(>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #1 of 12 
Volume 1, Issue 1  Released:  Jan. 1, 1987 
 
 
 
                           LOD/H TECHNICAL JOURNAL 
                           ----------------------- 
 
 
                               INTRODUCTION: 
 
 
               Welcome to the premiere issue of the LOD/H TJ! 
 
     The LOD/H TJ is a soft-copy free newsletter whose primary purpose is to 
further the knowledge of those who are interested in topics such as: 
Telecommunications, Datacommunications, Computer & Physical Security/Insecurity 
and the various technical aspects of the phone system. 
 
     The articles contained herein, are totally original unless otherwise 
stated. All sources of information for a specific article is listed in the 
introduction or conclusion of the atricle. We will not accept any articles that 
are unoriginal, plagiarized, or contain invalid or false information. Articles 
will be accepted from anyone who meets those criteria. We are not dependant 
upon readers for articles, since members of LOD/H and a select group of others 
will be the primary contributers, but anyone can submit articles. 
 
     Readers are encouraged to download all files for each issue, not just the 
ones they are interested in. The reason for this is twofold: The newsletter 
was designed to be a group effort, and the files herein were not intended for 
individual distribution, and secondly, keeping the issue intact allows you to 
distribute it to other BBS's and phriends who are interested in it. 
 
     There is no set date for releasing issues, as we have no monetary or legal 
obligation to the readers, but we predict subsequent issues will be released 
between 2 and 3 months from the previous one. Thus, expect 4 to 6 issues a year 
assuming we continue to produce them, which we intend to do. 
 
     Newsletter sponsors are boards which will get the newsletter directly from 
the staff as soon as it is released, and has added our 'staff account' to the 
userlist in order for the readers to respond directly to us about the content 
of the newsletter. If your board would like to become a sponsor, leave us mail 
on any of the following sponsors boards: 
 
     Atlantis 
     Metal Shop Private 
     Private Sector 
     Digital Logic 
     Hell Phrozen Over 
 
     An LOD/H TJ staff account is on all our sponsor BBS's. This allows readers 
to get in contact with us for the following reasons: 
 
* If you have questions about any article, or question the validity of the 
  material, you are welcome to contact us through the staff account and leave 
  a way for the author to contact you. This insures a better understanding from 
  the readers of the topic and also, insures the integrity of the author as far 
  as knowledge and originality of the topic is concerned. 
 
* You may leave questions for the staff which will be answered in our 'Ask the 
  Staff' section of the newsletter. The questions selected will be of general 
  interest to others. Any questions not published will try to be answered via 
  E-Mail. We don't know everything, but anything we do know will be shared 
  with those who ask. 
 
     Various features of the newsletter include: 
 
Editorials: These will feature short articles on topics which affect the 
            telecom world in general. 
 
Network News & Notes: News articles and other things of interest pertaining to 
                      the things this newsletter specializes in. 
 
Reader Mail: Questions and comments about previous issues from readers who 
             contact us through our staff account on sponsor boards. 
 
Special Features: These will pop up from time to time and can be anything which 
                  does not fit in the general format of the newsletter. 
 
------------------------------------------------------------------------------- 
 
                  TABLE OF CONTENTS: 
 
01 Introduction to the LOD/H Technical Journal          Staff             05 K 
   and Table Of Contents for Volume 1, Issue 1 
 
02 Custom Local Area Signalling Services (CLASS)        The Videosmith    17 K 
 
03 Identifying and Defeating Physical Security and      Lex Luthor        23 K 
   Intrusion Detection Systems Part I: The Perimeter 
 
04 The Traffic Service Position System (TSPS)           The Marauder      23 K 
 
05 Hacking DEC's TOPS-20:  Intro                        Blue Archer       19 K 
 
06 Building your own Blue Box (Includes Schematic)      Jester Sluggo     16 K 
 
07 Intelligence and Interrogation Processes             Master Of Impact  18 K 
 
08 The Outside Loop Distribution Plant:  Part A         Phucked Agent 04  25 K 
 
09 The Outside Loop Distribution Plant:  Part B         Phucked Agent 04  23 K 
 
10 LOH Telenet Directory: Update #4 (1-1-87) Part A     LOH               25 K 
 
11 LOH Telenet Directory: Update #4 (1-1-87) Part B     LOH               18 K 
 
12 Network News & Notes                                 Staff             10 K 
 
 
Total: 12 files    223 K 
 
------------------------------------------------------------------------------- 
 
That wraps it up for the introduction, hope you like it and we will look 
forward to hearing from you. 
 
(>---------------------------------------------------------------------------<) 
(>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #2 of 13 
 
 
                    Custom Local Area Signalling Services 
 
                         Written by: The Videosmith 
 
                               Version - 1.1 
 
 ----------------------------(c) Copyright 1994--------------------------- 
 
 This article will explain the newly developed LASS system (AT&T Bell Labs), 
 and how it may affect us in the near future. Note that the service as it 
 appears for customers is called "CLASS", the C standing for Custom. I 
 assume this is just for looks. 
 
 LASS 
 ---- 
 
    The telephone was destined to become a well used and powerful tool for 
 otherwise tedious tasks. Gas meters and other metered services would be 
 surveyed through the use of automatic data retrieval employing telephone 
 communications. All in all, some have big plans for the uses one could put 
 the telephone system up to, and CLASS is one plan that is going to drop 
 an innovative bombshell on the telecommunicating world. 
 
    At this moment, a local CCIS network feature is being developed by 
 Bell Laboratories. This feature will change the way people use fones, and 
 will also change the attitude in which they use them. It will give far 
 more control of the telephone to the user than ever before. This feature 
 is called CLASS (Custom Local Area Signalling Services). 
 
    Everyone will find something useful in this newly developed telephone 
 feature. Pizza parlours will no longer have to worry about fraudulent italian 
 food mongers, and little old ladies won't have to worry about prank calls 
 by certain dubious characters. 
 
    What are all these fantastic features?  These features will 
 include call back of the last caller, regardless of whether you have their 
 telephone number or not. Another will be distinct call waiting tones, and 
 preselected call forwarding (only those people whom you wish to speak to 
 will be forwarded). This is a rudimentary list of CLASS features to come. 
 It is a very powerful system, and it all relys on LCCIS (Local Common 
 Channel Interoffice Signalling), an intra-LATA version of the ever-popular 
 CCIS. 
 
 CCIS Background 
 --------------- 
 
    CCIS was originally introduced in 1976 as, basically, the signalling 
 system to end all signalling systems. Instead of using the voice grade 
 trunks to carry signalling information on, a data network would be used. This 
 network is comprised of data links from each TO [involved with CCIS] to 
 the appropriate STP (signal transfer point). Signalling information is sent 
 through these links at 4800 bps to the STPs (Note that baud rates may increase 
 due to the economic availability of faster data communications hardware), 
 where stored program control routes the signalling information to the needed 
 offices in order to open and complete the call path. SPC checks automatically 
 for on-hook/off-hook status before opening the path, and if the status is 
 off-hook (in this case the customer does not have the call waiting custom 
 calling feature), returns information to the originating CO to apply a busy 
 signal to the customer. This is but one of many features toll CCIS provides 
 the network with. 
 
    Since this text is not centered on the topic of toll CCIS, technical 
 aspects aren't as important (except for the comparison between the local 
 and toll networks for observational purposes): yet it is important to 
 notice how automated and flexible this type of signalling method is, as well 
 as its speed and efficiency. All the software control involved with local 
 and toll networks is called, fittingly, the "stored program control network." 
 or ISDN (Integrated Services Digital Network). LCCIS will be addressed in a 
 future article. 
 
 CLASS/LCCIS Features 
 -------------------- 
 
 LCCIS would look like this: 
 
 
 
                                   /--\ 
                                   CO-2 
                                   ESS# 
                     /----I-T-G-----1A-----I-T-G----\ 
                     |             \--/             | 
                     |               |              | 
                     |             LCCIS            | 
                     |               |              | 
                     |          ----------          | 
                   /--\--LCCIS--|CCIS/SPC|--LCCIS--/--\ 
                   CO-1         ----------         CO-3 
                   ESS#                            ESS# 
                   -1A----interoffice trunk group---1A- 
                   \--/                            \--/ 
 
 SPC = Stored Program Control (Network control and Signal Transfer Point) 
 ITG = Interoffice Trunk Group 
 
    Using a high-speed data link between local offices creates a much more 
 flexible and more effecient way for intra-LATA central offices to communi- 
 cate. Instead of using per-trunk signalling (using the same trunk used for 
 voice transmission to send routing and billing information), such data would 
 be sent thru a 2400 bps dedicated data link, which interacts with a local 
 signal processing and transfer point. From that point, signalling information 
 is distributed to appropriate central offices or tandem switches. 
 
    At the during which this article was being initially researched, CLASS was 
    only being developed for the #1A ESS switch due to the flexibility of it's 
 memory handling, it's speed and what Bell Labs called 'cost efficiency'. At 
 the end of the research involved with this article, CLASS was already 
 implemented in data stage on ESS#5. 
 
    LCCIS will work with the local switches using stored program con- 
 trol, keeping track of call data. The 1A switches will use what 
 is called "scratch pad" memory (also known as call store), in conjuction 
 with LCCIS's database, to accomplish all the features that LASS provides. 
 This memory will hold such data as "line history", and a "screening list". 
 That information will make it possible for autoredial, selective call 
 forwarding, nuisance call rejection, and distinctive call waiting tones. 
 
 Selective CF 
 ------------ 
 
    Selective call forwarding is defined by the subscriber (the sub- 
 scriber must have conventional call forwarding to request this service). 
 Using call store, or more specifically the screening list, one will 
 be able to selectively forward a call to another directory number by 
 executing a few simple commands on the friendly home-bound telephone 
 (unlike migrating telephones most frequently found in hotel rooms). An 
 access code (a list will appear at the end of the file) will be entered, 
 and a special tone will be issued from the subscriber's CO. The cus- 
 tomer will then dial in the numbers he wants forwarded to the particular 
 number. After each number, a tone will sound indicating the acceptance 
 of the number. Individual BOC's (Bell Operating Companies) will be 
 able to define the amount of numbers which may be screened. Once this is 
 done, the cusomter hangs up and the ESS takes over. Now, whenever some 
 one calls this particular customer, the customer's switch will compare 
 the calling line's directory number with those stored in scratch pad 
 memory. If the CLID matches one of the numbers in 1A memory associated with 
 the called directory number, the number is forwarded. If not, the phone will 
 ring at the original destination. This in particular could make it very 
 difficult on system hackers, as you could probably imagine. A company can 
 subscribe to this CLASS feature, and enter only the numbers of authorized 
 users to be forwarded to a computer. Bureaus inside the various telephone 
 companies and other sensitive operations can screen calls to particular 
 numbers by using this service. 
 
    This is a security that's hard to beat, but of course there is a way 
 (simple law of nature: nothing is fail-safe). There will always be the 
 obvious way of finding numbers which are being forwarded to, like auto- 
 dialing entire exchanges (one after the other). Unfortunetly, CLASS will 
 be providing other services which might make "scanning" seem less 
 attractive. 
 
 Distinctive Ringing 
 ------------------- 
 
    Distinctive ringing is handled in the same fashion as selective call 
 forwarding is: the screen list in scratch pad memory. The customer may 
 enter numbers which the ESS should give special precedence to, and when- 
 ever a call is placed to this particular customer's number, ESS checks 
 to see whether the CLID matches a directory number listed in the 
 switch's memory. If a match is made, the subscriber's CO gives the off-hook 
 line a special call waiting tone, or the on-hook phone a distinctive ring 
 (possibly using abnormally timed ringing voltage... some readers may picture 
 a British Telecom ring as an example, although many foreign audible rings 
 tend to be different). 
 
 Call Rejection 
 -------------- 
 
    Nuisance call rejection, a feature making it possible to block certain 
 idiots from ringing your fone (a feature we can all benefit from at 
 one time or another... or all the time), uses the information retrieved 
 from LCCIS (CLID).  Let's say customer A calls customer B: 
 
                               ----LCCIS---- 
                     A ---> CO<             >CO ---> B 
                               ----trunk---- 
 
    Customer B happens to despise customer A, and keys in a special *## 
 code. ESS again takes over and looks at the CLID information, and stores 
 the calling line directory number in a special screen list associated with 
 with customer B. The next time customer A tries calling customer B, the 
 terminating office will reroute the call to a local (the originating CO) 
 digitized recording telling customer A that the call he made cannot be 
 completed due to customer B's request ("I'm sorry, but the customer you 
 have tried to reach wishes you were eaten by a rabid canibal on drugs"). 
 
 Dial Back 
 --------- 
 
    To create such a feature as "dial back" (for called or calling party), 
 the ESS scratch pad memory is used again. The same principles are 
 used as are employed in the already established custom calling feature, 
 auto-redial. CLID will be used in this way: 
 
                                     (received from CLID) 
                   last-called-mem     last-caller-mem 
                      ----------          ---------- 
                      |###-####|          |###-####| 
                      ----------          ---------- 
 
    Your ESS switch will keep track of who you called last, and who called 
 you last, thru the retrieval of calling line information provided by 
 LCCIS in conjunction with your switch (Your switch will know what number 
 you called last by directly storing the digits you dialed previously. Local 
 signalling will provide calling line information via LCCIS call 
 information forwarding using the data link mentioned). This way, with your 
 access code (*##), you will have total re-dial service. 
 
 Customer Trace 
 -------------- 
 
    This type of memory handling and signalling method will also allow the 
 feature that everyone was afraid would abolish "phreaking". Subscriber 
 initiated tracing, using the last caller directory number stored at your CO, 
 will be available as far as Bell Laboratories is concerned. There seems to be 
 two types of "customer originated trace". One will forward the number to local 
 authorities, at  which it will be handled through the police. The other 
 feature AT&T/Bell Labs is working on will be a display module that will sit by 
 your fone, and will display calling directory numbers. All other CLASS 
 features that use the calling line information are used at the descretion of 
 the caller. The customer originated trace, however, using the individual or 
 bulk calling line identification features ("trace") allow the customer to view 
 the calling number. The world is not ending... yet, in any case. Individual 
 customers will be able to employ a special "privacy code", which when dialed, 
 tells the far-end switch not to forward the calling number to a desk display. 
 Whether there will be a way to override this or not is obvious: of course. 
 The police, the military and government agencies are all likely to have a 
 higher priority level than your privacy. It seems that long distance 
 carriers could benefit greatly from CLASS. Why Bell/AT&T should give any type 
 of special services to OCCs not given to other non-telephone companies, 
 especially after equal access is fully implemented, I don't know (but then 
 again, it is EQUAL access). It's always possible. It is also possible that 
 there will be no desk display. There are those phone phreaks who feel that 
 BOC's will never give the end party the priviledge of retrieving the calling 
 party's number directly, if not due to plain old Bell policy on the issue of 
 privacy. We'll have to wait and see about that point: the desk display is, in 
 fact, operational and is being used in test stage. Whether Bell Labs feels 
 that this feature can and will be used in a full scale non-beta stage BOC 
 situation is a different story. The economic feasability is questionable. 
 
 End Notes 
 --------- 
 
    CLASS, using local CCIS, will not function on inter-LATA calls. The 
 local CCIS network is exactly that: local, and does not extend into the 
 realm of "toll network". This will eventually be corrected (allowing toll 
 CCIS to interact with LCCIS as far as CLID information is concerned). How 
 the various long distance networks will exchange information with the local 
 BOC network has not been determined [by the writer of this article]. It 
 would seem like a monumental task to try to integrate the emerging long 
 distance companies into the AT&T/BOC ISDN, be it because of equipment 
 inconsistancies or lack of cooperation on the part of the OCC, etc. This 
 will be discussed in an upcoming article dealing with toll CCIS. 
 Although CLASS has been built around the ESS #1A switch, it has, as has been 
 mentioned, been co-developed for use with the ESS #5 switching machine. 
 
    CLASS is going to cause problems, as well as create a new environment 
 for telephone users. Of course, those problems are only problems to people 
 who will generally be reading this article, but the more you know about CLASS 
 the more comfortable you'll feel about the service. It can be used to 
 one's advantage, even as a telecommunications hobbyist. Just as a 
 corporation will be able to set up a complete history of who is calling their 
 system, and eventually keep people off the system using the screen list in 
 memory, the same features can be applied to bulletin board systems and the 
 like. Imagine being able to keep all the local bozos off your board, or 
 being able to screen all but your private local users (making your system 
 completely inaccessible through the PSTN network from any telephone but 
 that of one of your users). It would seem to be a useful feature, if nothing 
 else but an easy feature, to implement. 
 
    It is a little difficult, if not plain awkward, to write an article about 
 a topic which is subject to change at the researcher's ignorance. I think 
 that CLASS is enough of a momentous issue that at least some text by a 
 hobbyist should be released for public knowledge purposes.  Yet my awareness 
 of the fact that some of this text may be outdated, or inaccurate, by the 
 time CLASS is released as a BOC service, is in itself the explanation of why 
 there is a version number at the head of this article. Most likely, when CLASS 
 becomes public, the second version will be released with update notes 
 (if need be...most probably so). I hope you enjoyed it, 
 
                                                The Videosmith. 
                                                   LOD/LOH! 
 
 --------------------------------------- 
 Test stage defaults for some features: 
 
 DTMF ! Pulse ! Description of Service 
 --------------------------------------- 
  *66 !  1166 ! Reconnect last caller 
 --------------------------------------- 
  *63 !  1163 ! Selective Call Forward 
 --------------------------------------- 
  *60 !  1160 ! Nuisance Call Blocking 
 --------------------------------------- 
  *57 !  1157 ! Customer "Trace" 
 --------------------------------------- 
 
 Note: These command codes may vary from BOC to BOC. The codes listed above 
 were found in a general description of CLASS and did not specify a particular 
 implementation of these services. 
 
 
 Acknowledgements: 
 
 Mark Tabas for his views on various included topics... for example, subscriber 
 tracing ("FUCK NO"). 
 Doctor <413> Who 
 Mr. DNA 
 
(>---------------------------------------------------------------------------<) 
 (>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #3 of 12 
 
 
             Lex Luthor and The Legion Of Doom/Hackers Present: 
 
             Identifying, Attacking, Defeating,  and Bypassing 
             Physical Security and Intrusion Detection Systems 
 
                           PART I: THE PERIMETER 
 
 
The reasons for writing this article are twofold: 
 
1) To prevent  the detection  and/or capture  of various  phreaks, hackers  and 
   others,  who attempt to gain access to: phone company central offices, phone 
   closets, corporate offices, trash dumpsters, and the like. 
 
2) To create an awareness and  prove to various security managers, guards,  and 
   consultants  how easy it  is to defeat  their security systems  due to their 
   lack of planning, ignorance, and just plain stupidity. 
 
 
In the past, I have written articles on "Attacking, Defeating, and Bypassing" 
Computer Security.  Now I take those techniques and apply them to Physical 
Security.  The information contained herein, has been obtained from research on 
the different devices used in physical security, and in practical "tests" which 
I and others have performed on these devices. 
 
 
INTRODUCTION: 
------------- 
 
Physical Security relies on the following ideas to protect a facility: 
Deterrence, Prevention, Detection, and Response.  Deterrents are used to 
'scare' the intruder out of trying to gain access.  Prevention tries to stop 
the intruder from gaining access.  Detection 'sees' the intruder while 
attempting to gain access.  Response tries to stop and/or prevent as much 
damage or access to a facility as possible after detection.  There are 3 
security levels used in this article and in industry to designate a facility's 
need.  They are:  Low, Medium, and High.  The amount, and types of security 
devices used by a facility are directly proportional to the level of security 
the facility 'thinks' it needs.  When I use 'facility' I am refering to the 
people in charge of security, and the actual building and assets they are 
trying to protect.  This article will be primarily concerned with the 
protection of the perimeter.  I have 2 other articles planned in this series. 
The second is the security concerning the exterior of a facility:  cipher 
locks, window breakage detectors, magnetic contact switches, etc.  The third 
part will deal with security systems inside a facility:  Passive Infra-Red 
detectors, ultrasonic detectors, interior microwave systems, and the various 
card access control systems. 
 
