O.)
B = LN Line Link Network
C = LS Line Switching Frame
D = CONC or CONCentrator
E = Switch (individual, not the big one)
F = Level
There is one more frame designation called LOC or LOCation. This gives the
location of the connector block on the HDF side. Very simply, looking at the
frame:
H ---------------------------------------------------------------------
G ---------------------------------------------------------------------
F ---------------------------------------------------------------------
E ---------------------------------------------------------------------
D ---------------------------------------------------------------------
C ---------------------------------------------------------------------
B ---------------------------------------------------------------------
A ---------------------------------------------------------------------
123456789 etc.
Please note that what you are looking at here represents the HDF side of
the MDF, being up to 100 feet long, and 20 feet high. Each "-" represents a
connector block containing connections for 4 x 24 (which is 96) pairs.
So far I've covered how the wires get from you to the switching
equipment. Now we get to the switching system itself.
** SWITCHING SYSTEMS **
Writing an article that covers them all would be lengthy indeed. So I am
only going to list the major ones and a brief description of each.
- Step by Step
Strowger 1889
First automatic, required no operators for local calls
No custom calling or touch tone
Manufactured by many different companies in different versions
Hard wire routing instructions, could not choose an alternate route if
programed route was busy
Each dial pulse tripped a "stepper" type relay to find its path
- No.1 Crossbar 1930
- No.5 Crossbar 1947 (faster, more capacity)
Western Electric
First ability to find idle trunks for call routing
No custom calling, or equal access
Utilized 10x20 cross point relay switches
Hard wired common control logic for program control
Also copied by other manufactures
- No.4 Crossbar
Used as a toll switch for AT&T's long lines network
4 wire tandem switching
Not usually used for local loop switching
- No.1ESS 1966
- No.1AESS 1973
Western Electric
Described in detail later
- No.1EAX
GTE Automatic Electric
GTE's version of the 1AESS
Slower and louder
- No.2ESS 1967
- No.2BESS 1974
Western Electric
Analog switching under digital control
Very similar to the No.1ESS and No.1AESS
Downsized for smaller applications
_ No.3ESS
Western Electric
Analog switching under digital control
Even smaller version of No.1AESS
Rural applications for up to 4500 lines
- No.2EAX
GTE Automatic Electric
Smaller version of 1EAX
Analog switch under digital control
- No.4ESS
Western Electric
Toll switch, 4 wire tandem
Digital switching
Uses the 1AESS processor
- No.3EAX
Gee is there a pattern here? No GTE
Digital Toll switch
4 wire tandem switching
- No.5ESS
AT&T Network Systems
Full scale computerized digital switching
ISDN compatibility
Utilizes time sharing technology
Toll or end office
- DMS 100 Digital Matrix Switch
Northern Telecom
Similar to 5ESS
Runs slower
Considerably less expensive
- DMS 200
Toll and Access Tandem
Optional operator services
- DMS 250
Toll switch designed for common carriers
- DMS 300
Toll switch for international gateways
- No.5EAX
GTE Automatic Electric
Same as above
How much does a switch cost? A fully equipped 5ESS for a 40,000
subscriber end office can cost well over 3 million dollars. Now you know why
your phone bill is so much. Well...maybe you parents bill.
** The 1ESS and 1AESS **
This was the first switch of it's type put into widespread use by Bell.
Primarily an analog switch under digital control, the switch is no longer
being manufactured. The 1ESS has been replaced by the 5ESS and other full
scale digital switches, however, it is still by far the most common switch
used in today's Class 5 end offices.
The #1 and 1A use a crosspoint matrix similar to the X-bar. The primary
switch used in the matrix is the ferreed (remreed in the 1A). It is a two
state magnetic alloy switch. It is basically a magnetic switch that does not
require voltage to stay in it's present position. A voltage is only required
to change the state of the switch.
