SP 800-24 PBX缺陷分析

合集下载

05B0702同wbh-800技术说明书

05B0702同wbh-800技术说明书

目录1概述 (3)1.1功能简介 (3)1.2保护配置 (3)1.3功能特点 (5)2基本技术参数 (5)2.1基本数据 (5)2.2功率消耗 (7)2.3热稳定性 (7)2.4输出触点 (7)2.5绝缘性能 (7)2.6冲击电压 (7)2.7寿命 (7)2.8机械性能 (7)2.9环境条件 (7)2.10抗干扰能力 (8)3主要技术指标 (8)3.1动作时间 (8)3.2保护定值整定范围和定值误差 (8)3.3记录容量 (9)3.4通信接口 (9)3.5对时方式 (9)4装置整体说明 (9)4.1硬件平台 (9)4.2软件平台 (10)4.3与综合自动化监控系统接口说明 (10)4.4WBH-801保护装置背视图 (11)4.5WBH-801保护装置端子图 (11)4.6WBH-802保护装置背视图 (16)4.7WBH-802保护装置端子图 (16)5WBH-801装置保护原理说明 (26)5.1比率差动保护 (26)5.2分侧差动保护 (30)5.3过励磁保护 (31)5.4相间阻抗保护 (32)5.5接地阻抗保护 (34)5.6复合电压判别 (35)5.7复合电压(方向)过流保护 (36)5.8零序(方向)过流保护 (39)5.9反时限零序(方向)过流保护 (42)5.10零序过压保护 (43)5.11非全相保护 (44)5.12失灵启动保护 (44)5.13过负荷(通风启动)保护 (45)5.14限时速断保护 (45)5.15TV断线判别 (46)6WBH-801装置非电量保护原理 (46)7整定内容及整定说明 (47)7.1WBH-801装置整定内容及整定说明 (47)7.2WBH-802装置整定内容及整定说明 (55)8保护装置整定计算 (55)8.1比率差动保护整定计算 (55)8.2分侧差动整定计算 (61)8.3阻抗保护整定计算 (62)8.4复合电压判别整定计算 (63)8.5复合电压方向过流保护整定计算 (64)8.6零序过流保护整定计算 (65)8.7低压侧零序电压保护整定计算 (66)9订货须知 (66)10附录一:装置运行说明 (66)10.1键盘 (66)10.2面板指示灯说明 (67)10.3运行工况及说明 (67)10.4故障报文和处理措施 (67)11附录二:装置通讯说明(IEC 60870-5-103规约) (68)11.105B0702合同WBH-801微机变压器保护装置的信息 (68)11.205B0702合同WBH-802微机变压器保护装置的信息 (72)1概述1.1功能简介WBH-800微机型变压器保护装置适用于500kV电压等级的变压器。

丹佛斯-转向系统技术

丹佛斯-转向系统技术

40-500
60/120125/440 80/125160/320 58/116125/500 520-1200 160-400 520-800 160-400 50-100
Max steering pressure, bar
140 210 210
210
210
210
210 240 210 240 210 125
LSd
ON, ORM, LSd, LSRd, LSRMd
LSd, LSRd
OSPU
OSPL OSPBX OSPLX OSPCX OSPCX
LSd
LS, LSd LS LS LSd CN
Description
Mini steering unit for smaller vehicles Steering unit with no valve functions
丹佛斯动力 技术交流
——转向系统

目录
• 转向系统的工作原理与应用 • 转向器介绍 • 优先阀介绍 • 流量放大器介绍 • 外置阀块介绍 • 转向系统的设计 • 装机注意事项 • 故障排除
Danfoss Power Solutions
Optional text
Request OSP mount In Line Pump mount 40, 80 l/min
120, 160, 320 l/min Requested in OLS Rules of thumb: <4 m: use internal PP >4 m: use external PP
Static for OSPB, OSPC, OSPD, OSPL
转向器介绍
弹簧设定
Danfoss Power Solutions

故障模型

故障模型

15
数字电路的测试(续) 数字电路的测试(续)
4 故障模拟 故障模拟用于评价测试矢量的故障检测和定位能力,分 析电路在故障条件下的工作情况。为了进行故障模拟, 首先要建立电路的逻辑模拟,模拟电路无故障时的逻辑 行为。然后注入故障,模拟电路有故障时的逻辑行为。 故障模拟分为串行故障模拟和并行故障模拟。串行故障 模拟是在模拟器中每次只注入一个故障进行模拟,效率 低。并行故障模拟是对多个单故障同时进行模拟。 在并行故障模拟中,对一个测试矢量的评价须对故障表 内的所有故障进行模拟,而实际上有不少故障未能检测 ,对它们的计算是多余的,因此降低了效率。而在演绎 故障模拟中,只有那些能传送到器件输出,因而能被检 测的故障才被计算,这就提高了效率。
2006-5-7
VLSI Test: Bushnell-Agrawal/Lecture 1
13
数字电路的测试(续) 数字电路的测试(续)
2 测试评价 测试评价常采用两种方法。一种方法是把故障插入一 个已知好的数字电路内,测试器把测试矢量加到该电 路,并观察电路响应,检测插入的故障是否已被检测 ,以评价测试矢量的有效性。另一种方法是逻辑模拟 。逻辑模拟通常是软件模拟,因此逻辑模拟器是能够 实现数字电路的计算机程序。先运行正常的逻辑模拟 器,施加测试矢量并记录无故障电路的响应。然后在 逻辑模拟器中注入故障,在施加测试矢量,比较有故 障和无故障电路的响应。若两者出现任何差异,就意 味着故障已被检测。对故障表中的每个故障重复上述 过程,就可求出故障覆盖率,亦即评价了测试矢量的 有效性。
2006-5-7
VLSI Test: Bushnell-Agrawal/Lecture 1
9
故障模型(续) 故障模型(续)
故障模型化的基本原则有两个: 1)模型化故障应能准确地反映某一类故障对电路的影响 ,即模型化故障应具有典型性、正确性和全面性。 2)模型化故障应尽可能简单,以便作各种运算和处理。 显然这两个原则是相互矛盾的,因此往往要采取一些折 衷的方案。由于解决的问题不同和研究的侧重面不同, 而采用的故障模型也不同,因此在决定使用什么样的故 障模型时,首先要考虑研究对象的重点是什么,所研究 电路的实现技术和采用的器件是什么,最后还应考虑到 研究用的设备、软件和其它条件。总而言之,故障模型 化在故障诊断中起着举足轻重的作用,一个好的故障模 型化方案往往能使故障检测、诊断理论和方法得以发展 和完善。

CHEMIX—800全自动生化分析仪常见故障原因及处理方法

CHEMIX—800全自动生化分析仪常见故障原因及处理方法

CHEMIX—800全自动生化分析仪常见故障原因及处理方法介绍CHEMIX-800全自动生化分析仪使用中常见的故障、原因及处理方法,使用户能自己动手解决,从而提高设备使用效率,为临床提供及时、准确、可靠的检测结果,为就医群众提供快捷、便利的医学检验服务。

标签:CHEMIX-800全自动生化分析仪;常见故障原因;处理方法CHEMIX-800全自动生化分析仪是由日本(SYSMEX)希森美康株式会社生产一款广泛用于临床生化和免疫学定量检测的自动化仪器。

其主要由自动加样部分(ASP)、样品加样部分(SPT)、试剂1/2加样部分(R1PT/R2PT)、反应盘(RCT)、试剂盘(RGT)、光学部分、搅拌混匀部分(STIRRER-1/STIRRER-2)、比色杯冲洗部分(CRU)、加样泵集合(SPP、R1PP、R2PP注射器)等部分组成。

配备英文操作系统、中文报告系统,具备自动检测故障报警功能,每小时进行360个测试。

该仪器占地面积小、自动化程度高,操作简便、性能稳定、测速较快、软件功能丰富,非常适合基层医院使用。

我院仪器使用五年来,通过实践总结,笔者积累了一些使用中出现异常和故障时分析处理的经验,现介绍如下。

1同批中个别标本结果明显异常在日常工作中,由于急于上机测定,血液标本未完全凝固就开始检测,导致加样针吸样不准或者将凝固的纤维蛋白吸至试管外,甚至携带至反应杯,造成污染和测定结果明显异常,测定项目数值一般均偏低甚至为零,检测结果无法报告。

原因是血液中纤维蛋白原未完全析出或标本量太少,血清分离少,采样针取样时针孔被堵,取样受影響造成。

这既造成试剂浪费,又耽误时间,还需重新检测。

最简单、快速有效的预防办法就是将新收到未凝固的标本试管平放或置25~37℃水浴中5~10min,然后离心,对离心后的试管可倾斜一定角度,仔细观察血液标本凝固情况,确定血清析出、离心效果理想,再进行上机检测就可避免上述问题。

2预防加样针出现堵孔现象该仪器加样针由于吸样微量且具备良好的内冲洗功能,一般不会因为血清未分离好而发生堵塞,但不按要求清洗维护、使用未凝固好的标本,偶尔也会出现堵塞现象,一般及时暂停检测,执行加样针清洗即可解决,不必人为机械疏通。

Wire-Bond-缺陷分析只是分享

Wire-Bond-缺陷分析只是分享

o 原因 : 特殊设计的键合衬垫!!! 如果键合金球偏出键合区域, 键合金球可能
损坏键合衬垫.
© 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information
引脚键合翘起
o 客户 o 不良 o 失效模式
如果键合金球偏出键合区域键合金球可能损坏键合衬垫
Wire-Bond-缺陷分析
© 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information
键合衬垫损坏
o 客户 o 不良 o 失效模式
: ATi (CABGA) : 键合衬垫损坏并与相邻衬垫短路. : 测试失效 (短路)
o 客户 o 不良 o 失效模式
上层线弧下塌/损坏
: Intel (SCSP) :上层线弧下塌损坏 : 测试失效 (短路)
o 原因 : 上层线弧被压板损伤 (Only for KnS8028).
© 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information
引脚键合翘起
o 客户 o 不良 o 失效模式
: Intel (CVBGA) : 引脚键合翘起 : 测试失效 (断开)
o 原因 : 引脚键合位置设定错误.
Solder Mask Area
© 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information

中国移动招聘考试考试题

中国移动招聘考试考试题

中国移动招聘考试考试题中国移动招聘考试考试题1单选支路净负荷处理功能,用于AU4指针的锁定和TU指针的重新计算,并完成复帧的产生。

以下那些Opti(江南博哥)(江南博哥)X2500+单板上没有支路净负荷处理功能:()。

A、S16B s SD4C、S14D、SQ1E x SDEF、XCS答案:A2、多选在长距离传输的系统中,影响10GMADM设备传输质量的因素主要有()A.衰减B.色散C.光信噪比D.光纤非线性效应答案:A,B,C,D3、填空题集团公司E-OMS系统主要功能包括:()、()、信息发布功能、业务论坛功能、()、系统管理功能。

答案:工单处理功能;值班管理功能;资料管理功能4、填空题三相供电电压不平衡度不大于()。

电压波形正弦畸变率不大于()。

答案:4%;5%5、单选以下不能用来平衡小区话务的方式有:()。

A.载波调整B.小区负荷分担C.调整功率D.降低接入电平答案:D6、填空题128X设备属于多ADM集成系统,从软件上最多可以设置的逻辑系统个数为();最多能支持()个复用协议控制器;最多可以处理了()路ECC 通道,每个槽位最多可走()路ECC o答案:48个;12;20;47、填空题话音信道拥塞率(不含切换)=()×100%答案:忙时话音信道溢出总次数(不含切换)/忙时话音信道试呼总次数(不含切换)8、多选下列关于PDH s SDH的说法,错误的是()A s45Mbit/s属于欧洲标准系列的,我国广电部传送节目使用这种接口B、PDH接口规范统一,容易实现不同厂家设备互连C、SDH频带利用率比PDH高D、SDH光信号的码型是加扰的NRZ码答案:A,B,C9、填空题在连接或拆下启动电瓶时,除了分清正负极外还应注意连接顺序,当连接时应先可靠接上()极;当拆下电瓶时应先拆下()极。

答案:正;负10、填空题()号码是用来替换在无线接口中用来替换IMSI,以增加用户数据的保密性。

答案:TMSI11、单选SDH传输设备中,155M容量含有多少个2M?()A、252个B s244个C、61个D、63个答案:D12、单选SMP系统负责和SCP通信的进程是()A、SmapsubserverB、schedu1eC、smpsyncD s Smpmanager答案:C13、问答题保证OPtiXiManagerRMS工作站网管RMS能够正常运行的基本条件有那些?答案:数据库启动、rms用户登录CDE、环境变量正确、用户数据库和RMS初始化配置数据正确。

