==================================== -+ 0Line +- of the -+ MED +- (an infamous source of gnosis) in Spring, 1997 Presents a guide to UK Telephonics.1 ==================================== Well, here's a summary of a lot of info I have managed to accumulate over some time. Hope you appreciate it. BTW, I would like to speak for the MED in saying we have no (or very little) part in the publication or any future publication of 'Medizine', for which it would be a far-fetched idea to deem as an HPA mag. Anyway, devour and keep true.. ===== Part (i) ===== A LITTLE OL' HISTORY ==================== Originally, the phone system was run by employed fuk-wits who would route the calls for you over a manual switchboard. Lots of fun to be had until Subscriber Trunk Dialling (STD) was introduced in 1958 (when there was a lot more phun to be had with the old 'probe and listen' methods). As the name (STD) implys, it allows the subscriber to 'trunk dial' that is make calls without the use of an operator. This gradually killed off the operator until it limited her or him to as they are today, 999, 112, 100, etc.. calls. The Joint Electronic Research Agreement was struck up between the P.O, Ericsson, GEC, STC, ATE and Siemens Edison Swan in 1956. From here they manufactured several experimental exchanges which gave way the the electronic TXE range as we knew it. The TXE3 never really was, it endured three years of public service between 1968 and 1970 before it was finally discontinued. In 1976 the TXE4 emerged and swiftly became 'the' switch. It may be of some note that ATE and Ericsson are now both part of the Plessey organisation and Siemens Edison Swan is a part of GEC. The modernization of the UK network came mainly with the 1960 Routing, Switching and Transmission plan. It demanded a network structure somewhat similar to that we have today. The RST plan stated that each local telephone exchange should have direct access to its parent 'Group Switching Centre' (GSC) which itself would have direct connections to many other local exchanges. Transit Switching Centres also had to be connected to the GSCs and were of two types, Main Switching Centre, or Group Switching Centre, depending on how many subscribers it handled. These Transit Switching Centres were connected across the country to enable quick call setup and a more efficient network plan. This network structure was held right up to the dawn of digital exchanges. Previously, the network had been dominated by Electronic TXE (1960+) and Electro-Mechanical TXS/TXK (1950+). The last in the Electronic type exchange was the TXE4, and there are still many in use today. System X was the first digital system widely used in England, its contractors were GEC and PMSL and British Telecom seemed set to install SysX 100% throughout the country until someone thought that it may be unfair for one company to have such a hold on the market, and so Ericsson were allowed to compete. Ericsson manufacture a system called AXE, the version in use in England is AXE10, otherwise known as System Y and more or less kicks SysX's ass. The UK telephone network is now nearly totally digital, the last electronic exchanges are all being replaced in a great genocidal overhaul. Currently, the digital network consists of over 4000 digital exchanges and about two more are added every day (including 10,000 kms of fibre that are added to the network each week). The next changes in the network are probably going to occour on the DMSU scale, with new software and further involvement into so called `intelligent' switching. The effects of this on us will go unnoticed for some time and at the moment it is targeted largely at cooperations (as the Cyclone Global Virtual Private Network is) and is used as a tool to reduce money spent by BT by being increasingly efficient at routing calls and storing data. Boxing UK is more or less dead - if you're not digital then it makes no difference - all exchanges, digital or otherwise, communicate with out-of-band signalling. (unless youre talking about foreign connections in which case, C7 supports backwards compatability with C5 and other 'lesser' signalling systems). Time to go back home... ================= Part (ii) ================== THE LOCAL DISTRIBUTION NETWORK (or Local Loop) ============================================== All telephone lines in an area form part of an exchange's local loop. The link to an exchange from a house can either be analogue or digital; BT sell digital links in the form of an ISDN (Integrated Services Digital Network) line, but most people have a lax analogue link to their local telephone exchange. Wander round your town enough and you'll eventually find your local exchange, or you could obtain an internal directory or even ring BT and ask them where it is. Whilst wandering you would most probably come across a green cab-box aswell.. THE CABLE ACCESS BOX: ===================== Cab boxes are invariably green and house the lines for all the immediate BT subscribers in the area. Types of cab-boxes vary from the organised to the chaotic, holding up to roughly 1000 pairs (or lines). The way the lines are identified is not a particularly friendly one.. more often than not, there will be a map of the area the cab-box covers on the side of the door, which tells you the route the lines take from the houses to the box. Trying to decode the map may take quite some time, and probably won't get you anywhere near to finding a particular line inside the box. If you want to identify a line inside a cab-box, then you're going to need one or maybe two pieces of BT apparatus. These useful objects are known as Oscillators and Amplifiers. The basic theory is that the BT engineer (or phreak) applies certain discreet tones to someone's line, which may then be picked up by an Amplifier by waving it around inside