-+ 0Line +- of the -+ MED +-
(an infamous source of gnosis)
in Spring, 1997
Presents a guide to UK Telephonics.1
Well, here's a summary of a lot of info I have managed to accumulate
over some time. Hope you appreciate it. BTW, I would like to speak for the
MED in saying we have no (or very little) part in the publication or any
future publication of 'Medizine', for which it would be a far-fetched idea to
deem as an HPA mag. Anyway, devour and keep true..
===== Part (i) =====
A LITTLE OL' HISTORY
Originally, the phone-system was run by employed fuk-wits who would
route the calls for you over a manual switchboard. Lots of fun to be had
until Subscriber Trunk Dialling (STD) was introduced in 1958 (when there was
a lot more phun to be had with the old 'probe and listen' methods). As the
name (STD) implys, it allows the subscriber to 'trunk dial' that is make
calls without the use of an operator. This gradually killed off the operator
until it limited her or him to as they are today, 999, 112, 100, prank etc..
The Joint Electronic Reasearch Agreement was struck up between the
P.O, Erricsson, GEC, STC, ATE and Siemens Edison Swan in 1956. From here
they manufactured several experimental exchanges which gave way the the
electronic TXE range as we knew it.
The TXE3 never really was, it endured three years of public service between
1968 and 1970 before it was fianlly discontinued. In 1976 the TXE4 emerged
and swiftly became 'the' switch. It may be of some note that ATE and
Erricson are now both part of the Plessey organisation and Siemens Edison
Swan is a part of GEC.
The modernization of the UK network came mainly with the 1960 Routing,
Switching and Transmission plan. It demanded a network structure somewhat
simular to that we have today. The RST plan stated that each local telephone
exchange should have direct access to its parent 'Group Switching Centre'
(GSC) which itself would have direct connections to many other local
exchanges. Transit Switching Centres also had to be connected to the GSCs
and were of two types, Main Switching Centre, or Group Switching Centre,
depending on how many subscribers it handled. These Transit Switching Centres
were connected across the country to enable quick call setup and a more
efficient network plan.
This network structure was held right up to the dawn of digital
exchanges. Previously, the network had been dominated by Electronical TXE
(1960+) and Electo-Mechanical TXS/TXK (1950+). The last in the Electronic
type exchange was the TXE4, and there are still many in use today. System X
was the first digital system widely used in England, its contractors were
GEC and PMSL and British Telecom seemed set to install SysX 100% throughout
the country until someone thought that it may be unfair for one company to
have such a hold on the market, and so Erricson were allowed to compete.
Erricson manufactuer a system called AXE, the version in use in England is
AXE10, otherwise known as System Y and more or less kicks SysX's ass
The UK telephone network is now nearly totally digital, the last
electronic exchanges are all being replaced in a great genocidal overhaul
Currently, the digital network consists of over 4000 digital exchanges and
about two more are added every day (including 10,000 kms of fibre that are
added to the network each week). The next changes in the network are probably
going to occour on the DMSU scale, with new software and further involvement
into so called `intelligent' switching. The effects of this on us will go
unnoticed for some time and at the moment it is targeted largely at
cooperations (as the Cyclone Global Virtual Private Network is) and is used
as a tool to reduce money spent by BT by being increasingly efficient at
routing calls and storing data. Boxing UK is more or less dead - if you're
not digital then it makes no difference - all exchanges, digital or
otherwise, communicate with out-of-band signalling. (unless your talking
about foreign connections in which case, C7 supports backwards compatability
with C5 and other 'lesser' signalling systems). Time to go back home...
================= Part (ii) ==================
THE LOCAL DISTRIBUTION NETWORK (or Local Loop)
All telephone lines in an area form part of an exchange's local loop.
The link to an exchange from a house can either be analogue or digital; BT
sell digital links in the form of an ISDN (Integrated Service Digital
Network) line, but most people have a lax analogue link to their local
telephone exchange. Wander round your town enough and you'll eventually find
your local exchange, or you could obtain an internal directory or even ring
0800800192 and ask BT themselves where it is. Whilst wandering you would most
probably come across a green cab-box aswell..
Cab boxes are invaribly green and house the lines for all the
immediate BT subscribers in the area. Types of cab-boxes vary from the
organised to the choatic, holding up to roughly 1000 pairs (or lines). The
way the lines are identified is not a particularly friendly one.. more often
than not, there will be a map of the area the cab-box covers on the side of
the door, which tells you the route the lines take from the houses to the
box. Trying to decode the map may take quite some time, and probably won't
get you anywhere near to finding a particular line inside the box. If you
want to identify a line inside a cab-box, then you're going to need one or
maybe two pieces of BT apparatus. These useful objects are known as
Oscillators and Amplifiers.
