91 lines
5.9 KiB
Plaintext
91 lines
5.9 KiB
Plaintext
==Phrack Inc.==
|
|
Volume Three, Issue Thirty-one, Phile #4 of 10
|
|
/ Everything you always wanted to know.. \
|
|
/ about Telenet Security, But were to stupid to find out. \
|
|
By Phreak_Accident
|
|
Ever since the early 80's GTE Telenet has been expanding their public
|
|
packet switching system to hold enormous amounts of users. Currently GTE
|
|
SprintNet (Yes, Telenet is out, SprintNet is in.) has over 300 nodes in the
|
|
United States and over 70 other nodes abroad. SprintNet provides private
|
|
X.25 networks for larger companies that may have the need. These private
|
|
networks are all based on SprintNet's 3270 Dedicated Access Facility which
|
|
is currently operating for public use, Hence for the major security Sprint-
|
|
Net has aquired.
|
|
SprintNet's security department is a common idea of what any large
|
|
public packet network should be. With their home office located in Virgina
|
|
(703), most Hacker's who run into trouble with them would wind up talking
|
|
to Steve Mathews (Not the head of security but a prime force against the
|
|
major attacks Sprintnet recieves from Hackers anually.), who is a very
|
|
intelligable security analysist that deals with this type of problem daily.
|
|
Because of Steve's awarness on Hackers invading "His" system (As most
|
|
security personnel refer to the system's they work for as their own.), He
|
|
often does log into Bulletin Boards accross the country looking for Sprint-
|
|
Net related contraband. At the time of this article, Steve is running an
|
|
investigation on "Dr. Dissector's" NUAA program. (NUA attacker is a Sprint-
|
|
Net NUA scanner.) Besides this investigation, he currently stays in contact
|
|
with many Hackers in the United States and Abroad. It seems Steve recieves
|
|
many calls a month from selected Hackers that have interests in the Security
|
|
of SprintNet. Wow. Who the Hell would want to call this guy. From many
|
|
observations of Steve Mathews, I find him to in deed be the type to feel a
|
|
bit scared of Hackers. Of course, his fright is really quite common amoung
|
|
security personnel since most fear for their systems as well as themselves.
|
|
(Past experiences have showed them not to take Hackers lightly, Hence they
|
|
have more contacts then 60 rolodex's put together.)
|
|
For now, let's forget Steve Mathews. He's not important an important
|
|
influence in this article. Trying to pin a one-person in a security depart-
|
|
ment that handles security is like finding a someone on a pirate board that
|
|
doesn't use the word "C0DE" in their daily vocabulary.
|
|
Telenet's main form of security lies in their security software called
|
|
TAMS (Telenet Access Manager System). The TAMS computers are located in Res-
|
|
tin, Virginia but are accessable throughout the network. Mostly, the main
|
|
functions of TAMS are to:
|
|
* Check to see if the NUI/Password entered is a valid one.
|
|
* Check to see if the Host has list of NUI's that can access
|
|
that host. If another NUI is used, a Rejection occurs.
|
|
* Processes SprintNet's CDR (Call Detail Recording), which
|
|
includes Source and Destination, Time of call, Volumes
|
|
of data recieved, and the Total time of the call.
|
|
* Can be used by host to add an optional "ALPHA" NUA for "easy"
|
|
access.
|
|
* Can secure Hosts further by adding an NUA security password.
|
|
* Restricts calls without an NUI for billing (I.E. No collect
|
|
calls to be processed).
|
|
* Accepts all calls to host as a prepaid call (I.E. Accepts all
|
|
calls).
|
|
TAMS is really for the handling of NUI and corresponding NUA's, therefore
|
|
being a security concept. TAMS holds all the data of NUI's and restricting NUAS
|
|
for the ENTIRE network. If one could gain the access to TAMS, one could have
|
|
the entire network at his/her disposal. This of course if highly impossible
|
|
to SprintNet's security department, but not for a couple of hackers I have ran
|
|
into. Yes, TAMS is quite interesting.
|
|
In other aspects of SprintNet security, lets focus on the actual X.25
|
|
software that they use. Anybody who tells you that Telenet can monitor the
|
|
sessions currently taking place on THEIR network is WRONG (And probably very
|
|
stupid as well). Monitoring is a basic feature of all X.25 networks, whether
|
|
it's a little PeeShooter network or not, they can and do monitor sessions.
|
|
Of course their are far to many calls being placed on SprintNet to be
|
|
monitored, but a scared host can always request a full CDR to be put on their
|
|
address to record all sessions comming in on that NUA. Such as the many re-
|
|
corded sessions of the ALTOS chat(s) in Germany that was a hot-spot for many
|
|
Hackers across the United States and Abroad. After the detection of ALTOS,
|
|
through the hundereds of illegally used NUIs, CDR's and direct host monitoring
|
|
were used on the ALTOS hosts. As far as prosecutions concern, I doubt their
|
|
were any.
|
|
Now, as far as other security software on SprintNet, they have a call
|
|
tracking service that is called AUTOTRAIL. Basically, AUTOTRAIL traces the
|
|
connections through the DNIC's and back to the orginating NUI and/or NODE loca-
|
|
tion that placed the call.
|
|
AUTOTRAIL has nothing to do with ANI. Not at all. In fact, the many
|
|
dialups that lead into SprintNet's PDM gateway do NOT have any type of ANI.
|
|
That is basically a telephony problem. ALthough I would think twice about
|
|
messing with a dialup that is run on a GTE carrier. That's up to you though.
|
|
Another aspect of security in which Telenet offers is an ASCII tape
|
|
that can be obtained by a host customer, which contains all CDR information of
|
|
any connection to that host for the last week/month/year. So, it is obvious
|
|
to say that SprintNet does have a hudge database of all CDRs. Yes, another
|
|
point: This database is located in the TAMS computer. Hmm, ahh.. Wouldn't
|
|
that be neat.
|
|
:PA
|
|
|
|
_______________________________________________________________________________
|