THE PERIMETER: 
-------------- 
 
A facility's first  line of defense  against intrusion is  its' perimeter.  The 
perimeter may have any or all of the following: 
 
* A single fence 
 
* An interior fence coupled with an exterior fence 
 
* Regular barbed wire 
 
* Rolled barbed wire 
 
* Various fence mounted noise or vibration sensors 
 
* Security lighting and CCTV 
 
* Buried seismic sensors and different photoelectric and microwave systems 
 
 
Fences: 
------- 
 
Fences are commonly used to protect the perimeter. The most common fence in use 
today is the cyclone fence,  better known as the  chain link fence. Fences  are 
used  as a deterrent and to prevent  passage through the perimeter. Common ways 
of defeating  fences are  by cutting,  climbing, and  lifting. Cutting  is  not 
usually  recommended for surreptitious entry, since it is easily noticeable. In 
this article,  we will  be  taking the  'Stealth'  approach. Climbing  is  most 
commonly done, but if the fence is in plain view, it may not be advisable since 
you can be seen easily. The higher the fence, the longer it takes to climb. The 
longer it takes to climb, the longer security has to detect and respond to your 
actions. Lifting is  better since  you are  closer to  the ground,  and not  as 
easily  spotted, but the fence must be very  flexible, or the sand very soft so 
you can get under  the fence quickly  and easily. Whenever  you see a  somewhat 
'unclimbable' fence (or one that you just don't want to climb) you should check 
the perimeter for  large trees with  uncut branches hanging  over the fence  or 
other  objects which will enable you to  bypass the fence without ever touching 
it. You  could use  a  ladder but  you don't  want  to leave  anything  behind, 
especially  with your fingerprints on  it, not that you  plan on doing anything 
illegal of course. 
 
Electric fences are not used for security purposes as much as they were in  the 
past.  Today, its  main use  if to keep  cattle or other animals  away from the 
perimeter (either from  the inside or  outside). There are  devices which  send 
a low voltage current through a fence and can detect a drop in the voltage when 
someone grabs onto the fence. Again, not too common so I will not go into it. 
 
For high security installations, there may be 2 fences. An outer fence, and  an 
inner  fence which are 5-10 yards apart. It  isn't often that you see this type 
of setup, it is mainly  used by government agencies  and the military. You  can 
be  very sure that there are various intrusion detection devices mounted on the 
fence, buried  underground  between  them, and/or  line-of-sight  microwave  or 
photoelectric  devices used.  These will be  mentioned later. If  you insist on 
penetrating the perimeter, then you should try to measure how far it is between 
fences. Now find a 2 foot by X foot board where X is the distance between the 2 
fences. Very slowly  place the board  on top of  both fences. If  there are  no 
fence vibration sensors you can just climb the fence and step onto the board to 
walk across the top. If there are  fence sensors, you will need a ladder  which 
cannot touch the fence to get you on top of the board. You can then walk on the 
board, over the ground in between, and jump down, being careful not to  disturb 
the  fences. This will work if there are no sensors after the 2 fences. Identi- 
fying sensors will  be mentioned later.  Obviously the method  of using a  long 
board  to put on top of  the two fences will not  work if the fences are spaced 
too far apart. Also, you and the board can be seen very easily. 
 
Barbed Wire: 
------------ 
 
There  are two common  types of barbed wire  in use today.  The more common and 
less secure is the type that is strung horizontally across the fence with three 
or more rows. The 'barbs' are spaced about 6" apart, enough for you to put your 
hand in between while  climbing over. Also,  it is thin enough  to be cut  very 
easily.  If you think you will need to leave in a hurry or plan on problem free 
surreptitious entry and the only way out will be to climb over the fence  again 
you  can cut the  wire from one post  to another, assuming the  wire is tied or 
soldered to each post, and replace it with a plastic wire which looks like  the 
wire  you just cut. Tie it to each  post, and come back anytime after that. You 
can then climb over it without being cut. The other type of wire, which is more 
secure  or harmful, depending on how you look at it, is a rolled, circular wire 
commonly called Razor Ribbon.  One manufacturer of this  is the American  Fence 
Co.  which calls  it 'the mean  stuff'. And  it is. The  barbs are  as sharp as 
razors. Of course this can be cut, but you will need very long bolt cutters and 
once  you cut it, jump as far back as  you can to avoid the wire from springing 
into your face. As mentioned earlier,  cutting is irreparable, and obvious.  If 
the  wire is  loosely looped, there  may be  sufficient room in  between to get 
through without getting stitches and losing lots of blood. If the wire is  more 
tightly  looped you may be able to cover  the the wire with some tough material 
such as a leather sheet so you can climb over without getting hurt. This method 
is not easy to accomplish however. You may want to see if you can get under the 
fence or jump over rather than climb it. 
 
 
Fence mounted noise or vibration sensors: 
----------------------------------------- 
 
Let's assume you have found a way to get past the fence. Of course you have not 
tried  this yet,  since you  should always  plan before  you act.  OK, you have 
planned how you would  theoretically get over  or past the  fence. You are  now 
past  the deterrent and prevention stages. Before  you put the plan into action 
you had better check for the things mentioned earlier. If a fence is the  first 
step  in  security defense,  then fence  mounted sensors  are the  second step. 
The types of detection equipment that can be mounted on the fence are: 
 
Fence shock sensors: These mount on fence posts at intervals of 10 to 20  feet, 
or  on every post. They are small boxes clamped about 2/3 up from ground level. 
There is a cable, either twisted  pair or coax running horizontally across  the 
fence  connecting these boxes. The cable can be concealed in conduits or inside 
the fence itself, thus,  making it hard to  visually detect. Each fence  sensor 
consists  of a seismic shock  sensor that detects climbing  over, lifting up or 
cutting through the fence. So if the  fence is climbable, it would not be  wise 
to  do  so since  you may  be detected.  Of  course it  doesn't matter  if your 
detected if there is no security force to respond and deter you. 
 
Another type, is  called the  E-Flex cable. It's  simply a  coax cable  running 
horizontally  across the fence. This  cable can not only  be used on chain link 
fences, but can also be used on concrete block, brick, or other solid barriers. 
It  may be on the outside, or  mounted inside the fence, thus, making detection 
of the device  harder. Of course  detection of this  and other similar  devices 
which  cannot be seen, doesn't make it impossible.  A way to detect this, is by 
simply repeatedly hitting the wall with a blunt object or by throwing rocks  at 
it.  If nothing out of the ordinary happens, then you can be reasonably sure it 
is not in place. This is basically a vibration sensor. 
 
Low frequency microphones: This  is essentially a coax  cable that responds  to 
noise transmitted within the fence itself. 
 
Vibration sensors:  These are based on mercury switches, a ring or ball on a 
pin, or a ball on a rail.  Movement of the fence disturbs the switches and 
signals alarms.  A hint that this is in use is that it can only be used on a 
securely constructed and tightly mounted fence, with no play or movement in it. 
Otherwise, they will be getting false alarms like crazy. 
 
OK, you know all about these types, how the hell do you get around it?  Well, 
don't touch the fence.  But if there is no alternative, and you must climb it, 
then climb the fence where it makes a 90 degree turn (the corner) or at the 
gate.  Climb it very slowly and carefully, and you should be able to get over 
without being detected by these sensors!  Make sure you climb on the largest 
pipe and don't fall. 
 
Security lighting and CCTV: 
--------------------------- 
 
Sometimes,  fences may be backed up by Closed Circuit TV (CCTV) systems to make 
visual monitoring  of  the  perimeter  easier and  quicker.  By  installing  an 
adequate  lighting system  and conventional CCTV  cameras, or  by using special 
low light sensitive  cameras, the  perimeter can  be monitored  from a  central 
point.  Security personnel can then be  dispatched when an intruder is detected 
on the monitors. 
 
Some systems are stationary, and others can be moved to view different areas of 
the  perimeter  from within  the  central station.  It  would be  in  your best 
interest to determine if  the camera is  stationary or not. If  so, you may  be 
able to plan a path which will be out of the view range of the camera. If it is 
movable, you will have to take your chances. 
 
Light control sensor: This  utilizes a Passive InfraRed (PIR) sensor to  detect 
the  body  heat  emitted from  someone  entering  the detection  area,  and can 
activate a light or  other alarm. PIR's  will be discussed in  Part II of  this 
series.  The sensor has  an option called:  'night only mode'  in which a light 
will flash when a person enters the  area, but only during night hours. It  can 
tell  if its dark by either a photoelectric sensor, or by a clock. Of course if 
its daylight savings time, the clock may not be totally accurate, which can  be 
used  to  your  advantage. If  it  is  photoelectric, you  can  simply  place a 
flashlight pointing directly  into the  sensor during daylight  hours. When  it 
gets  dark, the photoelectric sensor will still  'think' its day since there is 
sufficient light, thus,  not activating  the unit to  detect alarm  conditions. 
This should enable you to move within the area at will. 
 
Buried Seismic Sensors: 
----------------------- 
 
Seismic detectors are designed to identify an intruder by picking up the  sound 
of  your footsteps  or other  noises related  to passing  through the protected 
area. These sensors have a  range of about 20  feet and are buried  underground 
and  linked by a cable, which carries  their signals to a processor. There, the 
signals are amplified and equalized to eliminate frequencies that are unrelated 
to  intruder motion. The signals are converted to pulses that are compared with 
a standard signal threshold. Each pulse  that crosses this threshold is  tested 
on  count and frequency. If it meets all  the criteria for a footstep, an alarm 
is triggered. These sensors can even be installed under asphalt or concrete  by 
cutting a trench through the hard surface. It is also immune to weather and can 
follow any type of terrain. The only restriction is that the area of  detection 
must be free of any type of obstruction such as a tree or a bush. 
 
Electronic field sensor: 
------------------------ 
 
These detect an intruder by measuring a change in an electric field. The  field 
sensors use a set of two cables, one with holes cut into the cable shielding to 
allow the electromagnetic field to 'leak' into the surrounding area. The  other 
cable  is a receiver to detect the field and any changes in it. Objects passing 
through the field distort  it, triggering an alarm.  This sensor can either  be 
buried  or free  standing, and  can follow  any type  of terrain.  But its very 
sensitive to animals, birds, or  wind blown debris, thus,  if it is very  windy 
out,  and you know this is  being used, you can get  some paper and throw it so 
the wind takes it and sets off the alarm repeatedly. If it is done enough, they 
may temporarily turn it off, or ignore it due to excessive false alarms. 
 
It  is not hard to tell  if these devices are in  use. You cannot see them, but 
you don't have  to. Simply get  3-4 medium  sized stones. Throw  them into  the 
place  where you think the  protected area is. Repeat  this several times. This 
works on the lesser advanced systems that have trouble distinguishing this type 
of  seismic activity from human walking/running. If nothing happens, you can be 
reasonably sure this  is not in  use. Now that  you can detect  it, how do  you 
defeat  it? Well as far as the electronic field sensor is concerned, you should 
wait for a windy night and cause excessive false alarms and hope they will turn 
it off. As far as the seismic sensors, you can take it one step at a time, very 
softly, maybe one  step every 30-60  seconds. These sensors  have a  threshold, 
say,  two  or more  consecutive footsteps  in  a 30  second time  interval will 
trigger the alarm. Simply take  in one step at a  time, slowly, and wait,  then 
take another step, wait, until you reach your destination. These detectors work 
on the assumption that the  intruder has no knowledge  of the device, and  will 
walk/run across the protected area normally, thus, causing considerable seismic 
vibrations. The problem with this method is that it will take you some time  to 
pass  through the protected area. This means there is more of a chance that you 
will be seen. If there are  a lot of people going  in and out of the  facility, 
you  may not want  to use this method.  Another way would be  to run across the 
protected area, right next  to the door, (assuming  that is where the  response 
team  will come out) and drop  a large cat or a  dog there. When they come out, 
they will hopefully blame the alarm on the animal. The sensor shouldn't  really 
pick  up a smaller animal, but odds  are the security force are contract guards 
who wouldn't know the capabilities  of the device and  the blame would fall  on 
the animal and not you, assuming there were no cameras watching... 
 
 
Microwave systems: 
------------------ 
 
In  an outdoor  microwave system,  a beam  of microwave  energy is  sent from a 
transmitter to  a  receiver  in  a conical  pattern.  Unlike  indoor  microwave 
detectors,  which detect  an intruders'  movement in  the microwave  field, the 
outdoor system reacts to  an intruders' presence by  detecting the decrease  in 
energy  in the beam. The beams can protect an  area up to 1500 feet long and 40 
feet wide. All transmission is  line-of-sight and the area between  transmitter 
and receiver should be kept clear of trees and other objects that can block the 
beam. Microwave systems can operate in  bad weather, and won't signal an  alarm 
due to birds or flying debris. 
 
These  systems work  on the  Doppler effect, in  which they  detect motion that 
changes the energy, and sets off an alarm. These devices will usually be placed 
inside  a fence to avoid false alarms.  These devices are very easy to visually 
detect. They are  posts from 1-2  yards high, about  6 inches by  6 inches  and 
there are 2 of them, one receiver and one transmitter. In some cases there will 
be more, which enables them to protect a larger area. 
 
To defeat this, you can enter the field, very slowly, taking one step at a time 
but each step should be like you are in slow motion. It doesn't matter how hard 
you hit the  ground, since it  doesn't detect seismic  activity, only how  fast 
you approach the field. If you take it very slowly you may be able to get past. 
Detectors of this type get more and  more sensitive as you approach the  posts. 
Ergo, choose a path which will lead you furthest away from the posts. 
 
 
Photoelectric systems: 
---------------------- 
 
These  systems rely on an invisible barrier  created by beams of infrared light 
sent from a light source to a receiver. When the beam is interrupted, the alarm 
sounds.  The beam can have an effective range of up to 500 feet. Multiple beams 
can be used to increase the effectiveness  of the system, making it harder  for 
you  to climb over or crawl under the beams. Photoelectric systems can be prone 
to false alarms as a result of  birds or wind-blown debris passing through  the 
beam.  The  problem can  be corrected  by  the installation  of a  circuit that 
requires the beam to be broken for  a specified amount of time before an  alarm 
is  sounded. Weather conditions like heavy fog, can also interrupt the beam and 
cause an alarm. This can also be corrected by a circuit that reacts to  gradual 
signal  loss. These systems should not face directly into the rising or setting 
sun since this also cuts off the signal beam. 
 
As you can see this system has many problems which you can take advantage of to 
bypass this system. As with any system and method, surveillance of the facility 
should be  accomplished  in  various  weather conditions  to  help  verify  the 
existence  of a particular detection device, and to see how they react to false 
alarms. Many times, you  will be able to  take advantage of various  conditions 
to  accomplish your mission. If  there is only one  set of devices (transmitter 
and receiver), try to estimate the distance of the sensors from the ground. You 
can  then either  crawl under  or jump over  the beam.  This also  works on the 
assumption that the intruder will not recognize that the device is in use. 
 
 
MISCELLANEOUS: 
-------------- 
 
Guards: There  are two  types, in-house  or company  paid guards  and  contract 
guards. Contract guards are less secure since they do not work for the facility 
and if they make a mistake they  simply get transferred to another facility  no 
big deal. In-house guards know the facility better and have more to lose, thus, 
they are probably  more security conscious.  Be aware of  any paths around  the 
perimeter  in which guards can/will walk/ride  to visually inspect the exterior 
of the facility. 
 
Central monitoring:  Monitoring of  the devices  mentioned in  this article  is 
usually  accomplished  at a  'Central  Station' within  the  facility. Usually, 
guards *SHOULD* be monitoring these. If  you have planned well enough, you  may 
find  that the guard leaves his/her post to  do various things at the same time 
every night. This would  be an ideal time  to do anything that  may be seen  by 
cameras.  Unfortunately, there will probably be more than one guard making this 
nearly impossible. 
 
Gates: Probably the easiest way to pass through the perimeter is to go  through 
the  gate. Whether in a car,  or by walking. This may not  be too easy if it is 
guarded, or if there is a card reading device used for entry. 
 
Exterior card readers: An in-depth look at  the types of cards used will be  in 
part 3 of this series. But for now, if the card used is magnetic  (not Weigand) 
it is quite  possible to attack this. If you have an  ATM card,  Visa, or other 
magnetic card, slide the card thru, jiggle & wiggle it, etc. and quite possibly 
the gate will open. Reasons for this  are that since it is outside, the  reader 
is  subjected  to  extreme  weather  conditions  day in  and day out, thus, the 
detecting heads may not be in the best of shape, or since  it is outside it may 
be a cheap  reader. In  either  case, it may not work as good as it should  and 
can make 'mistakes' to allow you access. 
 
Combinations: The devices listed in this article do not have to be used  alone. 
They can and are used in conjunction with each other for greater security. 
 
Diversions: In some cases, a diversion could better insure your passage through 
the perimeter. Keep this in mind. 
 
Extreme weather conditions: All  devices have an  effective operating range  of 
temperatures.  On the low end of the scale, most devices will not operate if it 
is -30  degrees Fahrenheit  or lower.  Though,  quite a  few will  not  operate 
effectively  under the following  temperatures: -13 f,  -4 f, +10  f, +32 f. On 
the other side of the scale, they will not operate in excess of: +120 f, +130 f 
and  +150 f.  It is  unlikely that  the outside  temperature will  be above 120 
degrees, but  in  many  places,  it  may be  below  freezing.  Take  this  into 
consideration  if a facility has these devices,  and you cannot bypass them any 
other way. 
 
I could not have possibly mentioned everything used in perimeter protection  in 
this  article. I have tried to inform you of the more common devices used. Some 
things were intentionally left out, some  were not. I welcome any  corrections, 
suggestions,  and methods, for this article  and the future articles planned. I 
can be contacted on a few boards or through the LOD/H TJ Staff Account. 
 
 
CONCLUSION: 
----------- 
 
This article primarily dealt with the identification of various 'tools' used in 
physical security for the deterrence, prevention, detection, and response to an 
intruder. There also were some methods which have been used to attack,  defeat, 
and  bypass these 'tools'. None  of the methods mentioned  in this article work 
100% of the time  in all circumstances,  but ALL have  worked, some were  under 
controlled  circumstances, some were not. But all have worked. Some methods are 
somewhat crude, but they get the job done. Some methods were intentionally left 
out  for obvious reasons.  Even though this  article was written  in a tutorial 
fashion, in no way am I advising you to  go out and break the law. I am  merely 
showing  you how to identify devices that you  may not have known were in place 
to keep you from making a stupid mistake and getting caught. The  Establishment 
doesn't always play fair, so why should we? 
 
 
ACKNOWLEDGEMENTS: 
----------------- 
 
Gary Seven (LOH) 
 
 
(>---------------------------------------------------------------------------<) 
 (>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #4 of 12 
 
 
           Understanding the Traffic Services Position System (TSPS) 
 
                             Part I - The Console 
 
                               By The Marauder 
                                      & 
                             The Legion of Doom! 
 
 
                             / Revision 1.0-02 \ 
 
Written Sometime in 1986... 
 
 
* Special thanks to Bill from RNOC, Phucked Agent 04, and The (602) Scorpion 
  for their help in acquiring & compiling this information. 
 
     In this article I will discuss the basic layout description, and use of 
the keys, found on the standard AT&T 100-B TSPS Console. Possible uses for the 
information contained herein (besides for just wanting to know about the TSPS 
Console) are primarily for social engineering purposes. The more you know about 
operators and their jobs, the more you can get them to do things for you... 
 