The basic theory is that the BT engineer (or phreak) applies certain
discreet tones to someone's line, which may then be picked up by an
Amplifier by waving it around inside the cab-box, thus finding a certain
line. The (loud) tones needed may be applied to the line in one of
several ways. First, with the prementioned Oscillator which means you are
actually going to have to go to the house it runs to and hook the bit of kit
up to the line, whilst someone else finds the line in the box. The prefered
method to apply the tones is to use the famous 4Tel service (which i'm not
going into), or even more simply with the number 176. If you dial 176, then
the full number, including STD, of the line you want tolocate, you should
hear some quick bleeps, which means the tones have been applied to the line
and you may then whip the Amplifier out and identify it in a jiff.
Unfortunatly, not every area supports the 176 (Cable-Pair identification)
number and so you will probably have to get an oscillator or use primitve
4Tel. If you can use 176, it can be used to engage someone's line without
their knowledge as whilst it is in use, it will busy the line out although
calls may still be made on the line.
A LITLE MORE ON LOCAL LOOP & THE LOCAL EXCHANGE:
Lines leave the exchange from its 'Main Distribution Frame', and head
to the customer's premsis via overhead or underground distribution. These
telephone lines connect you to the Public Switched Telephone Network (or
PSTN) which is one of five main BT networks.
If your local TE is a fancy secure affair then there is a good chance that
it is a good trash target. However, if it is a lowly exchange then there
is little chance you will find anything of any real intrest at all. If you
happen upon the good fortune of being able enter your TE, what you will
find can be extremely varible. As far as computer access goes, most low-key
exchanges won't have any proper accessable computer equiptment, but just a
load of terminals for accessing CSS and the relavant switch's Man-Machine
Interface (MMI, through which they manipulate the switch). These are all
password secured (and sometimes you will need a swipecard) so you have little
chance of doing any hacking if you are actually at the site. Some more
important, or older exchanges will have a processor on the site, which is
normally a VAX/UNIX affair and you stand more chance of gaining access here.
If your local exchange is actually a proper switch then you are very lucky
indeed and could find a whole host of equiptment and intresting
documentation. However, even at the lowest of the scum of exchanges, you
may still find the unexpected piece of kit, or perhaps a few Monologs
(small devices that log a particular line's activity) which can be worth
fooling around with or finding the local number for.
======= Part (iii) ========
THE PSTN AND EXCHANGE TYPES
Before diving into the network structure, I would like to say a word or
two about the UK's most common switches, AXE10 and System-X.
System X is manufactured by GEC/Plessey (GPT) whilst AXE10 is manufactured by
the Swedish born Ericsson. Both systems are modular in design and so divided
into a number of sub-systems. These subsystems do not all have to be located
at the same site, and so often one exchange will father another. On a high
level, both systems are more or less similar, the only differences being in
different names for the different subsystems, but the real difference is
in the details, which are more obvious to the learned. AXE10 is supiour to
the lesser System-X and is the choice switch for the external market.
Having said this, all of the _main_ exchanges (DMSU etc) apart from those
that route internationally use System X rather than the supiour System Y
(SysX underwent specifications as a military network whereas AXE10 did not).
AXE10 however, does crop up at most of the internationally routing digital
sites whereas System X never does, at least on any of the known ones.
The following is an basic illustration of the Public Switched
Telephone Network. Obviously it is really a lot more complex then this.
Basic Network Structure of PSTN:
+ ALE + + RCU + ....... = Switched
------: :------ . . . . = Not Switched
+ DLSU +----------+ DMSU +
+ DMSU + -:------.-
-:----:- : . ------- -------
------: `--------. : . + RSS + + RCU +
+ RCU + | : . :------ :------
------- Local Cell | -:------.- ------:- ------:-
`--+ DMSU +------+ DLSU +------+ DLSU +
-:------.-. . . + DCCE +......+ DLE +
: . -:------ ------:-
: . : :------
: . : + ALE +
-:------.- : Local Cell -------
+ DMSU +-------'
+ REMOTE CONCENTRATOR +------
+---------++----------+ - Subscribers (Arseville)
Rest of +----------++----------+
Network ;------+ MAIN EXCHANGE + -
+----------------------+ - Subscribers (Shit Town)
+ ON-SITE CONCENTRATOR +-----
TYPES OF EXCHANGE/EXCHANGE FUNCTION IN PSTN
DMSU - Digital Main Switching Unit - DMSUs switch telephone traffic
between themselves and handle groups of lesser exchanges. Each DMSU
handles several old Group Switching Centre areas. Forms part of a fully
interconnected trunk network. About 52 in entire network.
DMSUs are exclusivly of exchange type System X.
Expect tough security at a DMSU.. this includes guards etc as these are
most important exchanges.
DJSU - DJSUs have no direct customer exchanges, they just act as a tandem
between other exchanges. All DJSUs at present to the best of my
knowledge are located in London.
DISC - Digital International Switching Centre, very sparse but very
advanced. Intrestingly, there are no System-X DISCs, as they are all
AXE10, DMS100 or 5ESS. The ISCs I know of are:
Keybridge - AXE10
Kelvin - AXE10
Mondial - 5ESS
Madley - AXE10 & DMS100
DLSU - Digital Local Switching Unit - This is also known as a Digital Local
Exchange, or Digital Local Processor Exchange. It provides service for
all its customers and varying functions according to relationship with
rest of network.
