37 Years of the Digest ... founded August 21, 1981
Copyright © 2018 E. William Horne. All Rights Reserved.

The Telecom Digest for Tue, 01 Jan 2019
Volume 38 : Issue 1 : "text" format

Table of contents
Cyber attack against newspapersdanny burstein
old NYC police call boxes:, was: Nationwide internet outage ...danny burstein
T-Mobile US is now even more "Comcastic"Fred Goldstein
Possible Centurylink Outage ReportBill Horne
Please send posts to telecom-digest.org, with userid set to telecomdigestsubmissions, or via Usenet to comp.dcom.telecom
The Telecom Digest is made possible by generous supporters like John Lewandowski
---------------------------------------------------------------------- Message-ID: <Pine.NEB.4.64.1812292302100.29435@panix5.panix.com> Date: Sat, 29 Dec 2018 23:02:19 -0500 (EST) From: danny burstein <dannyb@panix.com> Subject: Cyber attack against newspapers [twitter] A cyberattack that appears to have originated from outside the United States caused major printing and delivery disruptions at several newspapers across the country on Saturday, including the Los Angeles Times: https://www.latimes.com/local/lanow/la-me-ln-times-delivery-breakdown-20181229-story.html _____________________________________________________ Knowledge may be power, but communications is the key dannyb@panix.com [to foil spammers, my address has been double rot-13 encoded] ------------------------------ Message-ID: <q0bhje$svc$2@reader2.panix.com> Date: 30 Dec 2018 22:41:50 +0000 From: "danny burstein" <dannyb@panix.com> Subject: old NYC police "call boxes:, was: Nationwide internet outage ... In <q06v62$t2r$1@pcls7.std.com> "Michael Moroney" <moroney@world.std.spaamtrap.com> writes: [snip] >That is correct. In New York City the system has been partially >upgraded to voice call boxes in the old Gamewell mounts, but the old >boxes still in use in some boroughs send 4 digit numbers as equally >spaced pulses, not as Morse code. The boxes are wind-up and work not >too differently from wind-up music boxes. Originally the pulses rang >a bell and the dispatchers had to count pulses, these days a computer >counts the pulses and enters the number into the dispatch system. >Some boxes have/had telegraph keys inside so I assume at one time they >did manually use Morse Code to call for additional assistance or >otherwise report status to borough headquarters. Not Morse Code, per say, but a series of "ten codes". For example (made up here as I don't have the list at hand) an officer would tap in four times for a fire truck response, seven for an ambulance, etc. -- _____________________________________________________ Knowledge may be power, but communications is the key dannyb@panix.com [to foil spammers, my address has been double rot-13 encoded] ------------------------------ Message-ID: <q0c0to$52a$1@dont-email.me> Date: 30 Dec 2018 22:03:17 -0500 From: "Fred Goldstein" <fg_es@removeQRM.ionary.com> Subject: T-Mobile US is now even more "Comcastic" It used to be that cable companies were known for poor customer service. Mobile carriers were more sensitive to competition. Cable hasn't really improved. But T-Mobile this year has gone from top-shelf to subterranean in service quality. Hence this tale of woe. I recently moved my office, and I need to keep the phone number. Last time I needed to move phone numbers to a neighboring rate center, this past summer, I switched them to Google Voice, which forwards them to wherever I want, including "invisible" numbers in the new physical rate center. But you can't move a wireline number to Google Voice directly. They just don't allow it. So the trick is to port the number to a mobile carrier, then to Google. And everybody says T-Mobile is the easiest mobile carrier to work with -- no contracts, no minimums, and easy SIMs for sale. Last summer, it worked perfectly. I got a cheap unlocked phone, got a SIM from T-M, ported in the number, forwarded the phone to the proper destination, then a few days later let Google Voice port it over. I had a little confusion with T-M over the no-data rate plan price, but it got fixed. I tried again last week and it was an entirely different situation. I made one mistake, asking for prepaid. Turns out you can't forward calls from a prepaid phone, though you can port it out again. However, T-M made a HUGE error. The number they put on the shiny new SIM was one that was in collection -- the previous owner was behind on a postpaid bill, so whenever I tried to enter the number into T-M's phone jail, it got diverted to a recording giving the collection agency's address! I spent FOUR HOURS on the phone trying to get past that, but finally gave up, went back to the store, and swapped