 
I.                          Basic Console layout 
                            ==================== 
 
 +---------------------------------------------------------------------------+ 
 !  +---------------------+       +-------------------------------------+    ! 
 !  !   (Ticket Box)      !       !            ( Display )              !    ! 
 !  +---------------------+       +-------------------------------------+    ! 
 !                                                                           ! 
 !                          (NonCoin)    (--- Coin 1-----)    (-- Hotel --)  ! 
 !  VFY OVR SCN INW EMR     Sta 0+ 0-    Sta 0+ 0- Pst Tne    Sta 0+ 0- Gst  ! 
 !      SES         INT                            Pay                       ! 
 !                                                                           ! 
 !  (Outgoing trunk)     (--- Ring Designation --- )  (Release)              ! 
 !  DA  R&R  SWB  OGT    BAK FWD CAL T&C Nfy Chg Key   BAK FWD  SR MB Mt PT  ! 
 !                               BAK         due clg                         ! 
 !                                                                           ! 
 ! +-----+     Cw                  (Station)  PA CL SP SP AT DDD             ! 
 ! ! M B !                                          CG CD CT                 ! 
 ! ! u u !                                                                   ! 
 ! ! l l !                         (Person )  PA CL SP SP    NO              ! 
 ! ! t l !                                          CG CD    AMA             ! 
 ! ! i e !                                                                   ! 
 ! !   t !    (Coin 2)  (AMA Timing)   (Loop Ctl)                            ! 
 ! ! L i !    COL  RET  CA   ST        Cg Cg Cg                              ! 
 ! ! e n !              TMG  TMG                  (Kpls key)  (Num pad)      ! 
 ! ! a   !                             Cd Cd Cd   KP KP KP    1  2  3        ! 
 ! ! f T !              CA   REC                  TB RT HO                   ! 
 ! !   r !              CAL  MSG       HD HD HD               4  5  6   ST   ! 
 ! !   a !                                           KP KP                   ! 
 ! !   y !    POS                      AS AS AS      NY SP    7  8  9        ! 
 ! !     !    RLS                                                            ! 
 ! !     !        (Display Ctrl)                     KP KP       0           ! 
 ! +-----+    tim chg CLG CLD SPL                    BK FD          +--------! 
 !                min NUM NUM NUM                                   ! Number ! 
 !                                                                  ! Plate  ! 
 +---------------------------------------------------------------------------+ 
                     Figure 1. 100-B TSPS Console layout 
 
       (Due to 80 col width, picture is a little distorted vertically) 
Legend: 
         o Abbreviations in all capital letters are ILLUMINATED KEYS 
         o Abbreviations in all lower case letters are NON-ILLUMINATED KEYS 
         o Abbreviations in upper & lower case letters are LAMPS ONLY 
 
 ie: VFY = Lighted VERIFY key, tim = Unlighted TIME key, Cg = CALLING Lamp 
 
--  Above is the standard AT&T 100-B console layout, while there may be 
additional or different keys on the various  consoles, they will generally 
resemble the above layout closely.  In the lower right hand corner you will 
notice the numbers 0-9 laid out into what resembles a keypad, this is exactly 
what it appears to be. The TSPS Operator uses this keypad for keying in not 
only routing information (Phone numbers, Inward routings, etc..) but as a multi 
purpose tool for entering various numeric codes recognized by the TSPS software 
itself. Routing information applied onto the trunks from the TSPS position is 
of course in MF (Multi-Frequency). When a TSO keys in a number or routing, the 
console buffers the KP+INFORMATION DIGITS until the ST key is pressed, at which 
time it plays the buffered KP+INFO DIGITS+ST onto the trunk in a uniformly 
spaced sequence. So if you were somehow able to listen in on a TSO actually 
routing a call, it would not sound like someone placing a call on a standard 
Touch-Tone telephone (or homemade blue box), but more like someone pressing a 
"Redial key" on a Touch-Tone (TT) phone. The duration of the tone and space 
between the tones are a network-wide standard, although the network in most 
cases is quite tolerant to deviations of this standard. (This "loose" tolerance 
is what allows us to simulate In-band signalling with our blue boxes). 
 
--   At the upper left hand side of the diagram you will see the Ticket box, 
This box has 4 slots marked New, Cancel, Scratch and Completed. I believe this 
is used for manually filled out trouble and/or time tickets. As far as I know 
manually filled time tickets are a thing of the past, however in case of 
equipment failure the tickets are available I assume.  TSO would manually fill 
out a trouble ticket to report trouble reaching a number out of her LAN (Local 
Area Network - or, The area directly served by her particular TSPS position), 
whereas to report trouble with a number in her LAN she would simply key in a 
trouble code (utilizing the KP-TRBL (Trouble) key). to automatically place a 
trouble report. 
 
--   To the right of the Ticket box you will see the DISPLAY. The display works 
in conjunction with certain keys on the console, and is used to display timing 
information (hours, mins, sec's), Cost per minute, Calling number 
identification (what most people refer to as TSPS ANI), numbers called, and 
various special codes. The console display can be in one of two states, either 
1) displaying digits, or 2) displaying nothing (dark). Both of which have 
different meanings when resulting from certain procedures attempted by a TSO. 
LIGHTED KEYS, and LAMPS on the console can be in one of three states either 1) 
NOT ILLUMINATED (dark), 2) ILLUMINATED, or 3) FLASHING. Again the state of a 
lamp/lamp-key meaning different things under different conditions. 
 
 
II.                        KEY DESCRIPTIONS & USES 
                           ======================= 
 
--   Below the Ticket box you will see a row of 5 keys starting with the key 
labeled "VFY" (Verify), these are various special purpose keys used by TSPS 
that have no real "grouping" unlike the other "Key groups". These are: 
 
(VFY) - Verify, Illuminated key. Used in conjunction with the keypad, allows 
the TSO to verify (listen in) on a telephone call that is in progress, although 
any conversation taking place on that call is scrambled to the TSO, and despite 
popular belief THE SCRAMBLING PROCESS IS DONE AT THE CONSOLE LEVEL, AND NOT ON 
THE TRUNK LEVEL, SO FOR THOSE OF YOU WHO SEEN REFERENCE TO THE "BLV SCRAMBLING 
SHUT OFF TONE" PLEASE IGNORE IT, IF YOU WERE TO SOMEHOW GAIN ACCESS TO A 
VERIFICATION TRUNK FROM A NON-TSPS POSITION, THE CONVERSATION WOULD NOT BE 
SCRAMBLED. 
 
 
(OVR SES) - Over Seas, Illuminated key. Used in overseas call completion 
through an Overseas Toll Completion Center/Server (IOCC). I believe it also 
allows the TSO to key in more than 10 digits (standard POTS) for IDDD call 
completion. 
 
(SCN) - Screen, Illuminated key - Lights to notify TSO that incoming call has 
an associated screening code, (ie: 74=collect calls only, 93=special billing). 
Depressing this key causes the code to show on display, and it's up to the TSO 
to decipher the code and explain its meaning to the customer if he/she is 
attempting something forbidden by his associated screening code. (ie: Prison 
phones have a screening code of 74, allowing them to place collect calls only.) 
 
(INW) - Inward, Illuminated key - Lights to notify the TSO that the incoming 
call is "Operator to Operator", therefore she answers by pressing the key and 
answering "Inward!". In most cases Inward Operators are actually TSPS, with 
their INWARD lamps lit. 
 
(EMR INT) - Emergency Interrupt, Illuminated key. Used in conjunction with 
the VFY key, to interrupt a call in progress while a line Verification is being 
done, pressing this key causes an audible "beep" to be applied to the line, and 
de-activates the console scrambling (for roughly 30 seconds) , allowing the TSO 
to talk to the parties being verified/interrupted. Use of this key & the VFY 
key, is constantly kept track of via various security & maintenance TTY's and 
any abuse/misuse will set off alarms. 
 
--   To the right of the above set of keys you will see three groups of 
LAMPS/Keys labled "Non-coin", "Coin 1", and "Hotel".  The TSO utilizes the 
condition of these lamps to identify the status of incoming calls. There are 
three lamps that are common to each of the three groups, these are: "Sta", 
"0+", and "0-" their meaning is identical in each case as you will see below. 
 
(Sta) - Lamp, NON-COIN STA lamp lights when a non-coin caller requires TSPS 
assistance in placing an otherwise direct-dialable call (in some rural areas 
that have limited DDD features).  COIN STA lamp lights on direct dialed coin 
calls that are sent to TSPS for payment collection. HOTEL STA lights on Hotel 
originated DDD calls, TSPS also receives room number call is being originated 
from. 
 
(0+) - Lamp, Lights to signify that the incoming call was originated by a 
customer dialing a "0+telephone number" for an operator assisted call in each 
of the three groups (coin, non-coin, hotel/motel).  (ie. if a customer were to 
place a "person to person (op assisted) call from a payphone, this would cause 
the "0+" lamp in the "coin" group to light, one placed from a residential phone 
would cause the "0+" lamp in the "non-coin" group to light, etc..) 
 
(0-) - aka "Dial Zero", Lamp. Lights to signify that the incoming call was 
originated by a customer simply dialing 0 (zero), in each of the three 
categories (non-coin, coin, hotel/motel). 
 
(PST PAY) - Post Pay, Illuminated key. Coin group only, Depressed by TSPS when 
a customer requests a "post pay" call from a payphone, allowing him to deposit 
the full charge at the completion of the call. 
 
(Tne) - Tone, Lamp. I believe this lamp lights to inform the TSO that a coin 
customer has flashed his/her switchook during a call in progress, requesting 
operator assistance, although I'm not positive of this. 
 
(GST) - Guest, Illuminated key lights on all hotel originated calls. 
 
--   Below the above rows of keys and to the far left you will see a row of 
keys labled "Outgoing Trunks". TSPS utilizes this group of keys to select 
various outgoing trunk groups the keys are used as follows: 
 
(DA) - Directory Assistance, Illuminated key. Used by TSO to place calls to the 
directory assistance group. 
 
(R&R) - Rate & Route, Illuminated key. Used to place calls to rate and route, I 
believe TSPS now goes to the Universal Rate and Route position known to all you 
boxers to be found at KP+800+141+1212+ST. 
 
(SWB) - Switchboard, Illuminated key. I believe this key is used to reach a 
cord-board position, although I have no evidence of this. 
 
(OGT) - Outgoing Trunk, Illuminated key. Depressed by TSO to select an outgoing 
trunk to be used to place operator assisted calls, special purpose calls (ie. 
Inward), etc.. 
 
--   To the right of this row of keys you will find the group labled "Ring", 
these keys are utilized by TSPS to activate special purpose ring features and 
line handling. 
 
(BAK) - Ring Back, Illuminated key. Used by TSO to ring the originating party's 
line while holding the forward line in the event that the originating party 
looses his connection 
 
(FWD) - Ring Forward, Illuminated Key. Exactly the opposite of ring back. 
 
(CAL BAK) - Call Back, Illuminated key. Used in special operator call back 
situations on person to person calls where the called party is not available 
but a message is left anyway, I really don't understand it's full potential and 
most positions I have spoken with don't either. 
 
(T&C) - Time and Charges, Illuminated key. 
 
(Nfy) - Lamp.  Used in Non-ACTS (Automatic Coin Toll Service) originated calls, 
lights to inform TSPS to notify caller of expiration if initial n minute period 
(n = number of minutes entered via the KP NFY key at the origination of the 
call). 
 
(Chg Due) - Lamp. Lights to inform TSO that more money is needed at the 
completion of a TSO assisted coin call, the usual procedure is to ring the coin 
station back and attempt to frighten the customer into making the proper 
deposit ("If you don't pay we'll bill the called party..."). 
 
(Key Clg) - Key Calling, Lamp. This lamp is used by TSPS to determine the 
status of an incoming "Operator Number Identification" (ONI) marked caller or 
an incoming caller that was routed to TSPS due to an "ANI Failure" (ANIF) Both 
call conditions come to as a "0+" call (hotel, non-coin, coin - see above), if 
the calling party is marked as "ONI Required" the appropriate "0+" lamp will 
light, and the "Key Calling" lamp will be LIT STEADY. If the incoming call was 
due to an ANIF, the "0+" lamp will be lit, and the "Key Calling" lamp will be 
LIT & FLASHING. 
 
--   Directly to the right of the "Ring" group of key's you will find the 
RELEASE set of key's, these two Illuminated key's allow the TSO to selectively 
release (disconnect from) either the calling, or called parties by pressing 
either the "Release Back" (BAK), or "Release Forward" (FWD) key respectively. 
 
--   To the right of the release set, you will see a group of four key's with 
no particular "group designation", these again are various multi-purpose key's 
that serve the following: 
 
(SR) - Service (assistance) Required, Illuminated Key. Pressed by TSO to 
Forward calling party to a supervisory console (ie. Irate Customers demanding 
supervisor), can also be used if she is confused and needs assistance. 
 
(MB) - Make Busy, Illuminated key. Used to "Busy out" her console, lights when 
pressed, console will not take any incoming calls until it is pressed again. 
(ie: Useful when gabbing, doing nails, or filling out time/trouble tickets). 
 
(Mt) - Maintenance, Lamp. This lamp Illuminates to warn the TSO that her 
console has been placed into remote maintenance/testing mode.  A flashing MTNC 
lamp indicates a faulty console. 
 
(PT) - Position Transfer, Illuminated Key. A TSO depresses this key to transfer 
the call in progress from her console (position) to another console. 
 
--   Below the "Outgoing Trunk" keygroup, you will see a Lamp marked "Cw" Call 
Waiting - This lamp lights on every active console to inform a TSO that there 
are incoming calls waiting. 
 
--   To the far right of the "Cw" lamp, you will find the AMA group of keys, 
broken into two sub-groups, which are "Station" and "Person", a complete 
description of each key in this group would require more room than I have 
available here, so if there's sufficient interest I will devote another article 
to the use of these key's.  Basically these key's are used in conjunction with 
the "KP" and "AMA Timing" groups of key's (see below), for attaching the 
appropriate class of charge to the call being originated. The keys in the 
"Station" sub-class from left to right are "Paid" (PA), which is used to attach 
a "Station to Station" originating caller paid class of charge, "Collect" (COL) 
to attach "Station to Station" Collect Call. "Special Calling" (SP CG), and 
"Special Called" (SC CD) which are both used in "Special" Station to Station 
billing procedures, such as third party, or credit card calls. "Auto Collect" 
(AT CT), used in coin billing procedures and "Direct Distance Dialing" (DDD), 
Attaches a DDD class of charge in cases where you have trouble dialing a number 
and require operator assistance in completing a call.  Below this row of keys 
you will find the "Person" sub-group of AMA keys, their uses are identical to 
those in the "Station to Station" group only they attach a "Person to Person" 
rate of charge. The "No AMA" (NO AMA), key is pressed to eliminate a charge for 
a person to person call where the called party is unavailable.  Although all 
the key's in this group can take on different meanings under different 
conditions, the above definitions are suitable for the sake of this article. 
All key's in this group are Illuminated keys. 
 
--   Below the "Cw" lamp you will find two keys under the heading "Coin 2", 
their uses on "Coin originated (payphone)" calls are: "Coin Collect" (COL) - 
which causes the payphone to collect coin, and the "Coin Return" (RET), causes 
it to return a coin. Both are Illuminated Key's. 
 
--   To the right of the "Coin 2" group, you will find the "AMA Timing" group. 
These key's are used in conjunction with the "AMA", and "KP" groups for: 
 
(CA TMG) - Cancel Timing, Illuminated Key. Cancels AMA timing charges and also 
allows TSO to change the class of charge on a call. 
 
(ST TMG) - Start Timing, Illuminated Key. Used to start AMA timing after 
appropriate class of charge has been entered, and the calling party has reached 
the called party in person to person calls (or in station to station DDD calls, 
destination ring has been established). 
 
(CA CAL) - Cancel Call, Illuminated Key. Used in conjunction with the Cancel 
Timing key to Cance&2cP "qcall and mark a "NON-COMPLETED" call on the AMA tapes 
(ie. A person to person call where the called party is not available). 
 
(REC MSG) - Record (AMA) Message, Illuminated Key. Used at the completion of 
(completion meaning calling & called party are done talking), to record the 
time of the call and the appropriate class of charge onto the AMA tapes and 
releases their forward connection. --   To the right of the AMA timing group 
you will see three columns of four buttons under the heading of Loop Control. 
These allow the TSO to access any of the three loops available to her for 
placing calls. The keys have identical meaning in each set they are used in the 
following manner: 
 
 
(CLG) - Calling Party, Lamp. Lights to signify person on said loop is a calling 
party. 
 
(CLD) - Called Party, Lamp. Lights to signify that person on loop is a called 
party. 
 
(HLD) - Hold, Illuminated key. Places a loop into a hold state, the calling and 
called party can talk to each other, and AMA timing can be started. The call is 
held at the console. 
 
(ACS) - Access, Illuminated key. Used by TSO to initially access a loop. 
Pressing this key selects an outgoing loop, and readies the console for placing 
a call onto it. It is also used to allow TSO back into a loop(s) in a HOLD 
state. 
 
--   To the right of the loop control group you will see the "Keypulse Key" 
group, these key's are pressed by the TSO to initialize the keypad parser into 
the proper mode for entering information, which is completed/entered by 
pressing the ST (START) key (to right of keypad). Their uses are as follows: 
 
(KP TB) - KP Trouble, Illuminated key. Used to enter various TSO encountered 
trouble codes such as noisy line, customer(s) were cut off, couldn't complete 
call, etc. I believe the format for entering a trouble code is as follows: "KP 
TBL + TC + NTE + CN + ST" where KP TBL = KP Trouble Key, TC = 2 Digit Trouble 
code, NTE = Number of times Trouble was encountered (1 Digit), CN = Callers 
(phone) Number, and ST = the START key. a record of the trouble is made on the 
AMA tapes and the calling party is usually given credit. 
 
(KP RT) - KP Rate, Illuminated. Used to enter and display Rate (Charge) 
information. Can also be used to display rate information at a customer 
request. 
 
(KP HO) - KP Hotel, Illuminated Key. Used for manually entering a verbally 
requested room number on  Hotel/Motel originated calls. 
 
(KP NY) - KP Notify, Illuminated key. Used for entering time in Minutes on a 
NON-ACTS originated Coin call, when entered time duration is up, it causes the 
NFY Lamp (See above) to Flash. 
 
(KP SP) - KP Special, Illuminated Key. Used for entering Special numbers such 
as credit card id's and third party billing numbers, causes TSPS software to 
automatically query the BVA (Billing Validation) database to check validity of 
number/CC, will flash if billing to an illegal card or number is attempted. 
 
(KP BK) - KP Back, Illuminated Key. Used in entering the calling number in ANI 
failures (ANIF), and ONI (Operator Number Identification) required situations. 
 
(KP FD) - KP Forward, Illuminated. Most commonly used KP Key. Used to enter 
called party's number on all TSO assisted calls. Pressing the ST (START) key 
causes the entered number to be applied onto the accessed trunks in MF. 
 
(ST) - Start, Illuminated Key (Found to the right of the keypad). Used in 
completing all KP+number sequences listed above. 
 
-- Below the "Coin 2" set of key's you will see the (POS RLS) - Position 
Release key, this key is used by the TSO to release her position from the call. 
She would hit POS RLS after completing a call, and also to release a person 
calling to ask her questions and not actually requesting a call be placed (ie. 
Name/place requests, etc..) 
 
-- Below the Position Release key you will see a set of 5 key's labeled 
"Display Control", these key's are used to make the console display show 
various information. Their use is as follows: 
 
 
(TIM) - Time, Unlighted Key. Displays time of day in Military format. 
 
(CHG MIN) - Charge per Minute, Unlighted Key. Displays the $ charge per minute 
on a call in progress. 
 
(CLG NUM) - Calling Number, Illuminated Key. Displays the number of the calling 
party. 
 
(CLD NUM) - Called number, Illuminated Key. Displays the number of the called 
party. 
 
(SPL NUM) - Special Number, Illuminated Key. Display's various special numbers 
such as Calling Card numbers, and third party billed numbers. Use of this key 
in displaying Calling Card numbers is as follows:  Press it once you get first 
10 digits of 16 digit Calling Card, press it a second time and get the second 6 
digits of the Calling Card, press it again and it darkens the display. 
 
