Discussion:
Sprint telco service?
(too old to reply)
KF (lists)
2005-05-03 23:50:40 UTC
Permalink
I am interested in hearing from folks with stories similar to this:

http://www.security-focus.com/news/10083

Ever hear weird shit on your phone line? Weird billing errors? Weird non
dtmf tones randomly stray into your conversations? Had your lines
redirected? Have extra lines that you did not ask for? Do DMS100's give
you a
hard on?

shoot me a private email. hell if ya feel like it talk about it on list.

-KF

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Steve Kudlak
2005-05-04 01:23:45 UTC
Permalink
Post by KF (lists)
http://www.security-focus.com/news/10083
Ever hear weird shit on your phone line? Weird billing errors? Weird
non dtmf tones randomly stray into your conversations? Had your lines
redirected? Have extra lines that you did not ask for? Do DMS100's
give you a
hard on?
shoot me a private email. hell if ya feel like it talk about it on list.
-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I have had a number of weird things with all telcos. In fact one
happened today. If you're not on the West Coast ofg NOrth AMerican
sorry to bore you with local meteorology. I called a friend to talk
about my travails in moving out of the place I was in and into a real
two bedroom apartment with a friend. When I called this freind I heard
a voice that said: "Well with the amount of moisture you can feel in
the air..." I said "hello" and I got no answer ...I tried calling his
number back and got no answer and then got a busy signal....then I tried
later and got the usual answwwering machine.

The strange stray voices or "ghost voices" as I sometimes call them I
have gotten a lot. Weirdly I have accidentally called a local bumber and
go some phone company linemaan's service in some state many miles away.
If people were intertested I could dig them up. I might ask if anyone
remembers 8BBS, Bernie Klatt, Suisan Thunder or other people there and
"Bow Wow Net"...


Have Fun,
Sends Steve

P.S. I dunno if this is the place for this sort of thing......I would
like to know where one gets tthe numbers that one calls that repeat your
number back to you etc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
KF (lists)
2005-05-04 01:25:16 UTC
Permalink
Post by Steve Kudlak
Post by KF (lists)
http://www.security-focus.com/news/10083
Ever hear weird shit on your phone line? Weird billing errors? Weird
non dtmf tones randomly stray into your conversations? Had your lines
redirected? Have extra lines that you did not ask for? Do DMS100's
give you a
hard on?
shoot me a private email. hell if ya feel like it talk about it on list.
-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I have had a number of weird things with all telcos. In fact one
happened today. If you're not on the West Coast ofg NOrth AMerican
sorry to bore you with local meteorology. I called a friend to talk
about my travails in moving out of the place I was in and into a real
two bedroom apartment with a friend. When I called this freind I
heard a voice that said: "Well with the amount of moisture you can
feel in the air..." I said "hello" and I got no answer ...I tried
calling his number back and got no answer and then got a busy
signal....then I tried later and got the usual answwwering machine.
The strange stray voices or "ghost voices" as I sometimes call them
I have gotten a lot. Weirdly I have accidentally called a local bumber
and go some phone company linemaan's service in some state many miles
away. If people were intertested I could dig them up. I might ask if
anyone remembers 8BBS, Bernie Klatt, Suisan Thunder or other people
there and "Bow Wow Net"...
Have Fun,
Sends Steve
P.S. I dunno if this is the place for this sort of thing......I would
like to know where one gets tthe numbers that one calls that repeat
your number back to you etc.
I would be interested quite a bit in a better description of the 'ghost
voices' as that is one of the specific symptoms I am inquiring about.

-KF


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
vulcanius
2005-05-04 04:32:53 UTC
Permalink
Now this is a thread I can enjoy.

I've had alot of what we will call experience in the past with
telco's. When I refer to telco's i'm not talking just about the local
RBOC, I'm also referring to cellular providers as well.

I can't explain the "ghost voices" your hearing as that's something
i've never dealt with before. But if your leaning towards the cause of
it being a phreak, then I suggest you take a look outside your window
to the box connecting your house to the trunk line. You may see
someone there who isn't quite affiliated with the phone company.

To Steve, yeah, I remember the days of BBS's. The local number you
dialed was probably a loop. Given the few details it's impossible to
determine what type though. And the type of number your referring to
is an ANAC (automatic number announcement circuit). These are widely
available if you just search google for say, "ANAC list" 800-444-4444
is probably the most well-known and longest lasting.

In reference to that article. Telephone companies have quite a few
well-guarded secrets. But with the right attitude, voice, and
information it can be pretty easily attained. It is possible to gain
access to a switch even without a computer. There are actually local
numbers as well as 800 numbers out there that have automated voice
response systems allowing you to control the switch. In the past I
have never once encountered any of these systems having ANY form of
authentication. What do I mean? There is no PIN number, no password,
etc. You simply dial it up and your in. If you are ever clever enough
to get ahold of one of these numbers you will find a few interesting
items in the menus. My personal favorites were routing and
surveillance.