The No. 1 utilized a computer style, common control and memory. Memory
used by the #1 changed with technology, but most have been upgraded to RAM.
Line scanners monitor the status of customer lines, crosspoint switches,
and all internal, outgoing, and incoming trunks, reporting their status to
the central control. The central control then either calls upon program or
call store memories to chose which crosspoints to activate for processing the
call. The crosspoint matrices are controlled via central pulse distributors
which in turn are controlled by the central control via data buses. All of
the scanner's AMA tape controllers, pulse distro, x-point matrix, etc., listen
to data buses for their address and command or report their information on
the buses. The buses are merely cables connecting the different units to the
central control.
The 1E was quickly replaced by the 1A due to advances in technology. So
1A's are more common, also many of the 1E's have been upgraded to a 1A.
This meant changing the ferreed to the remreed relay, adding additional
peripheral component controllers (to free up central controller load) and
implementation of the 1A processor. The 1A processor replaced older style
electronics with integrated circuits. Both switches operate similarly.
The primary differences were speed and capacity. The #1ESS could process
110,000 calls per hour and serve 128,000 lines.
Most of the major common control elements are either fully or partially
duplicated to ensure reliability. Systems run simultaneously and are checked
against each other for errors. When a problem occurs the system will double
check, reroute, or switch over to auxiliary to continue system operation.
Alarms are also reported to the maintenance console and are in turn printed
out on a printer near the control console.
Operation of the switch is done through the Master Control Center (MCC)
panel and/or a terminal. Remote operation is also done through input/output
channels. These channels have different functions and therefore receive
different types of output messages and have different abilities as for what
type of commands they are allowed to issue. Here is a list of the commonly
used TTY channels.
Maintenance - Primary channel for testing, enable, disable etc.
Recent Change - Changes in class of service, calling features etc.
Administrative - Traffic information and control
Supplementary - Traffic information supplied to automatic network control
SCC Maint. - Switching Control Center interface
Plant Serv.Cent.- Reports testing information to test facilities
At the end of this article you will find a list of the most frequently
seen Maintenance channel output messages and a brief description of their
meaning. You will also find a list of frequently used input messages.
There are other channels as well as back ups but the only ones to be
concerned with are Recent Change and SCC maint. These are the two channels
you will most likely want to get access to. The Maintenance channel doesn't
leave the C.O. and is used by switch engineers as the primary way of
controlling the switch. During off hours and weekends the control of the
switch is transferred to the SCC.
The SCC is a centrally located bureau that has up to 16 switches
reporting to it via their SCC maint. channel. The SCC has a mini computer
running SCCS that watches the output of all these switches for trouble
conditions that require immediate attention. The SCC personnel then have the
ability to input messages to that particular switch to try and correct the
problem. If necessary, someone will be dispatched to the C.O. to correct the
problem. I should also mention that the SCC mini, SCCS has dialups and access
to SCCS means access to all the switches connected to it. The level of access
however, may be dependent upon the privileges of the account you are using.
The Recent Change channels also connect to a centrally located bureau
referred to as the RCMAC. These bureaus are responsible for activating lines,
changing class of service etc. RCMAC has been automated to a large degree by
computer systems that log into COSMOS and look for pending orders. COSMOS is
basically an order placement and record keeping system for central office
equipment, but you should know that already, right? So this system, called
Work Manager running MIZAR logs into COSMOS, pulls orders requiring recent
change work, then in one batch several times a day, transmits the orders to
the appropriate switch via it's Recent Change Channel.
Testing of the switch is done by many different methods. Bell Labs has
developed a number of systems, many accomplishing the same functions. I will
only attempt to cover the ones I know fairly well.
The primary testing system is the trunk test panels located at the switch
itself. There are three and they all pretty much do the same thing, which is
to test trunk and line paths through the switch.