-- That's it for the key's on the console, on the left hand side of the diagram 
you will see the "Multi Leaf Bulletin Tray", this is an all purpose holder for 
information leaflets that contain information on special numbers, Rate & Route 
information, special non-standard assistance routes, and various other TSPS 
related information. At the lower right hand side of the console is the "Number 
Plate", this is simply the console's Position number and ID number. It is a 
stamped metal plate, I haven't figured out any way to abuse it yet, other than 
scaring a TSO by knowing of it's existence. 
 
** That's about it for this article, if there is sufficient interest in TSPS I 
will write further articles with more detail on the actual procedures used by 
the TSPS operator in call handling and such, I will also be writing an article 
on the BOC TOPS (Toll Operator Position Service) operators that have begun to 
pop up since the divestiture when I get some better information on the position 
itself. It seems that AT&T inwards no longer handle only long distance 
assistance in TOPS services areas and the TOPS op's handle all local area 
assistance. 
 
Until then, Dial with Care. 
 
 
                                 The 
                                   Marauder 
                                Legion of Doom! 
 
------------------------------------------------------------------------------ 
 
Any questions, comments or clarifications can be made directly to me, or via 
the TJ's Staff account. 
 
(>---------------------------------------------------------------------------<) 
 (>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #5 of 12 
 
 
                 An Introduction to Hacking TOPS-20s 
                                 by 
                          The Blue Archer 
 
   To begin with, I would like introduce this article and clarify a few things. 
Firstly, this article was written to familiarize interested hackers in DEC's 
TOPS-20 (Total OPerating System-20) and give them knowledge of how to 
properly utilize its resources.  This article will generally be limited to the 
basics, with an advanced article forthcoming.  Secondly, you may have seen 
other articles I have written on the Tops-20 a while back. Well this is simply 
a better organized and updated article with primarily the same information. 
And finally, I would like to say that I welcome any and all questions about 
the article or the operating system and would be glad to help out with any 
problems. I may be reached on certain boards or through the LOD/H TJ Staff 
Account on sponsor BBS's. Anyway, have a good time hacking your local TOPS! 
 
Starting Notes 
-------------- 
o Capital letters in the beginning of a command indicate that those letters 
  alone may be typed for the whole command. 
o <>: Brackets around any element(s) are required. 
o (): Parenthesis are not required unless otherwise stated. 
o  ~: This symbol refers to control (ex: ~A= Control-A). 
o  @: Is the general system prompt and is not considered to be typed by the 
      user when shown in examples. 
o  $: This is the enabled state system prompt (explained hereafter). 
 
                             ---------------- 
                             /EXTERNAL USAGE/ 
                             ---------------- 
 
                             SECTION I: ACCESS 
 
  The commands for entering and leaving a Tops-20 are LOGin and LOGOut 
respectively. The correct usage of these command are as follows: 
  @LOGin USERNAME 
  @LOGOut USERNAME 
Where username is a variable for the account name. Account names may be 
virtually anything, depending upon the system. I employ two methods for 
attaining usernames. The first, and most commonly known and used is checking 
the system status. This is done thusly: 
  @SYstat 
This will cause the computer to list out various information about the 
assorted users logged in and their status and the status of the system as a 
whole. This command does not work on all Tops-20 computers from a non-logged in 
state, namely versions 6.1 and higher. A second and immensely more effective 
method is superior use of the escape character. The complete use of this 
character will be discussed later. For use in logging, one types LOGin and 
then a letter or series of letters and then the escape key. Depending on the 
number of usernames beginning with the same letter(s), the computer will fill 
in the rest of the username. Once the letters are in such a way that if one 
continued typing, only one valid username could be gotten, the escape key 
will fill in the rest if pressed. Here is an example: 
@LOGin S(escape) 
(the computer responds with a beep because there is more than one username 
starting with the letter S, so I type another letter) 
@LOGin SM(escape) 
(beep once more) 
@LOGin SMI(escape) 
@LOGin SMIth (PASSWORD) 
          ^^ 
(The computer fills in the 'th' part of the username for me and asks for the 
password with the parenthesis and all). 
One note: If the computer fills in an account name and then when a password is 
tried it responds with a 'not valid account' message, it simply means that it 
is a non-loginable files-only account which will be discussed later. 
  While trying to gain access to a system, it is wise to use all the pre-login 
resources avaiable. On versions 6.x these resources are virtualy nil but on the 
older versions, one may sometimes find an incredible amount of help.  To 
see what actual help is available, type: 
  @HELP ? 
Look for certain things like SECURITY and LOGINHELP.  If the system in use is 
on a net, or for some reason the dialup number is not known but wanted, it can 
sometimes be found in help files most commonly named DIAL, DIALUP(S), and 
PHONES. So, to view them, simply type: 
  @HELP DIALUPS 
Or the name of whatever help file that is desired to be seen. 
  The Information command is also a useful command, more fully discussed 
later. The most useful Information commands are as follows: 
@Information VERSion 
  This will display the banner. If the computer, for security reasons, did 
  not display the banner upon connection, then this may prove useful in 
  identifying the target computer 
@Information DEC 
  lists the various Decnet nodes available. On 6.x versions 
@I DEC NODENAME 
   will tell if a path is open to the node or is the object node is currently 
   up and running. 
@I ARPA 
   will tell the status of ARPANET with respect to this particular computer. 
Meaning whether or not the software is up and running and the status of 
connections. 
  Networking will be explained in the advanced Tops hacking file. 
 
                                ---------------- 
                                /INTERNAL USAGE/ 
                                ---------------- 
 
                          SECTION II: SYSTEM FUNCTIONS 
 
  Under normal circumstances, with the exception of currently running programs, 
the exec level (command level) prompt will be either `@' or `$' depending on 
certain options, which will be discussed later. For now we will assume the 
prompt is @. This is the place where commands given are executed immediately. 
Certain characters are also available for use here (and other places) which 
make life on a TOPS-20 easier. Here is a list of those characters: 
 
1) ~C: This gets the system's attention. It will break out of most programs and 
processes. It may be necessary to type 2 for it to work, though. 
3) ~O: Halts terminal output without interrupting the program. A second ~O 
restarts output to terminal. Note: under this condition output is still being 
sent by the computer, it is just not printed on the terminal, as opposed to 
an actual ceasing of output by ~S. 
4) ~S: Temporarily pauses current output. 
5) ~Q: Resumes output currently suspended by ~S. 
6) ~R: Retypes current line discarding old line. 
7) ~T: Prints information including what the program in use is doing, CPU 
information, and load average (amount of users on system.) 
8) (Escape): The Escape key causes a form of recognition for virtually anything 
being done on the TOPS. It will complete commands, filenames, and just about 
anything else being typed to the computer. For example I(escape) would result 
in the command INFORMATION. For further information on this command refer to 
the logging in procedure utilizing this feature. 
9) ?: This is used to obtain information regarding what the system is expecting 
as input or what the current command options are. It may be used almost 
anywhere, including after single or multiple letters, filenames, etc. 
example: @C? 
would print a list of available exec level commands starting with the letter C. 
 
  Here is a list of commands used to obtain system information: 
 
1) DAYtime: Prints current data and time of day. 
2) HELP: Gives help on a wide variety of topics, depending on the system. 
For a complete list, type: HELP ? 
3) Information: Provides information on a wide variety of topics. For a 
complete list, type: I ? 
4) SYstat: Outputs a summary of system users and available computer resources. 
 
                          SECTION III: ACCOUNT STRUCTURE 
 
    The TOPS-20 users login and use the system via accounts which are variable 
with different privilege levels and access rights. Accounts are specified by 
usernames and most of the time the directory names are the same as the account 
names as is also common for VMS. So, logging in under the SMITH means that one 
is under the account (username) SMITH. To find out the privileges of an 
account, type: 
@I DIR <USERNAME> 
This can always be done to the account logged in under, and sometimes to other 
accounts depending on access rights and the security of the other account. This 
command prints out information regarding the account specified. It will even 
show passwords on pre-6.x versions of TOPS if one has sufficient privs. In 
general the two major levels of privs are full and normal. Full privs are 
denoted by OPERATOR or WHEEL in the privilege information printed. This level 
gives the user complete authority over the system. The normal level of privs 
means anything else but OPERATOR or WHEEL. These forms of accounts have limited 
access with respect to system operations and other accounts. Access to certain 
programs, files, and information is restricted to whatever extent the system 
owners choose. Other minor privilege abilities enable the user to perform 
slightly more than completely normal users, and sometimes may be of importance 
depending on the circumstances. 
  Creation and modification of accounts is done through the BUIld command. 
Example: 
@BUILD <USERNAME> 
Where <USERNAME> is the account to be modified (already exists) or an account 
to be created (non-existant). Depending on the privs of the account attempting 
to build and system restrictions, one may have a great deal or virtually no 
power to create and modify. On most systems, only wheels and operators can 
create top level accounts (loginable non-subdirectory accounts). File storage 
sub-accounts can be created almost anywhere. These are simply accounts in which 
files are put, and these accounts cannot be logged into. To see what options 
have been chosen for the account being built, simply type: 
@@LIST 
Other options for the account being built are as follows: 
1) WHEEL: This gives the account wheel (complete) privileges. If this option is 
chosen, then others may be excluded for it is all-encompassing, it overrides 
any and all protection. 
2) OPERATOR: Same as wheel. 
3) DECNET-ACCESS: This allows the account to use the decnet, assuming there is 
one available. DECNET and other nets will be explained in the advanced article. 
4) ARPANET-ACCESS: Allows user to use the Arpanet. 
5) ARPANET-WIZARD: This command allows the user ARPANET ACCESS and more. This 
account has the ability to turn the Arpanet software of the system on and off. 
The commands are as follows: 
$~ESET ARPA ON 
$~ESET ARPA OFF 
Use of ~E will be discussed in the next article. The dollar sign for the 
system prompt is explained later. 
6) IPCF: Allows Inter-Process Communication Facility capabilities. 
7) DEFAULT-FILE-PROTECTION: Sets the protection of the files in the user's 
directory. The lower, the more secure. 
8) PROTECTION-OF-DIRECTORY: Sets protection of the actual account itself. This 
means who can connect to it, modify it, etc. Once again, the lower the 
protection, the more secure it is against others. 
9) PASSWORD: Sets the password for the account. Type PASSword with the actual 
password after it. 
10) KILL: This destroys the account. This command removes the account from the 
system. 
To complete the creation/modification, type two carriage returns. 
 
  The system will not recognize the user as having its various privileges 
unless it is told that they are there. This is done thusly: 
@ENAble 
This enables all the user's privileges and changes the prompt to a '$'. All 
accounts, even wheels, are considered normal until enabled, so this must always 
be done before an action requiring privileges is performed. It is fine to do 
this immediately after logging in and leaving it like that, for it does not 
save any adverse effects. At all places in this article where there is a '@', 
if enabled would be a '$'. 
 
                             SECTION IV: DIRECTORY USAGE 
 
  Directories are storage places for files. Each account has a directory in its 
own name, and possibly one or more subdirectories. To see what files are in the 
directory connected to at the moment, type the command DIRectory: 
@DIR 
This will list what files, if any, are accesable in this directory. At the time 
of login the computer sets the account's own directory as the one to be 
connected to unless otherwise specified by such things as login adjustment 
files (to be discussed at a later date.) Subdirectories of an account are 
denoted by a period between the account name and directory name. Example: 
<ACCOUNTNAME.SUBDIRECTORYNAME> 
Subdirectories are dealt with as normal directories for purposes of usage. 
Dealings with directories other than the current default directory require the 
use of brackets. For example, if one wanted to look in a directory titled 
<SMITH>, he would have to type: 
@DIR <SMITH> 
And assuming his directory is not protected, a list of files in the <SMITH> 
directory will be produced. The current default directory (the one connected 
to) does not require brackets for usage. Most directory commands may be used on 
other directories by simply placing the object directory (one to be commanded) 
in brackets after the command. 
  Here is a list of some of the more important directory related commands: 
 
1) ACCESS: This command requires the password of the target directory and, if 
correctly given, transfers rights to that directory including creation/deletion 
of files, etc. The format for usage is: 
@ACCESS <DIRECTORY> 
2) CONNECT: This changes the current default directory to the specified one. It 
may be countered, though, by protection. If ACCESS to the object directory is 
on then connection may be established regardless of protection. The command is 
used like this: 
@CONNECT <DIRECTORY> 
3) COPY: This duplicates an already existing file in another directory to the 
current default directory or another specified directory. The format is: 
@COPY <OBJECTDIRECTORY>FILENAME.FILETYPE 
to copy it to the default directory, or: 
@COPY <OBJECTDIRECTORY>FILENAME.FILETYPE <OTHERDIRECTORY>FILENAME.FILETYPE 
to copy it to another directory. 
4) DELete: Deletes the file from the directory. It still exists and may be 
retrieved until it is completely removed. 
5) EXPunge: Completely removes deleted files from the system forever. 
6) FDIRectory: Lists all information about all files in directory. 
7) RENAme: Rename a specified file. The format is: 
@RENAme FILENAME.FILETYPE NEWFILENAME.FILETYPE 
8) UNDELete: Restores deleted files which have not been expunged yet. 
9) VDIRectory: List all information about all files in directory specified, 
including protection, size, and date and time when they were last written. 
 
    Files in directories are in the form of: 
FILENAME.FILETYPE.# 
where filename is the name of the file, filetype is the kind of file, and # 
is the number of the file. If there is more than one file with the same name, 
multiple numbers will be shown. If a number is left out when a command dealing 
with a file is typed, then the file with the highest number will be used. 
    Here is a list of filetypes and how to properly use them: 
 
1) .BAS: These are files written in basic. To use these, type BASIC or BASIC20 
and LOAD them in and RUN, LIST, or modify them in the basic language and SAVE. 
2) .BIN: These are binary files containing program data and are generaly not 
directly used. 
3) .CMD: These are command files. They are files of a series of commands to be 
executed. Commands will be carried out as if typed by the user from the exec 
level. To use them, type: 
@TAKE FILENAME.CMD 
They are very useful for performing long processes which must be done often. 
4) .CTL: This is a control file for batch jobs. It tells the batch job what to 
do when it logs in. Batch jobs are jobs logged into the account which created 
it to carry out commands. Further discussion of batch jobs is in the next 
TOPS article. The format for usage of these files are: 
@SUBmit FILENAME.CTL 
5) .EXE: Files of this sort are executable from the exec level. They are 
assembled programs in machine language and the fastest sort of program on the 
TOPS. To use them, type: 
@<DIRECTORY>FILENAME.EXE 
6) .HLP: This is basically just a text file. Use the same command as the .TXT 
forms of files. If a file of this sort is placed within the actual <HELP> 
directory, it becomes available to the whole system by simply typing: 
@HELP FILENAME 
All information obtained through the HELP command is actually in the form of 
files in the <HELP> directory. 
7) .INIT: These are initialization routines for various programs. They are not 
used directly. 
8) .LOG: This is the output of batch jobs. It details the actions of the job 
and the responses of the computer. To view, do this: 
@TYpe FILENAME.LOG 
9) .MEM: This is a memorandum. Often times being inter-office memos and the 
like. Use them as any normal text file. 
10) .TEXT: This is the uncommon filetype name for a text file. See .TXT for 
proper usage. 
11) .TXT: These are text files. They contain written information and data to be 
read. The command for using them is as follows: 
@TYpe FILENAME.TXT 
 
  To use files in other directories, type the directory name in brackets before 
the filename. Ex: 
@TYpe <SMITH>SECRET.TXT 
This applies for all filetypes and commands. Once again restrictions may apply 
with regard to protection. 
 
                         SECTION V: SYSTEM-WIDE COMMUNICATIONS 
 
  Communication to other system users is done primarily two ways: direct and 
indirect. Direct includes chatting with another online user and such, while 
indirect is generally done through electronic mail and the like. 
  Here are the common commands of direct communication: 
 
1) ADVISE: When this is done, whatever is typed at one terminal is executed at 
another. For example: 
 @ADVISE USERNAME 
Then, whatever is typed will be carried out as if typed from that terminal 
until the link is broken. 
2) BReak: This breaks all links to the terminal typing BReak. 
3) RECEIVE: This allows the terminal to receive either LINKS or ADVICE, as 
specified by the command. Ex: 
@RECEIVE ADVICE 
4) REFUSE: This puts up a barrier keeping links or advice from reaching the 
terminal. REFUSE ADVICE is default when logging in, so in order receive advice, 
one would have to type the proper command. 
5) REMark: Goes into a chat state in which textual information is sent to the 
computer and not interpreted as commands. 
6) TALK: Establishes a link between two terminals. Ex: 
@TALK SMITH 
would establish a link with SMITH. Whatever is typed is seen by both parties. 
REMark is useful here if a conversation is to ensue. 
 
  Electronic mail can be sent and read through various programs. The most 
common ones being MM, MAIL, MS, and RDMAIL. Users are informed when they have a 
message waiting upon logging in. Mail is stored in the file MAIL.TXT in the 
user's directory. MM and MS are the best mail programs and should be the ones 
used, so here is a very brief explanation of the major commands they both 
use (they are very similar). 
 1)  SEND: This is the command used to send mail to another user. At the prompt 
of the respective mail program, type SEND and a carriage return,  the 
computer will prompt for information such as the user for the message to be 
sent to, other users to receive a copy of the message, and the title of the 
piece of mail. 
2) READ: This command, if typed with no argument, will start reading all 
currently unread mail. If used with the number of a piece of mail, it will 
read that one alone. 
3) HEADERS ALL: This will give a list of all the titles of the various pieces 
of mail in the user's mailbox and the corresponding number of that mail. 
  Sending mail over networks will be discussed in the next article. Look for it 
in the next issue of the Technical Journal. 
 
                             Blue Archer (LOH) 
 
 
(>---------------------------------------------------------------------------<) 
 (>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #6 of 12 
 
 
                 +--------------------------------+ 
                 |   Building Your Own Blue Box   | 
                 +--------------------------------+ 
                 |               By               | 
                 |          Jester Sluggo         | 
                 |     Released: Nov. 27, 1986    | 
                 +--------------------------------+ 
 
 
 
     This Blue Box is based on the Exar 2207 Voltage Controlled Oscillator. 
There are other ways to build Blue Boxes, some being better and some not as 
good, but I chose to do it this way.  My reason for doing so: because at the 
time I started this project, about the only schematic available on BBS's was 
the one written by Mr. America and Nickie Halflinger.  Those plans soon (in 
about 90 seconds) became very vague in their context with a couple in- 
consistencies, but I decided to "rough it out" using those plans (based on the 
Exar 2207 VCO) and build the Blue Box using that as my guide.  During the 
construction of the Blue Box, I decided to type-up a "more complete and clear" 
set of Blue Box schematics than the file that I based mine on, in order to help 
others who may be trying/thinking of building a Blue Box.  I hope these help. 
 
     Note:  You should get a copy of the Mr. America/Nickie Halflinger Blue Box 
plans.  Those plans may be of help to anyone who may have difficulty 
understanding these plans.  Also, these plans currently do not support CCITT. 
 
+---------------------------------+ 
| Why should I build a Blue Box ? | 
+---------------------------------+ 
 
    Many of you may have that question, and here's my answer. Blue Boxing was 
the origin of phreaking (excluding whistling). Without the advent of Blue 
Boxes, I feel that some of the advances in the telecommunications industry 
would've taken longer to develop (The need to stop the phone phreaks forced 
AT+T Bell Laboratories to "step up" their development to stop those thieves!). 
     There is no harm in building a Blue Box (except the knowledge you will 
gain in the field of electronics).  Although there are software programs (Soft 
Blue Boxes) available for many micro's that will produce the Blue Box 
Multi-Frequency (MF) tones, they are not as portable as an actual Blue Box (you 
can't carry your computer to a telephone, so you must use it from home which 
could possibly lead to danger). 
     Many phreaks are announcing the end of the Blue Box Era, but due to 
discoveries I have made (even on ESS 1A and possibly ESS 5), I do not believe 
this to be true.  Although many people consider Blue Boxing "a pain in the 
ass", I consider Blue Boxing to be "phreaking in its' purest form".  There is 
much to learn on the current fone network that has not been written about, and 
Blue Boxes are necessary for some of these discoveries.  The gift of free fone 
calls tends to be a bonus. 
 