the SIM for another, with a clean number on it. And yes, Ms. Jackson, they did reveal the (CPNI) name of the previous number holder. Problem two is that T-M's support for prepaid is execrable. They have two prepaid programs, "Legacy" and "Rebellion". New cards are in the latter class. And they presumably think that prepaid customers are all deadbeats anyway, so talking to a rep takes 45 minutes on hold if you get through at all. But with a clean number, I initiated a number port. I showed the old phone bill, with address and account number, to the store clerk. That was a Thursday. Ports from cable to mobile usually take one day (as did my last two ports). But by this morning (Sunday), no response. So I call in. Oh, the port was REJECTED by the old carrier, because the ZIP code was wrong. Instead of my (old) ZIP code, they had put down the one for Dorchester Center, where I'm guessing one of the store clerks lived. And if there are ANY mismatches, the port fails. I asked them to resubmit with the right ZIP; I have to wait for a response. So after a couple of hours of no feedback, I have the store replace my Rebellion SIM with a postpay one (credit check, ID check, etc.). And I ask for the port to be restarted to the postpaid account. It takes a while, but eventually it goes in to the system and I'm supposed to hear back within a couple of hours. Hearing nothing, I call in to the T-M porting center (1 877 789 3106). The person there tells me that he will be the LAST one I'll need to speak to, he'll get it all fixed. And waddayaknow, the port that I had reinitiated this afternoon, to the postpaid account, had a DIFFERENT wrong ZIP code on it! They replaced the "from" ZIP code with my new T-M bill-to ZIP code. So he thinks he fixed it. As night wears on, I call in again. Now the number is "stuck". The original Rebellion port, rejected, is hanging up the number. And the first guy on the phone sees yet another, nonexistent, ZIP code, which that "last" guy might have left there. It takes two transfers and again over an hour on the phone to Porting to get to someone who thinks he can override that. And it takes him a while to get the right ZIP code. So he's initiating yet another new request for a port. At this point it's just waiting... and hoping that I can get RCN to keep the number alive after I've left the site where the EMTA is. I will leave it in place, the line forwarded, and hope that the landlord hasn't got a new tenant coming right in. I've spent many hours on the phone with T-M this week and it convinces me that the company has really jumped the shark. They used to be the easiest to work with. None of their phone employees are in the US (all in Guatemala and Phillipines) and most just don't seem to care. They will "stay on the line" with you while transferring you to endless hold, taking more calls to keep up their scores. It's a mess. John Legere should be ashamed. He should be paying attention to his company, not writing cookbooks. Ironically, this all pointed to a bug in my VZW service. Someone from T-M porting called me back and I just missed getting my Verizon Blackberry to answer on time. I did not see a voice mail, though they later told me they left one. Turns out that Verizon VM to the Blackberry KeyONE doesn't work any more! A security fix broke the message waiting indicator. I found the fix on Crackberry. It required a call to VZ and a level of escalation to second-level support, to change the VM to "basic IMS", not "visual IMS", which no longer works on that model. But the second-level support person in the midwestern US knew how to do that, fixed it, and made a test call, I got the message, and all's well with VZ after a 15-minute call. That's support, and one reason (beside the fact that the signal is much better!) why I stick with VZW even though I don't touch VZ wireline. ------------------------------ Message-ID: <20181231043943.GA8218@telecom.csail.mit.edu> Date: Sun, 30 Dec 2018 23:39:43 -0500 From: Bill Horne <bill@horneQRM.net> Subject: Possible Centurylink Outage Report This appears to be an outage report from Centurylink, but I can't veryify its authenticity. I had to substitute ASCII for some multi-byte characters. Bill Horne - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - * Event Conclusion Summary * Outage Start: December 27, 2018 08:40 GMT Outage Stop: December 29, 2018 10:12 GMT Root Cause: A CenturyLink network management card in Denver, CO was propagating invalid frame packets across devices. Fix Action: To restore services the card in Denver was removed from the equipment, secondary communication channel tunnels between specific devices were removed across the network, and a polling