Trunk and Line Test Panel
Supplementary Trunk Test Panel
Manual Trunk Test Panel
MLT (Mechanized Loop Testing) is another popular one. This system is
often available through the LMOS data base and can give very specific
measurements of line levels and losses. The "TV Mask" is also popular giving
the user the ability to monitor lines via a call back number.
DAMT (Direct Access Mechanized Testing) is used by line repairmen to put
tone on numbers to help them find lines. This was previously done by Frame
personnel, so DAMT automated that task. DAMT can also monitor lines, but
unfortunately, the audio is scrambled in a manor that allows one only to tell
what type of signal is present on the line, or whether it is busy or not.
All of these testing systems have one thing in common: they access the
line through a "No Test Trunk". This is a switch which can drop in on a
specific path or line and connect it to the testing device. It depends on
the device connected to the trunk, but there is usually a noticeable "click"
heard on the tested line when the No Test Trunk drops in. Also the testing
devices I have mentioned here will seize the line, busying it out. This will
present problems when trying to monitor calls, as you would need to drop in
during the call. The No Test Trunk is also the method in which operator
consoles perform verifications and interrupts.
** INTEROFFICE SIGNALLING **
Calls coming into and leaving the switch are routed via trunks. The
switches select which trunk will route the call most effectively and then
retransmits the dialed number to the distant switch. There are several
different ways this is done. The two most common are Loop Signaling and CCIS,
Common Channel Interoffice Signaling. The predecessor to both of these is the
famous and almost extinct "SF Signaling". This utilized the presence of
2600hz to indicate trunks in use. If one winks 2600Hz down one of these
trunks, the distant switch would think you hung up. Remove the 2600, and you
have control of the trunk and you could then MF a number. This worked great
for years. Assuming you had dialed a toll free number to begin with, there
was no billing generated at all. The 1AESS does have a program called SIGI
that looks for any 2600 winks after the original connection of a toll call.
It then proceeds to record on AMA and output any MF digits received. For more
information on AMA see Phantom Phreaker's article entitled, Understanding
Automatic Message Accounting in the LOD/H TJ Issue #3. However due to many
long distant carriers using signaling that can generate these messages it is
often overlooked and "SIG IRR" output messages are quite common.
Loop signaling still uses MF to transmit the called number to distant
switches, however, the polarity of the voltage on the trunk is reversed to
indicate trunk use.
CCIS sometimes referred to CCS#6 uses a separate data link sending
packets of data containing information regarding outgoing calls. The distant
switch monitors the information and connects the correct trunk to the correct
path. This is a faster and more efficient way of call processing and is being
implemented everywhere. The protocol that AT&T uses is CCS7 and is currently
being accepted as the industry standard. CCS6 and CCS7 are somewhat similar.
Interoffice trunks are multiplexed together onto one pair. The standard
is 24 channels per pair. This is called T-1 in it's analog format and D-1
in its digital format. This is often referred to as carrier or CXR. The terms
frame error and phase jitter are part of this technology which is often a
world in itself. This type of transmission is effective for only a few miles
on twisted pair. It is often common to see interoffice repeaters in manholes
or special huts. Repeaters can also be found within C.O.s, amplifying trunks
between offices. This equipment is usually handled by the "carrier" room,
often located on another floor. Carrier also handles special circuits, private
lines, and foreign exchange circuits.
After a call reaches a Toll Switch, the transmit and receive paths of
the calling and called party are separated and transmitted on separate
channels. This allows better transmission results and allows more calls to
be placed on any given trunk. This is referred to as 4 wire switching. This
also explains why during a call, one person can hear crosstalk and the other
cannot. Crosstalk will bleed over from other channels onto the multiplexed
T-Carrier transmission lines used between switches.