     Note: Blue Boxes also make great Christmas gifts! 
 
+---------------------------------------+ 
| Items needed to construct a Blue Box. | 
+---------------------------------------+ 
     Here is the list of items you will need and where you can get them.  It 
may be a good idea to gather some of the key parts (the chips, and especially 
the potentiometers, they took about 6 months to back order through Digi-key.  A 
whole 6 fucking months!) before you start this project.  Also, basic 
electronics tools will be necessary, and you might want to test the circuit on 
a bread board, then wire-wrap the final project. Also, you will need a box of 
some sort to put it in (like the blue plastic kind at Radio Shack that cost 
around $5.00). 
 
     Note: An oscilliscope should be used when tuning in the 
           potentiometers because the Bell system allows 
           only a 7-10% tolerance in the precision of the 
           frequencies. 
 
Qty.  Item                 Part No.      Place 
--------------------------------------------------- 
 1  | 4 x 4 Keypad       |             | Digi-Key 
 6  | Inverter Chip      | 74C04       | 
 32 | Potentiometer      |             | 
 1  | 4-16 Converter Chip| 74LS154     | 
 1  | 16 Key Decoder     | 74C922      | 
 2  | 2207 VCO           | XR2207CP    | Exar Corp. 
 3  | .01 uf Capacitor   | 272-1051    | Radio Shack 
 5  | .1 uf Capacitor    | 272-135     | Radio Shack 
 2  | 1.5K Ohn Resistor  |             | Radio Shack 
 2  | 1.0K Ohm Resistor  |             | Radio Shack 
 1  | Speaker            |             | From an old Autovon fone. 
 1  | 9 Volt Battery     |             | Anywhere 
 
     The resistors should be a +/- 5% tolerance. 
     The speaker can be from a regular telephone (mine just happened to be from 
an old Autovon phone).  But make sure that you remove the diode. 
     The Potentiometers should have a 100K Ohm range (but you may want to make 
the calculations yourself to double check). 
     The 9-volt battery can be obtained for free if you use your Radio Shack 
Free Battery Club card. 
     The Exar 2207 VCO can be found if you call the Exar Corp. located in 
Sunnyvale, California.  Call them, and tell them the state you live in, and 
they'll give the name and phone number to the distributor that is located 
closest to you. The 2207 will vary from about $3.00 for the silicon-grade 
(which is the one you'll want to use) to about $12.00 for the high-grade 
Military chip. 
     Note:  When you call Exar, you may want to ask them to send you the 
spec-sheets that gives greater detail as to the operation and construction of 
the chip. 
 
                     +-------------------+ 
                     | Schematic Diagram | 
                     +-------------------+ 
 
             +--------------+            +-------------+ 
             |  1  2  3  A  |            |  Figure #1  | 
             |  4  5  6  B  |            +-------------+ 
             |  7  8  9  C  |            | Logic Side  | 
             |  *  0  #  D  |            +-------------+ 
             ++-+-+-+-+-+-+-+ 
              1 | 3 | 5 | 7 |           (VCC) 
              | 2 | 4 | 6 | 8           (+5 Volts)    +----+ 
              | | | < u | | |             [+]         |   _|_ 
              | | | | | | | |              |          |   \_/GND 
           +--+-+-+-+-+-+-+-+----+      +--+----------+---+ 
           |  2 | 11| 10| 7 |    |      |  14         7   | 
   (.01C)  |  | 3 | 4 | 8 | 1  12+------+1                | 
   +--||---+5                  13+------+2   (*74C04*)    | 
  _|_      |                     |      |                 | 
  \_/GND   |     (*74C922*)      |      +-----------------+ 
     +--||-+6                    | 
     |(.1C)|                     | 
    _|_    |                    | 
    \_/GND |   9  17 16 15 14  18| 
           +--+--+--+--+--+---+--+ 
              |  |  |  |  |   | 
             _|_ A  B  C  D   | 
          GND\_/ |  |  |  |  [+] (VCC)      [+] (VCC) 
                 |  |  |  |      (+5 volts)  |  (+5 volts) 
                 |  |  |  |                  | 
          -------+--+--+--+------------------+----------------- 
          |      23 22 21 20                 24             18+-+ 
    +-----+12                                                 | +--+ 
    |     |                 (*74LS154*)                     19+-+ _|_ 
   _|_    |                                                   |   \_/ 
   \_/GND |  1  2  3  4  5  6  7  8  9 10 11 13 14 15 16 17   |   GND 
          +--+--+--+--+--+--+--+--+--+-+--+--+--+--+--+--+----+ 
             1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 
             |  |  |  |  |  |  |  |  | |  |  |  |  |  |  | 
                                                         |    (Connects) 
                                                         | +----------> 
                                +------------------------+ |  (Figure 2) 
                                |       +--+       +-------+ 
                                |       |  |       | 
                             +--+-------+--+-------+---+ 
                             |  3--|>o--4  5--|>o--6   | 
                             |   (Invtr.)   (Invtr.)   | 
             +---------------+7                        | 
            _|_              |        (*74C04*)        | 
         GND\_/   (VCC) [+]--+14                       | 
                (+5 volts)   |                         | 
                             +-------------------------+ 
 
 
 
    +-------------+                                  _ 
    |  Figure #2  |                                 / | 
+---+-------------+----+          +----------------+  | 
| Tone Generation Side |         _|_               |  | SPKR 
+----------------------+      GND\_/    +---+--+---+  | 
                                        |   |       \_| 
                                        |   | 
                                        |   |  +---------------+ 
           +-------+                    |   |  |               | 
           |      _|_                   |   +--+14             | 
           |      \_/GND                |      |  (Repeat of)  | 
           |                            |      |    (First)    | 
         ----- (.1C)                    |      |   (Circuit)   | 
         -----                          |      |               | 
           |                            |      | (*XR2207CP*)  | 
           |       +-----------------+  |   +--+6              | 
           |       |                 |  |   |  |               | 
   [+]-----+-------+1              14+--+   |  +---------------+ 
  (VCC)            |                 |      +--------------------+ 
 (+9 Volts)   +----+2                |                           | 
              |    |               12+---------------------+     | 
     (.01C) -----  |                 |                    _|_    | 
            -----  |  (*XR2207CP*)   |                    \_/GND | 
              |    |                 |       1.5K Ohms           | 
              +----+3              11+---+---\/\Rx/\/---+--+     | 
                   |                 |   |              | _|_    | 
                   |                 |   +---\/\Rx/\/---+ \_/GND | 
                   |                 |       1.0K Ohms           | 
                   |               10+----+                      | 
     +-------------+6               9+----+---+                  | 
     |             |                8+----+   |                  | 
     |             |                 |      ----- (.1C)          | 
     |             +-----------------+      -----                | 
     +---------+                             _|_      +----------+ 
     |         | Pot.                     GND\_/ Pot. |          | 
     |        \/\/\/\/--+-----------------------\/\/\/\/         | 
     |         1400 Hz. |                        1600 Hz.        | 
     +---------+        |                             +----------+ 
     |         | Pot.   |                        Pot. |          | 
     |        \/\/\/\/--+----------------+------\/\/\/\/         | 
     |         1500 Hz. |                |       900 Hz.         | 
     |                  |                |                       | 
     |     14 more      |                |       14 More         | 
     |   Potentiometers |                |     Potentiometers    | 
     |     in this      |                |       in this         | 
     |   area left out  |                |     area left out     | 
     |   for simplicity |                |     for simplicity    | 
     |                  |                |                       | 
     |                  |                |                       | 
                        | 
            (Connects)  | 
          <-------------+ 
            (Figure 1) 
 
 
+-------------------------+ 
| Multiplex Keypad System | 
+-------------------------+ 
 
     First, the multiplex pattern used in the 4x4 keypad layout. I suggest that 
keys 0-9 be used as the Blue Box's 0-9 keys, and then you can assign A-D, *, # 
keys to your comfort (ie. * = Kp, # = St, D = 2600, and A-C as Kp1, Kp2   or 
however you want). 
 
     Note: On your 2600 Hz. key (The D key in example above) 
           it may be a good idea to tune in a second 
           potentiometer to 3700 Hz. (Pink Noise). 
 
    Keypad      Key Assignments   Multiplex Pattern 
  +---------+   +-------------+    +------------+ 
  | 1 2 3 A |   | 1  2  3  4  |    | 1  2  3  A |----Y1=8   X1=3 
  | 4 5 6 B |   | 5  6  7  8  |    | 4  5  6  B |----Y2=1   X2=5 
  | 7 8 9 C |   | 9  10 11 12 |    | 7  8  9  C |----Y3=2   X3=6 
  | * 0 # D |   | 13 14 15 16 |    | *  0  #  D |----Y4=4   X4=7 
  +---------+   +-------------+    +------------+ 
                                     |  |  |  | 
                                     X1 X2 X3 X4 
 
+----------------------+ 
| Blue Box Frequencies | 
+----------------------+ 
 
     This section is taken directly from Mark Tabas's "Better Homes and Blue 
Boxing" file Part 1. 
 
Frequenies (Hz)  Domestic  Int'l 
---------------------------------- 
 700+900            1        1 
 700+1100           2        2 
 900+1100           3        3 
 700+1300           4        4 
 900+1300           5        5 
1100+1300           6        6 
 700+1500           7        7 
 900+1500           8        8 
1100+1500           9        9 
1300+1500           0        0 
 
 700+1700          ST3p     Code 11 
 900+1700          STp      Code 12 
1100+1700          KP       KP1 
1300+1700          ST2p     KP2 
1500+1700          ST       ST 
2600+3700      *Trunking Frequency* 
 
     Note: For any further information about the uses or duration of the 
frequencies, read the Mark Tabas files. 
 
+----------------+ 
| Schematic Help | 
+----------------+ 
 
     This is the Key to the diagrams in the schematic.  I hope that they help 
more then they might hurt. 
 
    _|_ 
    \_/GND   is the Ground symbol 
 
     | | 
  ---| |--   is the Capacitor symbol 
     | |     (.1C)  stands for a .1 uf Capacitor 
             (.01C) stands for a .01 uf Capacitor 
     | 
   ----- 
   -----     is another Capacitor symbol 
     | 
 
--\/\Rx/\/-- is the Resistor symbol (The 1.5K Ohm and 1.0K Ohm 
                                     Resistors are at +/- 5% ) 
---+ 
   | 
  \/\/\/\/-- is the Potentiometer symbol (The frequncies I supplied 
                                          above are just examples.) 
 --|>o--     is the Inverter symbol 
 
+------------+ 
| Conclusion | 
+------------+ 
 
     This is just one way to build a Blue Box.  If you choose this way, then I 
hope this file is adequate enough to aid you in the construction.  Although 
these are not the best plans, they do work. This file does not tell you how to 
use it or what to do once it's built.  For that information I mention that you 
read Mark Tabas's "Better Homes and Blue Boxing" files, or any other files/BBS 
subboards that deal with that realm. 
     If you need help, I sluggest (thanks for that one Taran) that you ask a 
close friend, possibly an electronics teacher, or a phreak friend to help you. 
Also, if you need help or have questions or comments about this file, you can 
address them to me.  I can be contacted through the LOD/H Technical Journal 
Staff account on the boards listed in the Intro, or on the few boards I call. 
 
+-------------+ 
! Credentials ! 
+-------------+ 
 
     At last, this article would not be possible without the help of the 
following people/places whom contributed to it in one way or another (it may 
not be apparent to them, but every minute bit helps). 
 
Deserted Surfer   (Who helped immensly from Day 1 of this project.) 
                  (Without his help this file would not be.) 
Mark Tabas        (For the BHBB files which inspired my interests.) 
Nickie Halflinger (For the original Blue Box plans I used.) 
Mr. America       (For the original Blue Box plans I used.) 
Lex Luthor 
Cheap Shades 
Exar Corp. 
 
Lastly, I would like to thank the United States government for furnishing 
federal grants to this project. Without their financial help, I would have had 
to dish out the money from my own pocket (Approximately $80.00. Egads!) 
 
 
 
    Jester Sluggo 
 
(>---------------------------------------------------------------------------<) 
 (>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #7 of 12 
 
 
   Intelligence and Interrogation Processes 
   By:  Master Of Impact and the Legion Of Hackers 
 
 
                              INTRODUCTION: 
                              ============= 
 
   Doing what we do best always carries the risk of someone, somewhere, wanting 
to hold you for questioning. In this article I hope to give those persons who 
never have been exposed to this type of thing a little insight to the methods 
that are in use (and are in no ways happen to be all new), that can give you 
the edge you need to come away "sin faulta". In fact, these interrogation 
practicies are used a lot by teachers, local police, the FBI and Secret Service 
girlfriends, wives, parents, etc. to obtain information from you that you 
probably don't want to give out. 
 
     Interrogation is the art of questioning and examining a source in order to 
obtain the maximum amount of useful information. The goal of any interrogation 
is to obtain useful and reliable information in a lawful manner and in a 
minimum amount of time. The goal of any source is to deceive or hinder any 
attempts of the interrogator to get information out of him. 
 
     This article will deal primarily with the principles, techniques, and 
procedures of intelligence interrogation. By reading this article, one 
who runs the risk of being interrogated can build countermeasures for common 
interrogation techniques. This article has some paraphrased material from a 
government interrogation manual but the majority of the information was from 
personal experience and prior knowledge of the subject. 
 
     You cannot hope to defeat interrogation techniques unless you first know 
what they are. The ones listed herein are the most commonly used. After reading 
this article, you should be able to tell when you are being interrogated by 
people, and what technique(s) they are using when you probably would not have 
known before. Once you know what they are up to and how they are going to TRY 
to accomplish it, YOU have the initiative! 
 
 
                                INITIATIVE: 
                                =========== 
 
     Achieving and maintaining the initiative is essential to a successful 
interrogation just as offense is the key to success in combat oPe`#K=9 s"+v 
initiative in any interrogation must rest with the interrogator throughout the 
entire interrogation. He will have certain advantages at the beginning of an 
interrogation which will enable him to grasp the initiative and assist in 
maintaining the initiative throughout the interrogation. 
 
     The interrogator has a position of authority over you. You realize this 
fact, and in some cases, believe that your future might well depend upon your 
association with the interrogator. As in the case of police questioning, 
"cooperate and we will go easy on you". Like hell they will. 
 
     The interrogator knows the purpose of the interrogation; the source does 
not necessarily know the exact reason, but can generally assume (especially 
in the case of a computer hacker or phone phreak, which is what the term 
"source" will be referring to during this article) because he or she is most 
usually conscious of horrible and nasty wrong-doings he or she may have been 
responsible for.  Unfortunately for the source, he is generally very much in 
the dark about what's happening to his life while it is, in fact, crumbling 
around him (temporarily, anyway). This gives the source a not-so-illusionary 
behavior pattern of the proverbial chicken who's had its head chopped off. 
 
     Having gained the initial advantage which is quite an understatement, 
seeing that, although the risks to the source during the perpetration of 
a crime are quite obvious, the possible realistic results of being caught 
aren't quite as impressive while one is getting away with a crime than when 
one's home is invaded by the JC Penny-suit men wearing mirrored sunglasses, 
the interrogator must strive to maintain the initiative applying appropriate 
interrogation techniques through the exercise of self-control; by taking 
advantage of the source's weaknesses as they become apparent; and by 
continuously displaying an attitude of confidence and self-assurance. The 
interrogator, however, is 'supposed' to never take advantage of your weaknesses 
to the extent that the interrogation involves threats, insults, torture 
or exposure to unpleasant or inhumane treatment of any kind. Remember, the 
keyword is supposed. 
 
     It is possible for the interrogator to lose the initiative during the 
interrogation of a source. If this should occur, he will probably postpone the 
interrogation and reassess the situation. If the interrogation is resumed, a 
different interrogator will probably be introduced. Following are some examples 
of loss of initiative: 
 
* The interrogator becomes angry and completely loses his self-control because 
  of the arrogant actions of the source (such as the unbuttoning of a jacket 
  to reveal "Secret Service Sucks" spray painted onto the source's T-shirt.) 
  As a result, the interrogator loses sight of his objective and concentrates 
  his efforts on humbling the source. 
 
* During the interrogation the interrogator fails to note significant 
  discrepancies in the source's story. The interrogator may lose his initiative 
  as the source gains confidence from his success and resorts to further 
  deception, leading the interrogator away from his objective. 
 
* The interrogator becomes overly friendly with the source and allows him to 
  lead the interrogation. The source reports only what he believes to be 
  important and neglects several significant items of info which could have 
  been obtained had the interrogator maintained the initiative. 
 
 
                           PHASES OF INTERROGATION: 
                           ======================== 
 
      Approach Phase: 
      --------------- 
 
     Regardless of the type of source you are and your outward personality, you 
do possess weaknesses which, if recognized by the interrogator, can be 
exploited. A human being is likely to: 
 
      o   Talk, especially after harrowing experiences 
      o   Show deference when confronted by superior authority 
      o   Rationalize acts about which he feels guilty 
      o   Lack the ability to apply or to remember lessons he may have been 
          taught regarding security if confronted with a disorganized or a 
          strange situation. 
      o   Cooperate with those who have control over him 
      o   Attach less importance to a topic which the interrogator demonstrates 
          identical or related experiences and knowledge 
      o   Appreciate flattery and exoneration from guilt 
      o   Cooperate readily when given material rewards 
      o   Cooperate readily when treated as an equal 
 
 
                                  TECHNIQUES: 
                                  =========== 
 
       "File and Dossier" 
        ---------------- 
 
 
     The interrogator prepares a dossier containing all available info obtained 
from records and docs concerning you. Careful arrangement of the material with- 
in the file may give the illusion that it contains more data than is actually 
there. The file may be "padded" with extra paper, if necessary. Index tabs with 
titles such as "education", "employment", "criminal record", "bulletin boards", 
"violated computer systems", and others are particularly effective for this 
purpose. The interrogtor will confront you with the dossier at the beginning of 
the interrogation and explain that "intelligence" has provided a complete 
record of every significant happening in your life; therefore, it would 
be useless to resist interrogation. The interrogator may read a few selected 
bits of known data to further impress you. If the technique is successful, you 
will be impressed with and more importantly, terrified by the "voluminous" 
file, conclude that everything is known, and resign to complete cooperation. 
 
 
      "We know ALL" 
       ----------- 
 
     This technique may be employed in conjunction with the above or by itself. 
The interrogator must first become thoroughly familiar with the available data 
concerning you. To begin the interrogation, the interrogator asks questions 
based on his known data. When you hesitate, refuse to answer, or provide an 
incomplete or incorrect reply, the interrogator himself provides the detailed 
answer. Through the careful use of the limited number of known details, the 
interrogator may convince you that all the info is already known; therefore, 
your answers to the questions are of no consequence. When you begin to give 
accurate and complete information, the interrogator interjects questions 
designed to gain the needed info. Questions to which answers are already known 
are also asked to test you and to maintain the deception that all the info is 
already known. A VERY effective technique I might add. 
 
 
     "Rapid Fire" 
      ---------- 
 
  This approach technique involves a psychological ploy based on the principles 
that: 
 
    * Everyone likes to be heard when they speak; and 
 
    * It is confusing to be interrupted in mid-sentence with an unrelated 
      question. 
 