PBX常见故障处理

PBX常见故障处理

1.故障现象1,用户电话外线打不出、打不进。

交换机分机提机有拨号音,能打内线。

多为两兆线路传输不通。

看交换机信令上指示灯亮是否正常。

正常为最上面黄灯长亮,第2个长灭,第3、4个绿灯每10秒钟同步闪一次。

如果正常请检查传输状态,在交换机信令接口上端,将S200设备的两兆线自环,让传输班看传输状态是否正常。

2.故障现象2,用户电话提机没有拨号音,电话机上指示灯亮。

内线分机不能通话。

看交换机信令上指示灯亮是否正常。

正常为最上面黄灯长亮,第2个长灭,第3、4个绿灯每10秒钟同步闪一次。

如果第2个黄灯闪烁,交换机出问题,首先重启交换机,看能否恢复正常。

如果还不行,重新导入数据(可从厂家处获取)保存A库,上传A库,重启交换机,看能否恢复正常。

如果还不行,则需更换主板。

3. 用户某一个分机不能打电话,提机无拨号音,看电话能否呼入,如果能呼入,且分机振铃,说明此端口故障,更换用户板,看能否恢复正常。

如果呼入听忙音,说明线路短路(碰线);如果呼入听正常音,分机不振铃,说明线是路断路,请检查线路。

4.ping 192.168.0.235无法连接交换机。

(电脑与天波交换机直接相连的情况),解决方法:检查网络连接线是否为交叉线;B检查交换机的网络指示灯是否点亮;C检查计算机和交换机是否在同一网段,注:可以通过串口检查交换机的网络设置。

5. ping 192.168.0.235不通天波交换机。

(电脑通过网络交换机与天波交换机间接相连的情况)解决方法:A检查交换机的网络指示灯是否点亮;B检查计算机和交换机是否在同一网段;C检查交换机的IP是否正确,注:可以通过串口检查交换机的网络设置。

6.管理软件不能登陆天波交换机。

解决方法:A通过方法4、5检查连接是否正确;B检查防火墙是否对5003端口屏蔽;C可能上次登陆没有正常,重启交换机。

7.其他软件不能登陆天波交换机。

解决方法:参考方法6.8.设置分机数据不生效。

解决方法:A确认上传为A库;B确认A库是否为激活库;C如果上传库不是A库,检查上传库是否为激活的库;D确认上传后已经重启交换机。

Wire-Bond-缺陷分析只是分享

Wire-Bond-缺陷分析只是分享

o 客户 o 不良 o 失效模式
: Atheros (CABGA) : 金线与接地引脚短路 : 测试失效 (短路)
o 原因 : 线弧参数未优化.
© 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information
键合球与相邻球短路
o 客户 o 不良 o 失效模式
: Broadcom (CABGA) : 键合球与相邻球短路 : 测试失效 (短路)
o 原因 : 1) 键合参数未优化 2) 键合球尺寸,厚度未优化.
© 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information
上层线弧与下层线弧短路
o 客户 o 不良 o 失效模式
: Intel (SCSP) :上层线弧与下层线弧短路 : 测试失效 (短路)
o 原因 : 线弧参数设定错误.
© 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information
o 原因 : 特殊设计的键合衬垫!!! 如果键合金球偏出键合区域, 键合金球可能
损坏键合衬垫.
Hale Waihona Puke © 2005 Amkor Technology, Inc.
Amkor Confidential / Proprietary Business Information
引脚键合翘起
o 客户 o 不良 o 失效模式
金线与金线短路
o 客户 o 不良 o 失效模式

XGN24开关柜避雷器烧坏故障分析及改进策略

XGN24开关柜避雷器烧坏故障分析及改进策略

电子技术212 2015年25期XGN24开关柜避雷器烧坏故障分析及改进策略罗爱华广州白云电器设备股份有限公司,广东广州 510460摘要:结合实例对六氟化硫环网柜XGN24发生避雷器内部击穿短路故障进行分析,并提出了避免此种开关柜事故的预防措施。

关键词:避雷器;事故分析;改进策略中图分类号:TM862.1 文献标识码:A 文章编号:1671-5810(2015)25-0212-021 引言2012年3 月20 日,某公司电房一台六氟化硫环网柜XGN24,投产运行过程中发生避雷器内部击穿短路故障,导致避雷器烧坏。

本文主要分析了该事故的主要原因,并给出了避免此种开关柜事故的预防措施。

2 事故概要2.1 产品说明XGN24-12(X-箱式;G-高压;N-户内;24是设计序列号;12是12KV)型金属封闭环网开关设备(简称六氟化硫环网柜)是新一代的以六氟化硫负荷开关为主开关的环网柜,该柜采用空气绝缘,结构紧凑简单,操作灵活,安装方便,具有多重联锁功能。

根据所配元件的不同可分为XGN24-12(F)型和XGN24-12(F,R)型两种。

XGN24-12(F)型柜配装负荷开关,一般用作进线;XGN24-12(F,R)型柜配装负荷开关和限流熔断器组合,由负荷开关承担开断关合负荷电流,而由限流熔断器承担开断较大的过载电流和短路电流,一般用作出线。

柜体采用进口敷铝锌板经数控机床加工成模块化结构,防护等级达到IP3X,并具有可靠的机械联锁和防误操作功能。

2.2 产品运行原理环网是指环形配电网,即供电干线形成一个闭合的环形,供电电源向这个环形干线-供电,从干线上再一路一路地通过高压开关向外配电。

这样的好处是,每一个配电支路既可以同它的左侧干线取电源,又可以由它右侧干线取电源。

当左侧干线出了故障,它就从右侧干线继续得到供电,而当右侧干线出了故障,它就从左侧干线继续得到供电,这样一来,尽管总电源是单路供电的,但从每一个配电支路来说却得到类似于双路供电的实惠,从而提高了供电的可靠性。

SDH光通信中通道保护环缺陷改进与设计

SDH光通信中通道保护环缺陷改进与设计

SDH光通信中通道保护环缺陷改进与设计作者:赵兴富来源:《中国新通信》2017年第02期【摘要】本文主要论述SDH光纤通信中通道保护环在电力系统中的应用情况,在电力系统中电流差动保护使用光纤通信通道保护环存在的问题与缺陷,提出通道保护环改进与设计,及如何解决电流差动保护通信不能形成自愈环的问题。

【关键词】 SDH光纤通信通道保护环电流差动保护存在问题字节与告警前言光纤通信经过三十多年的研究与发展,在现代通信中已经占有重要的地位。

近十五来光纤通信在电力系统中在得到广泛的应用与发展,取代了微波通信。

在电力自动化,电网保护与安全自动装置中得到了广泛地应用与完善。

随着电网不断发展与壮大,220kv 与 500kv、800Kv 输电网构成电网的重要组成部份,在现已形成的超高压、长距离、跨地区、跨省的输电网络中,继电保护在电网安全稳定运行中起到至关重要的保护作用。

一、电流差动保护与通信通道保护环使用情况与缺陷1、电网保护与通信形成了密切的关系,自动化程度越高、对通信的依赖程度越大,特别是电流差动保护在电力系统中作为主要保护得到了广泛地应用与普及,差动保护在电网线路故障时,两侧保护装置在接收本端电流大小与方向的同时,还需接收对端电流大小与方向进行比较与判断,确定保护动作与否,差动保护具有切除故障线路快速、准确、可靠性高的特点,在电网保护中得到了广泛地应用,与通信密不可分。

但电流差动保护对通信收发时延有严格的要求与限制,目前电力系统SDH通信已形成完善通道保护环,对电力系统大多数业务在故障时,提供了可靠自动迂回路由,保障了业务在故障情况下不中断,提高了通信运行的可靠性。

但电流差动保护不能使用,主要是因为通信在发生单侧故障时,故障侧倒换,而非故障侧不倒换,导致收发路劲不一致,从而收发时延不一致而不能使用,因此存在着设计缺陷。

二、低价通道字节使用的情况与传统的通道保护环1、在SDH网络中、低价通道的开销字节有V5、J2、N2、K4来完成VC-12的性能主要靠V5字节来完成监测,管理。

IAD-PBX-EPON-瑞斯康达设备等集团常见故障手册

IAD-PBX-EPON-瑞斯康达设备等集团常见故障手册

IAD-PBX-EPON-瑞斯康达设备等集团常见故障⼿册集团⽤户端常⽤设备常见故障集锦(第⼀版)⽬录第1章IAD常见故障处理 (5)1.1 【问题描述】语⾳单通 (5)1.2 【问题描述】IAD的⽤户的T38传真不通 (5)1.3 【问题描述】查询⽤户端⼝摘机异常 (5)1.4 【问题描述】IAD的⽹⼝灯不亮 (6)1.5 【问题描述】IAD和⽹络上其他设备间ping不通 (6)1.6 【问题描述】从⽹络加载或备份⽂件失败 (7)1.7 【问题描述】PPPOE拨号失败 (7)1.8 【问题描述】语⾳断续,时延⼤ (7)1.9 【问题描述】语⾳双不通 (8)1.10 【问题描述】回声 (8)1.11 【问题描述】电流声/杂⾳ (9)1.12 【问题描述】⽤户摘机就听忙⾳ (9)1.13 【问题描述】⽤户摘机,但是没有声⾳,只有线路上的电流声 (11)1.14 【问题描述】只能收,但是不能发送,或者只能发,但是不能接收 (13)1.15 【问题描述】传真断页或者传真中断 (14)1.16 【问题描述】某些地⽅传真通,但是其他地⽅传真不通 (14)1.17 【问题描述】附近有⼀个⼴播站,当⼴播站⼴播时,IAD通话中会听到⼴播⾳ 141.18 【问题描述】串⾳ (14)1.19 【问题描述】⽹管问题:IAD启动后不能注册到IADMS,在IADMS查看设备在线指⽰灯是灰⾊ (15)1.20 【问题描述】⽹管问题:孵化器提⽰孵化失败或者⽆反应 (15)1.21 【问题描述】⽹管问题:IADMS设置了升级标志,复位IAD重启后没有⾃动升级(16)1.22 【问题描述】⽹管问题:在命令⾏上设置了⽆IADMS的⾃动升级参数,复位IAD重启后没有⾃动升级 (16)1.23 【问题描述】系统问题:能输⼊命令,但总是提⽰系统忙,⽆法执⾏命令 (16)1.24 【问题描述】系统问题:键盘输⼊⽆反应,也没有输出或者输出乱码 (17)1.25 【问题描述】系统问题:系统不能正常启动,启动到某个地⽅就复位 (17)1.26 【问题描述】系统问题:启动过程中停在某个地⽅,键盘输⼊⽆反应,系统不⾃动重启 (18)1.27 【问题描述】系统问题:输⼊reboot命令后系统仍正常运⾏ (18)1.28 【问题描述】系统问题:系统跑着跑着⾃⼰就复位了,没有做任何操作 (19)1.29 【问题描述】⽤户采⽤新业务时,⽆法转移成功,排叉转移不成功,或者马上听忙⾳ (19)1.30 【问题描述】只听到⼀声短暂的拨号⾳ (19)1.31 【问题描述】摘机听拨号⾳,然后拨号,不能停⽌拨号⾳ (20)1.32 【问题描述】正在通话过程中,突然断线 (21)1.33 【问题描述】拨号完成,但是听忙⾳获知提⽰⽤户号码不存在 (21)1.34 【问题描述】使⽤IAD的⽤户拨号上⽹后上线时间短,或者会掉线 (22)1.35 【问题描述】使⽤IAD的⽤户拨号上⽹,或者拨对端MODEM不成功 (22)1.36 【问题描述】使⽤IAD的⽤户拨号上⽹后上后传输速率特别低 (22)1.37 【问题描述】爱科信计费器上显⽰ERR00 (23)1.38 【问题描述】计费器液晶屏显⽰某路或全部话机为EEEEEEEEEE状态 (23)1.39 【问题描述】某路话机通话计费器显⽰能跳表但计费器不计费或计费异常 (23)1.40 【问题描述】IP超市显⽰未连接 (23)1.41 【问题描述】IP超市显⽰某路或全部话机为“故障” (24)1.42 【问题描述】IP超市某路话机通话能跳表但不计费或计费异常 (24)1.43 【问题描述】电话可以打通,但是反极性计费器显⽰某路或全部话机⽆法计费 24 第2章佳和PBX常见故障处理 (25)2.1 【问题描述】分机摘机⽆拨号⾳,不能呼出、呼⼊ (25)2.2 【问题描述】分机摘机听忙⾳,不能呼出、呼⼊ (25)2.3 【问题描述】分机摘机拨号,⼀直听拨号⾳,不能呼出 (25)2.4 【问题描述】分机摘机先听“嘟,嘟,嘟,嘟”四声后才听正常拨号⾳,呼出、呼⼊正常(26)2.5 【问题描述】接通⼀段时间内对⽅听不到分机讲话 (26)2.6 【问题描述】内部通话可以显⽰主叫号码,外线电话不能显⽰ (26)2.7 【问题描述】分机可以拨内部电话,拨外线听忙⾳或⽆反应 (27)2.8 【问题描述】分机通话后转接到其它分机响⼀下就断线 (27)2.9 【问题描述】外线打进来,不论是听DVC转分机还是打到前台转分机后,能听到⼀⾄⼆声回铃⾳,之后就断线了,内部分机打此分机也是这样的情况 (27)2.10 【问题描述】分机拍叉后或未拨完号码挂机,电话就振铃,摘机却听忙⾳ (27)2.11 【问题描述】分机可以呼出但不可以呼⼊ (28)2.12 【问题描述】两台相邻的分机⽤免提拨号时,有时会拨到其它地⽅ (28)2.13 【问题描述】DX1S-U有时候外线呼⼊总机不振铃 (28)2.14 【问题描述】从环路中继呼⼊时,有时会听到DVC提⽰空号 (29)2.15 【问题描述】DX1S环路中继呼出呼⼊,有时会听到其他⼈讲话 (29)2.16 【问题描述】DX1S环路中继线打进来没有⼈接电话 (29)2.17 【问题描述】DX1S,环路中继呼⼊通过DVC拨号不能再出中继(环路) (30) 2.18 【问题描述】DX1S,可以打市话,但打长途是听忙⾳ (30)2.19 【问题描述】数字中继呼⼊没有到指定连选群⾥的号码振铃,⽽是到固定的端⼝上振铃,听DVC后拨0也是⼀样 (30)2.20 【问题描述】使⽤PRI数字中继,编程正确但是⽆法拨打电话 (31)2.21 【问题描述】采⽤PRI接⼊,分机呼⼊呼出均正常,但收、发传真经常失败 (31) 2.22 【问题描述】从E1呼⼊到内线分机,通话后,有时单通或杂⾳ (32)2.23 【问题描述】DX1S-U,MCCV4主控板RUN灯常亮,ALARM灯常亮 (32)2.24 【问题描述】MT24多功能话机⽆任何显⽰,不能拨打电话 (32)2.25 【问题描述】MT24的直选台按键⽆反应 (32)2.26 【问题描述】交换机在使⽤中,进⾏录制DVC语⾳,按00*#,经常听忙⾳ (33)第3章希华PBX(HC-4800)常见故障处理 (33)3.1 【问题描述】电源指⽰灯不亮 (33)3.2 【问题描述】交换机所有分机提机⽆⾳ (33)3.3 【问题描述】分机提机噪⾳ (33)3.4 【问题描述】分机话机呼⼊呼出单向通话 (34)3.5 【问题描述】本组内通话不正常(⼀个分控板控制内) (34)3.6 【问题描述】上下层不能通话 (34)3.7 【问题描述】交换机与电脑不能正常连接 (34)3.8 【问题描述】单分机话机提机⽆⾳ (34)3.9 【问题描述】分机不掁铃可以呼出及通话 (34)3.10 【问题描述】分机不能呼出 (35)3.11 【问题描述】分机不能呼⼊ (35)3.12 【问题描述】分机占⽤外线⽆⾳ (35)3.13 【问题描述】外线直拔分机有时会转总机 (35)3.14 【问题描述】环路中继呼⼊交换机不接收 (36)3.15 【问题描述】少量⽤户使⽤交换机正常,⽤户同时有30个左右使⽤时交换机复位或死机。