DCCE - Digital Cell Centre Exchange - These exchanges handles service for
its own local customers, nebry RCU/RSSs and local rusting old Analogue
exchanges (generally Telephone eXchange Electronic). They shuttle calls
to DMSUs for any lesser exchanges in area which do not have their own
link. The DCCEs and DLSUs also switch traffic just between themselves
if a call has no reason to visit a DMSU or likewise.
DLE - Digital Local Exchange - Digital Local Exchanges play host to remote
or local RCUs and ALEs that are to be replaced with RCUs in future.
RCU - Remote Concentrator Unit - Often little more than glorified
cab-boxes. RCUs (System X) and RSSs (AXE10) are basically just meeting
points for all the lines in an area. They plex all the lines down to
just a few and send them of to the parent exchange which does all the
switching and routing. Having said this, RCUs/RSSs tend to occupy
entire buildings as they were the old locations of whole Analogue
exchanges, which have now been replaced with just the limb of a digital
UXD5 - A digital exchange developed from the older CDSS1 Monarch PBX.
Generally these a used in regions of low-density.. some of Keltic
Phrost's older files have sound info on the UXD5.
ALE - ALE are now extremely rare, possible types are Strowger (TXS),
Crossbar (TXK1) and Electronic (TXE2/4)
TXE - Telephone eXchange Electronic. A now very scarse breed of exchange.
TXEs were the bees-knees phreak/hack wise as they all held their
own UNIX processors and were bloody everywhere, with loads and loads
of numbers that could be haqed and pissed around with. TXEs handled all
the calls with computers, but all the telephone links were analogue and
at no point be converted to digital format. Alas, today nearly all TXEs
have been replaced with RCUs or RSSs. :(
It should be noted that one actual location can consist of several
exchange types, such as DMSU and DLSU or DMSU and DJSU.
Overlayed onto the PSTNetwork is the Digital Derviced Services
Network (DDSN). The DDSN provides specialised 'LinkLine' services such as
0800, 0345, 0898 etc numbers. The DDSN consists as switches known as
Digital Derived Service Centres (DDSSC's) which are themselves controlled by
a Intelligent Network Database (INDB). Connection to the DDSN is achieved
======== Part (iv) =========
THE FIVE FUNCTIONAL NETWORKS
The five main functional networks are thus:
Visual PDN Telex PCN PSTN Functional Networks
| | | | ||
1 --+--------+-------+-------+-----++-- OLO/VAN/INT
| | | | ||
2 --+--------+-------+-------+-----++-- Admin
| | | | ||
3 | | | +------+-- Syncronisation
| | | | ||
4 --^-Transmission Bearer Network--^^-- LOCAL LOOP -- Subscriber
Section 1: The gateways provide a link between the functional networks.
For instance, a PSTN number for access to PSS, or Telnet could be considered
a gateway. They also allow access to Other Licenced Operators (OLOs) such
as Mercury, or Value Added Networks (VANs) such as Cellnet, radiopaging
etc.. Access to the international network is achieved through International
Section 2: This Admin Network has access to the processors of the five
functional networks for their management, maintenance and collection
of data. The Admin Network is BT's own private network and operates using
packet switches. If you wanna phuck, phuck this (but do it nicely).
Section 3: A Sync network is used to ensure that the timing between digital
exchange clocks remains the same. If it did not, and the times at different
exchanges differed then the exchange would be unable to recieve and
retransmit infomation properly.
Section 4: The Transmission Bearer Network consists of many line
transmission systems which interconnect the functional networks. The
Transmission Systems each carry a large number of circuits and are used
to interconnet the switching nodes of each functional network. The points
at which they connect are called Transmission Repeater Stations.
Now a little about the networks:
The Visual Network primarily provides service for Television companies using
permanent or semi-permanent routes over high quality radio links.
The Public Data Network is primarily the Packet Switching Stream (PSS), the
UK's first Managed Data Network Service. Many companies use it, including
banks, telecom, international businesses etc. PSS is very powerful and
flexible in use and is virtually error free in its packet-switching
Telex is that shit service some libraries use. Even despite its crap
qulity, over 200 countries round the world use it and consiting of many
global businesses of use it for their business tranactions.
The Private Circuit Network provides an extensive national private
circuit network transmitting at speeds up to 64KBit/s under Kilostream,
and 2MBit under Megastream. Some analogue circuits are still in
operation. The entire network is now uses ACE sites (Automatic
Crossconnection Equipment) and is controled from network controllers in
Manchester and London.
A Virtual Private Network (VPN) is a closed user group working within the
PSTN. They use the same connections and exchanges as other traffic but
are more or less invisible. An example of a VPN is FeatureNet. FeatureNet
uses exchanges called Advanced Service Units that are basically
independant Digital Exchanges. If you want to phuck with an ASU then I
suggest you go scanning. If you already have, then you will know them by
the `You have reached xxxxx ASU' messages some numbers in the ASU ranges
repeat. An ASU will normally have this message on 9999 so try some (STD) xxx
9999 numbers if you're intrested.
Back to document index