filter was applied to adjust the way the packets were received in the equipment. As repair actions were underway, it became apparent that additional restoration steps were required for certain nodes, which included either line card resets or Field Operations dispatches for local equipment login. Once completed, all services restored. RFO Summary: On December 27, 2018 at 08:40 GMT, CenturyLink identified an initial service impact in New Orleans, LA. The NOC was engaged to investigate the cause, and Field Operations were dispatched for assistance onsite. Tier IV Equipment Vendor Support was engaged as it was determined that the issue was larger than a single site. During cooperative trouble- shooting between the Equipment Vendor and CenturyLink, a decision was made to isolate a device in San Antonio, TX from the network as it seemed to be broadcasting traffic and consuming capacity. This action did alleviate impact; however, investigations remained ongoing. Focus shifted to additional sites where network teams were unable to remotely troubleshoot equipment. Field Operations were dispatched to sites in Kansas City, MO, Atlanta, GA, New Orleans, LA and Chicago, IL for onsite support. As visibility to equipment was regained, Tier IV Equipment Vendor Support evaluated the logs to further assist with isolation. Additionally, a polling filter was applied to the equipment in Kansas City, MO and New Orleans, LA to prevent any additional effects. All necessary troubleshooting teams, in cooperation with Tier IV Equipment Vendor Support, were working to restore remote visibility to the remaining sites. The issue had CenturyLink Executive level awareness for the duration. A plan was formed to remove secondary communication channels between select network devices until visibility could be restored, which was undertaken by the Tier IV Equipment Vendor Technical Support team in conjunction with CenturyLink Field Operations and NOC engineers. While that effort continued, investigations into the logs, including packet captures, was occurring in tandem, which ultimately identified a suspected card issue in Denver, CO. Field Operations were dispatched to remove the card. Once removed, it did not appear there had been significant improvement; however, the logs were further scrutinized by the Vendor's Advanced Support team and CenturyLink Network Operations to identify that the source packet did originate from this card. CenturyLink Tier III Technical Support shifted focus to the application of strategic polling filters along with the continued efforts to remove the secondary communication channels between select nodes. Services began incrementally restoring. An estimated restoral time of 09:00 GMT was provided; however, as repair efforts steadily progressed, additional steps were identified for certain nodes that impeded the restoration process. This included either line card resets or Field Operations dispatches for local equipment login. Various repair teams worked in tandem on these actions to ensure that services were restored in the most expeditious method available. By 2:30 GMT on December 29, it was confirmed that the impacted IP, Voice, and Ethernet Access services were once again operational. Point-to-point Transport Waves as well as Ethernet Private Lines were still experiencing issues as multiple Optical Carrier Groups (OCG) were still out of service. The Transport NOC continued to work with the Tier IV Equipment Vendor Support and CenturyLink Field Operations to replace additional line cards to resolve the OCG issues. Several cards had to be ordered from the nearest sparing depot. Once the remaining cards were replaced it was confirmed that all services except a very small set of circuits had restored, and the Transport NOC will continue to troubleshoot the remaining impacted services under a separate Network Event. Services were confirmed restored at 10:12 GMT. Please contact the Repair center to address any lingering service issues. Additional Information: Please note that as formal post incident investigations and analysis occur the details relayed here may evolve. Locating the management card in Denver, CO that was sending invalid frame packets across the network took significant analysis and packet captures to be identified as a source as it was not in an alarm status. The CenturyLink network continued to rebroadcast the invalid packets through the redundant (secondary) communication routes. CenturyLink will review troubleshooting steps to ensure that any areas of opportunity regarding potential for restoral accelera- tion are addressed. These invalid frame packets did not have a source, destination, or expiration and were cleared out