SMT制程假焊改善

SMT制程假焊改善

起点ic
结论
通过对炉温的调式和不良零件下侧的胶水位置的变动; 分别对零件前侧引脚假焊和零件两侧引脚假焊改善;改善效果如下图:
4月15日 A B 4月16日 B A 4月17日 B A 136888 136888 169940 169940 36332 36332 J102 5 75 31 3 0 0 97 548 182 18 0 0
Thank you
日期 4月13日 型号 GT200A-V1.02 GT200B GT200A-V1.02 GT200B 4月14日 GT200A-V1.02 GT200B GT200A-V1.02 GT200B 4月15日 GT200A-V1.02 GT200B GT200A-V1.02 GT200B 4月16日 GT200A-V1.02 GT200B GT200A-V1.02 GT200B 4月17日 GT200A-V1.02 GT200C GT200A-V1.02 GT200C 面 A B A B A B B A B A 生产件数 39760 39760 56232 56232 136888 136888 169940 169940 36332 36332 J102 5 75 31 3 位号 假 焊 0 41 不良率
分析处理过程 ◇零件前侧引脚假焊改善:
方法一.增加锡膏,修改印刷参数:1.降低刮刀压力;2.将印刷次数改为2次;
结果:现象依旧
1.将刮刀压力由8KG改为6KG; 方法二.增加炉温:将炉温上升10度;
炉温曲线
炉温上升10度, 重新测试炉温,
2.将印刷次数由1次改为2次;
生产数据
日期 面 A B 生产件 数 39760 39760 J10 2 位 号 假 焊 0 41 不良 率 0 1031

AXIS P3265-LVE 2 MP 外部旋钮实况相机文档说明书

AXIS P3265-LVE 2 MP 外部旋钮实况相机文档说明书

AXIS P3265-LVE Dome CameraOutdoor2MP dome with IR and deep learningFeaturing Lightfinder2.0,Forensic WDR,and OptimizedIR,AXIS P3265-LVE delivers excellent image quality and forensic usability under any light conditions.Based on the latest Axis system-on-chip(SoC)with a deep learning processing unit, it enables advanced features and powerful analytics based on deep learning on the edge.And with AXIS Object Analytics preinstalled,it offers highly nuanced object classification and fast search in the VMS.This robust,outdoor-ready camera features audio and I/O connectivity so you can integrate other peripheral equipment such as a microphone to enable audio analytics.Furthermore,with built-in cybersecurity features such as Axis Edge Vault,it prevents unauthorized access and safeguards your system.>Excellent image quality in2MP>Lightfinder2.0,Forensic WDR,OptimizedIR>Analytics with deep learning>Built-in cybersecurity features>Audio and I/O connectivityDatasheetAXIS P3265-LVE Dome Camera CameraImage sensor1/2.8”progressive scan RGB CMOSLens Varifocal,3.4–8.9mm,F1.8Horizontal field of view:100°-36°Vertical field of view:53°-20°Minimum focus distance:50cm(20in)IR corrected,remote zoom and focus,P-Iris controlDay and night Automatically removable infrared-cut filterMinimum illumination With Forensic WDR and Lightfinder2.0: Color:0.1lux at50IRE,F1.8B/W:0lux at50IRE,F1.8Shutter speed1/66500s to2sCamera angleadjustmentPan±180°,tilt±75°,rotation±175°System on chip(SoC)Model ARTPEC-8Memory1024MB RAM,8192MB Flash ComputecapabilitiesDeep learning processing unit(DLPU) VideoVideo compression H.264(MPEG-4Part10/AVC)Baseline,Main,and High Profiles H.265(MPEG-H Part2/HEVC)Main ProfileMotion JPEGResolution1920x1080to160x90Frame rate With WDR:25/30fps with power line frequency50/60HzWithout WDR:50/60fps with power line frequency50/60Hz Video streaming Multiple,individually configurable streams in H.264,H.265,and Motion JPEGAxis Zipstream technology in H.264and H.265Controllable frame rate and bandwidthVBR/ABR/MBR H.264/H.265Video streaming indicatorMulti-viewstreamingUp to2individually cropped out view areas in full frame rateImage settings Saturation,contrast,brightness,sharpness,Forensic WDR:up to 120dB depending on scene,white balance,day/night threshold,local contrast,tone mapping,exposure mode,exposure zones,defogging,barrel distortion correction,compression,rotation:0°,90°,180°,270°including Corridor Format,mirroring,dynamictext and image overlay,privacy masks,polygon privacy mask Pan/Tilt/Zoom Digital PTZ,preset positionsAudioAudio streaming Two-way,full duplexAudio encoding24bit LPCM,AAC-LC8/16/32/44.1/48kHz,G.711PCM8kHz,G.726ADPCM8kHz,Opus8/16/48kHzConfigurable bit rateAudio input/output External microphone input,line input,digital input with ring power,line output,automatic gain controlNetworkSecurity Password protection,IP address filtering,HTTPS a encryption,IEEE802.1x(EAP-TLS)a network access control,digestauthentication,user access log,centralized certificatemanagement,brute force delay protection,signed firmware,secure bootsigned video,Axis Edge Vault,Axis device ID,secure keystore(CC EAL4certified)Supported protocols IPv4,IPv6USGv6,ICMPv4/ICMPv6,HTTP,HTTPS a,HTTP/2,TLS a,QoS Layer3DiffServ,FTP,SFTP,CIFS/SMB,SMTP,mDNS (Bonjour),UPnP®,SNMP v1/v2c/v3(MIB-II),DNS/DNSv6,DDNS, NTP,RTSP,RTCP,RTP,SRTP,TCP,UDP,IGMPv1/v2/v3,DHCPv4/v6, ARP,SOCKS,SSH,SIP,LLDP,CDP,MQTT v3.1.1,Syslog,Link-Local address(ZeroConf)System integrationApplication Programming Interface Open API for software integration,including VAPIX®andAXIS Camera Application Platform;specifications at One-click cloud connectionONVIF®Profile G,ONVIF®Profile M,ONVIF®Profile S,andONVIF®Profile T,specification at Support for Session Initiation Protocol(SIP)for integration withVoice over IP(VoIP)systems,peer to peer or integrated withSIP/PBX.OnscreencontrolsDay/night shiftDefoggingWide dynamic rangeVideo streaming indicatorIR illuminationEvent conditions Analytics,external input,supervised external input,virtual inputsthrough APIAudio:audio clip playing,audio clip currently playingCall:state,state changeDevice status:above operating temperature,above or belowoperating temperature,below operating temperature,withinoperating temperature,IP address removed,new IP address,network lost,system ready,ring power overcurrent protection,live stream activeDigital audio:digital signal contains Axis metadata,digital signalhas invalid sample rate,digital signal missing,digital signal okayEdge storage:recording ongoing,storage disruption,storagehealth issues detectedI/O:digital input,manual trigger,virtual inputMQTT:subcribeScheduled and recurring:scheduleVideo:average bitrate degradation,day-night mode,live streamopen,tamperingEvent actions Overlay text,external output activation,play audio clip,zoompreset,day/night mode,flash status LED,use lights,set defogmode,set WDR modeCalls:end SIP call,make SIP call,answer callI/O:toggle I/O once,toggle I/O while the rule is activeMQTT:publishNotification:email,HTTP,HTTPS,TCP,and SNMP trapPre-and post-alarm video or image buffering for recording oruploadRecord video:SD card and network shareUpload of images or video clips:FTP,SFTP,HTTP,HTTPS,networkshare,and emailData streaming Event dataBuilt-ininstallation aidsRemote zoom and focus,straighten image,pixel counter,levelgridAnalyticsAXIS ObjectAnalyticsObject classes:humans,vehicles(types:cars,buses,trucks,bikes)Trigger conditions:line crossing,object in areaUp to10scenariosMetadata visualized with color-coded bounding boxesPolygon include/exclude areasPerspective configurationONVIF Motion Alarm eventApplications IncludedAXIS Object AnalyticsAXIS Video Motion Detection,active tampering alarm,audiodetectionSupport for AXIS Camera Application Platform enablinginstallation of third-party applications,see /acapGeneralCasing IP66-,NEMA4X-and IK10-ratedPolycarbonate hard coated domePolycarbonate casing and weathershieldColor:white NCS S1002-BFor repainting instructions,go to the product’s supportpage.For information about the impact on warranty,go to/warranty-implication-when-repainting.Mounting Mounting bracket with junction box holes(double-gang,single-gang,and4”octagon)and for wall or ceiling mount¼”-20UNC tripod screw threadSustainability PVC free,4.1%recycled plasticsPower Power over Ethernet(PoE)IEEE802.3af/802.3at Type1Class3Typical4.8W,max10.7WConnectors RJ4510BASE-T/100BASE-TX PoEI/O:4-pin2.5mm(0.098in)terminal block for1superviseddigital input and1digital output(12V DC output,max.load25mA)Audio:4-pin2.5mm(0.098in)terminal block for audio in andoutIR illumination OptimizedIR with power-efficient,long-life850nm IR LEDsRange of reach40m(130ft)or more depending on the scene Storage Support for microSD/microSDHC/microSDXC cardSupport for SD card encryption(AES-XTS-Plain64256bit)Recording to network-attached storage(NAS)For SD card and NAS recommendations see Operating conditions -40°C to50°C(-40°F to122°F)Maximum temperature according to NEMA TS2(2.2.7):74°C (165°F)Start-up temperature:-30°C to50°C(-22°F to122°F) Humidity10–100%RH(condensing)Storage conditions -40°C to65°C(-40°F to149°F) Humidity5–95%RH(non-condensing)Approvals EMCEN50121-4,EN55032Class A,EN55035,EN61000-3-2,EN61000-3-3,EN61000-6-1,EN61000-6-2,FCC Part15Subpart B Class A,ICES-3(A)/NMB-3(A),IEC62236-4,KC KN32Class A,KC KN35,RCM AS/NZS CISPR32Class A,VCCI Class ASafetyCAN/CSA-C22.2No.60950-22,CAN/CSA C22.2No.62368-1,IEC/EN/UL62368-1,IEC/EN/UL60950-22,IEC/EN62471,IS13252EnvironmentIEC60068-2-1,IEC60068-2-2,IEC60068-2-6,IEC60068-2-14,IEC60068-2-27,IEC60068-2-78IEC/EN60529IP66,IEC/EN62262IK10,NEMA250Type4X,NEMA TS2(2.2.7-2.2.9)NetworkNIST SP500-267Dimensions Without weathershield:Height:104mm(4.09in)ø149mm(5.87in)Weight With weathershield:800g(1.8lb)IncludedaccessoriesInstallation guide,Windows®decoder1-user license,drilltemplate,RESISTORX®T20L-key,terminal block connectors,cable gaskets,connector guard,weathershieldOptionalaccessoriesAXIS TP3201Recessed Mount,AXIS T94T01D Pendant Kit,AXIS T94M01D Pendant Kit,AXIS Dome Intrusion Switch C,AXIS T8355Digital Microphone3.5mm,AXIS TP3804-E MetalCasing White,AXIS ACI Conduit Adapters,smoked dome,blackcasingFor more accessories,see VideomanagementsoftwareAXIS Companion,AXIS Camera Station,video managementsoftware from Axis Application Development Partners availableat /vmsLanguages English,German,French,Spanish,Italian,Russian,SimplifiedChinese,Japanese,Korean,Portuguese,Polish,Traditional Chinese Warranty5-year warranty,see /warrantya.This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.(),and cryptographic software written by Eric Young (*****************).Environmental responsibility:/environmental-responsibility©2021-2022Axis Communications AB.AXIS COMMUNICATIONS,AXIS,ARTPEC and VAPIX are registered trademarks ofAxis AB in various jurisdictions.All other trademarks are the property of their respective owners.We reserve the right tointroduce modifications without notice.T10170893/EN/M5.3/2204。