** CALL TRACING
So with the Loop Signaling standard format there is no information being
transmitted regarding the calling number between switches. This therefore
causes the call tracing routine to be at least a two step process. This is
assuming that you are trying to trace an anticipated call, not one in
progress. When call trace "CLID" is placed on a number, a message is output
every time someone calls that number. The message shows up on most of the ESS
output channels and gives information regarding the time and the number of the
incoming trunk group. If the call came from within that office, then the
calling number is printed in the message. Once the trunk group is known, it
can usually be determined what C.O. the calls are coming from. This is also
assuming that the calls are coming from within that Bell company and not
through a long distance carrier (IEC). So if Bell knows what C.O. the calls
are coming from, they simply put the called number on the C.I. list of that
C.O. Anytime anyone in that C.O. calls the number in question another message
is generated showing all the pertinent information.
Now if this were a real time trace it would only require the assistance
of the SCC and a few commands sent to the appropriate switches (i.e.
NET-LINE). This would give them the path and trunk group numbers of the call
in progress. Naturally the more things the call is going through, the more
people that will need to be involved in the trace. There seems to be a common
misconception about the ability to trace a call through some of the larger
packet networks i.e. Telenet and TYMNET. Well I can assure you, they can
track a call through their network in seconds (assuming multiple systems
and/or network gateways are not used) and then all that is needed is the
cooperation of the Bell companies. Call tracing in itself it not that
difficult these days. What is difficult is getting the different organizations
together to cooperate. You have to be doing something relatively serious to
warrant tracing in most cases, however, not always. So if tracing is a
concern, I would recommend using as many different companies at one time as
you think is necessary, especially US Sprint, since they can't even bill
people on time much less trace a call. But...it is not recommended to call
Sprint direct, more on that in the Equal Access section.
** EQUAL ACCESS
The first thing you need to understand is that every IEC Inter Exchange
Carrier (long distance company) needs to have an agreement with every LEC
Local Exchange Carrier (your local phone company) that they want to have
access to and from. They have to pay the LEC for the type of service they
receive and the amount of trunks, and trunk use. The cost is high and the
market is a zoo. The LECs have the following options:
- Feature Group A -
This was the first access form offered to the IECs by the LECs. Basically
whenever you access an IEC by dialing a regular 7 digit number (POTS line)
this is FGA. The IECs' equipment would answer the line and interpret your
digits and route your call over their own network. Then they would pick up an
outgoing telephone line in the city you were calling and dial your number
locally. Basically a dial in, dial out situation similar to Telenet's
PC pursuit service.
- Feature Group B -
FGB is 950-xxxx. This is a very different setup from FGA. When you dial
950, your local switch routes the call to the closest Access Tandem (AT) (Toll
Switch) in your area. There the IECs have direct trunks connected between the
AT and their equipment. These trunks usually use a form of multiplexing like
T-1 carrier with wink start (2600Hz). On the incoming side, calls coming in
from the IEC are basically connected the same way. The IEC MFs into the AT
and the AT then connects the calls. There are many different ways FGB is
technically setup, but this is the most common.
Tracing on 950 calls has been an area of controversy and I would like to
clear it up. The answer is yes, it is possible. But like I mentioned earlier,
it would take considerable manpower which equals expensive to do this. It
also really depends on how the IEC interface is set up. Many IECs have
trunks going directly to Class 5 end offices. So, if you are using a small
IEC, and they figure out what C.O. you are calling from, it wouldn't be out
of the question to put CLID on the 950 number. This is highly unlikely and I
have not heard from reliable sources of it ever being done. Remember, CLID
generates a message every time a call is placed to that number. Excessive
call trace messages can crash a switch. However, I should mention that brute
force hacking of 950s is easily detected and relatively easy to trace. If the
IEC is really having a problem in a particular area they will pursue it.
- Feature Group C -
FGC is reserved for and used exclusively by AT&T.
- Feature Group D -
FGD is similar to FGB with the exception that ANI is MF'ed to the IEC.
