888 lines
33 KiB
Plaintext
888 lines
33 KiB
Plaintext
==Phrack Magazine==
|
|
|
|
Volume Four, Issue Forty-Four, File 4 of 27
|
|
|
|
|
|
// // /\ // ====
|
|
// // //\\ // ====
|
|
==== // // \\/ ====
|
|
|
|
/\ // // \\ // /=== ====
|
|
//\\ // // // // \=\ ====
|
|
// \\/ \\ // // ===/ ====
|
|
|
|
PART II
|
|
******************************************************************************
|
|
|
|
<Retyped From an Actual SWBT Handout>
|
|
|
|
SOUTHWESTERN BELL TELEPHONE
|
|
|
|
Computer
|
|
Security
|
|
Guidelines
|
|
|
|
Computer Security is YOUR Responsibility.
|
|
|
|
These guidelines are designed to help you know and meet your corporate
|
|
obligation.
|
|
|
|
Prepared by: Information Systems
|
|
Computer Security Administration
|
|
One Bell Center 22-H-8
|
|
St. Louis, MO 63101
|
|
|
|
For Users
|
|
---------
|
|
|
|
Keep your logon and password information private.
|
|
Do not write down passwords, but if you must, keep them in a locked place.
|
|
Do not store your password in the computer.
|
|
Make sure no on sees you enter your passwords.
|
|
Pick non-obvious, non-guessable passwords.
|
|
Do not share your logons or passwords.
|
|
Change passwords periodically, at least every thirty days.
|
|
Open new computer logons for computer resources only when you have a
|
|
real need.
|
|
Close computer logons you no longer need.
|
|
Make sure you have proper protection settings on sensitive computer files.
|
|
Do not send confidential information through electronic mail or computer
|
|
news systems.
|
|
If you suspect security violations, tell management immediately.
|
|
Be sure that use of computing resources is for company approved purposes
|
|
only.
|
|
Do not access any information that your management has not authorized you
|
|
to have. When in doubt, ask!
|
|
Logoff when you leave your terminal.
|
|
If you dialed in, disconnect when you are finished working.
|
|
|
|
For Managers of Computing Facilities
|
|
------------------------------------
|
|
|
|
Provide procedures to control access to computing resources.
|
|
Provide facilities to let users protect proprietary information from
|
|
disclosure to unauthorized persons.
|
|
Be sure that connection of a computer to any network does not diminish
|
|
the control a user has over programs and data.
|
|
Provide appropriate security facilities and procedures to protect
|
|
computing hardware against damage.
|
|
Provide facilities to protect user's data and programs from undesired
|
|
changes or destruction.
|
|
Ensure that computing resource use has been authorized by a member of
|
|
supervision.
|
|
Make sure that computing resource use can be tracked to individuals.
|
|
Report to managers regularly on the extent of computing resource use.
|
|
Provide appropriate backup facilities for data and programs.
|
|
Provide audit trails which identify violations and security breaches
|
|
and examine them regularly.
|
|
For assistance in coordinating computer security activities, contact the
|
|
Computer Security Administrator.
|
|
|
|
For Managers
|
|
------------
|
|
|
|
Make sure you authorize all use of computing resources and that you require
|
|
separate logons for each individual.
|
|
Make sure that the user of computer resources understands responsibilities
|
|
with respect to proper use and security consciousness.
|
|
Review computing resource usage reports and the security practices of the
|
|
users for which you are responsible.
|
|
When a user's employment or need for access ends or changes, make sure
|
|
access to computer resources is promptly changed by notifying your
|
|
System Administrator.
|
|
Report security violations to the General Security Manager and to the
|
|
Computer Security Administration Group.
|
|
|
|
For Information
|
|
---------------
|
|
|
|
The Information Systems Organization provides security and disaster recovery
|
|
services to establish, monitor, and audit computer security standards.
|
|
If you have any comments or questions regarding computer security, please
|
|
contact the Computer Security Administration.
|
|
|
|
*******************************************************************************
|
|
|
|
RBOC ORGANIZATIONAL ARCHITECTURE
|
|
|
|
Compiled By
|
|
|
|
Phrack Magazine
|
|
|
|
|
|
In an effort to assist the hacking world in their understanding of the
|
|
organizational mess created by our fabulous friends at the RBOCs, we have
|
|
compiled a list of the various organizations, what their functions are,
|
|
which centers they are made up of, and which computer systems they use.
