RIM Remote System
                      - Written by Fractal Insanity -

   This is a preliminary introduction to RIM, a system discovered during
   a recent trashing run by the perth Neurocactus team. If anyone has any
   information about RIM, NC would appreciate the help working this
   system out.

   RIM appears to be a remotely placeable semi exchange which can offer
   all the features of the parent (AXE or Sys12). The official Acronym
   has not yet been discovered but I beleive it to be Remote Internal
   Multiplexor. The obvious use of the RIM is to provide telephone
   services remotely without the need for a full exchange ie AXE or
   SYS12.

   The RIM unit establishes a connection to the parent exchange in one of
   three ways.

   1.1: Non-Integrated Mode
       -- Interface to parenting switch (AXE/S12) at VF
       -- Supports all services currently supported by parenting switch

   1.2: Integrated Mode
       -- Interfaces to parenting switch directly at 2Mbit/s
       -- Supports a number of services provided they are available at
          the switch.

   1.3: Mixed Mode
       -- Interface to parenting switch at VF and 2Mbit/s
       -- Supports all services as per 1.1 and 1.2

   The features available at the RIM as a subset of the parent switch are
   related to the protocol of transmission used. The best protocol and no
   doubt the most secure is due for use in Dec 1996 which will allow all
   services including easycall to be available at the RIM end.

   Here is a field diagram of the COMNET in which the RIM will be
   connected to access the remote parenting switch.

   Comnet Workstation ---X28--.     SULTAN    .- Mediation Device - RIMS
                               \      |      /      |
                                 \    |    X25      `-Modem >< Modem - RIMS
                                   \  |  /
   Comnet Workstation --LAN--X25---DCN/DDN---------.
                                  /   |       \      \
                               X25   X28 Backup \      \
                              /       |         X25  X28 Backup
                            /         |            \      \
   Comnet Database ----- Network Management Group   ` After Hours Centre


   The reason for COMNET is to be able to access the RIMS units from
   anywhere on the Digital Communications Network (Austpac) via DDN. As
   you can see, the RIM units can be either directly connected to the
   network through a mediation device (protocol translater) or by dial up
   modem. This leaves open the oppertunity for someone with protocol
   emulation, to dial into the mediation device and emulating a RIM. The
   power gained here would be the same as having 'root' on a local
   exchange... Naturally if you can get yourself onto COMNET from either
   a workstation on the net or getting in from remote through austpac,
   you can attempt to hack the RIM unit and of course any of the other
   things on the COMNET network.

   Now is the perfect time to start attacking such a system as it is
   still in testing and i have inches thick of pages of bugs and problems
   in the system that might be exploited and the system doesnt appear to
   be anywhere near fully operational untill Dec 1996.

   The only information gathered so far into the operating system
   vulribilities are the account groups which will be on the system.

   NMG,NSS,EMG,COC INSTALLER and MONITOR.

   The default UserID on the system is STARTUP and is in the INSTALLER
   group.

   Although it may be in vein to attack such a default account, you never
   know it may still be there as the system is still being installed B-)

   This is all the information im prepared to publish about the system
   which is apparently 'Telecom Confidential'. If you want any more
   information please contact Neurocactus directly.