The end office switch must have Equal Access capability in order to transmit
the ANI. Anything above a X-bar can have it. FGD can only be implemented on
800 numbers and if an IEC wants it, they have to buy the whole prefix. For a
list of FGD prefixes see 2600 Magazine. You should also be aware that MCI,
Sprint, and AT&T are offering a service where they will transmit the ANI to
the customer as well. You will find this being used as a security or
marketing tool by an increasing amount of companies. A good example would be
800-999-CHAT.
** OUTPUT MESSAGES **
The following is a compiled list of common switch messages. The list was
compiled from various reference materials that I have at my disposal.
1AESS COMMON OUTPUT MESSAGES
--------------------------------------
MSG. DESCRIPTION
----------------------------------------------------------------
** ALARM **
AR01 Office alarm
AR02 Alarm retired or transferred
AR03 Fuse blown
AR04 Unknown alarm scan point activated
AR05 Commercial power failure
AR06 Switchroom alarm via alarm grid
AR07 Power plant alarm
AR08 Alarm circuit battery loss
AR09 AMA bus fuse blown
AR10 Alarm configuration has been changed (retired,inhibited)
AR11 Power converter trouble
AR13 Carrier group alarm
AR15 Hourly report on building and power alarms
** AUTOMATIC TRUNK TEST **
AT01 Results of trunk test
** CARRIER GROUP **
CG01 Carrier group in alarm
CG03 Reason for above
** COIN PHONE **
CN02 List of pay phones with coin disposal problems
CN03 Possible Trouble
CN04 Phone taken out of restored service because of possible coin fraud
** COPY **
COPY Data copied from one address to another
** CALL TRACE **
CT01 Manually requested trace line to line, information follows
CT02 Manually requested trace line to trunk, information follows
CT03 Intraoffice call placed to a number with CLID
CT04 Interoffice call placed to a number with CLID
CT05 Call placed to number on the CI list
CT06 Contents of the CI list
CT07 ACD related trace
CT08 ACD related trace
CT09 ACD related trace
** DIGITAL CARRIER TRUNK **
DCT COUNTS Count of T carrier errors
** MEMORY DIAGNOSTICS **
DGN Memory failure in cs/ps diagnostic program
** DIGITAL CARRIER "FRAME" ERRORS **
FM01 DCT alarm activated or retired
FM02 Possible failure of entire bank not just frame
FM03 Error rate of specified digroup
FM04 Digroup out of frame more than indicated
FM05 Operation or release of the loop terminal relay
FM06 Result of digroup circuit diagnostics
FM07 Carrier group alarm status of specific group
FM08 Carrier group alarm count for digroup
FM09 Hourly report of carrier group alarms
FM10 Public switched digital capacity failure
FM11 PUC counts of carrier group errors
** MAINTENANCE **
MA02 Status requested, print out of MACII scratch pad
MA03 Hourly report of system circuits and units in trouble
MA04 Reports condition of system
MA05 Maintenance interrupt count for last hour
MA06 Scanners,network and signal distributors in trouble
MA07 Successful switch of duplicated unit (program store etc.)