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Planning and Engineering
|
|
|
|
Defines network resources available for assignment
|
|
|
|
Functions:
|
|
|
|
Long range and current planning for outside plant, wire centers,
|
|
interoffice network, special services, interexchange access
|
|
services, and message trunks
|
|
Exchange network design
|
|
Coordination of activities connected with installation and/or modification
|
|
of exchange network components
|
|
|
|
Centers:
|
|
|
|
DSPC
|
|
SCPC
|
|
WCFPC
|
|
CAC
|
|
IFFPC
|
|
IFCPC
|
|
TEC
|
|
MEC
|
|
DSDC
|
|
EEC
|
|
CSEC
|
|
|
|
Systems:
|
|
|
|
LEIS
|
|
NPS
|
|
FEPS
|
|
LSRP
|
|
INPLANS
|
|
INFORMS
|
|
DFDS
|
|
SSFS
|
|
PICS
|
|
LATIS
|
|
CAMIS
|
|
CUCRIT
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Service Provisioning
|
|
|
|
Allocates assignable existing network resources
|
|
|
|
Functions:
|
|
|
|
Circuit design and routing
|
|
Verification and assignment of network elements
|
|
Controlling and tracking orders during assignment process
|
|
|
|
Centers:
|
|
|
|
CPC - Circuit Provisioning Center
|
|
LAC - Loop Assignment Center
|
|
|
|
Systems:
|
|
|
|
TIRKS
|
|
SOAC
|
|
SWITCH
|
|
COSMOS
|
|
WM
|
|
LFACS
|
|
LOMS
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Network Operations
|
|
|
|
Controls installation, maintenance and testing of circuits
|
|
|
|
Functions:
|
|
|
|
Coordination and performance of the activities required to provide service
|
|
Surveillance and control of network equipment and facilities
|
|
Analysis, sectionalization, and repair of switching and transmission
|
|
facilities
|
|
Status reporting on service order and/or service restoration activities
|
|
|
|
Centers:
|
|
|
|
CRSAB
|
|
ICC
|
|
MC
|
|
NAC
|
|
RCMAC
|
|
SEAC
|
|
SSC
|
|
FMAC
|
|
STC
|
|
DNCC
|
|
FCC
|
|
SCC
|
|
|
|
Systems:
|
|
|
|
McTE
|
|
GDS
|
|
LMOS
|
|
EADAS
|
|
TAN
|
|
RSA
|
|
CRAS
|
|
CIMAP
|
|
NDS
|
|
SEAS
|
|
MAS
|
|
MIZAR
|
|
SARTS
|
|
TCAS
|
|
CAROT
|
|
NMA
|
|
NMPS
|
|
SCCS
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Customer Services
|
|
|
|
Direct company contact with customers
|
|
|
|
Functions:
|
|
|
|
Service negotiation with customers
|
|
Creating and routing associated service orders
|
|
Creating and maintaining customer records
|
|
Reporting the provisioning status to customers
|
|
Initiating billing and collection processes
|
|
Handling billing and general service inquiries
|
|
|
|
Centers:
|
|
|
|
RSC - Residence Service Center
|
|
BSC - Business Service Center
|
|
ICSC - Interexchange Carrier Service Center
|
|
|
|
Systems:
|
|
|
|
BOFADS - Business Office Force Administration Data System
|
|
PREMIS - Premises Information System
|
|
SOP - Service Order Processor
|
|
CABS - Carrier Access Billing System
|
|
BOSS - Billing and Order Support System
|
|
CRIS - Customer Records Information System
|
|
BRIS - Business Revenue Information System
|
|
CLAIMS
|
|
|
|
-----------------------------------------------------------------------------
|
|
|
|
Quick Breakdown
|
|
|
|
Process Center System
|
|
-----------------------------------------------------------------------------
|
|
|
|
Planning & Engineering
|
|
|
|
IOF IFCPC IFFPC IOF/EDC FEPS NPS-F
|
|
|
|
Switch SCPC WCPC EEC LSD&F LSRP NDS
|
|
TNDS/EQ NPS-W
|
|
|
|
Distribution DSPC DSDC LATIS LEIS NPS-D
|
|
|
|
Service Provisioning
|
|
|
|
IOF CAC TIRKS
|
|
|
|
Switch LAC COSMOS
|
|
|
|
Distribution LAC LFACS
|
|
|
|
Network Operations
|
|
|
|
IOF FMAC CAROT CIMAP TCAS
|
|
TNDS/TK
|
|
|
|
Switch NAC RCMAC SCC EADAS NDS MAS MIZAR
|
|
TASC CIMAP NMA NMPS
|
|
SCCS
|
|
|
|
Distribution ICC MC GDS CRAS LMOS/MLT
|
|
PREDICTOR TAN
|
|
|
|
*******************************************************************************
|
|
|
|
-IS- Blue Boxing Dead?