The RBOC's have gotten smart with their security in the past. They
still use their cheap old dial-up VPN's. However, gaining access to
these is a bit tough. You must have a valid bellsouth employee ID as
well as the RSA Secure ID token keychain. These keychains use an
algorithm to generate a new password every 60 seconds. I'm feeling
generous so i'll give a little more information. The generic login for
some of these VPNs is simply, "ABC1234/". The password is formatted a
bit differently. It is comprised of the six digit number produced by
the RSA Secure ID and is preceded by the letters, "kppk". 169199 seems
to be the current ID.

And yes, DMS100's give me a hardon.
Post by KF (lists)
Post by Steve Kudlak
Post by KF (lists)
http://www.security-focus.com/news/10083
Ever hear weird shit on your phone line? Weird billing errors? Weird
non dtmf tones randomly stray into your conversations? Had your lines
redirected? Have extra lines that you did not ask for? Do DMS100's
give you a
hard on?
shoot me a private email. hell if ya feel like it talk about it on list.
-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
I have had a number of weird things with all telcos. In fact one
happened today. If you're not on the West Coast ofg NOrth AMerican
sorry to bore you with local meteorology. I called a friend to talk
about my travails in moving out of the place I was in and into a real
two bedroom apartment with a friend. When I called this freind I
heard a voice that said: "Well with the amount of moisture you can
feel in the air..." I said "hello" and I got no answer ...I tried
calling his number back and got no answer and then got a busy
signal....then I tried later and got the usual answwwering machine.
The strange stray voices or "ghost voices" as I sometimes call them
I have gotten a lot. Weirdly I have accidentally called a local bumber
and go some phone company linemaan's service in some state many miles
away. If people were intertested I could dig them up. I might ask if
anyone remembers 8BBS, Bernie Klatt, Suisan Thunder or other people
there and "Bow Wow Net"...
Have Fun,
Sends Steve
P.S. I dunno if this is the place for this sort of thing......I would
like to know where one gets tthe numbers that one calls that repeat
your number back to you etc.
I would be interested quite a bit in a better description of the 'ghost
voices' as that is one of the specific symptoms I am inquiring about.
-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Deigo Dude
2005-05-05 01:29:48 UTC
Permalink
Continuing on the thread of telco's (even though its off topic) I used
to have access to https://lens.bellsouth.com (Local exchange navigation
system) so you all im sure would also have fun if you can gain access to
that. You can look up full information for non-published numbers, make
reservations of new numbers, make service orders, change phone service,
pretty much anything a bellsouth employee would need to do at any point.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Deigo Dude
2005-05-05 01:35:08 UTC
Permalink
http://www.interconnection.bellsouth.com/app_desc.html
That site offers a good description and portal to their other web apps,
I haven't used any of them but lens, but they sure do SOUND interesting huh.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
KF (lists)
2005-05-05 04:20:49 UTC
Permalink
Post by Deigo Dude
Continuing on the thread of telco's (even though its off topic)
I think it actually falls in a safe zone under the list charter. In
general though I feel that the security of our nations telco
infrastructure should certainly be talked about. After the deregulation
of the industry I feel that some of these companies need to be held
accountable for their equipment. They are currently in the position that
they can simply pull wool over any anyones eyes that inquires about
their security. 'These aren't the droids you're looking for".

If you get too close to finding something out they try to burry you in
legal jargon and mumbo jumbo instead of addressing the problems at hand.
It is really quite pathetic.

Every try to talk to your local police about the potential that someone
may have taken control of your towns DMS100... try it sometime. Have an
even funner time if you live out in the middle of B.F.E.

Ever try to talk to the FTC about a telco issue? FBI? DHS? Its not a fun
task... especially when folks either A have no clue what you are
speaking of or B simply don't care.

These telcos act like the internet and computers have nothing to do with
the security of their network... I think its bull shit.
Post by Deigo Dude
I used to have access to https://lens.bellsouth.com (Local exchange
navigation system) so you all im sure would also have fun if you can
gain access to that. You can look up full information for
non-published numbers, make reservations of new numbers, make service
orders, change phone service, pretty much anything a bellsouth
employee would need to do at any point.
I am sure you and several others have had access to that sort of thing
over time. That is exactly part of the problem. NO standards and no one
to really regulate them.

-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
vulcanius
2005-05-05 15:52:47 UTC
Permalink
Heh. I don't think it's off topic at all, after all were just
disclosing information.

KF, your absolutely right. The lack of regulation and the lack of
attention people give to it is atrocious. You would think in a post
9/11 America that they would at least have some sort of security
board. Same goes for the utility companies.