the cab-box, thus finding a certain line. The (loud) tones needed may be applied to the line in one of several ways. First, with the prementioned Oscillator which means you are actually going to have to go to the house it runs to and hook the bit of kit up to the line, whilst someone else finds the line in the box. The prefered method to apply the tones is to use the famous 4Tel service (which i'm not going into), or even more simply with the number 176. If you dial 176, then the full number, including STD, of the line you want to locate, you should hear some quick bleeps, which means the tones have been applied to the line and you may then whip the Amplifier out and identify it in a jiff. Unfortunatly, not every area supports the 176 (Cable-Pair identification) number and so you will probably have to get an oscillator or use primitve 4Tel. If you can use 176, it can be used to engage someone's line without their knowledge as whilst it is in use, it will busy the line out although calls can still be made. A LITLE MORE ON LOCAL LOOP & THE LOCAL EXCHANGE: ================================================ Lines leave the exchange from its 'Main Distribution Frame', and head to the customer's premsis via overhead or underground distribution. These telephone lines connect you to the Public Switched Telephone Network (or PSTN) which is one of five main BT networks. If your local TE is a fancy secure affair then there is a good chance that it is a good trash target. However, if it is a lowly exchange then there is little chance you will find anything of any real interest at all. If you happen upon the good fortune of being able enter your TE, what you will find can be extremely variable. As far as computer access goes, most low-key exchanges won't have any proper accessible computer equipment, but just a load of terminals for accessing CSS and the relevant switch's Man-Machine Interface (MMI, through which they manipulate the switch). These are all password secured (and sometimes you will need a swipecard) so you have little chance of doing any hacking if you are actually at the site. Some more important, or older exchanges will have a processor on the site, which is normally a VAX/UNIX affair and you stand more chance of gaining access here. If your local exchange is actually a proper switch then you are very lucky indeed and could find a whole host of equipment and interesting documentation. However, even at the lowest of the scum of exchanges, you may still find the unexpected piece of kit, or perhaps a few Monologs (small devices that log a particular line's activity) which can be worth fooling around with or finding the local number for. ======= Part (iii) ======== THE PSTN AND EXCHANGE TYPES =========================== Before diving into the network structure, I would like to say a word or two about the UK's most common switches, AXE10 and System-X. System X is manufactured by GEC/Plessey (GPT) whilst AXE10 is manufactured by the Swedish born Ericsson. Both systems are modular in design and so divided into a number of sub-systems. These subsystems do not all have to be located at the same site, and so often one exchange will father another. On a high level, both systems are more or less similar, the only differences being in different names for the different subsystems, but the real difference is in the details, which are more obvious to the learned. AXE10 is superior to System-X and is the choice switch for the external market. Having said this, all of the _main_ exchanges (DMSU etc) apart from those that route internationally use System X rather than the superior System Y (SysX underwent specifications as a military network whereas AXE10 did not). AXE10 however, does crop up at most of the internationally routing digital sites whereas System X does not. The following is an basic illustration of the Public Switched Telephone Network. Obviously it is really a lot more complex then this. Basic Network Structure of PSTN: ================================ ------- ------- + ALE + + RCU + ....... = Switched ------: :------ . . . . = Not Switched -:----:- ---------- + DLSU +--------->+ DMSU + + DMSU + -:------.- -:----:- : . ------- ------- ------: `--------. : . + RSS + + RCU + + RCU + | : . :------ :------ ------- Local Cell | -:------.- ------:- ------:- `->+ DMSU +------+ DLSU +------+ DLSU + -:------.-. . . + DCCE +......+ DLE + : . -:------ ------:- : . : :------ : . : + ALE + -:------.- : Local Cell ------- + DMSU +-------' ---------- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +---------------------+ + REMOTE CONCENTRATOR +------> +---------++----------+ -> Subscribers (Arseville) || -> || Digital || Link || Rest of +----------++----------+ Network <------+ MAIN EXCHANGE + -> +----------------------+ -> Subscribers (Shit Town) + ON-SITE CONCENTRATOR +-----> +----------------------+ TYPES OF EXCHANGE/EXCHANGE FUNCTION IN PSTN =========================================== DMSU - Digital Main Switching Unit - DMSUs switch telephone traffic between themselves and handle groups of lesser exchanges. Each DMSU handles several old Group Switching Centre areas and forms part of a fully interconnected trunk network. About 52 in entire network. DMSUs are exclusivly of exchange type System X. Expect tough security at a DMSU.. this includes guards etc as these are the most important exchanges. DJSU - DJSUs have no direct customers, they just act as a tandem between other exchanges. All DJSUs at present to the best of my knowledge are all located in London. DISC - Digital International Switching Centre, very sparse but very advanced. Interestingly, there are no System-X DISCs, as they are all AXE10, DMS100 or 5ESS. The ISCs I know of are: Keybridge - AXE10 Kelvin - AXE10 Mondial - 5ESS Madley A & B - AXE10 & DMS100 DLSU - Digital Local Switching Unit - This