|
|
|
|
Australia Direct 800-682-2878
|
|
Austria Direct 800-624-0043
|
|
Belgium Direct 800-472-0032
|
|
Belize Direct 800-235-1154
|
|
Bermuda Direct 800-232-2067
|
|
Brazil Direct 800-344-1055
|
|
British VI Direct 800-248-6585
|
|
Cayman Direct 800-852-3653
|
|
Chile Direct 800-552-0056
|
|
China Direct 800-532-4462
|
|
Costa Rica Direct 800-252-5114
|
|
Denmark Direct 800-762-0045
|
|
El Salvador Direct 800-422-2425
|
|
Finland Direct 800-232-0358
|
|
France Direct 800-537-2623
|
|
Germany Direct 800-292-0049
|
|
Greece Direct 800-443-5527
|
|
Guam Direct 800-367-4826
|
|
HK Direct 800-992-2323
|
|
Hungary Direct 800-352-9469
|
|
Indonesia Direct 800-242-4757
|
|
Ireland Direct 800-562-6262
|
|
Italy Direct 800-543-7662
|
|
Japan Direct 800-543-0051
|
|
Korea Direct 800-822-8256
|
|
Macau Direct 800-622-2821
|
|
Malasia Direct 800-772-7369
|
|
Netherlands Direct 800-432-0031
|
|
Norway Direct 800-292-0047
|
|
New Zealand Direct 800-248-0064
|
|
Portugal Direct 800-822-2776
|
|
Panama Direct 800-872-6106
|
|
Philippines Direct 800-336-7445
|
|
Singapore Direct 800-822-6588
|
|
Spain Direct 800-247-7246
|
|
Sweden Direct 800-345-0046
|
|
Taiwan Direct 800-626-0979
|
|
Thailand Direct 800-342-0066
|
|
Turkey Direct 800-828-2646
|
|
UK Direct 800-445-5667
|
|
Uruguay Direct 800-245-8411
|
|
Yugoslavia Direct 800-367-9841 / 9842
|
|
|
|
This file brought to you by The Phone Company
|
|
|
|
*******************************************************************************
|
|
|
|
*****************************************
|
|
* Step-by-step Programming Instructions *
|
|
* For the EO Cellular Module *
|
|
*****************************************
|
|
|
|
1. Unbox and attach the EO Cellular Module to the EO Personal
|
|
Communicator 440/880.
|
|
|
|
2. Once the EO Cellular Module is attached turn on the EO Personal
|
|
Communicator 440/880.
|
|
|
|
3. Open EO Phone.
|
|
|
|
4. Tap "Options."
|
|
|
|
5. Tap "Authorized Dealer."
|
|
|
|
6. Write Dealer Code in space provided. Dealer code is *12345678#. To edit
|
|
mistakes, draw a small circle around 2 or 3 of the numbers entered.
|
|
This will bring up an edit box and allow easier entry of the number.
|
|
Once you have made your corrections, tap "OK."
|
|
|
|
7. Tap "OK" on the "Authorized Dealer Code" pop-up.
|
|
|
|
8. Wait approx. 30 seconds and programming screen will appear (The "busy
|
|
clock" will appear on screen).
|
|
|
|
9. If invalid code entry screen appears, the programming screen will be
|
|
blank and the "Apply" and "Apply and Close" buttons at the bottom
|
|
will be greyed out. Close the programming screen by tapping on the
|
|
upper left blacked out corner of the screen. Re-do steps 4 through 7
|
|
(refer to the TIP below for a guaranteed method of accurate entry).
|
|
A common problem is to enter an "l" instead of a "1" because they appear
|
|
to be very similar. To make sure that you have entered a one, check to
|
|
see that the character is the same height as the other numbers. The
|
|
letter "l" will be slightly taller.
|
|
|
|
TIP: To insure that you have entered the correct digits (one versus letter
|
|
"l" problem above) you can use the accessories keyboard. To use the
|
|
keyboard for the Dealer Code entry do the following (replaces steps
|
|
4, 5, and 6 above):
|
|
|
|
a. Tap Accessories in the lower bookshelf.
|
|
b. Tap Keyboard. This will bring up the pop-up keyboard.
|
|
c. Tap Options at the top of the EO Phone window.
|
|
d. Tap Authorized Dealer. This will bring up the Dealer Code pop-up.