Speaking of LENS. If anyone is interested in a copy of the LERG (local
exchange routing guide) send me an e-mail. Basically a bunch of excel
spreadsheets mapping out switches across the US. Find out who manages
it, what equipment they are running. What NPA/NXX's they control, etc.
It's a nice little thing to have around sometimes. Shoot me a private
e-mail if you'd like a copy. Forewarning, the file is roughly 45MB so
plan to have an FTP ready for me to upload it to.
Post by KF (lists)
Post by Deigo Dude
Continuing on the thread of telco's (even though its off topic)
I think it actually falls in a safe zone under the list charter. In
general though I feel that the security of our nations telco
infrastructure should certainly be talked about. After the deregulation
of the industry I feel that some of these companies need to be held
accountable for their equipment. They are currently in the position that
they can simply pull wool over any anyones eyes that inquires about
their security. 'These aren't the droids you're looking for".
If you get too close to finding something out they try to burry you in
legal jargon and mumbo jumbo instead of addressing the problems at hand.
It is really quite pathetic.
Every try to talk to your local police about the potential that someone
may have taken control of your towns DMS100... try it sometime. Have an
even funner time if you live out in the middle of B.F.E.
Ever try to talk to the FTC about a telco issue? FBI? DHS? Its not a fun
task... especially when folks either A have no clue what you are
speaking of or B simply don't care.
These telcos act like the internet and computers have nothing to do with
the security of their network... I think its bull shit.
Post by Deigo Dude
I used to have access to https://lens.bellsouth.com (Local exchange
navigation system) so you all im sure would also have fun if you can
gain access to that. You can look up full information for
non-published numbers, make reservations of new numbers, make service
orders, change phone service, pretty much anything a bellsouth
employee would need to do at any point.
I am sure you and several others have had access to that sort of thing
over time. That is exactly part of the problem. NO standards and no one
to really regulate them.
-KF
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Day Jay
2005-05-05 17:12:09 UTC
Permalink
please send me the LERG :) thanx
Post by vulcanius
Heh. I don't think it's off topic at all, after all
were just
disclosing information.
KF, your absolutely right. The lack of regulation
and the lack of
attention people give to it is atrocious. You would
think in a post
9/11 America that they would at least have some sort
of security
board. Same goes for the utility companies.
Speaking of LENS. If anyone is interested in a copy
of the LERG (local
exchange routing guide) send me an e-mail. Basically
a bunch of excel
spreadsheets mapping out switches across the US.
Find out who manages
it, what equipment they are running. What NPA/NXX's
they control, etc.
It's a nice little thing to have around sometimes.
Shoot me a private
e-mail if you'd like a copy. Forewarning, the file
is roughly 45MB so
plan to have an FTP ready for me to upload it to.
Post by KF (lists)
Post by Deigo Dude
Continuing on the thread of telco's (even though
its off topic)
Post by KF (lists)
I think it actually falls in a safe zone under the
list charter. In
Post by KF (lists)
general though I feel that the security of our
nations telco
Post by KF (lists)
infrastructure should certainly be talked about.
After the deregulation
Post by KF (lists)
of the industry I feel that some of these
companies need to be held
Post by KF (lists)
accountable for their equipment. They are
currently in the position that
Post by KF (lists)
they can simply pull wool over any anyones eyes
that inquires about
Post by KF (lists)
their security. 'These aren't the droids you're
looking for".
Post by KF (lists)
If you get too close to finding something out they
try to burry you in
Post by KF (lists)
legal jargon and mumbo jumbo instead of addressing
the problems at hand.
Post by KF (lists)
It is really quite pathetic.
Every try to talk to your local police about the
potential that someone
Post by KF (lists)
may have taken control of your towns DMS100... try
it sometime. Have an
Post by KF (lists)
even funner time if you live out in the middle of
B.F.E.
Post by KF (lists)
Ever try to talk to the FTC about a telco issue?
FBI? DHS? Its not a fun
Post by KF (lists)
task... especially when folks either A have no
clue what you are
Post by KF (lists)
speaking of or B simply don't care.
These telcos act like the internet and computers
have nothing to do with
Post by KF (lists)
the security of their network... I think its bull
shit.
Post by KF (lists)
Post by Deigo Dude
I used to have access to
https://lens.bellsouth.com (Local exchange
Post by KF (lists)
Post by Deigo Dude
navigation system) so you all im sure would also
have fun if you can
Post by KF (lists)
Post by Deigo Dude
gain access to that. You can look up full
information for
Post by KF (lists)
Post by Deigo Dude
non-published numbers, make reservations of new
numbers, make service
Post by KF (lists)
Post by Deigo Dude
orders, change phone service, pretty much
anything a bellsouth
Post by KF (lists)
Post by Deigo Dude
employee would need to do at any point.
I am sure you and several others have had access
to that sort of thing
Post by KF (lists)
over time. That is exactly part of the problem. NO
standards and no one
Post by KF (lists)
to really regulate them.
-KF
_______________________________________________
Full-Disclosure - We believe in it.
http://lists.grok.org.uk/full-disclosure-charter.html
Post by vulcanius
Post by KF (lists)
Hosted and sponsored by Secunia -
http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
http://lists.grok.org.uk/full-disclosure-charter.html
Post by vulcanius
Hosted and sponsored by Secunia -
http://secunia.com/
Yahoo! Mail
Stay connected, organized, and protected. Take the tour:
http://tour.mail.yahoo.com/mailtour.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Loading...