炸药与黏结剂溶液的黏附功对PBX_水悬浮制备工艺的影响

炸药与黏结剂溶液的黏附功对PBX_水悬浮制备工艺的影响

doi:10.3969/j.issn.1001 ̄8352.2023.06.002炸药与黏结剂溶液的黏附功对PBX水悬浮制备工艺的影响❋赵㊀凯㊀黄亚峰㊀杨㊀雄㊀杨㊀渤㊀姚逸伦㊀陈㊀鸿西安近代化学研究所(陕西西安ꎬ710065)[摘㊀要]㊀能否采用水悬浮工艺制备聚合物黏结炸药(PBX)ꎬ一般需要多次试验后对炸药/黏结剂体系进行判断ꎮ测试了不同浓度的氟橡胶(F2603)溶液与奥克托今(HMX)㊁1ꎬ1 ̄二氨基-2ꎬ2 ̄二硝基乙烯(FOX ̄7)的接触角ꎬ计算了HMX㊁FOX ̄7与不同浓度的F2603溶液㊁7%乙酸乙酯@水的黏附功ꎬ分析了黏结剂溶液浓度变化对成粒的影响ꎮ结果表明:HMX与质量分数14%的F2603溶液的黏附功大于HMX与7%乙酸乙酯@水之间的黏附功ꎬHMX可以黏结成粒ꎻFOX ̄7与不同浓度F2603溶液的黏附功均小于FOX ̄7与7%乙酸乙酯@水之间的黏附功ꎬFOX ̄7无法黏结成粒ꎮ经试验验证ꎬ计算结果与实际成粒情况一致ꎮ[关键词]㊀造粒ꎻ接触角ꎻ黏附功ꎻ水悬浮工艺ꎻ浓度[分类号]㊀TQ560.6EffectofAdhesionWorkbetweenExplosiveandAdhesiveSolutionontheWaterSuspensionPreparationProcessofPBXZHAOKaiꎬHUANGYafengꎬYANGXiongꎬYANGBoꎬYAOYilunꎬCHENHongXi anModernChemistryResearchInstitute(ShaanxiXi anꎬ710065)[ABSTRACT]㊀Itisgenerallynecessarytoconductmultipleexperimentsbeforedeterminingwhetherapolymerbondedexplosive(PBX)canbepreparedusingawatersuspensionprocessforanexplosive/bindersystem.Thecontactanglesbe ̄tweendifferentconcentrationsoffluororubber(F2603)solutionandHMXorFOX ̄7weretested.TheadhesionworkofHMXorFOX ̄7todifferentconcentrationsofF2603solutionand7%ethylacetate@waterwascalculatedꎬandtheeffectofbindersolutionconcentrationvariationonparticleformationwasalsoanalyzed.Theresultsshowthattheadhesionworkbe ̄tweenHMXandF2603solutionwithmassfractionof14%isgreaterthanthatbetweenHMXand7%ethylacetate@waterꎬandHMXcanbondintogranules.TheadhesionworkbetweenFOX ̄7anddifferentconcentrationsofF2603solutionissmallerthanthatbetweenFOX ̄7and7%ethylacetate@waterꎬandFOX ̄7cannotbondintogranules.Itisverifiedbytestthatthecalculatedresultsareconsistentwiththeactualgranulation.[KEYWORDS]㊀granulationꎻcontactangleꎻadhesionworkꎻwatersuspensionprocessꎻconcentration0㊀引言目前ꎬ水悬浮工艺研究主要聚焦于工艺参数调节对造型粉性能的影响[1 ̄4]ꎬ或者是对水悬浮成粒过程的定性分析[5]ꎬ未见关于水悬浮制备工艺过程的定量计算ꎮ可以利用黑索今(RDX)㊁奥克托今(HMX)采用水悬浮工艺制备聚合物黏结炸药(PBX)ꎬ而5ꎬ5  ̄联四唑 ̄1ꎬ1  ̄二氧二羟胺(HATO)㊁1ꎬ2 ̄苯二甲酸二烯丙酯(DAP)等无法采用水悬浮工艺制备PBXꎮ判断一个炸药/黏结剂体系能否采用水悬浮工艺制备PBXꎬ往往需要尝试调节不同的真空度㊁温度㊁黏结剂溶液的加入速度等参数ꎬ进行多次试验ꎮ进行有限次的试验时ꎬ只能根据试验结果推测某些炸药能否用于水悬浮工艺制备PBXꎮFernández ̄Toledano等[6 ̄9]通过分子动力学模拟分析了液滴在固体表面及两个运动平板间的接触角与液滴及平板运动速度之间的关系㊁接触线位置波动与固液作用之间的关系ꎮSemal等[10]采用分子动力学理论分析了粗糙度对润湿过程的影响ꎮBorma ̄第52卷㊀第6期㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀爆㊀破㊀器㊀材㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀Vol.52㊀No.6㊀2023年12月㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀ExplosiveMaterials㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀Dec.2023❋收稿日期:2023 ̄03 ̄14第一作者:赵凯(1984-)ꎬ男ꎬ副研究员ꎬ主要从事混合炸药的制备工艺研究ꎮE ̄mail:wuwukai@126.comshenko[11]研究了光滑和粗糙曲面的润湿情况及适用的公式ꎮBlake[12]介绍了有关润湿的多种理论ꎮ在表面间作用力计算与测试方面ꎬIsraelachvili等[13 ̄14]研究了粒子和表面间作用力的计算公式ꎮChaudhury等[15]测量了采用聚二甲基硅氧烷制成的1 2mm的半球形透镜和平板接触时的变形量ꎬ分析了空气和液体中表面间的黏附力ꎮ上述相关研究只涉及水悬浮工艺过程的一部分ꎬ均不能直接用于水悬浮工艺过程的量化计算ꎮ通过量化计算来评价炸药与黏结剂能否采用水悬浮工艺制备PBXꎬ可以避免多次试验ꎮ同时ꎬ研究一条量化表征水悬浮工艺过程的技术途径ꎬ可以据此开展固㊁液两相间作用力㊁成粒浓度等的研究ꎮ1㊀试验部分水悬浮造粒过程中ꎬ溶剂挥发ꎬ造成造粒釜中黏结剂溶液浓度发生变化ꎮ配制不同浓度的黏结剂溶液ꎬ表征造粒过程的不同时刻ꎮ以乙酸乙酯为溶剂ꎬ配制质量分数为2%㊁5%㊁12%㊁14%和16%的氟橡胶(F2603)溶液ꎬ分别标记为样品1# 样品5#ꎮ在采用乙酸乙酯作为溶剂的黏结剂造粒时ꎬ当黏结剂溶液加入造粒釜中时ꎬ部分乙酸乙酯迅速与水互溶(经测试ꎬ常温下ꎬ乙酸乙酯在100mL水中的最大溶解体积为8mL)ꎬ成为乙酸乙酯溶液ꎬ命名为7%乙酸乙酯@水ꎮ采用Washburn法测出探针液体与炸药㊁炸药与黏结剂溶液的接触角ꎬ进而计算出炸药㊁黏结剂溶液的表面张力分量ꎮ然后ꎬ根据张力分量ꎬ计算出不同相之间的黏附功ꎮ1.1㊀试剂HMXꎬ120目ꎬ甘肃银光化学工业集团有限公司ꎻFOX ̄7ꎬ西安近代化学研究所ꎻF2603ꎬ中昊晨光化工研究院有限公司ꎻ溶剂为分析纯ꎮ1.2㊀物性表征采用英国马尔文MasterSizer2000型激光粒度仪测试HMX与FOX ̄7的粒径ꎮ采用日本电子JSM5800型扫描电镜(SEM)测试表面形貌ꎮ分别采用黏度仪㊁表面张力仪㊁密度测试仪测试F2603溶液的黏度㊁表面张力㊁密度ꎮ实际浓度采用称量法测试:取一定质量的F2603溶液ꎬ根据已测密度计算体积ꎻ溶剂挥发完全后ꎬ再次称量溶液质量ꎬ计算出实际浓度ꎮ1.3㊀接触角测试采用德国德飞DCAT21型接触角测量仪测试样品的接触角ꎮ先将黏结剂制备成片状ꎬ然后采用光学法测出黏结剂与探针液体的接触角ꎬ测试装置和样品见图1ꎮ㊀图1㊀接触角测试装置及样品管Fig.1㊀Contactangletestingdeviceandsamples㊀㊀Washburn方程:w2=cρ2σcosθ2ηtꎮ(1)式中:w为探针液体在炸药填充床中的润湿质量ꎻc为填充床的几何因子ꎻρ为液体密度ꎻσ为液体表面张力ꎻη为液体黏度ꎻt为润湿时间ꎻθ为接触角ꎮ可通过式(1)中w2 ̄t拟合直线的斜率kꎬ求得该探针液体与炸药的接触角ꎮ1.4㊀造粒工艺试验分别称量980g的HMX(或FOX ̄7)和20g的F2603ꎮF2603溶解在400mL的乙酸乙酯中ꎬ配制成黏结剂溶液ꎬ采用水悬浮工艺进行造粒ꎮ水与炸药的质量比为1.5︰1.0ꎮ搅拌桨转速200 400r/minꎮ造粒工艺温度65 70ħꎮ真空度为-0.090 -0.092MPaꎮ黏结剂溶液滴加速度为0.5 2.0L/minꎮ造粒总时间为15 40minꎮ转速㊁黏结剂溶液滴加速度㊁造粒时间的范围较大ꎬ主要是由于FOX ̄7无法成粒ꎬ通过调节工艺参数进行试验ꎬ看是否能够成粒ꎮ2㊀结果与分析2.1㊀物理性质表征结果水悬浮造粒与原材料的粒径及粒径分布有较大的关系ꎬ所以先对原材料粒径进行表征ꎮ不同浓度的F2603溶液的密度㊁黏度㊁表面张力的测试数据见表1ꎮHMX和FOX ̄7的粒径分布见图2ꎻ颗粒形貌见图3ꎮ粒径D50(HMX)=16.70μmꎻD50(FOX ̄7)=58.19μmꎮ㊀㊀20ħ时ꎬ探针液体的表面张力及分量见表2ꎮ01 ㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀爆㊀破㊀器㊀材㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀第52卷第6期表1㊀不同浓度F2603溶液的物理参数Tab.1㊀PhysicalparametersofF2603solutionswithdifferentconcentrations样品ρ/(g cm-3)η/(mPa s)σ/(mN m-1)1#0.9053.8022.802#0.92013.3022.913#0.925262.4023.604#0.953530.9023.675#0.9581386.0023.537%乙酸乙酯@水0.9651.7537.63㊀㊀(a)HMX㊀㊀(b)FOX ̄7图2㊀HMX与FOX ̄7的粒径分布Fig.2㊀ParticlesizedistributionsofHMXandFOX ̄7㊀㊀㊀㊀㊀(a)HMX(2000ˑ)㊀㊀㊀㊀(b)FOX ̄7(2000ˑ)图3㊀HMX与FOX ̄7的SEM图Fig.3㊀SEMimagesofHMXandFOX ̄7表2中:σd表示色散分量ꎻσp表示极性分量ꎮ2.2㊀炸药表面张力分量计算2.2.1㊀填充床几何因子及接触角计算根据正己烷在HMX和FOX ̄7中的测试曲线(图4)ꎬ计算出填充床几何因子cꎬ测试3次ꎬ取平均值ꎬ见表3ꎮ计算出的接触角见表4ꎮ㊀㊀图4㊀正己烷在HMX和FOX ̄7中的上升曲线Fig.4㊀Risecurvesofn ̄hexaneinHMXandFOX ̄7表2㊀常用探针液体的表面张力及分量Tab.2㊀Surfacetensionandcomponentofcommonlyusedprobeliquids探针液体σ/(mN m-1)σd/(mN m-1)σp/(mN m-1)ρ/(g cm-3)η/(mPa s)水72.8021.851.000.99801.002乙酸乙酯23.5219.63.920.90030.443乙二醇48.3029.319.001.108821.800甘油63.4037.026.401.26131412.000正己烷18.4018.400.66030.30811 2023年12月㊀㊀㊀㊀㊀㊀炸药与黏结剂溶液的黏附功对PBX水悬浮制备工艺的影响㊀赵㊀凯ꎬ等㊀㊀㊀㊀㊀㊀表3㊀HMX和FOX ̄7的c值Tab.3㊀cValuesofHMXandFOX ̄7测试序号cFOX ̄7HMX10.67450.131820.83110.199331.09600.1715平均值0.86000.1700表4㊀HMX、FOX ̄7和探针液体的接触角Tab.4㊀ContactanglesbetweenHMXorFOX ̄7andprobeliquids样品θ/(ʎ)水乙二醇乙酸乙酯FOX ̄789.7068.8834.46HMX>90.0079.7970.462.2.2㊀HMX和FOX ̄7的表面张力分量根据水㊁乙二醇㊁乙酸乙酯在HMX㊁FOX ̄7中的测试数据(图5)ꎬ分别计算出HMX㊁FOX ̄7的表面张力分量ꎮ㊀㊀(a)HMX㊀㊀(b)FOX ̄7图5㊀探针液体在HMX㊁FOX ̄7中的上升曲线Fig.5㊀RisecurvesofprobeliquidsinHMXandFOX ̄7㊀㊀Young方程σS=σSL+σLcosθꎮ(2)式中:σS为固体表面张力ꎻσL为液体表面张力ꎻσSL为固㊁液两相的界面张力ꎮ几何平均方程σSL=σS+σL-2σSdσLd-2σSpσLpꎮ(3)式中:σSd为固体表面张力的色散分量ꎻσSp为固体表面张力的极性分量ꎻσLd为液体表面张力的色散分量ꎻσLp为液体表面张力的极性分量ꎮ从式(2)和式(3)可得:1+cosθ=2σSdσLdσL+σSpσLpσLæèçöø÷ꎮ(4)令y=1+cosθ2 σLσLd㊁x=σLpσLd㊁a=σSp㊁b=σSdꎬ则式(4)可以转化为y=ax+bꎮ(5)㊀㊀根据式(5)ꎬ拟合FOX ̄7的表面张力分量曲线ꎬ可以求出a=2.72336㊁b=3.72639ꎬ即FOX ̄7的表面张力分量σSp=7.42mN/mꎬσSd=13.89mN/mꎮ从而ꎬFOX ̄7的σ=21.31mN/mꎮ拟合HMX的表面张力分量曲线ꎬ可以求出a=4.76883㊁b=1.41190ꎬ即HMX的表面张力分量σSp=22.74mN/mꎬσSd=2.00mN/mꎮ从而ꎬHMX的σ=24.74mN/mꎮ通过测试探针液体与炸药的接触角ꎬ计算出了炸药的表面张力分量ꎮ接触角测试与粒度㊁粗糙度㊁填充床的几何因子等关系均较大ꎮ为保持HMX或FOX ̄7的测试分析与工艺试验条件一致ꎬHMX或FOX ̄7取样为同批㊁同箱内材料ꎬ且接触角测试时ꎬ为保证c相同ꎬ采用相同的药量㊁相同的高度ꎮ2.3㊀F2603的表面张力分量F2603制备成片状后ꎬ分别与甘油㊁水㊁乙二醇的接触角为99.7ʎ㊁98.4ʎ和84.4ʎꎮ根据接触角数据进行线性拟合ꎬ可得F2603的a=2.8559㊁b=2.2707ꎮ所以ꎬF2603的表面张力分量σSp=8.16mN/m㊁σSd=5.16mN/mꎮ2.4㊀F2603溶液的表面张力分量2.4.1㊀炸药与F2603溶液的接触角样品管高度一致ꎮ每个管中ꎬFOX ̄7或HMX质量0.5gꎬ振动40次ꎮFOX ̄7㊁HMX与不同浓度F2603溶液的接触角测试曲线见图6ꎮ由图6可计算出不同浓度F2603溶液与HMX㊁FOX ̄7的接触角ꎬ见表5ꎮ2.4.2㊀F2603溶液的表面张力分量㊀㊀HMX和FOX ̄7的表面张力分量计算采用几何平均方程ꎬ主要是因为方程可以变换成线性关系进行曲线拟合ꎬ减少误差ꎮF2603溶液为低能物质ꎬ表21 ㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀爆㊀破㊀器㊀材㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀第52卷第6期㊀㊀㊀(a)在FOX ̄7中㊀㊀㊀(b)在HMX中图6㊀F2603溶液的上升曲线Fig.6㊀RisecurvesofF2603solutions表5㊀炸药与F2603溶液的接触角Tab.5㊀ContactanglesbetweenexplosivesandF2603solutions样品θ/(ʎ)1#2#3#4#5#FOX ̄7027.3540.3649.1140.38HMX85.0671.3053.4742.110面张力分量计算采用调和平均方程ꎮσSL=σS+σL-4σSdσLdσSd+σLd-4σSpσLpσSp+σLpꎮ(6)由式(2)和式(6)可得ꎬσL(1+cosθ)=4σSdσLdσLd+σSd+4σSpσLpσLp+σSpꎮ(7)㊀㊀通过测试不同浓度的F2603溶液和HMX㊁FOX ̄7的接触角ꎬ计算出了不同浓度F2603溶液的表面张力分量ꎬ见表6ꎮ㊀㊀从表6中可以看出:F2603溶液的色散分量随着F2603浓度的升高呈下降趋势ꎬ说明F2603溶液的色散分量主要取决于乙酸乙酯的色散分量ꎻF2603溶液的极性分量随着F2603浓度的升高呈先升高㊁后下降的趋势ꎬ说明F2603溶液的极性分量取决于F2603和乙酸乙酯两种材料及材料之间的作用关系ꎮ根据F2603表面张力分量可知ꎬF2603的极性分量在表面张力中的占比较大(61.0%)ꎬ高于乙酸乙酯的极性分量在表面张力中的占比(16.7%)ꎮ所以ꎬF2603含量增加时ꎬF2603溶液的极性增加ꎮ同时ꎬF2603分子和乙酸乙酯分子间可以在诱导作用下形成诱导偶极ꎬ分子经过运动ꎬ诱导偶极排列有序ꎬ产生附加的极性分量ꎮ所以ꎬ随着F2603浓度升高ꎬ黏结剂溶液的极性分量呈升高趋势ꎮ当F2603含量增加到一定程度时ꎬ黏度较高ꎬ分子运动较为困难ꎬ诱导偶极排列逐渐变得无序ꎬ产生附加的极性分量减少ꎮ所以ꎬ随着F2603浓度的继续升高ꎬ黏结剂溶液的极性分量呈下降趋势ꎮ2.5㊀多相体系中炸药与黏结剂溶液的黏附功水悬浮造粒为多相体系ꎮ该体系中存在多个界面ꎮ把黏结剂溶液看作一相时ꎬ则存在炸药晶体㊁7%乙酸乙酯@水㊁黏结剂溶液共三相ꎬ三相间的界面关系见图7ꎮ图7中:γAB为炸药晶体与黏结剂溶液的界面张力ꎻγAC为炸药晶体与7%乙酸乙酯@水的界面张力ꎻγBC为黏结剂溶液与7%乙酸乙酯@水的界面张力ꎮ㊀㊀㊀㊀图7㊀炸药 ̄黏结剂溶液 ̄水三相间的关系Fig.7㊀InterfacialrelationshipofthreephasesofexplosivesꎬadhesivesolutionsꎬandwaterW=σS+σL-σSL=4σSdσLdσSd+σLd+4σSpσLpσSp+σLpꎮ(8)㊀㊀表7为由式(8)计算出的HMX㊁FOX ̄7与不同表6㊀不同浓度F2603溶液的表面张力分量Tab.6㊀SurfacetensioncomponentsofF2603solutionswithdifferentconcentrations表面张力及分量/(mN m-1)1#2#3#4#5#7%乙酸乙酯@水σd15.9415.5012.059.226.1727.00σp4.548.3413.4616.5614.7313.91σ20.4823.8425.5125.7820.9040.9131 2023年12月㊀㊀㊀㊀㊀㊀炸药与黏结剂溶液的黏附功对PBX水悬浮制备工艺的影响㊀赵㊀凯ꎬ等㊀㊀㊀㊀㊀㊀表7㊀HMX、FOX ̄7与F2603溶液的黏附功Tab.7㊀AdhesionworkbetweenHMXorFOX ̄7andF2603solutions炸药W/(mN m-1)1#2#3#4#5#7%乙酸乙酯@水HMX22.2531.4940.6844.9041.8041.97FOX ̄740.9645.0144.9442.6636.8356.04浓度的F2603溶液㊁7%乙酸乙酯@水的黏附功ꎮ㊀㊀由表7可以得出ꎬFOX ̄7与7%乙酸乙酯@水的黏附功大于FOX ̄7与F2603溶液的黏附功ꎮ所以ꎬ无法采用F2603对FOX ̄7(D50=58.19μm)进行水悬浮造粒ꎻHMX与7%乙酸乙酯@水的黏附功小于HMX与4#F2603溶液的黏附功ꎬ因此HMX采用F2603进行水悬浮造粒时ꎬ随着溶剂的挥发ꎬ造粒釜中F2603溶液质量分数达到14%时ꎬ可以成粒ꎮHMX/F2603㊁FOX ̄7/F2603水悬浮造粒试验结果见图8ꎮ粉状HMX黏结成明显的类球体颗粒ꎮ而FOX ̄7无法形成颗粒状ꎬ仍然呈粉状或散絮状ꎮ㊀㊀㊀㊀㊀㊀㊀㊀图8㊀水悬浮造粒效果Fig.8㊀Outcomesofwatersuspensiongranulation2.6㊀黏结剂浓度对HMX/F2603体系造粒过程的影响㊀㊀水悬浮工艺中ꎬ黏结剂浓度太高或太低时ꎬ均不易成粒ꎮ通过黏附功分析成粒时的黏结剂浓度ꎮ不同浓度的黏结剂的表面张力分量不同ꎮ分析黏结剂溶液的色散分量和极性分量对造粒过程的影响ꎮz=W(HMX ̄7%乙酸乙酯@水)-W(HMX ̄F2603溶液)ꎮ(9)式中:W(HMX ̄7%乙酸乙酯@水)表示HMX与7%乙酸乙酯@水的黏附功ꎻW(HMX ̄F2603溶液)表示HMX与F2603溶液的黏附功ꎮ令x为F2603溶液的色散分量ꎬy为F2603溶液的极性分量ꎮ根据已测数据ꎬ拟合出z与x和y的关系ꎬ函数曲线详见图9ꎮ㊀㊀㊀图9㊀F2603溶液的表面张力分量对成粒的影响Fig.9㊀EffectofsurfacetensioncomponentofF2603solutionongranulation㊀㊀采用Matlab求出函数的极小值ꎮ当极性分量为15mN/m时ꎬ函数出现极小值ꎬ根据F2603溶液的极性分量变化规律ꎬ4#F2603溶液样品时ꎬ函数具有极小值(极小值小于0)ꎮ表明用水悬浮法造粒时ꎬ造粒釜中F2603溶液在质量分数14%附近时ꎬHMX成粒ꎮ3㊀结论将水悬浮制备工艺多个参数的影响化解为黏结剂溶液浓度的影响ꎮ通过测试不同浓度的黏结剂溶液与炸药的接触角ꎬ计算了FOX ̄7㊁HMX与F2603溶液及7%乙酸乙酯@水的黏附功ꎬ从而研究水悬浮成粒过程ꎮ1)FOX ̄7与7%乙酸乙酯@水的黏附功(56.04mN/m)大于FOX ̄7与F2603溶液的黏附功(最大为45.01mN/m)ꎬ无法采用F2603对FOX ̄7(D50=58.19μm)进行水悬浮造粒ꎻHMX与7%乙酸乙酯@水的黏附功(41.97mN/m)小于HMX与F2603溶液的黏附功(与4#F2603溶液为44.90mN/m)ꎬ41 ㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀爆㊀破㊀器㊀材㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀㊀第52卷第6期可以成粒ꎮ㊀㊀2)从计算及试验结果可以看出:当炸药与黏结剂溶液的黏附功小于炸药与7%乙酸乙酯@水的黏附功时ꎬ炸药不能被黏结剂溶液黏结成粒ꎬ即该炸药与黏结剂无法采用水悬浮工艺制备PBXꎮ参考文献[1]㊀孙晓乐ꎬ万力伦ꎬ刘海伦ꎬ等.某型高聚物粘结炸药制备工艺研究[J].兵工自动化ꎬ2018ꎬ37(1):76 ̄78.SUNXLꎬWANLLꎬLIUHLꎬetal.StudyoncertaintypePBXtechnique[J].OrdnanceIndustryAutomationꎬ2018ꎬ37(1):76 ̄78.[2]㊀陈建元.新型聚黑炸药制备技术的研究[D].北京:北京理工大学ꎬ2016.CHENJY.StudyontechnologyofpreparingRDXmould ̄makingpowder[D].Beijing:BeijingInstituteofTechnologyꎬ2016.[3]㊀侯会生ꎬ王卫星ꎬ刘波ꎬ等.延期药造型粉制备工艺研究[C]//第二届全国危险物质与安全应急技术研讨会论文集.成都ꎬ2013.[4]㊀雷英春ꎬ王晶禹.TATB/HMX基PBX的水悬浮包覆工艺研究[J].火炸药学报ꎬ2015ꎬ38(4):59 ̄62.LEIYCꎬWANGJY.StudyonslurrycoatingtechniqueforpreparationofTATB/HMXbasedPBX[J].ChineseJournalofExplosives&Propellantsꎬ2015ꎬ38(4):59 ̄62.[5]㊀张树海ꎬ张景林.PBX传爆药制造中的界面化学问题[J].火工品ꎬ2001(2):21 ̄23.ZHANGSHꎬZHANGJL.InterfaceproblemsinPBXboosterexplosivespreparation[J].Initiators&Pyrotech ̄nicsꎬ2001(2):21 ̄23.[6]FERNÁNDEZ ̄TOLEDANOJ ̄CꎬBLAKETDꎬLIMATLꎬetal.Amolecular ̄dynamicsstudyofslidingliquidnano ̄drops:dynamiccontactanglesandthepearlingtransition[J].JournalofColloidandInterfaceScienceꎬ2019ꎬ548:66 ̄76.[7]㊀FERNÁNDEZ ̄TOLEDANOJ ̄CꎬBLAKETDꎬCONINCKJD.MovingcontactlinesandLangevinformalism[J].JournalofColloidandInterfaceScienceꎬ2020ꎬ562:287 ̄292.[8]㊀FERNÁNDEZ ̄TOLEDANOJ ̄CꎬBLAKETDꎬCONINCKJD.Takingacloserlook:amolecular ̄dynamicsinvesti ̄gationofmicroscopicandapparentdynamiccontactangles[J].JournalofColloidandInterfaceScienceꎬ2021ꎬ587:311 ̄323.[9]㊀FERNÁNDEZ ̄TOLEDANOJ ̄CꎬBLAKETDꎬCONINCKJD.Contact ̄linefluctuationsanddynamicwetting[J].JournalofColloidandInterfaceScienceꎬ2019ꎬ540:322 ̄329.[10]㊀SEMALSꎬBLAKETDꎬGESKINVꎬetal.Influenceofsurfaceroughnessonwettingdynamics[J].Langmuirꎬ1999ꎬ15(25):8765 ̄8770.[11]㊀BORMASHENKOE.Wettingofflatandroughcurvedsurfaces[J].TheJournalofPhysicalChemistryCꎬ2009ꎬ113(40):17275 ̄17277.[12]㊀BLAKETD.Thephysicsofmovingwettinglines[J].JournalofColloidandInterfaceScienceꎬ2006ꎬ299(1):1 ̄13.[13]㊀ISRAELACHVILIJNꎬTABORD.ThecalculationofvanderWaalsdispersionforcesbetweenmacroscopicbodies[J].ProceedingsoftheRoyalSocietyofLondonAꎬ1972ꎬ331(1584):39 ̄55.[14]㊀ISRAELACHVILIJN.Intermolecularandsurfaceforces[M].AcademicPressꎬ1982.[15]㊀CHAUDHURYMKꎬWHITESIDESGM.Directmea ̄surementofinterfacialinteractionsbetweensemispheri ̄callensesandflatsheetsofpoly(dimethylsiloxane)andtheirchemicalderivatives[J].Langmuirꎬ1991ꎬ7(5):1013 ̄1025.512023年12月㊀㊀㊀㊀㊀㊀炸药与黏结剂溶液的黏附功对PBX水悬浮制备工艺的影响㊀赵㊀凯ꎬ等㊀㊀㊀㊀㊀㊀。

