From southakj@oz.uc.edu Thu Apr 13 09:00:07 2000 Newsgroups: alt.phreaking Subject: Re: Tracing (correct me if you see fit) From: southakj@oz.uc.edu (Kamal Southall) Date: 13 Apr 2000 16:00:07 GMT In article <8ctc49$map$1@nnrp1.deja.com>, Hawkeye 6.49 wrote: First, a disclaimer. This is what little I know, it is a broad topic and my knoledge is scant. If you see any innacurate information, then PLEASE correct it, preferably in an, um, polite tone :-) >In article , > "Wirtanen" wrote: >> Is it possible to trace a phone call or cell phone like the police >>do >of course it is, they do it in the movies don't they? your silly! The question was silly and your answer was silly, and your sig (while containing some interesting quotes) was far too long. Phone calls are traced a number of ways. On Modern Lucent ESS or Nortel DMS switches the originating number of a call and its destination number remains in the switches scratchpad memory for the duration of the call, both are written to AMA tapes for billing. On calls outside of the area that your central office services; Every call placed generates an ANI message, on older networks ANI is transmitted via MF tones (KP-I-ANI-ST), on a SS7 network its transmitted via a special high speed data link. The destination switch receives the ANI for your line, tracing you is a matter of looking this up, if your call was bounced through multiple switches, for example if you are an authorise user of a WATS extender (or unauthorised, oh me, oh my) - a cheap prepaid calling card is an example here - or if you are an authorised user (ditto) connected to a PBX's port and dialing out through its DISA feature, then often your ANI won't be transmitted, often the ANI of the system that you are dialing out from will be. So the trace will stop at the ANI for the port of the WATS extender that you came from, then one can start the trace from the switch that services the actual line that the WATS number is mapped on, and its switch may have your orginating number in its memory, or it may be retrieved from billing tapes. One one has the number for your line it is simply a matter of finding the line's ID and locating it on your central office's distribution frame (asumeing that the line is not briged to another line on the frame). Wireless calls are absurdly easy to trace. Cordless phones, use a directional yagi cut for the frequency of the phone, cell phones, ditto - plus with surplus cell site equipment you can determine which cell a person is in from the diagnostic messages, urban cells are often very small, you may have multiple towers within a 4 or 5 block distance from each other (I've seen closer) so if you know a person's cell you roughly know their location (in, say, a couple of square miles) so from then one uses a directional antenna and signal strength meter to narrow in on the transmitting signal. Satellite phone calls are also not to hard to locate *with* the right equipment, this is how the hero of the Chechen resistance, Dhokar Dudayev, was killed a few years ago, he was transmitting from an Inmarsat terminal (I think ) and he remained on his phone a few seconds longer than he should have, the Russians fired an anti-radiation missile at him, what these things do is to hone in on sources of strong RF energy, microwave transmissions and the like, they are used to take out Radar terminals and the like. Lesson learned ? You can't hide very well online without going through non trivial methods of operational security, all calls , well most of them (not all, but most) can be traced given enough time and persistance. So thats how they do it in the movies and real life (well, not quite, but...) -- "Keep your old bank statements; throw away | cute naif for hire your old core dumps." -`The Console Cowboy' | southakj@email.uc.edu | http://oz.uc.edu/~southakj pgp 2.6.2 key on request.