MA08 Excessive error rate of named unit
MA09 Power should not be removed from named unit
MA10 OK to remove paper
MA11 Power manually removed from unit
MA12 Power restored to unit
MA13 Indicates central control active
MA15 Hourly report of # of times interrupt recovery program acted
MA17 Centrex data link power removed
MA21 Reports action taken on MAC-REX command
MA23 4 minute report, emergency action phase triggers are inhibited
** MEMORY **
MN02 List of circuits in trouble in memory
** NETWORK TROUBLE **
NT01 Network frame unable to switch off line after fault detection
NT02 Network path trouble Trunk to Line
NT03 Network path trouble Line to Line
NT04 Network path trouble Trunk to Trunk
NT06 Hourly report of network frames made busy
NT10 Network path failed to restore
** OPERATING SYSTEM STATUS **
OP:APS-0
OP:APSTATUS
OP:CHAN
OP:CISRC Source of critical alarm, automatic every 15 minutes
OP:CSSTATUS Call store status
OP:DUSTATUS Data unit status
OP:ERAPDATA Error analysis database output
OP:INHINT Hourly report of inhibited devices
OP:LIBSTAT List of active library programs
OP:OOSUNITS Units out of service
OP:PSSTATUS Program store status
** PLANT MEASUREMENTS **
PM01 Daily report
PM02 Monthly report
PM03 Response to a request for a specific section of report
PM04 Daily summary of IC/IEC irregularities
** REPORT **
REPT:ADS FUNCTION Reports that a ADS function is about to occur
REPT:ADS FUNCTION DUPLEX FAILED No ADS assigned
REPT:ADS FUNCTION SIMPLEX Only one tape drive is assigned
REPT:ADS FUNCTION STATE CHANGE Change in state of ADS
REPT:ADS PROCEDURAL ERROR You fucked up
REPT:LINE TRBL Too many permanent off hooks, may indicate bad cable
REPT:PROG CONT OFF-NORMAL System programs that are off or on
REPT:RC CENSUS Hourly report on recent changes
REPT:RC SOURCE Recent change system status (RCS=1 means RC Channel inhibited)
** RECENT CHANGE **
RC18 RC message response
** REMOVE **
RMV Removed from service
** RESTORE **
RST Restored to service status
** RINGING AND TONE PLANT **
RT04 Status of monitors
** SOFTWARE AUDIT **
SA01 Call store memory audit results
SA03 Call store memory audit results
** SIGNAL IRREGULARITY **
SIG IRR Blue box detection
SIG IRR INHIBITED Detector off
SIG IRR TRAF Half hour report of traffic data
** TRAFFIC CONDITION **
TC15 Reports overall traffic condition
TL02 Reason test position test was denied
TL03 Same as above
** TRUNK NETWORK **
TN01 Trunk diagnostic found trouble
TN02 Dial tone delay alarm failure
TN04 Trunk diag request from test panel
TN05 Trunk test procedural report or denials
TN06 Trunk state change
TN07 Response to a trunk type and status request
TN08 Failed incoming or outgoing call
TN09 Network relay failures
TN10 Response to TRK-LIST input, usually a request from test position
TN11 Hourly, status of trunk undergoing tests
TN16 Daily summary of precut trunk groups
** TRAFFIC OVERLOAD CONDITION **
TOC01 Serious traffic condition
TOC02 Reports status of less serious overload conditions
** TRANSLATION ** (shows class of service, calling features etc.)
TR01 Translation information, response to VFY-DN
TR03 Translation information, response to VFY-LEN
TR75 Translation information, response to VF:DNSVY
** **
TW02 Dump of octal contents of memory
1AESS COMMON INPUT MESSAGES
-------------------------------------
Messages always terminate with ". ctrl d " x=number or trunk network #
MSG. DESCRIPTION
------------------------------------------------------------------------
NET-LINE-xxxxxxx0000 Trace of path through switch
NET-TNN-xxxxxx Same as above for trunk trace
T-DN-MBxxxxxxx Makes a # busy
TR-DEACTT-26xxxxxxx Deactivates call forwarding
VFY-DNxxxxxxx Displays class of service, calling features etc.
VFY-LENxxxxxxxx Same as above for OE
VFY-LIST-09 xxxxxxx Displays speed calling 8 list
************************************************************************
There are many things I didn't cover in this article and many of the
things I covered, I did so very briefly. My intention was to write an article
that explains the big picture, how everything fits together. I hope I helped.
Special thanks to all the stupid people, for without them some of us
wouldn't be so smart and might have to work for a living. Also all the usual
Bell Labs, AT&T bla bla bla etc. etc.
I can usually be reached on any respectable board, ha!
Agent Steal Inner (C)ircle 1989
!!!!!
!!!!! FREE KEVIN MITNICK !!!!!
!!!!!
[End Of Article]
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+