电源SPD后备保护装置失效模式分析

电源SPD后备保护装置失效模式分析

图4电源SPD 后备保护装置失效模式分析Power SPD overcurrent protection device Failure analysis厦门大恒科技有限公司摘要:SPD 火灾事故与雷电防护失效是SPD 应用中的一个短板和难题,本文从理论与实验两方面分析了SPD 后备保护装置熔断器、断路器的失效模式,并介绍了一种新的能够最大限度确保SPD 安全的专用后备保护器。

关键词:SPD 、熔断器、断路器、边界条件、失效模式 1、概述:国内外用于SPD 后备过流保护使用的是熔断器或断路器,这两种器件为了保证雷电冲击电流到来时不开断取值往往较大。

当SPD 出现劣化或者电源出现异常导致流入工频电流(俗称续流),熔断器或断路器不能迅速切断电路致使SPD 起火燃烧(由于SPD 的导通电阻随着工频异常电压不同而变,工频续流是个不确定值)。

当两种保护装置速断值选择偏小时,雷电冲击电流又会造成速断致使防雷保护失效。

SPD 引发的火灾事故和防雷失效事故现场分析及实验室验结果表明:火灾事故基本是由SPD 工频续流引发(持续的电源能量使SPD 迅速燃烧),防雷失效事故大多数是防雷器脱离了保护线路造成的。

图1是一个SPD 起火烧毁机柜的现场图片。

SPD 失效或工频电源出现暂态过电压引起的SPD 起火是小概率事件,导致目前许多SPD 工程应用不安装后备过流保护装置。

这种观点认为在一次电源异常事故中,SPD 起火是几乎不可能发生的。

关于这一点我们要有以下两个方面的认识:一是这里的“几乎不可能发生”是针对“一次电源异常事故”来说的,因为电源异常事故是个不确定的事件,那就有可能发生;二是当我们运用“小概率事件几乎不可能发生的原理”进行推断时,我们也有5%犯错误的可能。

众多的SPD 火灾事故应该能说明这一点。

2、SPD 起火的边界条件 2.1、MOV氧化锌压敏电阻(MOV )是一种以氧化锌为主体、添加多种金属氧化物的多晶体半导体陶瓷元件(图2)。

避雷器运行维护及缺陷分析

避雷器运行维护及缺陷分析

避雷器运行维护及缺陷分析发布时间:2022-07-13T01:35:11.524Z 来源:《中国电业与能源》2022年第5期作者:李宁[导读] 氧化锌避雷器是变电站内保护变压器、母线及线路的重要设备,具有非常好的非线性伏安特性李宁广东电网有限责任公司韶关供电局广东省韶关市 512026摘要:氧化锌避雷器是变电站内保护变压器、母线及线路的重要设备,具有非常好的非线性伏安特性。

但是ZnO阀片将长期直接承受工频电压作用而产生劣化,引起避雷器伏安特性的变化和泄漏电流的增加。

在多次释放雷电能量时会造成MOA劣化和老化,如果不及时处理会引起避雷器爆炸。

本文介绍氧化锌避雷器在线监测技术的原理,通过该技术的应用实例,验证其能够及时发现氧化锌避雷器的缺陷,并提出该技术的推广应用的建议。

关键词:氧化锌避雷器;在线监测;阻性电流;ZnO阀片1概述避雷器对于维护供电系统的稳定和良好运行有着重要的作用。

其作用在于抵抗冲击波和防止过电压对设备造成伤害。

首先,在雷雨天气中,雷电会直接攻击到供电系统中的输电线路,在雷电的攻击下会产生冲击波,冲击波会随着输电线路进入到供电系统的其他设施部分,从而对变电站的设备造成影响。

设备的损害有造成多个路线停电的可能,不仅造成了供电不足,还会用用电企业的经济效益造成严重影响。

其次,过电压也是会影响变电站正常工作的一个危险因素。

在安装避雷器后,可以有效减少雷电和过电压对供电系统造成的危害。

当然,维护变电站内设施的稳定性和安全性不仅要考虑到自然因素对变电站的影响,同样考虑到其他在日常供电和工作人员作业的情况下对变电站设施造成的影响。

本文通过研究某在线监测的情况下发现某变电站使用的避雷器存在问题,在停电实验中采取了解体检查及红外测温等检修方法对该避雷器进行了检查和分析,从而发现了避雷器的故障和缺陷。

该分析过程对于实际了解并检修避雷器具有现实意义,希望能给同行借鉴。

2故障案例某投入运营的变电站所使用的220kV复合型氧化锌避雷器的内部结构为:接线端子、硅橡胶伞群、绝缘筒、氧化锌阀片、接地端子和底座构成(具体结构可见图1)。

SDH告警性能产生原理资料

SDH告警性能产生原理资料

SDH告警、性能产生原理资料OptiX 155/622/2500/2500+ SDH光传输系统维护手册节第二部分告警文档密级:内部公开目录第一章告警、性能产生原理 ........................................................................... . (2)1.1 综述 ........................................................................... ..........................................................2 1.2 高阶部分信号流中告警、性能的产生和检测 (2)1.2.1 下行信号流............................................................................ .....................................3 1.2.2 上行信号流程 ........................................................................... ..................................6 1.3 低阶部分业务信号流及告警、性能信号的产生 .. (7)1.3.1 下行信号流程 ........................................................................... ..................................8 1.3.2 上行信号流程(从PDH电接口至交叉板) ............................................................ 10 1.3.334M/140M电接口告警信号和2M电接口告警信号的区别 ...................................... 10 1.4 告警信号间的抑制关系 ........................................................................... .......................... 11 1.5 根据信号流定位故障的应用 ........................................................................... . (12)1.5.1 误码问题 ........................................................................... ...................................... 12 1.5.2 告警问题 ................................................................................................................. 14 1.5.3 小结 ........................................................................... (15)iOptiX 155/622/2500/2500+ SDH光传输系统维护手册节第二部分告警文档密级:内部公开第一章告警、性能产生原理1.1 综述在SDH的帧结构中有着丰富的开销字节,包括再生段开销、复用段开销、通道开销。

中国电信广东公司IP_PBX设备测试规范-384口插板式设备分册0603解读

中国电信广东公司IP_PBX设备测试规范-384口插板式设备分册0603解读

中国电信广东公司IPPBX设备测试规范(384口插板式设备分册)中国电信股份有限公司广东分公司2015 年 6月前言本测试规范依据国内标准和中国电信其他企业标准,基于中国电信广东公司IMS网络情况和实际需求而拟定,作为中国电信广东公司IP PBX设备选型和测试工作中的技术依据。

本规范用于对IMS网络中的IP PBX设备进行测试,主要包括以下几方面内容:网络接入能力、设备管理、注册功能、音视频通信、传真功能测试、性能测试等。

本规范的测试结果应给出测试结论,如有必要应在备注处对具体测试的情况作出说明。

测试结果包括以下几种:OK:此项目通过,包括“本次测试通过”和“引用以往测试结果”两种情况,“本次测试通过”是指该项目在本次测试期间进行了测试,测试结果符合测试要求及预期;“引用以往测试结果”指局方与厂家共同认可该项目不在本次测试中测试,其测试结果直接引用此前同类测试的结论,这种情况下,项目未测试的原因及测试结果引用的来源需在备注中说明;POK:此项目部分通过。