     This technique may be used with one, or simultaneously by two or more 
interrogators in questioning the same source. In employing this technique the 
interrogator asks a series of questions in such a manner that you do not have 
time to answer a question completely before the next question is asked. This 
tends to confuse you and you are apt to contradict yourself, as you have little 
time to prepare your answers. The interrogator then confronts you with the 
inconsistencies, causing further contradictions. In many instances you 
will begin to talk freely in an attempt to explain yourself and deny the 
inconsistencies pointed out by the interrogator. In attempting to explain your 
answers, you are likely to reveal more than you intend, thus creating 
additional leads for the interrogator. 
 
 
       "Mutt and Jeff" 
        ------------- 
 
     This technique involves a psychological ploy which takes advantage of the 
natural uncertainty and guilt which a source has as a result of being detained 
and questioned. Use of this technique necessitates the employment of two 
experienced interrogators who are convincing as actors. Basically, the two 
interrogators will display opposing personalities and attitudes towards you. 
For example the first interrogator is very formal and displays an unsympathetic 
attitude. This is to make you feel cut off from your friends. At the time when 
you act hopeless and alone, the second interrogator appears (having received 
his cue by a signal, and is hidden from you), scolds the first interrogator for 
his harsh behavior and orders him from the room. He then apologizes to soothe 
you, perhaps offering coffee and a cigarette. He explains that the actions of 
the first interrogator were largely the result of an inferior intellect and 
lack of human sensitivity. The inference is created that the other interrogator 
and you have in common a high degree of intelligence and an awareness of human 
sensitivity, above and beyond that of the first interrogator. You are normally 
inclined to have a feeling of gratitude towards the second interrogator, who 
continues to show a sympathetic attitude in an effort to increase the rapport 
and control for the questioning which will follow. Should your cooperativeness 
begin to fade, the second interrogator can hint that since he is of high rank, 
having many other duties, he cannot afford to waste time on an uncooperative 
source. He may broadly infer that the first interrogator might return to 
continue the questioning. When used against the proper source, this trick will 
normally gain complete cooperation for the interrogation. 
 
 
       "Repetition" 
        ---------- 
 
     Repetition is used to induce cooperation from a hostile source. The inter- 
rogator listens carefully to your answer to a question, and then repeats both 
the question and answer several times. He does this with each succeeding 
question until you become so bored with the procedure that you answer the 
question fully and truthfully to satisfy the interrogator and to gain relief 
from the monotony of this method of questioning. The repetition technique will 
Y{Od ='fbgenerally not work when employed against introverted sources or those having 
great self control. 
 
 
       "Pride and Ego" 
        ------------- 
 
   This technique works effectively on many phreaks and hackers due to the fact 
that many are so damn egotistical. The strategy is to trick you into revealing 
desired information by flattering you.  It is effective with sources who have 
displayed weaknesses or feelings of inferiority. The interrogator accuses you 
of weakness or implies that you are unable to do a certain thing.  The proud or 
egotistical source will jump to the defensive. An example of an opening 
question for this technique may be:  "Why would you own a blue box when you 
have absolutely no idea how to use one?" or, "Why do you hack VMS systems if 
you can't do a damn thing once you're inside of one?" It provides you with the 
opportunity to show someone that you have "brains" and in doing so, you give 
the interrogator more information than you should have. 
 
 
        "Silent" 
         ------ 
 
   The Silent technique may be successful when used against either the nervous, 
or the confident-type source.  When employing this technique, the interrogator 
says nothing to you, but looks you squarely in the eye, probably with a slight 
smile on his face. It is important for the interrogator not to look away from 
you, but force you to break eye contact first. You will become nervous, begin 
to shift around in your chair, and look away. If you ask questions the 
interrogator probably will not answer them until he is ready to break the 
silence. A source may blurt out questions such as, "What the hell do you want 
with me". When the interrogator is ready to break the silence, he may do so 
with some quite nonchalant questions such as, "You've been logging on to our 
system for a long time now, haven't you? Did you hack the passwords yourself?". 
 
    In some cases the interrogator will use several approach techniques 
concurrently, or in succession. 
 
 
                               QUESTIONS: 
                               ========== 
 
There are various questions that the interrogator may ask you: 
 
* Prepared questions:  When the topic under inquiry is very technical or when 
  legal aspects of the interrogation require preciseness, the interrogator will 
  have a list of prepared questions to follow during the interrogation. 
 
* Control questions:  To maintain control and to check on the truthfulness of 
  a source, the normal questions will be mixed with control questions-those 
  with known answers. If you fail to answer these questions, or answer wrong, 
  it will indicate that you are either not knowledgeable in the topic or that 
  you are lying. 
 
* Nonpertinent questions:  Sometimes it is necessary for the interrogator to 
  keep the true objective of the interrogation from you. By carefully blending 
  pertinent questions with nonpertinent questions, the interrogator can conceal 
  the true purpose of the inquiry. 
 
* Direct and leading questions:  The manner in which the questions are worded 
  has a direct bearing on your response.  A question may be posed in a number 
  of ways: 
 
  o "What system did you hack into on 11/11/86?" 
 
  o "Did you break into General Dynamics' computer on 11/11/86?" 
 
  o "You did break into GD's computer on 11/11/86?" 
 
  o "You didn't break into GD'S computer on 11/11/86, did you?" 
 
 
 
                         PSYCHOLOGY IN INTERROGATION: 
                         ============================ 
 
The interrogator will watch for various psychological responses from you during 
an interrogation.  Some of these are: 
 
*   Rationalization:  Creating plausible excuses or explanations for one's acts 
    without being aware that these excuses or explanations are way off the 
    [obvious] reality. 
 
*   Identification:  To identify with and mimic a mental image of some one 
    important to you. 
 
*   Compensation: Trying to make up for a psychological weakness by building 
    up or exaggerating a psychological strength. 
 
*   Exhibitionism:  Showing off, bragging, etc. 
 
*   Fear, Anger, Frustration, etc. 
 
Of course when being interrogated, you should remain as emotionless as possible 
and never show anger, or get upset (NEVER inflict physical abuse upon the 
unsuspecting interrogator. This only creates tension between both the inter- 
rogator and yourself). Your every move, every response, every action is noted 
and used by the interrogator to get you to screw up and give him what he wants. 
 
There can be two main objectives that you can obtain when being interrogated. 
The first is to find ways to force the interrogator to lose his initiative. You 
can do this in many ways. A few that come to mind are:  Repeat everything the 
interrogator says. Mimic the interrogator. Laugh at the interrogator. Basically 
piss the interrogator off and make him so mad that he loses sight of his 
objective. This may however, get you in deeper trouble, but it may give you 
extra time while another interrogator is found. 
 
Lie like hell to the interrogator and piss him off. Such as the pathological 
liar gimmick: "I broke into the NSA's computer, yeah, and then used their 
network to get into the presidents private computer yeah that's it, the 
password was uh...Bonzo, yeah, and then used it to take control of a satellite 
used for Star Wars, and made it land right on top of the Kremlin, yeah that's 
the ticket!" 
 
You can also change the subject over and over again to totally unrelated things 
such as: its a nice day out today, hows the wife and kids, how about some food, 
who do you think is going to the superbowl, etc. 
 
The other and probably better objective is simply to pretend to fall for any of 
the various techniques used against you and feed the interrogator more and more 
bullshit, of course being very sincere. This way he gets totally bogus 
information while thinking you are cooperating fully. 
 
Well, I hope you never have to put this article to use in a legal manner, but 
you would be surprised how everyday you are interrogated without even 
realizing it by normal people who probably don't realize they are interrogating 
you! 
 
As stated in the other articles, you can reach me for comment via the staff 
account. 
 
MofI (LOH) 
 
(>---------------------------------------------------------------------------<) 
 The LOD/H Technical Journal: File #8 of 12 
 
*** NOTE *** 
BECAUSE OF THE LENGTH OF THIS GUIDE, IT HAS BEEN BROKEN INTO TWO PARTS FOR 
TRANSMISSION.  HOWEVER, IT IS ONE VOLUME, AND IS INTENDED TO BE PRINTED AS 
A WHOLE FOR USE AS BOTH A TUTORIAL AND A REFERENCE GUIDE. 
 
                      ********************************* 
 
                            The Legion of Doom! 
                                 Presents: 
 
                               ------------- 
 
                        LOD Reference Guide  Vol. I 
 
                      Outside Loop Distribution Plant 
 
                              -------------- 
 
                      Written 12/86       Phucked 
                      Revision III          Agent 
                                               04 
 
                      ********************************* 
 
 
---------------------- 
INTRODUCTION / OUTLINE 
---------------------- 
 
        Basically, the outside local loop distribution plant consists of all 
of the facilities necessary to distribute telephone service from the central 
office (CO) out to the subscribers.  These facilities include all wire, cable, 
and terminal points along the distribution path.  In this article, we shall 
follow this path from the CO to the subscriber, examining in depth each major 
point along the route and how it is used. This is especially useful for 
checking if any 'unauthorized equipment' is attached to your line, which would 
not be attached at the Central Office. I suppose this article can also be 
interpreted to allow someone to do just the opposite of its intended purpose... 
 
        Note that this article is intended as a reference guide for use by 
persons familiar with the basics of either LMOS/MLT or the operation of the 
ARSB/CRAS (or hopefully both), because several references will be made to 
information pertaining to the above systems/bureaus. I have no manuals on this 
topic, all information has been obtained through practical experience and 
social engineering. 
 
                          ******************** 
 
-------------------------------- 
Serving Area Concepts (SAC) plan 
-------------------------------- 
 
        In order to standardize the way loop distribution plants are set up in 
the Bell System of the U.S. (and to prevent chaos), a reference standard design 
was created.  For urban and suburban areas, this plan was called the Serving 
Area Concepts (SAC) plan.  Basically, in the SAC plan, each city is divided 
into one or more Wire Centers (WC) which are each handled by a local central 
office switch.  A typical WC will handle 41,000 subscriber lines. Each WC is 
divided into about 10 or so Serving Areas (depending on the size and population 
of the city), with an average size of 12 square miles each (compare this to the 
RAND (Rural Area Network Design) plan where often a rural Serving Area may 
cover 130 square miles with only a fraction of the number of lines).  Each 
Serving Area may handle around 500-1000 lines or more for maybe 200-400 hous- 
ing units (typically a tract of homes). 
        From the CO, a feeder group goes out to each Serving Area.  This con- 
sists of cable(s) which contain the wire pairs for each line in the SA, and 
it is almost always underground (unless it is physically impossible). These 
feeder cables surface at a point called the Serving Area Interface (SAI) in a 
pedestal cabinet (or "box").  From the SAI, the pairs (or individual phone 
lines) are crossed over into one or several distribution cables which handle 
different sections of the SA (ie. certain streets).  These distribution cables 
are either of the aerial or underground type.  The modern trend is to use 
buried distribution cables all the way to the subscriber premises, but there 
are still a very large number of existing loop plants using aerial distribu- 
tion cables (which we will concentrate mainly upon in this article).  These 
distribution cables are then split up into residence aerial drop wires (one 
per phone line) at a pole closure (in aerial plant), or at a cable pair to 
service wire cross box (in buried plant).  The cable pairs then end up at the 
station protector at the customer's premises, where they are spliced into the 
premise "inside wire" (IW) which services each phone in the customer's premi- 
ses (and is also the customer's responsibility). 
        Although this is the "standard" design, it is by no means the only 
one!  Every telco makes it's own modifications to this standard, depending 
on the geographic area or age of the network, so it's good to keep your eyes 
and your mind open. 
 
                          ******************** 
 
At this point, we will detail each point along the Loop Distribution Plant. 
 
----------------------------- 
Cable Facility F1 - CO Feeder 
----------------------------- 
 
        The F1 cable is the feeder cable which originates at the Main Distribu- 
tion Frame (MDF) and cable vault at the local CO and terminates at the SAI. 
This cable can contain from 600 to over 2000 pairs, and often more than one 
physical F1 cable is needed to service a single Serving Area (at an SAI). 
The F1 is almost always located underground, because the size, weight, and 
number of feeders leaving the CO makes it impossible to put them on normal 
telephone poles.  Since is is also impractical to use one single piece of 
cable, the F1 usually consists of several pieces of large, pressurized or 
armored cable spliced together underground (this will be covered later) into 
a single cable. 
 
Cable Numbering 
--------------- 
 
        In order to make locating cables and pairs easier (or possible, for 
that matter), all of the cables in the loop distribution plant are numbered, 
and these numbers are stored in databases such as LMOS at the ARSB or other 
records at the LAC (Loop Assignment Center) or maintenance center. When trying 
to locate someone's cable pair, it helps a great deal to know these numbers 
(although it can be done without them with experience and careful observa- 
tion).  Probably the most common place to find these numbers is on a BOR, 
in the "Cable & Assignment Data" block.  The F1 is usually assigned a number 
from 00 to 99 (although 000-999 is sometimes used in large offices).  Cable 
>pair< numbering is different however, especially in older offices; typical F1 
pair numbers range from 0000 to 9999.  Keep in mind that the pair number is not 
concrete -- it is merely nominal, it can change, and it doesn't necessarily 
have any special meaning (in some well organized offices, however, the cables 
and pairs may be arranged in a certain way where you can determine what area 
it serves by its number (such as in my area...heh heh); in any case, it's up 
to you to figure out your area's layout).  Anyway, the cable-pair number is 
usually written in a format such as 02-1495, where 02 is the cable and 1495 is 
the pair (incidentally, since this is the CO Feeder cable pair that is connect- 
ed to the MDF, it is the one that will be listed in COSMOS). 
 
F1 Access Points 
---------------- 
 
        Although the F1 is run underground, there is really not a standard 
access point down there where a certain pair in a cable can be singled out 
and accessed (as will be explained next).  There is, however, a point above 
ground where all the pairs in the F1 can be accessed -- this point is known 
as the Serving Area Interface (SAI), and it will be detailed later.  In LMOS 
or other assignment records, the address of the SAI will be listed as the 
TErminal Address (TEA) for the F1 cable handling a certain pair in question; 
therefore, it is where facility F1 stops. 
 
 
----------------- 
Underground Plant 
----------------- 
 
        The term "Underground Plant" refers to any facilities located below 
the surface of the earth; this includes truly "buried" cables, which are 
located 6-or-so feet underground surrounded basically by a conduit and dirt, 
as well as cables placed in underground cement tunnels along with other 
"below-ground" equipment (such as seen in most urban areas).  Whereas the 
first type is really impossible to access (unless, of course, you want 
to dig for a day or so and then hack into an armored, jelly-filled PIC cable-- 
 then you should take a bit of advice from our resident Icky-PIC "Goo" advisor, 
The Marauder), the latter type can be accessed through manholes which lead to 
the underground tunnel. 
 
Manholes 
-------- 
 
        Bell System manholes are usually found along a main street or area 
where a feeder cable group passes through.  Using an underground cable 
location map is the best method for locating cable paths and manhole appear- 
ances, although it may not always be available.  These maps can be acquired 
from the Underground Service Alert (USA) (at 800-422-4133), but often a 
"cable locator" will be dispatched instead (usually he will just mark off 
how far down or where you can dig without hitting a cable), so this is not 
a very practical method.  Of course, you can always follow the warning signs 
on telephone poles ("call before you dig", etc) and the spans between SAI 
bridging heads until you find a manhole.  The F1 for the SAI nearest the 
manhole should be found down there along with others en route to the areas 
they serve. 
        There are several types of manhole covers, both round and rectangular. 
The rectangular ones are sometimes just hinged metal plates covering an under- 
ground terminal or cable closure, and these are easily opened by one person. 
A non-hinged one may require two people.  Round manhole covers (which, by the 
way, are round so that a lineman can't accidentally drop the cover down the 
hole) are basically all the same, except for the types known as "C" and "D" 
type manhole covers which utilize locking bolts (these can be removed using a 
standard crescent or hex socket wrench).  These covers are the same as the 
standard "B","A", and "SA" type covers once the bolts are removed.  The best 
way to open a cover is to use a manhole cover lifter (ie. Defiance Corp. PTS- 
49 or B-type Manhole cover lifter), although an ordinary 3/4 - 1 inch crow- 
bar (hook-side) can be used.  Put the tool into one of the rim slots and 
press down on the bar until the hook is pressing up against the cover flange. 
Then push or lift the cover a few inches up and slide it off the hole.  You 
can use a bent sprinkler turn-off wrench on the other side to lift up if there 
are two of you.  You should have no problem with two people, although it can 
be done alone provided you are strong enough. 
        Once inside, check around for any test equipment or papers which may 
have been left inside.  Basically, there is really no pair access down there, 
as it is mainly a place through which the protected feeder cables are run 
and spliced together.  These splice points are usually sealed in pressurized 
air and water-proof closures which protect the open splices from corrosion and 
ultra-violent rodent attack.  If for some reason you happen to find an open 
splice case or a cable with it's armor and sheath removed, then it may be poss- 
ible (although not easy) to match color codes (see chart) and find a certain 
pair.  You would have to strip the wire near the splice, though, and this is 
not recommended.  Don't get the bright idea to pry open, or (worse yet) blow 
open a splice case, as they are often pressurized (see "manhole dangers"), and 
the telco will frown on your actions sooner or later.  Anyway, the feeder cab- 
les generally are labelled at a point near the manhole, so it is easy to find 
and follow any certain cable.  Because of this, the manhole access points in 
your neighborhood are good places to examine (and even sketch or map) the 
cable distribution plant in your area. This could be interesting, especially 
if you find a lot of recently installed groups or special service cables, etc. 
There could even be several types of apparatus cases containing either analog 
or digital carrier equipment (ie. T1 digital or O,L,or N analog), pair gain 
systems, repeaters, equalizers, or loading coils (which help compensate for 
shunt losses caused by the parasitic capacitance between pairs in pressurized 
cable).  A typical underground apparatus facility is the BERT (Below ground 
Electronics Remote Terminal).  However, it's unlikely that you will find any 
of this special equipment down there (other than loading coils, which look like 
metal cylinders) unless you are in a very rural or specialized area, or you 
happen to be in a manhole serving an inter-office trunk span (smile here). 
 
Manhole Dangers 
--------------- 
 
        One must use good sense when entering a manhole, however, especially 
if you don't have the right equipment.  First, you could drop the cover on 
your foot, or get a crowbar or bent sprinkler tool (the WORST) in the groin. 
Secondly, you must take precautions if you stay down long, because the atmos- 
phere in the hole will become oxygen depleted in a matter of minutes and there 
may be suffocating or otherwise dangerous gases in the manhole.  Third, if 
you tamper with nitrogen-pressurized cables or closures, a depressurization 
alarm signal may be set off at the maintenance center, and technicians could 
be sent out while you are still in the hole.  It is also known that expensive 
electronic equipment mounted below-ground (ie. SLC remote terminals) may 
be equipped with tamper alarms, and they are securely locked as well. 
 