|
|
e. Tap on the line in the Dealer Code box. A dot (or character) will
|
|
appear and now entry from the keyboard will appear in the Dealer
|
|
Code box.
|
|
f. Now use the keyboard to delete the dot (or character). The Delete
|
|
key is the upper right most key on the keyboard.
|
|
g. Now use the keyboard to enter the dealer code - *12345678#
|
|
(the * and the # keys can be found by tapping the shift
|
|
(up arrow) keys.)
|
|
h. GO TO STEP 7 and continue.
|
|
|
|
NOTE: When programming the following entries always use the circle gesture
|
|
to change the entry. In other words, circle the existing entry
|
|
to bring up the edit combs. Then correct each digit by writing over
|
|
the existing digit. This will insure that the number of digits for
|
|
each entry is correct. If an entry has an incorrect length then
|
|
none of the programed entries will be accepted.
|
|
|
|
10. Enter the assigned telephone number in the first field. Use the
|
|
circle gesture to bring up the edit combs to edit the existing
|
|
telephone number. Change each digit by writing over it in the edit
|
|
combs. When complete tap "OK."
|
|
|
|
11. Use the same procedure in step 10 to enter the appropriate SID
|
|
in the second field.
|
|
|
|
12. Use the same procedure in step 10 to enter the corresponding IPCH
|
|
(0333 for the non-Wireline or A side provider; 0334 for the Wireline
|
|
or B side provider) in the third field.
|
|
|
|
13. Leave the remaining fields intact as already programed from the
|
|
factory unless instructed to change them by the cellular service
|
|
provider. Use the circle/edit method to change any necessary
|
|
entries. The factory defaults are:
|
|
|
|
Field Title Default Value
|
|
----------- -------------
|
|
ACCOLC 00
|
|
Group ID 15
|
|
Lock Code 1234
|
|
SCM 1010
|
|
Security Code 123456
|
|
Emergency Code 911
|
|
|
|
14. Tap the "Apply" button on the bottom of the screen. The programming
|
|
information you have entered is now being saved in the EO Cellular
|
|
Module. This will take approximately 20 seconds.
|
|
|
|
15. Close the programming screen by tapping the blackened area in the upper
|
|
left hand corner of the programming screen.
|
|
|
|
16. Now set the approximate Roaming Option.
|
|
|
|
17. Tap Options.
|
|
|
|
18. Tap Roaming.
|
|
|
|
19. Enter Security Code. Default is 123456.
|
|
|
|
20. Tap "OK."
|
|
|
|
21. Tap next to appropriate roaming option. A check mark will appear.
|
|
|
|
22. Tap "Apply" button.
|
|
|
|
23. Close window.
|
|
|
|
24. Check status line in EO Phone for appropriate indications.
|
|
|
|
25. Tap "Keypad" tab on right side of EO Phone window. This will bring
|
|
up a keypad display which can be used to place a voice call.
|
|
|
|
26. Make sure that the Cellular Icon is boxed (as opposed to the Phone
|
|
Icon in the lower left hand of EO Phone.)
|
|
|
|
27. Tap the keypad buttons to enter the number to be dialed. The digits will
|
|
appear in the dial box at the middle bottom of the EO Phone window.
|
|
|
|
28. Pick up the handset and tap "DIAL" button in the lower right hand
|
|
corner of the screen. This button is just like hitting SEND button
|
|
on a cellular phone. This will place a voice call using the number
|
|
in the dial box.
|
|
|
|
29. When call is complete tap "Hang-up" (the DIAL button to "Hang-up" after
|
|
the call is connected to the network.) This is just like pressing END
|
|
on a cellular phone.
|
|
|
|
30. Close EO Phone.
|
|
|
|
31. Programming and testing is now complete.
|
|
|
|
Helpful Information
|
|
|
|
The EO Cellular Module contains an OKI 910 cellular phone housed in
|
|
specially designed, plated plastics with custom connections into the
|
|
proprietary port on the phone.
|
|
|
|
All programming of this module is done via the EO Personal Communicator
|
|
440 or 880. All programming/configuration information for the phone is
|
|
stored in the EO Cellular Module and not in the Personal Communicator.
|
|
This means that once the EO Cellular Module is programed it can be removed
|
|
from the EO Personal Communicator and reattached to any other EO Personal
|
|
Communicator without re-programming.