of the network via the application of the polling filters and removal of the secondary communication paths between specific nodes. The management card has been sent to the equipment vendor where extensive forensic analysis will occur regarding the underlying cause, how the packets were introduced in this particular manner. The card has not been replaced and will not be until the vendor review is supplied. There is no increased network risk with leaving it unseated. At this time, there is no indication that there was maintenance work on the card, software, or adjacent equip- ment. The CenturyLink network is not at risk of reoccurrence due to the placement of the poling filters and the removal of the secondary communication routes between select nodes. * 2018-12-29 12:48:18 GMT - The Transport NOC continues to monitor the network to ensure impacted services have remained restored and stable. If additional issues are experienced, please contact the CenturyLink Repair Center. A final notification will be provided momentarily. * 2018-12-29 11:56:08 GMT - The Transport NOC advises Field Operations has replaced the impacted cards. The affected Optical Carrier G roups have stabilized, thus all service affecting alarms have cleared and impacted services have restored. The Transport NOC has identified and is aware of a smaller set of services that have not restored and will continue to investigate and resolve those services under an alternate Network Event. The Transport NOC and equipment vendor are continuing to monitor for network stability; Additional Field Operations have been dispatched to clear the remaining Optical Carrier Groups that are still out of service and cannot be restored remotely. * 2018-12-29 01:25:17 GMT - The Transport NOC continues to work with the Equipment Vendor's Support Teams to investigate multiple Opti- cal Carrier Groups that are still out of service impacting Point to Point Transport Waves as well as Ethernet Private Lines. Both CenturyLink and the Equipment Vendor's Field Operations teams have dispatched to the necessary sites to assist with isolation. Additional cards have been ordered and shipped to sites across the United States in an effort to restore the Optical Carrier Groups to complete full network restoral. * 2018-12-29 00:31:23 GMT - Field Operations in cooperation with the Engineering teams have repaired the span traversing the western U nited States through loop testing. Once the equipment was restored, additional capacity was in turn available to the span on the CenturyLink Network. IP, Voice, and Ethernet Access services are expected to have restored with the now available capacity. Point- to-Point Transport Waves as well as Ethernet Private Lines may still experience issues while the remainder of the final card issues are resolved. Lingering latency may be present, which is anticipated to subside as routing continues to normalize. If issues are still being experienced with your IP, Voice, and Ethernet Access services please contact the CenturyLink Repair Center. * 2018-12-28 23:02:29 GMT - As the Equipment Vendor and CenturyLink Engineering teams continue to work to clear the lingering card iss ues it has been confirmed that alarms continue to clear, and network capacity is being restored. Efforts will remain ongoing to continue to resolve any further issues identified. * 2018-12-28 21:42:05 GMT - The Transport NOC has confirmed that visibility has been restored to all nodes, allowing triage of the add itional cards to be completed. Engineering continues to review the network to identify, review, and clear the remaining alarms and issues observed. Field Operations continue to remain on standby and dispatch to sites as necessary to assist with isolation and resolution. * 2018-12-28 20:31:40 GMT - Efforts to complete the line card resets remain ongoing, while additional support teams continue to triage chassis within a smaller set of nodes that did not have full visi- bility restored as well as additional line cards within the network. The highest level of Engineering support from both the Equipment Vendor as well as CenturyLink continue to diligently work to restore services. * 2018-12-28 19:27:05 GMT - CenturyLink Engineering in cooperation with the Equipment Vendor's Tier IV Support continue to systema- tically review the network alarms and triage line cards within the network to ensure remote resets or physically reseats on site can be completed. * 2018-12-28 18:23:33 GMT - The Transport NOC has confirmed that visibility has been restored to the majority of the network outside of a few remaining nodes that are in various states of recovery. Engineering has identified the line cards that will