is also known as a Digital Local Exchange, or Digital Local Processor Exchange. It provides service for all its customers and varying functions according to relationship with rest of network. DCCE - Digital Cell Centre Exchange - These exchanges handles service for its own local customers, nearby RCU/RSSs and local rusting old analog exchanges (generally Telephone eXchange Electronic). They shuttle calls to DMSUs for any lesser exchanges in area which do not have their own link. The DCCEs and DLSUs also switch traffic just between themselves if a call has no reason to visit a DMSU or likewise. DLE - Digital Local Exchange - Digital Local Exchanges play host to remote or local RCUs and ALEs that are to be replaced with RCUs in future. RCU - Remote Concentrator Unit - Often little more than glorified cab-boxes. RCUs (System X) and RSSs (AXE10) are basically just meeting points for all the lines in an area. They plex all the lines down to just a few and send them off to the parent exchange which does all the switching and routing. Having said this, RCUs/RSSs tend to occupy entire buildings as they were the old locations of whole Analogue exchanges, which have now been replaced with just the limb of a digital exchange. UXD5 - A digital exchange developed from the older CDSS1 Monarch PBX. Generally these a used in regions of low-density.. some of Keltic Phrost's older files have sound info on the UXD5. ALE - Analogue Local Exchange. ALE are now extremely rare, possible types are Strowger (TXS), Crossbar (TXK1) and Electronic (TXE2&TXE4). TXE - Telephone eXchange Electronic. A now very scarce breed of exchange. TXEs were the bees-knees phreak/hack wise as they all held their own UNIX processors and were bloody everywhere, with loads and loads of numbers that could be haqued and pissed around with. TXEs handled all calls with computers, but all the telephone links were analog and were at no point converted to digital format. Alas, today nearly all TXEs have been replaced with RCUs or RSSs. :( It should be noted that one actual location can consist of several exchange types, such as DMSU and DLSU or DMSU and DJSU. Overlayed onto the PSTNetwork is the Digital Derived Services Network (DDSN). The DDSN provides specialised 'LinkLine' services such as 0800, 0345, 0898 etc numbers. The DDSN consists of switches known as Digital Derived Service Centres (DDSC's) which are themselves controlled by a Intelligent Network Database (INDB). Connection to the DDSN is achieved via DMSUs. ======== Part (iv) ========= THE FIVE FUNCTIONAL NETWORKS ============================ The five main functional networks are thus: Visual PDN Telex PCN PSTN Functional Networks | | | | || 1 --+--------+-------+-------+-----++-- OLO/VAN/INT | | | | || 2 --+--------+-------+-------+-----++-- Admin | | | | || 3 | | | +------+-- Syncronisation | | | | || 4 --^-Transmission Bearer Network--^^-- LOCAL LOOP --> Subscriber Section 1: The gateways provide a link between the functional networks. For instance, a PSTN number for access to PSS, or Telnet could be considered a gateway. They also allow access to Other Licenced Operators (OLOs) such as Mercury, or Value Added Networks (VANs) such as Cellnet, radiopaging etc.. Access to the international network is achieved through International Gateway Exchanges. Section 2: This Admin Network has access to the processors of the five functional networks for their management, maintenance and collection of data. The Admin Network is BT's own private network and operates using packet switches. If you wanna phuck, phuck this (but do it nicely). Section 3: A Sync network is used to ensure that the timing between digital exchange clocks remains the same. If it did not, and the times at different exchanges differed then the exchange would be unable to receive and retransmit infomation properly. Section 4: The Transmission Bearer Network consists of many line transmission systems which interconnect the functional networks. The Transmission Systems each carry a large number of circuits and are used to interconnet the switching nodes of each functional network. The points at which they connect are called Transmission Repeater Stations. Now a little about the networks: The Visual Network primarily provides service for Television companies using permanent or semi-permanent routes over high quality radio links. The Public Data Network is primarily the Packet Switching Stream (PSS), the UK's first Managed Data Network Service. Many companies use it, including banks, telecom, international businesses etc. PSS is very powerful and flexible in use and is virtually error free in its packet-switching technology. Telex is that shit service shipping companies use. Even despite its crap quality, over 200 countries round the world use it, consisting of many global businesses that use it for their business transactions. The Private Circuit Network provides an extensive national private circuit network transmitting at speeds up to 64KBit/s under Kilostream, and 2MBit under Megastream. Some analogue circuits are still in operation. The entire network is now using ACE sites (Automatic Crossconnection Equipment) and is controlled from network controllers in Manchester and London. A Virtual Private Network (VPN) is a closed user group working within the PSTN. They use the same connections and exchanges as other traffic but are more or less invisible. An example of a VPN is FeatureNet. FeatureNet uses exchanges called Advanced Service Units that are basically independant Digital Exchanges. If you want to phuck with an ASU then I suggest you go scanning. If you already have, then you will know them by the `You have reached xxxxx ASU' messages some numbers in the ASU ranges repeat. An ASU will normally have this message on 9999 so try some (STD) xxx 9999 numbers if you're interested.