                          ************************* 
 
---------------------------- 
Serving Area Interface - SAI 
---------------------------- 
 
        The Serving Area Interface (SAI) is basically the point on the loop 
distribution path where the F1 feeder cable is cross-connected over into one 
or more F2 aerial (or buried) distribution cable.  This terminal can be pole, 
pad, or pedestal mounted - however, for this article, we will concentrate on 
the pedestal mounted cabinet as it is by far the most common (the other forms 
are functionally similar, anyway).  These things are seen all over -- the 
4-foot high gray-green "boxes".  There are several names for this terminal-- 
technically it is called the SAI or FDI (Feeder Distribution Interface), but 
it is usually called a Bridging Head, Pedestal, B-Box (lineman term), or just 
plain "Box."  The standard cabinet is the Western Electric 40-Type cabinet, and 
it comes in several sizes, depending on the amount of cable pairs in the 
Serving Area.  The size and style of the cabinet is usually stenciled or marked 
on the cement pedestal at the base of the cabinet. (ie. S-40-E  = 40 type, E 
size, SAI cabinet).  These cabinets can handle anything from 400 (A size- 200 
feeder in, 200 distribution out - 43"H x15"W x12"D) to 1800 (E size - 900 in, 
900 out - 54"H x 40"W x12"D), with some newer size F, H, and some 3M series- 
4200 cabinets handling up to 3600 pairs at one site!  Also note that 40-type 
(or look-alike) cabinets are not exclusively for use as a SAI, especially in 
areas using a buried F2 distribution plant. Note that all Bell System (Western 
Electric) cabinets, cross-boxes, etc. which are pedestal mounted are painted a 
standard grey-green (Technically, they are painted per Munsell Color Code 
Standard, EIA RS-359. This color is supposed to be the least obtrusive and 
most pleasing to the eye). This also helps to distinguish Telco boxes from 
sprinkler and signal control boxes.  Also note that there are still a large 
number of older loop plants in the Bell System, and the terminal boxes may 
differ (ie. nut-bolt type binding posts, panel-removal type cabinets, etc.) 
in appearance, but the are all functionally similar. 
        To open a 40-type or other common cabinet, one must use a 7/16" hex 
wrench (also called a "can-" or "216-" tool).  Place the wrench on the bolt 
and turn it 1/8 of a turn clockwise (you should hear a spring release inside). 
Holding the bolt, turn the handle all the way to the right and pull the door 
outward.  If you happen to see a locked cabinet pried open by a crowbar placed 
in the slot above the right door, you should report it to the telco AT ONCE! 
On the inside of the door, there should be a circular attachment with a "D"- 
type test cord on it which makes accessing pairs with a test set easier (if 
you dont have a test set, I will describe how to make a basic one later in 
this article).  You should hook the alligator clips on your test set to the 
two bolts on the attachment, and then use the specialized cord to hook up to 
binding posts on the panel (it is specially designed to do so, whereas alliga- 
tor clips aren't).  There are usually also spare decals and 2 reels of #22 
solid "F" cross-connect wire stored somewhere in the cabinet, either on the 
doors in a box (along with a "788N1" tool for seating and trimming jumper 
wires) or mounted in the splice chamber (described in the next section). 
 
Locating Pairs and Cross-Connects 
--------------------------------- 
 
        Basically, the SAI cabinet contains several terminal block panels 
(size A=1 panel, size C+D (800+1200 pairs, respectively)=2 panels, size E= 
3 panels) of either 76-type screw binding posts (the most common) or more 
modern 108-type "quick-connect" connectors.  These panels are divided up 
into 6 blocks of 100 cable pairs (2 screws = 1 binding post, per cable pair) 
each, with block 1-100 on the top and 501-600 on the bottom.  In a 2-panel 
cabinet, the left panel typically contains the pairs from the F1 (feeder) 
cable, and the right panel contains the F2 distribution cable pairs.  This 
is accomplished by either a harness or cable stub whose pairs are internally 
connected to the binding posts on a panel.  The harness or stub is then 
spliced, usually with "710" splicing connector modules, to the respective 
F1 or F2 cable.  In the case of the harness, this splice is located in the 
back of the cabinet, in the splicing chamber, which can be accessed by 
rotating the notched circular latch on the top of the terminal block assembly 
and letting the panel fall forward.  Often the splices are covered with plas- 
tic bags.  Note the color code of the pairs;  if you can locate the pair you 
want, this is an excellent location to covertly access it, because this area 
is rarely seen during normal use of the cabinet (it is usually only opened 
during a cable cutover or "throw", in which a whole section of feeder or dist- 
ribution cable is replaced at one time).  In the case of cable stub, the 
splicing is usually done underground at a closure, because the raw-ended cable 
extends 20 to 100 feet from the cabinet; in this case, there won't be a splic- 
ing chamber.  This type is often used for aerial pole-mounted SAI's.  Also 
note that in an F-size cabinet, you have to remove the whole back panel in 
order to access the splice chamber.  Anyway, the pairs from the feeder panel 
are cross-connected with wire jumpers over to the binding posts on the dist- 
ribution panel; in this way, the two cables are connected. 
        There are several ways to locate a pair in an SAI. First, and best, 
if you have assignment data from LMOS or equivalent, there should be an F1 
Binding Post (BP) number listed along side the cable numbers.  This number is 
usually a 3 digit number, 001-999, and it will correspond to a binding post 
pair in one of the hundred-blocks on the feeder panel side.  The first digit 
of the BP is the block, and the other digits represent the pair in that block. 
Example- 
                                                                Terminal Panel 
                    (Green)             (Blue)          F1 pairs --F1----F2--- 
                -- F1 Feeder --------- F2 Dist.----   ==>001-100 ! ***   XXX ! 
F1 BINDING POST !  XXXXXXXXXX         XXXXXXXXXX  !   !  101-200 ! XXX   XXX ! 
  # 025         !  XXXXXXXXXX  SAI    XXXXXXXXXX  !   !  201-300 ! XXX   XXX ! 
     !          !  XXXXXXXXXX         XXXXXXXXXX  !   !  301-400 ! XXX   XXX ! 
     ------------------^                              !  401-500 ! XXX   XXX ! 
  (^^ close up view of first 3 of 10 binding post     !  501-600 ! XXX   XXX ! 
      rows of the first hundred block (marked ***)----!          !-----------! 
 
        F1 BP # 025 :  0 = first 100-block, 2 = pass over 2 full rows (go 
                        to 3rd row down), 5 = 5 pairs from left. 
 
        The color of the pair label is important, also -- feeder pairs are 
always marked with GREEN labels. Secondly, if you don't have a binding post 
number, there may be a log or other chart posted on one of the doors of the 
cabinet showing the cable pairs and their corresponding binding posts (or the 
posts may in some cases be arranged or labelled in a way such that the cable 
pair number could be derived).  Thirdly, as a last resort, you could connect a 
test set to each pair in the terminal, and dial your area's ANI number (This 
"ANI" number is usually a multi-digit test code which, when dialled responds 
with a voice announcement of the Directory Number (DN) for the line you are 
dialling from).  This would have to be repeated until you happen to hook up to 
the line you are looking for (it's time consuming, but it works).  Some sample 
ANI numbers are- 
 
213 NPA - Dial 1223           213 NPA (GTE) - Dial 114 
408 NPA - Dial 760            914 NPA       - Dial 990 
 
        These numbers will vary from area to area, and some areas may not have 
such a service (in this case, you may have to dial a TSPS operator and have her 
read off the number on her ANI panel -- in some areas, you may have to say a 
code word or phrase in order for her to give you the number).  In any case, 
it would be a good idea to ask a lineman or testboard employee for the proce- 
dure to use in your area to get ANI, because it's very useful and you'll need 
it sooner or later. 
        Anyway, once an F1 BP is found, the cross-connect wire can be traced 
over to the distribution panel, and in this way, the F2 pair can be found. 
These F2 distribution pairs are always marked with BLUE labels.  Note also 
that the binding post number of the cross-connected F2 pair is not recorded 
in LMOS (the F2 BP is NOT in the SAI, so don't confuse an F2 BP number with a 
BP in the SAI); however, when the cables are first installed, the feeder pairs 
and distribution pairs are in sequence -- this makes it easy to visually ass- 
ume where the F2 pair is.  This order can be upset when cable pairs are added 
or changed, however, so it can't always be relied upon to produce valid F2 
cable pair numbers (also, there may be two distribution cables, with the 
low-numbered pairs on the bottom and the high-numbered pairs on the top! -- It 
all depends on how the local telco sets things up). 
 
Floaters / Multiples 
-------------------- 
 
        All of the pairs in a feeder cable are rarely used simultaneously; 
this would be impractical, because if one of the pairs was discovered to 
be faulty, or if a subscriber wanted another line, a whole new feeder cable 
would have to be added.  To solve this, extra facilities are left in the 
loop plant as a provision for expansion.  For example; on the feeder panel, 
all of the binding posts may be connected to F1 cable pairs, but not all of 
them may be crossed over to distribution pairs.  These spare pairs are not 
connected to the switch, so they won't "have dial tone", but they are numbered. 
Since these lines aren't assigned, they wont be found in LMOS, but they will 
definitely be listed in LAC records.  These records are the Dedicated Plant 
Assignment Cards (DPAC) / Line Cards and the Exchange Cable Conductor Records 
(ECCR), or even computerized databases (ie. MODE). If the numbers can be found 
(or even noted, if the numbers on the binding posts at the SAI correspond with 
feeder cable pair numbers) then the lines can be activated via a COSMOS service 
order.  This is aided even further by the fact that since F1's usually last 
longer than F2 facilities, there are often more spare provisional F2 facili- 
ties in the loop plant (ie. 100 feeders in, 300 F2 out (200 aren't cross- 
connected to F1's)). So there is a good chance that you will find one that is 
distributed to your area.  Other spare facilities include "floaters", which 
are like spare feeder pairs, except they are ACTIVE lines.  Often, a telco will 
extend whole feeder groups to more than one SAI in provision for future expan- 
sion, including active cable pairs.  If you find a working pair on a feeder 
panel which is not cross-connected to a distribution pair, that pair is a 
floater.  This is by far the best way to covertly access a certain pair, 
because most linemen will probably not be aware of the pair's presence (it 
looks unused on the surface).  Beware! If you think you can hook up to 
someone's floater and get free service, you're probably wrong (so many other 
people have been wrong, in fact, that Pacific Bell has a special "Form K-33" 
to report this type of fraud), because the telco is more aware of this than 
you may think.  Obviously any toll call you make will show up on the bill for 
that line.  A do-it-yourself spare pair activation can avoid this problem, if 
done correctly. 
 
                          ******************** 
 
End of First half, attach second half here. 
 
(>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #9 of 12 
 
 *** Second half of The Outside Loop Distribution Plant starts here. *** 
 
 
-------------------------------- 
Cable Facility F2 - Distribution 
-------------------------------- 
 
        The F2 distribution cable is the cable which originates from the F1 
feeder in the SAI and distributes individual cable pairs to each subscriber. 
This cable can be one of two types: aerial or buried.  The most common is the 
aerial distribution cable, although buried cable is the modern trend.  In the 
case of aerial F2, the cable or cables leave the SAI underground, and at the 
first telephone pole on the distribution span, the cable is routed up the pole. 
It then is suspended on the span, such as down a street, and at each group of 
houses there is a terminal on the span. This terminal is the aerial drop split- 
ter, and it's purpose is to break off several pairs from the distribution cable 
in order to distribute them (in the form of aerial drop wires) to each house or 
premise.  The location or address of the premise nearest this aerial drop 
splitter is the TErminal Address of the F2 serving a certain pair (each group 
of pairs in the F2 will have it's own terminal address, unlike the one address 
for the F1 terminal (SAI)).  The F2 cable is always the lowest cable on the 
telephone pole, and it is usually a great deal larger than the electric power 
distribution cables above it.  Often more than one F2 can be seen on a single 
pole span.  In this case, the top F2 will usually be the one which is being 
distributed to the subscribers on that street, and the lower (and most often 
larger) cables are other F2's coming from an SAI and going to the streets 
which they service:  These cables consist of multiple spliced spans, and they 
will not have any drop wires coming off them (they are marked every few poles 
or so at a splicing point called a "bullet closure" which is fully enclosed 
and can be quite large (ie. 6" dia, 20" long) as compared to the normal drop 
splitters (ie. or similar 4"w x 5"h x 12"l) -- these closures are clamp press- 
urized and are not meant to be opened unless the cable is being replaced or 
splicing work is being done.  They are not standard cable/pair access points). 
        Buried F2 plant is similar to aerial, except that the cable is not 
visible because it is underground.  Instead of going to a pole from the SAI, 
the cable continues underground.  The drop wires are also underground, and the 
method of breaking them from the distribution cable is similar to that of the 
aerial drop splitter, except it is a small pedestal or box located on the 
ground near the houses it serves.  This address closest to this pedestal is 
the TEA for the F2. 
 
F2 Cable Numbering 
------------------ 
 
        The F2 distribution cable is usually given a 4 or 5 digit number, 
depending on the office.  The first 2 or 3 digits should be the number of 
the F1 that the F2 was branched off of, and the last 2 or 3 digits identify 
the distribution cable. Example- 
 
      F1   Cable                   F2   Cable 
             25                          2531 
       This F2 cable came from feeder #25^^ 
 
        The cable >pair< numbers may be set in a similar way, with the last 3 
or 4 digits identifying the pair, and the first digit (usually a 1) identifying 
the pair as a feeder or a distribution pair. Example - 
 
      F1   Cable    Pair            F2   Cable    Pair 
             25     1748                  2531     748 
                    ^--signifies F1 (feeder) cable pair 
 
        Generally, the F1 cable pairs are numbered higher than the F2 cable 
pairs, due to the fact that a feeder cable may contain several distribution 
cables' worth of cable pairs.  Note once again that all of this numbering 
plan is the STANDARD, and it may be far from real life!  As soon as one dist- 
ribution pair is replaced, crossed over to another feeder pair, or taken from 
service, the set order is interrupted.  In real life, it is most always nece- 
ssary to get both F1 and F2 cable assignment data. 
 
 
                         ******************** 
 
-------------------------------------------- 
Facilities F3-F5, Rural Area Interface (RAI) 
-------------------------------------------- 
 
        Although cable facilities F3, F4, and F5 may be specified in any loop 
plant, they are rarely seen anywhere except in rural areas under the RAND 
plan (Rural Area Network Design).  Basically, plants using these extra 
facilities are similar to F1/F2 plants, except there are extra cable spans 
and/or terminals in the path.  When locating cables, the highest numbered 
facility will be at the end of the path, terminating near the subscriber's end 
(like a "normal" F2), and the lowest numbered facility will be the feeder from 
the CO (like a "normal" F1).  The extra spans will be somewhere in between, 
like an intermediate feeder or extra distribution cable with separate cable 
access terminals.  One such facility is the Rural Area Interface (RAI), which 
can be used in a "feeder-in, feeder-out" arrangement.  This is usually seen on 
cable routes of 50 pairs or greater, with a length of longer than 30 kft 
(about 6 miles).  In this case, there will be two terminal cabinets in the 
feeder path, labelled RAI-A and RAI-B.  The RAI-A is special because it has a 
two-part terminal block:  the top has switching panels with 108-type connectors 
which cross-connect feeder-in and feeder-out pairs using jumper plugs, and the 
bottom has standard 76-type binding posts which cross-connect feeders to 
distribution cables for subscribers in the local area of the RAI-A.  The jumper 
plugs can only be connected in one way to the switching panels, so random 
cross-connection of feeder-in/feeder-out pairs is prevented. In this way, the 
cable and pair numbers stay the same as if the feeder cable was uninterrupted. 
This is used a lot in rural areas; it allows part of a feeder group to be split 
off at the RAI-A like a distribution cable near a town along the route, and 
the rest of the feeder group continues on to a town further away, to the RAI-B 
where it is terminated as in a "normal" SAI.  In order to access a pair, just 
use the last RAI in the span (whichever it is) and treat it just like an SAI. 
If the pair terminates at RAI-B, you can also access it at RAI-A! (if you 
can locate the pair using color code, BP number, or (ughh) ANI, there should 
be test terminals on top of the jumper plugs connecting the 108's on the 
switching panel where you can hook your test set -- you can't hook onto a raw 
108 connector very easily).  Anyway, the RAI terminal is usually a ground 
pedestal with a cabinet such as a 40-type, but it can be aerial mounted on a 
pole (hard to access). 
 
Pair-Gain, Carried Derived Feeder 
--------------------------------- 
 
        Another common facility in rural areas (and in cities or suburbs, es- 
pecially near large housing complexes, etc.) is the pair-gain system.  It is 
basically a system which consists of a digital link which is distributed, 
almost like a normal cable pair, out to a terminal cabinet called a Remote 
Terminal (RT) which contains equipment which demultiplexes the digital line 
into many "normal" metallic analog telephone lines which go to each subscriber 
in the area.  Because the digital line can transmit the audio from several 
separate lines and multiplex them onto one cable, only one special cable 
pair is needed to come from the CO as a feeder, instead of several separate 
ones; this is why it is called a "pair gain" system.  The remote terminal (RT) 
contains both the demultiplexing electronics as well as a small "SAI" type 
terminal block for connecting the pairs to distribution cables on the side 
of the path toward the subscriber.  Because the "feeder" is not a multipair 
cable but a digital link (ie. T-carrier), this arrangement is known as a 
"carrier-derived feeder."  The SAI part of the RT is used just like a normal 
SAI on the distribution side (BLUE), but the feeder side will be slightly 
different.  Carrier-derived feeders are always marked with YELLOW labels, and 
their pairs will be crossed over to distribution cables just like in an SAI. 
So, in order to access a pair in a system like this, you must do so on the 
DISTRIBUTION side, because you can't hook an analog test set to a 1.544 Mbps 
digital T-carrier line! (or worse yet, a fiber optic cable).  This may be 
difficult, because these cabinets are always locked (with few exceptions), so 
you'll have to find a terminal closer to the subscriber -- also be aware that 
many RT's are equipped with silent intrusion alarms.  Anyway, some common 
pair-gain systems are the Western Electric SLC-8, 40, 96, and GTE's MXU, 
ranging in size from 8 to over 96 lines.  RT cabinets can often be identified 
by the ventillation grilles (with or without a fan inside) which are not 
present on SAI's or other non-RT cabinets. 
 
                         ******************** 
 
----------------------------------- 
Aerial Distribution Splice Closure, 
       Drop Wire Splitter 
----------------------------------- 
 
        This terminal is the point where the individual cable pair for a 
certain subscriber is split from the F2 distribution cable and spliced onto 
an aerial drop or "messenger" wire which goes to the subscriber's premises. 
In an aerial distribution plant, 2 types of this terminal are common: 
 
1> Western Electric 49-type Ready Access Closure / Cable Terminal 
 
2> Western Electric 53A4, N-type Pole Mount Cable Terminals 
 
     ---------- 
 
Type 1>  The 49-type, 1A1, 1B1, and 1C1 closures are all functionally similar. 
         This terminal is a semi-rectangular closure, about 15"L x 3"W x 5"H, 
         usually black, which is connected directly to the aerial cable itself; 
         it is coaxial with the cable, so the cable passes straight through it. 
         It splits up to 12 pairs from the distribution cable to a small bin- 
         ding post terminal block inside the closure.  Aerial drop wires are 
         then connected to these binding posts, and the wires exit the term- 
         inal through holes on the bottom.  These wires are strung via strain 
         relief clamps on the pole down to the subscriber's site.  The terminal 
         closure is opened by pulling out and lifting either the whole cover 
         or the front panel after removing the cover fasteners on the bottom 
         and/or the sides (the closure is a thick neoprene cover over an alum- 
         inum frame).  Inside the case, there is a terminal block and there 
         may be some sort of loading coil as well.  The cable and this coil are 
         not openable, but the terminal block is.  Since the F2 pair terminates 
         in this closure, the F2 BP number (cable/assignment data) corresponds 
         to a binding post on this terminal block.  As mentioned earlier, this 
         terminal will also contain spare pairs, in case a subscriber wants 
         another line.  In order to use one of these pairs, you must either get 
         an F2 (and then F1) CP number from LAC using the BP, or you can put a 
         trace tone on the pair at the aerial closure and then locate the pair 
         at the SAI.  Then a cross-connect would have to be made to an active 
         F1 pair, and a drop wire (ughh) would have to be added back at the 
         aerial closure.  Anyway, both the binding posts as well as the holes 
         (inside + out) are numbered left to right, so you may not even have 
         to open the closure if you are just looking for an F2 BP number -- 
         just trace the drop wire from the house into the numbered hole on the 
         closure. The TErminal Address for the F2 is the address of the house 
         or premise closest to the pole near this closure.  These terminals 
         (esp. 1A1, etc) are also used for straight and branch splices for 
         aerial cables, so you may see one cable in / two out;  also, the 
         closure can be used for splicing only, so there may not be drop wires 
         (in this case, it wont be listed in LMOS because it is not a terminal 
         point).  There is generally one of these every pole near a quad of 
         houses or so, mounted on the cable about an arm's length from the 
         pole. 
 