不合格原因见备注;NOK:此项目不通过。

包括“测试不通过”与“功能不支持”两种情况。

“测试未通过”指测试结果未能满足本规范或局方提出的测试要求或结果未达预期;“功能不支持”指厂家明确不支持而未进行测试。

NE:此项目无测试环境,指由于不具备测试环境未安排在本次测试中进行的测试,且在以前的同类测试中也未进行测试的项目。

无测试环境的具体原因需在备注中说明,且厂家需提供支持相关功能的文字承诺。

本规范由中国电信广东公司提出并归口。

本规范起草单位:中国电信股份有限公司广州研究院本规范于2014 年11月首次发布,2015年6月修订目录前言 (I)1.适用范围 (1)2.引用标准 (1)3.缩略语 (1)4.测试环境 (2)5.测试项目列表 (2)6.测试用例 (6)6.1.关键技术项 (6)6.2.设备外观 (7)6.3.IP地址配置 (9)6.4.设备管理功能(T R069接口) (10)6.5.用户注册 (11)6.6.语音业务 (14)6.7.视频通信 (17)6.8.补充业务 (18)6.9.音视频会议 (24)6.10.传真业务 (25)6.11.自动总机 (26)6.12.话务台 (27)6.13.计费功能 (36)6.14.呼叫中心 (38)6.15.酒店管理系统接口 (38)6.16.维护管理功能 (39)6.17.安全要求 (44)6.18.性能测试 (45)1.适用范围本测试规范对384口插板式IP PBX设备的业务功能、接口规范、性能进行了规范说明,包括测试环境、测试方法、测试项目等。

一起氧化锌避雷器缺陷判断及解体分析

一起氧化锌避雷器缺陷判断及解体分析

一起氧化锌避雷器缺陷判断及解体分析发表时间:2019-04-30T14:11:35.263Z 来源:《河南电力》2018年20期作者:李靖王植魏东亮[导读] 本文对一起金属氧化避雷器带电测试过程中发现的缺陷进行了深入的分析,结合避雷器停电试验数据及厂内解体分析的情况,寻找避雷器缺陷原因并提出了相应的解决办法和一些建议,为变电站避雷器在电力系统中安全、稳定运行提供运维参考。

李靖王植魏东亮(广东电网有限责任公司东莞供电局广东东莞 523000)摘要:本文对一起金属氧化避雷器带电测试过程中发现的缺陷进行了深入的分析,结合避雷器停电试验数据及厂内解体分析的情况,寻找避雷器缺陷原因并提出了相应的解决办法和一些建议,为变电站避雷器在电力系统中安全、稳定运行提供运维参考。

关键词:金属氧化锌避雷器;带电测试;解体分析引言避雷器的主要作用是用来保护电力系统中各种电气设备免受雷电过电压、操作过电压、工频暂态过电压冲击而损坏的一种设备。

目前,变电站所使用的避雷器主要为金属氧化锌避雷器(MOA),其运行可靠性将影响着电网的安全稳定,因此有必要加强对站内避雷器运维,避雷器带电测试[1-2]便是其中一种有效运维手段。

1 缺陷背景2018年1月,在某220kV变电站开展全站避雷器带电测试工作时发现,该站110kV 12PT C相避雷器阻性电流异常,阻性电流对比初始值增长75%,有明显增幅。

查看历史带电测试,该C相避雷器自2015年开始阻性电流有逐年增长的趋势,其全电流变化不明显。

鉴于该避雷器存在裂化的可能性,申请对该避雷器开展停电检查试验,停电试验发现C相避雷器0.75U1mA下泄漏电流为95uA,超过预防性试验规程要求上限值50uA,试验数据不合格,该情况与其避雷器带电测试结果相吻合,判定避雷器存在内部缺陷,后续对该缺陷避雷器作更换处理。

3.3 解体检查对避雷器进行解体检查[4]。

首先,检查避雷器外观,观察绝缘表面情况和连接处密封情况,外观检查密封良好,亦无明显放电灼烧痕迹。

  1. 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
  2. 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
  3. 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。