|
|
|
|
The ESN for the EO Cellular Module can be derived from the Serial number
|
|
in the window on the bottom of the module. The cellular module ESN is 129
|
|
followed by the last eight digits of the serial number in the window. These
|
|
eight digits will usually begin with 013. This eleven digit number should
|
|
be provided to the people that will actually assign the telephone number
|
|
and activate the EO Cellular Module on the cellular network.
|
|
|
|
*******************************************************************************
|
|
|
|
THE HACKER CHRONICLES CD-ROM
|
|
|
|
Well, he said he was going to do it, and he did.
|
|
|
|
Scan Man put out a CD-ROM of info collected from the
|
|
underground. I had kind of forgotten he was going to
|
|
do it, but once I heard rumors of such a thing, I knew he
|
|
had.
|
|
|
|
At HoHo Con last year, Bootleg was very excited about
|
|
compiling data from the community for the project he
|
|
and Scan Man were working on. As things progressed
|
|
however, Bootleg would soon find out that Scan Man
|
|
had no intention of working with him, and cut him out of
|
|
the project.
|
|
|
|
This is how it was explained to me. I hope that it is
|
|
not true, since Bootleg is back in jail and wouldn't
|
|
have the ability to fly out to West Virginia and throttle
|
|
Scan Man about the head and neck.
|
|
|
|
[Description from the Jewel Box]
|
|
|
|
WARNING!
|
|
|
|
This material is controversial in nature and may be offensive
|
|
to some viewers. Not that the information in and of itself is
|
|
not illegal. Quite often the usage of certain information is
|
|
illegal. The Hacker Chronicles is for informative and educational
|
|
purposes only. All documents and programs in this compilation were
|
|
legally available to the public prior to his publication. None of
|
|
these criminal acts described on this disc are in any way
|
|
condoned or should be attempted.
|
|
|
|
Over 12 YEARS in the making - this software package contains stories
|
|
of how they did it, actual break-ins, arrests, and prosecutions. Most
|
|
of the articles were written by the actual people who committed these
|
|
acts. Access articles and software with an easy-to-use menu system.
|
|
|
|
Areas of information include: PHONE PHREAKING (so called hobbyists
|
|
who are into telephone technology of all types, well known for their
|
|
ability to bypass telephone billing system), COMPUTER HACKERS
|
|
(sometimes referred to as cyberpunks, interested in access to any on
|
|
line computer system they can find), SATELLITE COMMUNICATIONS
|
|
(hobbyists who sometimes employed test software designed for dealers
|
|
to defeat scrambling systems), "UNDERGROUND" GENERAL INFORMATION (many
|
|
subjects all very technical in nature and explained in detail, such as
|
|
ATM's, credit cards, voice mail, hypnotism, bugging, skip tracing,
|
|
phone taps, cellular phones, lock picking, social engineering,
|
|
virus's, chemical substances, explosives, editorials, legal issues,
|
|
alarm systems, spies, hardware, signal interception, private
|
|
investigations, security, computer ethics, underground BBS's, TV cable
|
|
piracy, boxing and much more!
|
|
|
|
-----
|
|
|
|
Uh, that kinda says it all, don't it? CYBERPUNKS, VIRII, WAREZ & STUFF!
|
|
Uh, yeah.
|
|
|
|
Seriously, the disk itself has a shitload of files. This
|
|
is rather cool, since now EVERY bbs in the world can put
|
|
OVER 650 MEGS OF G-FILES! Heh.
|
|
|
|
The file on the disc that struck me the most was the
|
|
intro written by Scan Man. He went talked about
|
|
a lot of things he's done in the past with the scene,
|
|
telephone companies, etc. I know Scan Man from WAY back.
|
|
Pirate-80 was one of the first real Hacker BBSes I was
|
|
ever on. (Remember when it was only up certain hours of the day?)
|
|
Reading that file was pretty informing for me. It also
|
|
made me smile to see that he's still pissed off at Craig
|
|
for tearing him apart in a Phrack some years ago.
|
|
|
|
Remember, this is by no means a complete collection.
|
|
Thankfully, the CD does not have any issues of Phrack
|
|
magazine past issue 41 (or else, I would be enjoying
|
|
a piece of the revenue :) ). It also, oddly enough,
|
|
does not have any LOD-TJ other than 4. It DOES however
|
|
have a large collection of CUD, NIA & CDC. Go figure.
|
|
|
|
The files do represent a neat history of our community
|
|
and for the curious neophyte, the nostalgic old-timer, or
|
|
anyone with 39 bucks, it might be something worth picking
|
|
up just to say you have it. I mean, you never know when
|
|
you will need to find issue 12 of LOL, or plans for a
|
|
urine box. It will save you the trouble of downloading.