need to be reset and are working diligently to perform the necessary actions to bring all cards back online * 2018-12-28 17:15:20 GMT - It has been confirmed that visibility has been restored to the majority of the nodes across the network. Field Operations have been dispatched to assist with recovering visibility to the few remaining nodes. Engineering is working to systematically review the network alarms on the other nodes and are then performing remote manual resets to individual cards that remain in alarm. Reinstate times for each card may vary significantly, as such an estimated completion time is not yet available. If cards do not automatically reinstate after remote resets complete, Field Operations are standing by to dispatch as needed. The Equipment Vendor's Tier IV team continues to assist with the resolution efforts * 2018-12-28 13:35:00 GMT - Efforts by the Equipment Vendor and CenturyLink engineers to apply the filters and remove the secondary co mmunication channels in the network continue. The previously provided ETR of 09:00 GMT remains. * 2018-12-28 13:27:30 GMT - The Equipment Vendor and CenturyLink engineers continue work to apply the filters and remove the secondary communication channels. Field Operations and Equipment Vendor dispatches to recover nodes locally remain underway. Services continue to restore in a steady manner as troubleshooting progresses following the recovery of nodes. CenturyLink NOC management remains in contact with the equipment vendor to obtain updates as restora- tion efforts continue. * 2018-12-28 11:04:24 GMT - CenturyLink continues to work with the Equipment Vendor to apply the filters and remove the secondary comm unication channels. Field Operations and Equipment Vendor dispatches to recover nodes locally remain underway. Client services continue to restore in a steady manner as troubleshooting progresses following the recovery of nodes. * 2018-12-28 10:05:18 GMT - CenturyLink NOC Management reports steady progression of node recovery and restoral of client services. In addition to the remote node recovery process, Field Operations continue to dispatch and assist the Equipment Vendor with local equipment login. * 2018-12-28 08:51:29 GMT - CenturyLink NOC Management has advised that repair efforts are steadily progressing, and services are incrementally restoring. The Equipment Vendor and CenturyLink engineers continue work to apply the filters and remove the secondary communication channels at this time. There have been additional restoration steps identified for cer- tain nodes, which includes either line card resets or Field Operations dis- patches for local equipment login, that have impeded the restoration process. Various repair teams are working in tandem on these actions to ensure that services are restored in the most expeditious method available. Restoration efforts are ongoing. * 2018-12-28 07:12:32 GMT - Efforts by the Equipment Vendor and CenturyLink engineers to apply the filters and remove the secondary co mmunication channels in the network continue. Additional information on repair progress will be available from the Equipment Vendor by 07:30 GMT. Information will be relayed as soon as it is obtained. * 2018-12-28 06:00:01 GMT - Efforts by the Equipment Vendor and CenturyLink engineers to apply the filters and remove the secondary co mmunication channels in the network continue. The previously provided ETR of 09:00 GMT remains. * 2018-12-28 04:58:44 GMT - CenturyLink engineers in conjunction with the Equipment Vendor's Tier IV Technical Support team have identi- fied the elements causing the impact to customer services. Through the filters being applied and the removal of the secondary communi- cation channels, it is anticipated services will be fully restored within four hours. We apologize for any inconvenience this caused our customers. Additional details regarding details of the underlying cause will be relayed as available. * 2018-12-28 04:09:31 GMT - The Equipment Vendor's Tier IV Technical Support team in conjunction with CenturyLink Tier III Technical Support continues to remotely work to remove the secondary communi- cation channel tunnels across the network until full visibility can be restored, as well as applying the necessary polling filter to each of the reachable nodes. * 2018-12-28 02:53:38 GMT - The Transport NOC has confirmed that cooperative efforts remain ongoing to remove the secondary communi- cation channel tunnel across the network until full visibility can be restored, as well as applying the necessary filter to each of the reachable nodes. It has been confirmed that both of these actions are being performed remotely, but an estimated time