S PECIAL P UBLICATION 800-24This document is a contribution of the National Institute of Standards and Technology, United States Department of Commerce, and is not subject to U.S. copyright.FOREWORD (VI)INTRODUCTION (1)Background (2)Evaluation Approach (3)SYSTEM ARCHITECTURE (5)Separation of Switching and Administrative Functions (5)Switching Algorithm (6)Function Allocation (7)HARDWARE (9)Susceptibility to Tapping (9)Analog Voice with or without Separate Control Signals (9)Analog Voice with Inclusive Control Signals (10)Digital Voice with Inclusive Control Signals (10)Echo Cancellation (11)Analysis of Signaling Methods (11)Instrument Modification Risks (12)Conferencing (Hardware) (13)Countermeasures (13)MAINTENANCE (14)Remote Access (14)Maintenance Feature Vulnerabilities (15)Line Testing Capabilities (15)Undocumented Maintenance Features (15)Special Manufacturer’s Features (16)Manufacturer’s Development & Test Features (17)Countermeasures (18)ADMINISTRATIVE DATABASES (19)Software Loading and Update Tampering (19)Tamper and Error Detection (19)Countermeasures (20)Crash-Restart Attacks (20)Live Microphone Vulnerabilities (20)Embedded Login IDs and Passwords (21)Countermeasures (21)Passwords (21)Password Types (22)Password Login Timeouts (23)Multi-Level Password Access (24)Countermeasures (24)Physical Security (24)Countermeasures (25)Remote Access (26)Remote Access via an Attendant Console (26)Remote Access via a Terminal (26)iiiCountermeasures (27)Alarms and Audit Trails (27)USER FEATURES (29)Attendant Console (29)Attendant Override (29)Attendant Forwarding (30)Attendant Conferencing (31)Automatic Call Distribution (ACD) (32)Call Forwarding (33)Account Codes/Authorization Codes (34)Access Codes (35)Silent Monitoring (36)Conferencing (37)Override (Intrude) (38)Auto Answer (39)Tenanting (40)Voice Mail (41)Unauthorized Access to Stored Messages (41)Denial of Service (42)Lengthy Messages (42)Embedding Codes in Messages (43)Access to Outgoing Lines (44)Privacy Release (44)Non-Busy Extensions (45)Diagnostics (46)Camp-On (46)Dedicated Connections (47)Feature Interaction Attacks (48)Call Forwarding/Return Call (48)Conference/Call Park (49)Return Call/Camp-On/Caller-ID Blocking (50)Countermeasures (50)COMPUTER TELEPHONY (52)SELECTED BIBLIOGRAPHY (52)APPENDIX A ABBREVIATIONS/ ACRONYMS (54)APPENDIX B EXAMPLE SECURITY POLICY (55)APPENDIX C BASELINE SECURITY CONTROLS (57)Manual Assurance of Database Integrity (57)Physical Security (57)Operations Security (58)Management Initiated Controls (58)PBX System Control (59)PBX System Terminal Access Control (59)ForewordThis publication is issued by the National Institute of Standards and Technology as part of its program to promulgate security standards for information systems as well as standards for test procedures for assessing the level of conformance to these standards. This document is intended for use primarily by system administrators of PBX systems, but may also be useful for security evaluators. Where possible, countermeasures are described that can be applied by system administrators. In some cases vulnerabilities may be discovered that require software patches from the manufacturer.Comments on this document should be directed to:Richard KuhnNIST/Computer Security DivisionGaithersburg, MD 20899-8930vINTRODUCTIONThe Private Branch Exchange (PBX) is an essential element that supports the critical infrastructure of both government agencies and U.S. industry. A PBX is a sophisticated computer-based switch that can be thought of as essentially a small, in-house phone company for the organization that operates it. Protection of the PBX is thus a high priority. Failure to secure a PBX can result in exposing the organization to toll fraud, theft of proprietary or confidential information, and loss of revenue or legal entanglements. This report presents a generic methodology for conducting an analysis of a Private Branch Exchange (PBX) in order to identify security vulnerabilities. The report focuses on digital-based PBXs and addresses the following areas for study:•System Architecture•Hardware•Maintenance•Administrative Database/Software•User FeaturesThis report is not intended to provide a step-by-step process, but rather a guideline for what specific areas should be studied for the existence of possible vulnerabilities. This process must be customized for each specific PBX, depending upon the actual switch features as well as the perceived threat. We do not identify known vulnerabilities in particular switches because doing so may encourage attacks by unsophisticated hackers or “script kiddies.” However, this report does provide information on vulnerabilities that are not well known to many system administrators, as well as procedures for penetration testing, i.e., determining the existence of these vulnerabilities and if they can be exploited. Sophisticated hackers and foreign intelligence organizations should be assumed to know of these vulnerabilities already. System administrators need to be able to find them before an attacker does. Note that some of the analysis methods described here may require instruments or expertise not available in all organizations. Individual judgment will be required to determine if the organization’s risk is sufficient to warrant obtaining additional assistance.A second reason for conducting penetration tests is to determine what countermeasures should receive priority. Not all of the vulnerabilities described in this report will appear on every PBX system. Depending on the system architecture and the set of active user features, the risk of some security weaknesses being exploited will be considerably less than for others. Given a limited budget for security, protecting against the higher riskP vulnerabilities will require giving less attention to others. To establish whether the potential exists for a particular attack on a PBX, testing will normally be needed. The methods described in this report are designed to assist administrators in conducting this type of testing. Computer based telephony systems and new techniques such as voice over IP (VOIP) present an entirely new collection of vulnerabilities and are not addressed in this report. However, some of the evaluation methods described here may be applied to these systems as well.B ACKGROUNDDigital PBXs are widespread throughout government and industry, having replaced their analog predecessors. The advent of software-based PBXs has provided a wealth of communications capabilities within these switches. Today, even the most basic PBX systems have a wide range of capabilities that were previously available only in large-scale switches. These new features have opened up many new opportunities for an adversary to attempt to exploit the PBX, particularly by using the features as designed for a purpose that was never intended. The threats to PBX telephone systems are many, depending on the goals of attackers. Threats include:•Theft of service – i.e., toll fraud, probably the most common of motives for attackers.•Disclosure of information - data disclosed without authorization, either by deliberate action or by accident. Examples include both eavesdropping on conversationsor unauthorized access to routing and address data.•Data modification - data altered in some meaningful way by reordering, deleting or modifying it. For example, an intruder may change billing information, ormodify system tables to gain additional services.•Unauthorized access - actions that permit an unauthorized user to gain access to system resources or privileges.•Denial of service - actions that prevent the system from functioning in accordance with its intended purpose. A piece of equipment or entity may be renderedinoperable or forced to operate in a degraded state; operations that depend ontimeliness may be delayed.•Traffic analysis - a form of passive attack in which an intruder observes information about calls (although not necessarily the contents of the messages)and makes inferences, e.g. from the source and destination numbers, orfrequency and length of the messages. For example, an intruder observes a highvolume of calls between a company’s legal department and the Patent Office,and concludes that a patent is being filed.PBXs are sophisticated computer systems, and many of the threats and vulnerabilities associated with operating systems are shared by PBXs. But there are two important ways in which PBX security is different from conventional operating system security:•External access/control. Like larger telephone switches, PBXs typically requireremote maintenance by the vendor. Instead of relying on local administrators tomake operating system updates and patches, organizations normally haveupdates installed remotely by the switch manufacturer. This of course requiresremote maintenance ports and access to the switch by a potentially large pool ofoutside parties.•Feature richness. The wide variety of features available on PBXs, particularly administrative features and conference functions, provide the possibility ofunexpected attacks. A feature may be used by an attacker in a manner that wasnot intended by its designers. Features may also interact in unpredictable ways,leading to system compromise even if each component of the system conformsto its security requirements and the system is operated and administratedcorrectly.Although most features are common from PBX to PBX, the implementation of these features may vary. For example, many PBX vendors have proprietary designs for the digital signaling protocol between the PBX and the user instruments. This is the reason digital instruments usually cannot be interchanged between PBXs of different manufacturers. The methodology outlined in this report will assist in the investigation of PBX features that are known to be susceptible to adversarial attack. However, the degree of vulnerability, if any, will depend on how each feature is implemented.E VALUATION A PPROACHThis report provides suggestions for areas of investigation. In practice, the evaluator may discover many other avenues of investigation. For some aspects of the PBX, specific steps are suggested to attempt to investigate a vulnerability (especially User Features). For others, the approach is necessarily architecture-dependent and must be discussed more generally.P The type of skills and number of evaluators required, as well as the length of time required to perform the evaluation cannot be fixed since these depend on the size and complexity of the PBX under study. The type of perceived threat and the seriousness of any discovered vulnerabilities must be decided by the evaluating organization. Consequently, any corrective actions must also be decided upon based on the cost of the loss compared with the cost of the corrective action. It is recommended that at least two individuals perform the evaluation in order to share observations and gain the advantage of multiple insights.SYSTEM ARCHITECTUREThis section addresses the ways in which an adversary may be able to exploit vulnerabilities that are inherent in the system architecture.S EPARATION OF S WITCHING AND A DMINISTRATIVE F UNCTIONSAll modern PBXs have central computer processors that are controlled from a software-driven stored program (see Figure 1). In addition, most PBXs have microprocessors dispersed throughout the switch that provide real-time signaling and supervision control as instructed from the central processor. One or more terminals and their associated port(s) provide computer operating system, database management, and maintenance access to the PBX processor. Access to these functions gives the administrator or maintenance personnel total control of the PBX. Depending on the size of the PBX, these functions may be separate or combined.Administrative Terminals. The switch should be examined to determine whether the administrative functions are performed on terminals that are connected to the PBX via the same type of ports that switch the voice and data traffic, or if the terminals are connected via dedicated ports. If they are connected via the same type of voice and data ports, these terminals could be surreptitiously switched to an unauthorized user. This may or may not require a modem. If the ports are dedicated for use by these terminals, this vulnerability is reduced. However, it may be possible for an adversary to gain access through the use of a modem coupled with an unauthorized connection to a switched port, enabling the adversary to dial in and make database modifications. Tests should be conducted to see if these functions can be rerouted to other physical terminals through configuration options or other changes to the administrative database.In smaller PBXs, these functions are often combined. For example, the attendant (operator) terminal may also be the database terminal, or the database terminal may also be the maintenance terminal. Attempts should be made to use these terminals to modify the database or gain access to unauthorized functions. For example, investigate whether the attendant or maintenance personnel can gain access and modify the database.Figure 1. PBX Block DiagramS WITCHING A LGORITHMSwitching is performed using time division multiplexing techniques where each voice (digitized) and data port is assigned a time slot. Under control of the call processing routines, incoming time slots are connected to outgoing time slots. If the number of incoming slots does not exceed the number of outgoing slots, there will be no contention for switching resources. This is commonly known as non-blocking switching.Dual Connections. To investigate for vulnerabilities, attempts should be made to route another incoming time slot to an outgoing time slot in addition to the intended time slot. This might be accomplished by a database entry or by a modification to the PBX control software. After accomplishing this, test calls should be made to verify the dual connection and to determine whether the calling or called party can detect the false connection. If the PBX under study has status or maintenance query features, attempts should be made to detect the modification.The documentation accompanying the PBX forms the basis for learning its structure and operation. The manufacturer may have additional documentation that will be useful during the course of the evaluation. It may be beneficial to have technical discussions with the manufacturer to fully understand how PBX functions are implemented. Since this information is usually proprietary, it may be necessary to negotiate a non-disclosure agreement between the evaluating organization and the manufacturer to protect this data.Also, the manufacturer may provide training as to the operation and maintenance of the PBX for customers that purchase their products.F UNCTION A LLOCATIONAlthough most PBX functions are software driven, the PBX under study should be examined to determine how specific features are implemented so that potential vulnerabilities can be explored. For example, conferencing can be implemented in hardware or software. Knowing the design implementation will aid in determining if an adversary may be able to exploit the function. Figure 2 shows a typical PBX functional architecture.Internal Switch SubscriberFigure 2. PBX Functional ArchitectureHARDWAREThis section addresses the ways in which an adversary could exploit vulnerabilities that are inherent in the system hardware to gain unwanted access to information passing through the switch.S USCEPTIBILITY TO T APPINGA PBX’s susceptibility to tapping depends on the methods used for communication between the PBX and its instruments. This communication may include voice, data, and signaling information. The signaling information is typically commands to the instrument (turn on indicators, microphones, speakers, etc.) and status from the instrument (hook status, keys pressed, etc.). Three general communications methods are discussed below. Analog Voice with or without Separate Control SignalsThis is the simplest of the three methods discussed here. Analog voice information is passed between the PBX and the instrument on either a single pair of wires or two pairs (one for transmit and one for receive). If there is any additional signaling communication (other than the hook switch) between the PBX and the instrument, it is done on wires that are separate from the voice pair(s).The voice information is transmitted essentially as it is picked up by a microphone. It is in a form that can be directly reproduced by a speaker. The voice line can be easily tapped by connecting a high impedance differential amplifier to the pair of voice wires. The amplified voice signal can then be heard directly with a speaker or headphones, or it can be recorded for later playback.If signaling data is transmitted on a separate set of wires, it is normally in proprietary formats. An adversary with physical access can gain useful information by hooking an oscilloscope up to each wire and observing the effects when the instrument is taken on and off hook, keys are pressed, etc. For example, in one common format the voltage present on each data wire reflects the on/off status of a control or indicator.Another possible format is one in which information is passed as bytes of digital data in a serial asynchronous bit stream similar to that of a PC’s or a terminal’s serial data port. Each data byte being transmitted would appear in a pattern similar to the following: Start Bit, Data Bits (5..8, frequently 8), optional Parity Bit, Stop Bits (1, 1.5, or 2). The Start Bit and Stop bits are of opposite polarity. The bit rate could be measured with an oscilloscope. A device such as a PC or terminal could then be configured to capture the serial data and perhaps store it for some later use.Analog Voice with Inclusive Control SignalsIn this scheme, analog voice and control signaling is passed between the PBX and the instrument on either a single pair of wires or two pairs (one pair for transmit and another for receive). This can be done if the signal path is of a high enough bandwidth to pass voice information (less than 4 KHz) plus additional data information. For example, voice information can be combined with data information modulated onto a carrier tone that is centered outside of the voice band.This type of line is vulnerable to tapping by connecting a high impedance differential amplifier to the pair and passing the signal through filters to separate the voice and data information. Data information could be recovered by demodulating the carrier tone. The methods outlined in the section above could then be used to determine the format of the data being transmitted.Digital Voice with Inclusive Control SignalsWith this method, voice and control signaling data are passed across the same pair of wires. There may be two pairs of wires, one for each direction, or both directions could be combined onto one pair of wires using echo cancellation as is done with ISDN. Conventional tapping techniques would not work against most types of digital lines. The format and type of digital signals that pass between the PBX and its instruments vary widely between switch types.If separate pairs are used for transmit and receive, each pair could be tapped to provide access to the transmit and receive digital bit streams by first determining in what digital format the data is being transmitted. Then a digital to analog converter could be used to convert the digital data back into analog voice that can be listened to or recorded. A great deal of information useful to an attacker could be gained by disassembling the telephone models of interest and determining what types of parts are used for CODECs, UARTs, A/Ds, D/As, etc. Published information on these parts can generally be obtained from the manufacturers.Echo CancellationIf both transmit and receive are combined on one pair using echo cancellation, the previously described methods would not be useful for tapping. This is because each transmit end of the link can only determine what is being received by subtracting out what it is transmitting from the total signal. An outside observer tapping the line somewhere between the two ends would only have access to the total signal and would therefore find it very difficult to reproduce either end. An attack would depend on a known initial condition on both ends (such as silence) in order to be able to subtract the correct information from the total signal. The technical difficulty of this attack probably makes systems using echo cancellation most resistant to attack among those described here. Protecting against this attack requires ensuring that lines are not physically compromised.Analysis of Signaling MethodsIt may be possible to discover information about the method of communication between the PBX and its instruments by disassembling and examining them. Most digital instruments are designed around a microcontroller that handles the PBX communication, controls the displays, and responds to key presses and hook status changes. There may be a PROM device in the instrument, or the microcontroller may have built-in PROM that stores the microcontroller’s software. With access to the PROM and/or microcontroller, the software could be disassembled, providing information about the PBX communication. If the software is stored directly in the microcontroller, it may not be accessible since some microcontrollers have a security feature that can make it difficult if not impossible to read its contents once it is programmed. An approach to investigating these vulnerabilities is the following:•Disassemble an instrument.•Note the integrated circuits (ICs) that are used and look up unfamiliar ICs in the corresponding vendors’ data books. This provides knowledge as to the signalingprotocols.•Determine if the instrument contains a PROM device. If so, a detailed investigation would require attempting to remove and read the device with aPROM programmer.•Locate the microcontroller and determine its part number. Look it up in the microcontroller manufacturer’s data books. Determine if it has a securityfeature and if so, how it works. A detailed investigation would requireattempting to read the microcontroller’s contents with a PROM programmer ora test circuit and a PC or workstation.•If the PROM or microcontroller code is readable, it may be desirable to try to disassemble the code to learn how the instrument communicates with the PBX.Some reverse engineering may be required.I NSTRUMENT M ODIFICATION R ISKS•Methods to prevent eavesdropping on an on-hook analog telephone by using telephone instruments that are known to resist such attacks have beendocumented in the Telephone Security Group (TSG) standards [TSG].However, digital instruments offer a similar vulnerability. An adversaryinterested in eavesdropping on a particular user instrument has three goals:•Create a condition so that the voice information will be transmitted to the PBX while giving the appearance that the instrument is on-hook.•Modify the instrument to keep the microphone live while in an on-hook condition.•Ensure that this condition is transparent to the user and the PBX.The circuitry of the digital instrument under study must be analyzed to determine the conditions that must exist to allow the digitized voice information to continue to transmit to the PBX. This may include having the handset off-hook electrically. Also, since the instrument would normally include a CODEC to convert the analog voice to digital data, this function must be enabled. In order to create the necessary conditions, it may be necessary to cut traces on the circuit board and/or insert jumpers to bypass certain safeguards within the instrument itself. One could also modify the on-board PROM containing the program that controls the instruments to create this condition. The key condition is that the instrument still appear to be on-hook to the user and the PBX so that normal calls can be made and received.Once the conditions are created, make calls to and from the modified instrument to assure normal operation. Also, if diagnostic tests are available, test the line in question to be sure that no abnormal conditions are detected.Having successfully modified an instrument now creates the opportunity for an adversary to exploit. As mentioned earlier, the line cannot simply be “tapped” to gain access to the voice data. An active device may be required to “tap” the line between the instrument and the PBX and convert the bit stream to analog form. Also, this condition may be exploited in conjunction with one or more feature vulnerabilities to allow undetected access to the telephone line of interest.C ONFERENCING (H ARDWARE)When implemented in hardware, the conferencing feature may employ a circuit card known as a conference bridge or a signal processor chip. This allows multiple lines to be “bridged”to create a conference where all parties can both speak and listen. Some PBXs have a feature where all parties can hear, but only certain parties can speak. This is a type of broadcast conference. An adversary would desire a connection to the bridge where the conference could be overheard. A hardware modification to the bridge itself may make it possible to cause the “output” of the bridge to be available to a specific port. As in instrument modifications, some additional steps must be taken to receive this information. This may include modifying the database to have the adversary be a permanent member of the bridge so that any conference on that bridge could be overheard.C OUNTERMEASURES•Physical security to prevent unauthorized access to telephone closets and PBX facilities is important. Whenever possible, the PBX should be kept in a locked room with restricted access.•Critical hardware components may be locked with anti-tamper devices.•Periodic integrity checks should be made to ensure that components have note been tampered with.MAINTENANCEMaintenance procedures are among the most commonly exploited functions in networked systems, and the problem is even more acute with PBXs because PBX maintenance frequently requires the involvement of outside personnel. This section addresses the ways in which an adversary could exploit vulnerabilities in maintenance features to gain unwanted access to the switch.R EMOTE A CCESSRemote access is frequently an unavoidable necessity, but it can represent a serious vulnerability. The maintenance features may be accessible via a remote terminal with a modem, an Attendant Console or other instrument, or even over an outside dial-in line. This allows for systems to be located over a large area (perhaps around the world) and have one central location from which maintenance can be performed. Often it is necessary for the switch manufacturer to have remote access to the switch to install software upgrades or to restart a switch that has experienced a service degradation.Dial-back modem vulnerabilities.Unattended remote access to a switch clearly represents a vulnerability. Many organizations have employed dial-back modems to control access to remote maintenance facilities. This access control method works by identifying the incoming call, disconnecting the circuit, and dialing the identified person or computer at a predetermined telephone number. Although helpful, this form of access control is weak because methods of defeating it are well known. For example, if the local telephone company central office uses originator control for phone lines, the attacker can stay on the line, send a dial tone when the modem attempts to disconnect, then wait for the modem to dial out again on the same line. A more sophisticated means of defeating dial-back modems has also been used in attacks reported in the open literature. In this method, the local phone company switch is penetrated and its databases modified to forward the returned calls directly to the attacker’s computer. Social engineering attacks.Even if the organization requires some action by local operators to provide access to the remote maintenance connection, serious vulnerabilities may still exist. For example, modems on lines used by remote maintenance may be kept off, and only turned on when a。

相关文档
最新文档