|
|
|
|
The Hacker Chronicles - A Tour of the Computer Underground
|
|
should be available from any outlet that carries CD-ROMS.
|
|
Or hell, call P-80. I'm sure Scan Man will sell you a copy:
|
|
304-744-7322.
|
|
|
|
*******************************************************************************
|
|
|
|
Packet Switched Data Networks
|
|
An Introduction and Overview
|
|
By: Cosmos
|
|
|
|
|
|
The abundance of networks both private and public has given the hacker
|
|
an almost infinite playground. A popular type of network is the
|
|
packet switched network like SprintNet (TELENET) that allows local
|
|
users to access non-local machines. These WAN's usually serve as
|
|
the backbone for many large corporations. Understanding the way
|
|
in which they operate can aid many aspects of the hacker's knowledge.
|
|
|
|
Packet switching is a data networking technology in which user data is
|
|
segmented into small units (packets) and transmitted from the sending
|
|
user to the receiving user over shared communications channels. Each
|
|
individual packet also holds additional information that allows the
|
|
network to correctly route the packet to the correct destination. The
|
|
size of the packet is limited to a maximum number of characters set by
|
|
the individual sender. Packets are measured in octets, which are 8-bit
|
|
bytes. User data that exceeds this amount is divided into multiple
|
|
packets.
|
|
|
|
The difference between packet switching and circuit switching
|
|
(regular telephone lines) lies in the use of virtual circuits.
|
|
These circuits are given the term "virtual" because:
|
|
|
|
1) they are made up of bandwidth allocated on demand from
|
|
a pool of shared circuits
|
|
|
|
2) no direct physical connection is made on a packet network
|
|
|
|
3) the connection is a logical one
|
|
|
|
Due to these facts, packet networks are commonly denoted as connectionless
|
|
networks. There are three types of packet networks: public, private, and
|
|
hybrid (a combo of the two previous ones).
|
|
|
|
A packet switched data network (PSDN) has five major components:
|
|
|
|
1) local access components (LAC)
|
|
2) packet assemblers/disassemblers (PAD)
|
|
3) packet switching nodes (PN)
|
|
4) network links (NL)
|
|
5) a network managment system (NMS)
|
|
|
|
LOCAL ACCESS COMPONENTS
|
|
|
|
To transmit data through a PSDN, the data must first move from the
|
|
end-user to a packet assembler/dissasembler (PAD) or to a packet
|
|
switching node with a built-in PAD function. In order to achieve
|
|
this, three local access components are required. First is the
|
|
end-user data terminal, or more plainly, your computer. Secondly,
|
|
an end-user transmission device such as a modem. Thirdly, a
|
|
local access facility or physical line (Telephone Line). There are
|
|
three types of physical lines: switched analog lines (dial up), leased
|
|
analog channels (private lines), and leased digital channels (DDS circuits).
|
|
|
|
PACKET ASSEMBLERS/DISASSEMBLERS
|
|
|
|
All data travelling through the PSDN must be routed through a
|
|
Packet Assembler/Disassembler (PAD). The PAD's primary function
|
|
is to translate user data into network packet format and conversely to
|
|
convert network packets into user data. Basically, a PAD serves
|
|
as the network translator between the user and the PSDN. Other functions
|
|
performed by the PAD include: physical line concentration, call setup
|
|
and clearing functions, protocol conversion, code conversion, protocol
|
|
emulation, local switching functions, and local call billing functions.
|
|
|
|
PACKET SWITCHING NODES
|
|
|
|
The primary component of a packet switching network is the packet
|
|
switching node (PN). The packet switching node ensures that each
|
|
packet is routed properly through the network. Commonly, PN
|
|
configurations are installed in a redundant configuration. This
|
|
provides for a convenient backup for network traffic. Other functions
|
|
include: call billing, internal network diagnostics, support of
|
|
direct host computer access., and inter-network gateway connections.
|
|
|
|
NETWORK LINKS
|
|
|
|
Network links are the physical components that connect packet switching
|
|
nodes together. Several transmission technologies can be employed
|
|
in network linking, including: analog circuits, digital circuits,
|
|
microwave systems, and satellite systems. The most common network
|
|
link technologies used are Digital Dataphone and other similar
|
|
interexchange carrier services, and point to point analog private
|
|
lines. Speeds on network links range from 9.6 Kbps to 56/64 Kbps.
|
|
Network links are commonly denoted as the "backbone layer" or
|
|
the backbone packet network. The local PAD's are termed the
|
|
"access layer" or access network.