to complete the activities is not available at this time. * 2018-12-28 01:58:56 GMT - Once the card was removed in Denver, CO it was confirmed that there was no significant improvement. Additi onal packet captures, and logs will be pulled from the device with the card removed to further isolate the root cause. The Equipment vendor continues to work with CenturyLink Field Operations at multiple sites to remove the secondary communication channel tunnel across the network until full visibility can be restored. The equipment vendor has identified a number of additional nodes that visibility has been restored to, and their engineers are currently working to apply the necessary filter to each of the reachable nodes. * 2018-12-28 00:59:04 GMT - Following the review of the logs and packet captures, the Equipment Vendor's Tier IV Support team has iden tified a suspected card issue in Denver, CO. Field Operations has arrived on site and are working in cooperation with the Equipment Vendor to remove the card. * 2018-12-27 23:57:16 GMT - The Equipment Vendor is currently reviewing the logs and packet captures from devices that have been compl eted, while logs and packet captures continue to be pulled from additional devices. The necessary teams continue to remove a secondary communication channel tunnel across the network until visibility can be restored. All technical teams continue to diligently work to review the information obtained in an effort to isolate the root cause. * 2018-12-27 22:52:43 GMT - Multiple teams continue work to pull additional logs and packet captures on devices that have had visibili ty restored, which will be scrutinized during root cause analysis. The Tier IV Equipment Vendor Technical Support team in conjunction with Field Operations are working to remove a secondary communication channel tunnel across the network until visibility can be restored. The Equipment Vendor Support team has dispatched their Field Operations team to the site in Chicago, IL and has been obtaining data directly from the equipment. * 2018-12-27 21:35:55 GMT - It has been advised that visibility has been restored to both the Chicago, IL and Atlanta, GA sites. Engin eering and Tier IV Equipment Vendor Technical Support are currently working to obtain additional logs from devices across multiple sites including Chicago and Atlanta to further isolate the root cause. * 2018-12-27 21:01:26 GMT - On December 27, 2018 at 02:40 GMT, CenturyLink identified a service impact in New Orleans, LA. The NOC was engaged and investigating in order to isolate the cause. Field Operations were engaged and dispatched for additional investiga- tions. Tier IV Equipment Vendor Support was later engaged. During cooperative troubleshooting a device in San Antonio, TX was isolated from the network as it was seeming to broadcast traffic consuming capacity, which seemed to alleviate some impact. Investigations remained ongoing. Following the isolation of the San Antonio, TX device troubleshooting efforts focused on additional sites that teams were remotely unable to troubleshoot. Field Operations were dispatched to sites in Kansas City, MO, Atlanta, GA, New Orleans, LA and Chicago, IL. Tier IV Equipment Vendor Support continued to investigate the equipment logs to further assist with isolation. Once visibility was restored to the site in Kansas City, MO and New Orleans, LA a filter was applied to the equipment to further alleviate the impact observed. All of the necessary troubleshooting teams in cooperation with Tier IV Equipment Vendor Support are working to restore remote visibility to the remaining sites at this time. Tier IV Equipment Vendor Technical Support continues to review equipment logs from the sites where visibility was previously restored. We understand how important these services are to our clients and the issue has been escalated to the highest levels within CenturyLink Service Assurance Leadership. https://fuckingcenturylink.com/ ***** Moderator's Note ***** This notice doesn't mention 911. That's puzzling: there were outages of 911 service in many areas, although they are reported as being limited to cellular users. The report inplies that a fault occured in several high-capacity MUXes, which IIRC wouldn't ususally be used to carry 911 traffic. My experience was all in wireline, so I'll ask those of you who work in the mobile world if Centurylink is allowed to have mobile switches carry traffic across LATA boundaries. Bill Horne Moderator -- Bill Horne (Remove QRM from my email address to write to me directly) ------------------------------ ********************************************* End of telecom Digest Tue, 01 Jan 2019

Telecom Digest Archives