When most people think of the modern telephone network, the first word that usually comes to mind is "dull". Most people just assume uniformity blankets the network, and don't give it a second thought. With a keen ear and a bit of research, this usually turns out not to be the case. The reality of this behavior, though, is that like software vulnerabilities, one issue won't apply across the board for every program; to be able to identify or execute exploits properly, you have to know what you're dealing with.
That's what this article is here for. The idea of being able to tell the difference between modern digital switches just by the way the ring sounds may be batshit insane, but it's the sort of batshit insane that actually works. Before we begin, though, just keep a few things in mind.
This trick doesn't work from everything. If you're planning on doing this with a cellphone, a cheap VoIP provider like MagicJack, Skype, anything based on Asterisk without a noanswer hack present, or even Google Voice, you may as well stop reading right now. The reason a lot of cheaper VoIP providers aren't up to the job is because to save bandwidth, they feel the need to superimpose their own fake ring over the audio in an unanswered call. Codecs can pose a bit of a problem as well. Whether or not you think GSM or g.729 sounds alright, it's going to be giving you a hard time in the presence of subtle details. First chance you get, find yourself something that lets you hear what's going on with real uLaw.
Let's start off with something simple. DMS-100s and 5Es, as it turns out, aren't just the most common switches out there, they're some of the easiest to tell apart. Take this ringing number on a DMS for example - 206-296-0001. You hear that distortion in the ring? If you can't, it's no problem. Lots of people tend to cram their handset right up against their ear, which is generally a bad idea unless you're trying to hear something that's barely audible. Try gradually moving the earpiece of your phone at the most half an inch away from your ear - it'll help exxagerate the sound.
When you've got an idea of what the distortion sounds like, try comparing it to a 5ESS like the one here; 206-236-0004. Doesn't it sound a lot cleaner and harsh? If you know your history, you're probably familiar with all the fucked up sounding imitations of the Bell System cityring there were. Somehow, the 5E ends up being no different.
As you're probably all familiar with, Comcast has it's own competitive home phone line business. From what I can gather, their network is filled with some sort of weird Lucent softswitch contraptions, so this technically isn't a knockoff of 5E ring, but it sounds like an incredibly smooth, cleaned up imitation of what 5ESSes generate; 503-336-0050. This will typically rings for a good while, but some weird little device on a POTS line will pick up if you wait through about six rings. If you're worried about bothering anybody, the CNAM is COMCAST OFFICE, so at the most, there's a slight chance you'll be annoying some bewildered Comcast employee. This ring is especially important since a surprising amount of residential customers will port their numbers over to Comcast, which makes it a lot less apparent that you're hitting a Comcast switch unless you do ported number lookups on everything you call.
Next up are EWSDs. Since I'm lazy, I'm going to pull a number right out of dual's Airport Discovery scan, which if you haven't already, should totally read; 414-747-5303. Beware some of the other numbers on there that terminate to some kind of PBX instead. Anyway, EWSD ring is a lot like what you'd hear in a DMS-100, but it's got a strange way of fading in and out instead of having a clear beginning and end. If you've heard someone overuse the hell out of a noise reduction feature in an audio editor before, you know exactly what I'm talking about.
In the same league of DMS-100 imitators is the Stromberg-Carlson DCO. Unlike the EWSD ring, DCO ring sounds almost exactly like DMS ring, but the distortion is really, really pronounced. Take a listen; 503-633-9921. This number actually goes to a really old Protel COCOT in a near-deserted farmtown. For some reason, unlike it's twin (633-9951 if you're curious), it takes a really, really long time to pick up the phone. As in, after most long distance carriers time out long time. Whether or not it actually accepts incoming calls, it may as well just ring out since there's almost literally no one around to answer it.
For a switch that usually insists upon being batshit insane in almost every way, the GTD-5's ring sounds pretty normal. Imagine DCO ring. GTD ring is a lot like that, but the distortion is a little louder, and has a lot more high frequencies. To hear it for yourself, 503-667-0018 is a live, real GTD-5 number that rings 'til the cows come home. Like the 5E and DMS ring, I have no idea whether or not it actually rings a live pair, but in the many times I've called it, it just rang forever.
With a ridiculous amount of switches out there that sound way too much like a DMS-100, you'd expect a DMS-10 to be the spitting image of it, right? Wrong. In fact, it sounds nothing like it. The DMS-10 ring sounds more like GTD-5 ring, but softer, and slightly more high frequencies. DMS-10 ring is actually one of the trickier ones to identify. Like the DCO ringing number, I decided it'd be easier to give out the number to a payphone in the middle of nowhere. Shouts to filer for getting the number for me. 218-466-9215.
So that about sums it up. Like with any skill, being able to identify these switches takes a bit of practice. In this case, if you're ever unsure, keep a window with telcodata or your favorite switch lookup site handy, and in days, you'll be the envy of phone nerds everywhere! Since, y'know, that's something everyone wants to be...right? Guys?
-ThoughtPhreaker