|
|
|
|
NETWORK MANAGEMENT SYSTEM
|
|
|
|
Basically, the network management system (NMS) controls and monitors
|
|
the PSDN. It primarily stores and performs maintenance on the
|
|
network database. This database is the master copy of all the software
|
|
and configurations in each network node. If a node fails or is
|
|
not functioning properly, the NMS can download backup information through
|
|
the various network links to solve the problem. Thus, a unattended
|
|
network is formed.
|
|
|
|
This is all one needs to understand for a general knowledge of
|
|
a packet switched data network. Additional topics can be
|
|
pursued further for increased knowledge but are not essential.
|
|
You might want to research some info on the standard X.25 protocol,
|
|
and other OSI stuff. Anyways, I hope this brief intro article can
|
|
be of use in the general knowledge of computer networking.
|
|
|
|
Cosmos
|
|
|
|
*******************************************************************************
|
|
|
|
Stacker Security.
|
|
|
|
|
|
How to Hack a Stacker disk that is password protected!
|
|
|
|
The 'Stacker' Software increases the space on your hard disk by using
|
|
on the fly compression on the data on the disk. It does this by creating
|
|
a file called Stacvol.dsk on the hard drive. All of the information that
|
|
is put on the disk is compressed and stored in the stacvol.dsk file.
|
|
When Stacker is installed on a hard drive, say C: all of the data on
|
|
the disk is compressed and stored in the stacvol.dsk file, which is
|
|
assigned as a virtual disk C:, the 'real' drive is then assigned D:.
|
|
The swapping taking place a boot time.
|
|
|
|
The Stacvol.dsk file is therefore stored on the D: drive and usually
|
|
takes up most of the drive. (ie: a 40M C: drive contains the stacvol.dsk
|
|
file of size around 5-39M the disks are swapped at boot time and
|
|
the C: drive that the user 'sees' is really the contents of the stacvol.dsk
|
|
file on the D drive assigned to C:, everything on the C drive (stacvol.dsk)
|
|
is compressed, thus obtaining an increased disk space.)
|
|
|
|
The point is this, at boot time the owner of the machine can set passwords
|
|
to allow the user to have no access, read/write or read-only access to
|
|
the C drive/stacvol.dsk file, if a wrong password is entered the stacvol
|
|
file is not mounted as the C drive and all a DIR will get you is a directory
|
|
of C:\ which will have a few files such as command.com etc, nothing
|
|
of any real interest.
|
|
|
|
So now for the interesting bit, how to get in without a password,
|
|
or getting read/write privs when you've only got read-only.
|
|
|
|
First, boot the computer and go through the password routine.
|
|
Get it wrong (you may as well try something like password though just in
|
|
case.)
|
|
|
|
The Stacvol.dsk file is hidden so change its file attributes so you
|
|
can edit it. (You'll need a floppy now with a utility such as Norton
|
|
diskedit on it)
|
|
|
|
Load in the diskeditor and get it so that you are editing the stackvol
|
|
file in a HEX mode. The first bit of Hex just contains the usual sort of
|
|
boot record type rubbish, not too interesting.
|
|
|
|
The interesting bit is the bit which starts at offset 74
|
|
|
|
Now the information starting at 00040 is the interesting bit,
|
|
on a disk with a password set it will look like this....
|
|
|
|
00040 20 20 20 20 20 20 20 20 | 20 20 2D 2A 2D 0A 0A 1A
|
|
00050 72 AA 91 9C 0F 66 9A ED | AB 18 6E 6D E2 C3 2B 8B
|
|
00060 5E CD EF A9 37 1B 53 E2 | C6 F0 E8 9C A4 49 F6 9D
|
|
00070 4C F0 AB 32 21 47 FC 91 | 7E 8C 58 D8 D9 D7 DB D3
|
|
|
|
(All figures obviously in hex.)
|
|
|
|
The data from 0004B to 0004E is a flag to the device driver to tell
|
|
it that a password is required.
|
|
|
|
From 0004f to 0005F are the encrypted passwords.
|
|
(the rest just being data)
|
|
|
|
NOW, for an unpassworded file this looks like
|
|
|
|
00040 20 20 20 20 20 20 20 20 | 20 20 20 20 20 0D 0A 1A
|
|
00050 49 F6 9D 4E EC B1 26 3D | 0F 6B B2 24 41 07 7B 92
|
|
00060 XX XX XX XX XX XX XX XX | XX XX XX XX XX XX XX XX
|
|
00070 XX XX XX XX XX XX XX XX | XX XX XX XX XX XX XX XX
|
|
|
|
Now all you have to do is take a copy of the data in this section
|
|
on the stacvol.dsk file you are hacking so that you can return it back to
|
|
its original state!
|
|
|
|
Patch the code above into the corresponding positions into the
|
|
file you are hacking, leaving the code denoted by XX alone, this is version
|
|
code and depends on the machine so leave it alone!
|
|
|
|
Save the changes and reboot the machine, it will no longer ask for a
|
|
password and you now have full access.
|
|
|
|
Afterwards re-patch the original code that you noted and if you've used
|
|
your common sense then the owner will never know you were there.
|
|
|
|
(By common sense I mean don't forget to restore time/date stamps etc.)
|
|
|
|
D2A [D
|
|
|
|
*******************************************************************************
|
|
|
|
UNAUTHORIZED ACCESS ONLY
|
|
|
|
Computers are becoming an integral part of our everyday existence. They are
|
|
used to store a multitude of information, from credit reports and bank
|
|
withdrawals to personal letters and highly sensitive military documents.
|
|
So how secure are our computer systems?
|
|
|
|
The computer hacker is an expert at infiltrating secured systems, such as
|
|
those at AT&T, TRW, NASA and the DMV. Most computer systems that have a
|
|
telephone connection have been under seige at one time or another, many
|
|
without their owner's knowledge. The really good hackers can re-route the
|
|
telephone system, obtain highly sensitive coporate and government documents,
|
|
download individuals credit reports, make free phone calls globally, read
|
|
private electronic mail and corporate bulletins and get away without ever
|
|
leaving a trace.
|
|
|
|
So who are these hackers? Just exactly WHAT do they DO, and WHY do they do
|
|
it? Are they really a threat? What do they do with the information
|
|
they obtain? Are hackers simply playing an intellectual game of chess or
|
|
are hackers using technology to effectively take control of corporate and
|
|
government systems that have previously appeared omnipotent?
|
|
|
|
Our group is in the course of filming "Unauthorized Access", a documentary
|
|
that will demistify the hype and propoganda surrounding the computer hacker.
|
|
We will expose the truths of this sub-culture focusing on the hackers
|
|
themselves. This will be a view from inside the global underground.
|
|
We intend to shoot in the United States, Holland and Germany.
|
|
|
|
This documentary will be of the highest broadcast quality and is
|
|
intended for international television, festival and theatrical distribution.
|
|
|
|
We are currently looking for additional financial backers interested in this
|
|
project. For more information about "Unauthorized Access" or if
|
|
you are intrested in providing any information or support, please contact
|
|
annaliza@netcom.com.
|
|
|
|
*******************************************************************************
|
|
|
|
Mitnick's Soliloquy
|
|
|
|
Intruder, or not Intruder: that is the question:
|
|
Whether 'tis more likely the system suffers
|
|
The misuses and malfeasances of outrageous crackers
|
|
Or that some user behaves anomalously
|
|
And, by so doing, causes false alarms. To alert, to audit;
|
|
No more; and by an audit to say we find the attack,
|
|
And the thousand failed login attempts
|
|
That are seen on the network, 'tis a consummation
|
|
Devoutly to be decrypted. To alert, to audit.
|
|
To audit, perchance to detect, ay, there's the rub.
|
|
For in that detection of attack what false alarms may come;
|
|
When we have dumped a million packets
|
|
Must give us pause, the analysis
|
|
That makes use of long CPU hours and many gigabytes
|
|
For who would bear the whips and scorns of time
|
|
The analysis by hand, the tired SSOs eyes sore,
|
|
The pangs of innocent users, the law's delay,
|
|
The insolence of phreaks, and the spurns
|
|
That patient merit of unworthy takes
|
|
When he himself might his quietus make
|
|
By a disconnected ethernet? who would fardles bear
|
|
To grunt and sweat under C2 standards
|
|
But that the dread of worm after worm
|
|
The undiscovered bug from whose bourn
|
|
No Vandal turns, puzzles the testers,
|
|
And makes us rather ebar those ills we have
|
|
That crash the system and erase the hard drive?
|
|
Thus intrusion detection makes abusers of us all,
|
|
And thus the native hue of normal use
|
|
Is sicklied over with the red light of intruder,
|
|
and jobs of great size and duration
|
|
With this regard their patterns out of normal parameters,
|
|
and lose the name of legal system policy.
|
|
|
|
After Hamlet's Soliloquy,
|
|
By JJ
|
|
|
|
*******************************************************************************
|