Type 2>  Both the 53A4 and the N-type terminals serve the same function as 
         the 49-type just described, except they are used in situations where 
         there are more than 4 houses (8 lines, including provisional pairs). 
         This terminal is mounted directly on the pole, about a foot down from 
         the aerial cable.  It is not connected in line with the cable, so 
         there is no F2 splicing area in the cabinet (rather, a cable stub 
         comes from the terminal block and is spliced onto the span close to 
         where it touches the pole). It is about 22"H x 9"W x 4"D, rectan- 
         gular, and silver (unpainted).  The door is similar to that of a 40- 
         type cabinet, but it's much smaller; it is opened using a 7/16" tool 
         in the same manner as before, except that the door must be lifted 
         before it can be opened or closed.  In this way, the door slides down 
         on it's hinges when opened, so it locks in the open position and you 
         wont have to worry about it (especially nice because hanging onto a 
         pole is enough of a problem).  The terminal block can handle from 25 
         to 50 pairs, with 32 holes in the back for aerial drop wires.  Just 
         as in the Ready Access Closure, this is the F2 terminal, and the 
         numbered binding posts and holes correspond to F2 BP numbers.  The 
         TEA will be the address nearest the terminal (just as before).  This 
         terminal is common at the first pole on a street, on cul-de-sacs, 
         apartments, marinas & harbors, or anywhere there are many drop wires. 
 
Buried Distribution Cross Box and Other Pedestals 
------------------------------------------------- 
 
        This terminal serves the same function as the aerial closures, except 
it is used in areas with a buried distribution plant.  This cable assignment 
for this terminal will be the F2 terminal, and the BP numbers and TEA will 
be the same as for the aerial terminals.  Probably the most common cross-boxes 
are the PC4,6, and 12; these are around 50" tall by 4, 6, or 12" square respec- 
tively, and they are painted gray-green like SAI cabinets.  These are the 
smallest pedestals in the distribution plant, and they don't have doors (they 
look like waist-high square poles).  In order to open one of these pedestals, 
the two bolts on either side half way down the pedestal must be loosened with 
a 7/16 hex wrench; then the front cover can be lifted up, out, and off the 
rest of the closure.  These terminals are located generally near small groups 
of houses (up to about 12 lines usually) on the ground, often near other 
utility cabinets (such as electric power transformers, etc).  These are 
becoming more common as the new housing tracts use buried distribution plant. 
The F2 cable will enter as a cable stub, and it is split into service wires 
which go back underground to the subscribers. 
        All small pedestals are not necessarily the above type of terminal; 
these pedestal closures are often used for other purposes, such as splicing 
points in underground distribution, loading coil mounting, and even used as 
temporary wire storage containers.  If the terminal contains a terminal 
block or it is a significant point on the line, however, it will be listed in 
LMOS.  An example of this is a distribution path found by Mark Tabas in a 
Mountain Bell area --  there was a small PC12-type closure on the ground near 
a street in a remote suburb, and it was serving as a terminal point for a 
whole F1 cable.  It was listed as the F1 terminal, and it was at the right 
TEA; however, there was no terminal block because it was a splicing point 
(just a bunch of pairs connected with Scotchlok plastic connectors which are 
hung on a bar in the pedestal closure), so LMOS had no BP number.  Instead, 
a color code was listed (see appendix) for the pair in the splice.  Anyway, 
the WHOLE F1 went up to an N-type closure on a pole and was split into drop 
wires. 
 
-------------------------------------- 
Multi-Line Building Entrance Terminals 
-------------------------------------- 
 
        This terminal takes the aerial drop or service wires and cross-connects 
them over to the Inside Wire (IW) in the subscriber's building (hotels, busi- 
nesses, etc).  There are many different types of terminal blocks for this 
terminal, although by far the most common is the Western Electric 66 block. 
The 66-type terminal uses a block of metal clips; the wire is pushed onto the 
clip with a punch-down tool which also strips the wire.  The block is divided 
into horizontal rows which can have from 2 to over 6 clips each.  Since each 
row group terminates one pair, two rows are needed for x-connect, one on top of 
the other.  The service or drop wire usually enters on the left, and the 
inside wire is connected to the far right.  In order to locate a pair, usually 
you can visually trace either the service wire or the inside wire to the 
block, and often the inside wire side wil be numbered or labelled with an 
address, phone number, etc.  It is also possible for this terminal to serve 
as an F2 terminal point, if there are a lot of lines.  In this case, LMOS will 
list the TEA usually with some physical direction as to where to find it. The 
left side will then be numbered as F2 BP's. This terminal is also the demarca- 
tion point which separates the customer's equipment from the telco's.  The new 
terminals often have an RJ-21 connector on the service wire side, such as a 
25-pair for PABX or a Bell 1A2 Key, etc.  There are also "maintenance termina- 
ting units" (MTU) which are electronic units connected to the line(s) at the 
entrance protector; these are sometimes seen in some telcos.  Basically, they 
provide functions such as party ANI on multi-party lines, remote disconnect 
(for testing or (click!) non-payment), or half ringers (the most common -- 
they prevent ringing continuity failures on switches like ESS when there are 
no phones hooked to the line when it rings).  MTU terminals are often locked. 
 
Single Pair Station Protector 
----------------------------- 
 
        There's really not much to say about this terminal.  Basically, it 
takes the service or drop wire and connects it to the inside wire in a single 
line residence (houses with 2 lines will have 2 of these).  These are at every 
house on an outside wall or basement, and there are two main types: the Western 
Electric 123 (with a "150-type" rubber cover), and the old WE 305 and new AT&T 
200 Network interface (metal and plastic, respectively). These terminals have 
one binding post pair and they will have either gas discharge tubes or carbon 
blocks to protect the line from lightning or excess current.  Obviously, there 
is no BP number (you just have to visually trace the drop wire to find the 
protector). This is also the demarcation point marking the end of the telco's 
responsibility, as well as the end of our tour. 
 
                         ******************** 
 
Bell System Standard Color Code      Use: 
-----------------------------------        Take the #, and find it's closest 
Pair #             Tip        Ring   multiple of 5.  Use that number to find 
-----------------------------------  the Tip color, and the remainder to find 
 01-05           White      Blue    the Ring color (remainder 0 = Slate). 
 06-10           Red        Orange  (e.g. Pair #1 = White/Brown, Pair #14 = 
 11-15           Black      Green    Black/Brown, Pair #24 = Violet/Brown). 
 16-20           Yellow     Brown 
 21-25           Violet     Slate 
 
Usually if a color code is needed (such as in a splice case) you can get it 
from LAC or the testboard; if it's really essential, it will be in LMOS as 
well.  This color code is also used a lot on cable ties (usually with white 
stripes and ring colors only), although these are often used randomly. 
 
--------- 
Test Sets 
--------- 
        This is the "right hand" of both the professional and the amatuer 
lineman.  Basically, it is a customized portable telephone which is designed 
to be hooked onto raw cable terminals in the field and used to monitor the 
line, talk, or dial out.  The monitor function is usually the main difference 
between the "butt-in" test set and the normal phone.  If you don't have a 
real test set already, the following circuit can convert a normal $4 made-in- 
taiwan phone into a working test set.  The "all-in-one" handset units without 
bases are the best (I tend to like QUIK's and GTE Flip Phone II's). Anyway- 
 
OFFICIAL Agent 04 Generic Test Set Modification (tm) 
 
  Ring >---------------------------------> to "test set" phone 
   Tip >------!  SPST Switch    !--------> 
              !-----/ ----------! 
>from         !-------/!/!/!/!--!    C = 0.22 uF  200 WVDC Mylar 
cable pair    !   C       R     !    R = 10 kOhm 1/2 W 
(alligators)  !--! (------------! SPST = Talk / Monitor 
 
        When SPST is closed, you are in talk mode; when you lift the switch- 
hook on the "test set" phone, you will get a dial tone as if you were a 
standard extension of the line you are on.  You will be able to dial out and 
receive calls.  When the SPST is opened, the resistor and capacitor are no 
longer shunted, and they become part of the telephone circuit.  When you lift 
the switchhook on the test set, you will not receive dial tone, due to the fact 
that the cap blocks DC, and the resistor passes less than 4 mA nominally (far 
below the amount necessary to saturate the supervisory ferrod on ESS or close 
the line relay on any other switch).  However, you will be able to silently 
monitor all audio on the line.  The cap reactance + the phone's impedance 
insure that you won't cut the signal too much on the phone line, which might 
cause a noticeable change (..expedite the shock force, SOMEONE'S ON MY LINE!!). 
It's also good to have a VOM handy when working outside to rapidly check for 
active lines or supervision states.  Also, you can buy test equipment from 
these companies: 
 
Techni Tool - 5 Apollo Road, Box 368. Plymouth Meeting, PA. 19462. 
Specialized Products Company - 2117 W. Walnut Hill Lane, Irving, TX. 75229. 
 
                         ******************** 
 
        I am not going to include a disclaimer, because a true communications 
hobbyist does not abuse nor does he tamper with something he doesn't under- 
stand.  This article is intended as a reference guide for responsible people. 
 
        Also, this article was written mainly from first-hand experience and 
information gained from maintenance technicians, test boards, as well as 
technical literature, so it is as accurate as possible.  Keep in mind that 
it is mainly centered upon the area served by Pacific Telephone, so there may 
be some differences in the loop plant of your area.  I would be happy to 
answer the questions of anyone interested, so feel free to contact me c/o the 
Technical Journal regarding anything in this article or on related topics such 
as ESS, loop electronics, telephone surveillance / countersurveillance, etc. 
I hope the article was informative. 
 
-------------------------------- 
 
Written by:       Phucked 
                    Agent 
                       04 
 
             The Legion Of Doom! 
 
-------------------------------- 
 
Please - Por Favor - Bitte - Veuillez! 
** Do not edit, abridge, fold, spindle, or mutilate. 
 
(>---------------------------------------------------------------------------<) 
 The Legion of Doom/Legion of Hackers Telenet Directory 
 
1987 Version 
 
Contributors: ANI-Failure, Doom Prophet, The Leftist, Lex Luthor,  
              The Mentor, Necron 99, Phase Jitter, Prime Suspect. 
 
Contact: The Phoenix Project in 512. 
 
+-------+------------+--------------------------------------------------------+ 
|ADDRESS|OS/COMP TYPE| SYSNAME/OWNER/RESPONSE/COMMENTS/ETC.                   | 
+-------+------------+--------------------------------------------------------+ 
|20101 $|            | 
|20114  |            | NJIT Electronic Information Exchange System (EIES) 
|20115  |            | NJIT Electronic Information Exchange System (EIES) 
|20120  |  IBM VM/370| 
|20125  |            | NJIT Electronic Information Exchange System (EIES) 
|20128  |  TOPS-10   | NDC - SYSTEM: 
|20130  |  TOPS-10   | NDC - SYSTEM: 
|20131 $|  VAX/VMS   | 
|20132  |            | Dunn & Bradstreet 
|20133  |  Burroughs | Running CANDE Operating System 
|20134 $|  19.4.9    | Primenet MWH 
|20135 $|  Prime     | (Version 18.2) 
|20136  |  IBM VTAM  | 
|20140  |  VM - TSO  | CPC Corporate Data Center (Englewood Cliffs NJ) 
|20142  |            | "RDS #12 USER#" Remote Data Switch NJ Bell 
|20151 $|  19.4.7    | Primenet USCG.B 
|20153  |            | Colgate's IICS 
|20155 $|  19.4.7    | Primenet USCG.B 
|20159  |  19.4.10.R7| Primenet PBN31 
|20166 $|  19.3.7    | Primenet SYS001 
|20167  |            | Warner Computer Systems 
|20168  |            | Warner Computer Systems 
|20171  |            | "RDS #6 USER#" Remote Data Switch NJ Bell 
|20180  |  VAX/VMS   | Agent Service Center 
|20182  |            | Bankers Trust Customer Service 
|20183  |            | Bankers Trust Customer Service 
|20188  |            | Dunn & Bradstreet Systems 
|20189  |  IBM VM/370| Prushare 
|201133 |            | 
|201137 |  HP-3000   | 
|201139 |            | Chem Network DTSS Release 13 
|201169 |  Unix 4.2  | thumper 
|201171 |  IBM VTAM  | NET001 
|201172 |  IBM VTAM  | NET002 
|201200 |            | D & B Systems 
|201201 |            | D & B Systems 
|201220 |  VAX/VMS   | Investment Technologies Computer Center 
|201230 |  20.2.0    | Primenet NYMCS 
|201242 |            | D & B Systems 
|201243 |            | D & B Systems 
|201244 |            | D & B Systems 
|201245 |            | D & B Systems 
|201246 |            | D & B Systems 
|201252$|  19.4.6    | Primenet BOR 
|201255 |            | Primecom network 18-4X System 48 
|201256 |            | Primecom network 18-4Q System 49 
|201259 |  VAX/VMS   | 
|201334 |  P-E       | "Reliance sign on screen" 
|201346 |  IBM       | 
|201350 |  Honeywell | "$$50 Device Type Identifier" 
|201431 |  VAX/VMS   | SYS 31 
|201436 |            | Primecom Network System 36 
|437-448|            | Primecom Network System 37 to 48 respectively 
|201449 |            | Primecom Network System 49 
+-------+------------+--------------------------------------------------------+ 
|20210  |  Prime     | 
|20230  |  IBM       | EDS Timesharing 
|20232  |  IBM       | EDS Timesharing 
|20234  |            | "User Number--  Help-phone 313-556-1574" 
|20236 $|            | "Network sign-on failed: sign-on command expected" 
|20243 $|  DG AOS/VS | 
|20249  |  IBM TCAM  | "Enter system ID:" 
|20299  |  TOPS-20   | The Information Service 
|202108 |  Multics   | "Channel c.h126000 Please login:" 
|202109 |  TOPS-20   | The Information Service 
|202115$|            | 
|202126 |            | 
|202127 |  IBM       | EDS Timesharing 
|202129 |            | 
|202131 |            | USER#-- 
|202138$|  Port Sel. | Gallaudet Computer Services Network 
|202139$|  TOPS-10   | TRI-SMP 
|202140$|  TOPS-10   | TRI-SMP 
|202141 |  VAX/VMS   | Telenet International Info System 
|202142 |            | Telemail 
|202144$|  TOPS-20   | TRI-SMP 
|202156$|  VAX/VMS   | American Psychiatric Association 
|202201 |            | Compuserve 
|202202 |            | Compuserve 
|202205 |            | GM Parts FPL 
|202206 |            | GM Parts FPL 
|202214 |  19.4.5    | Primenet SPA 
|202218 |  19.4.11   | Primenet GEC 
|202224 |            | Gm Parts FPC 
|202618 |            | Compumark Search System 
+-------+------------+--------------------------------------------------------+ 
|20321 $|  Port Sel. | "Enter Class" 
|20322  |  IBM VM/370| Midd 3081 
|20328  |  IBM VM/370| Midd 3081 
|20334 $|            | 
|20359  |  Port Sel. | Perkin-Elmer Data Network 
|20364 $|            | 
|20366  |            | "Login Please:" 
|20373  |  VAX/VMS   | VCC C&P Occupational Health System 
|203155$|  VAX/VMS   | 
+-------+------------+--------------------------------------------------------+ 
|20520 $|            | 
|20530 $|  DG AOS/VS | 
|20531  |  DG AOS/VS | 
|20532 $|  DG AOS/VS | R08F01D01A 
|20534 $|            | 
|20536 $|            | 
|20537 $|  DG AOS/VS | R08F01D03A U.S. Forestry Service 
|20545 $|  DG AOS/VS | R08F01D04A U.S. Forestry Service 
+-------+------------+--------------------------------------------------------+ 
|20620 $|  HP-3000   | Boeing 
|20630 $|  HP-3000   | Boeing 
|20638 $|  DG AOS/VS | 
|20640 $|  19.4.6.R9 | Primenet P850 
|20665  |  20.1.1D   | Primenet OAD 
|20672  |  Port Sel. | University of Washington 
|206112 |            | DOE Online 
|206158 |  Port Sel. | BCS Network 
+-------+------------+--------------------------------------------------------+ 
|20820 $|  DG AOS/VS | 
|20822 $|  DG AOS/VS | R04F15D02A 
|20830 $|  DG AOS/VS | R04F02A 
|20833 $|            | 
|20837 $|  DG AOS/VS | 
|20843 $|  DG AOS/VS | 
+-------+------------+--------------------------------------------------------+ 
|21221  |  19.4.9    | Primenet SYSA 
|21223  |  22-33     | CitiCash Manager (C/C/M) 
|21225 $|  TOPS-20   | Landart Systems Inc. 
|21230  |  Prime     | 
|21232  |            | "Service id=" 
|21235  |  LAN       | IBISM Electronic Village 
|21240  |            | Wilsonline 
|21241  |  30-03     | C/C/M 
|21243  |  05-35     | C/C/M Int'l 3 
|21244  |  10-29     | C/C/M Int'l 4 
|21250 $|            | "Channel 09/041 IBFS?" 
|21252 $|  20.0.4    | Primenet SYSA 
|21255  |  03-39     | C/C/M Int'l 2 
|21256  |  22-33     | C/C/M 
|21258  |            | 
|21259  |  VMS 4.3   | Office Automation System 
|21260  |  17-41     | C/C/M 
|21261  |  25-13     | C/C/M 
|21262  |  25-25     | C/C/M 
|21264  |  28-37     | C/C/M Int'l 1 
|21265  |  03-39     | C/C/M Int'l 2 
|21266  |            | "Welcome" 
|21267  |  05-37     | C/C/M Int'l 3 
|21268  |  10-29     | C/C/M 
|21269  |            | 
|21270  |  VM - TSO  | Using the "Top Secret" Security Package 
|21278  |  26-37     | C/C/M Int'l 7 
|21279  |            | "Enter ID:" 
|21282  |            | Bankers Trust Customer Service 
|21286 $|  TOPS-20   | BTSHARE 
|21287  |  04-38     | C/C/M Int'l 6 
|21289  |  RSTS V7.08| IFI CITI 
|21290  |  26-40     | C/C/M Int'l 7 
|212112 |  IBM VM/370| 
|212126$|  Port Sel. | American Express Corporate Info Systems 
|212131 |  IBM VM/370| 
|212133$|  VAX/VMS   | TOBAS New York System 
|212137 |  20.2.0    | Primenet NY60 
|212141 |            | Telemail 
|212142 |            | Telemail 
|212145 |  VAX/VMS   | Office Information Systems 
|212146 |  VAX/VMS   | Office Information Systems 
|212148 |            | "Enter ID:" 
|212151 |  28-36     | C/C/M Int'l 1 
|212152 |  VAX/VMS   | 
|212167$|  20.1      | Primenet MPISBS 
|212169 |  04-39     | C/C/M Int'l 6 
|212170$|            | 
|212173 |  IBM TSO   | Brown Brothers Harriman Communications System 
|212179$|  Prime     | 
|212191 |            | "Welcome" (Citibank) 
|212197$|  TOPS-20   | BTShare SYS B 
|212200 |            | 
|212224$|            | Global Electronic Mail Service (GEMS) 
|212262 |  19.4.0    | Primenet SAL.19 VNY 
|212269 |  VAX/VMS   | 
|212279$|            | 
|212281 |            | CitiCash Manager 
|212282 |            | CitiCash Manager 
|212315$|            | 
|212316$|            | 
|212322$|  IBM       | 
|212328 |            | "ENTER IDENTIFICATION:" 
|212338$|            | 
|212340$|  Prime     | 
|212341$|  Prime     | 
|212344$|            | 
|212350$|            | 
|212371 |  VAX/VMS   | 
|212374 |  VAX/VMS   | Business Systems Node NY01 
|212446$|  VAX/VMS   | The Dais Group 
+-------+------------+--------------------------------------------------------+ 
|21321  |  19.5      | Primenet Q8 
|21322  |  Unix      | Interactive System 3 
|21323  |  Unix      | Interactive System 3 
|21330 $|  IBM TSO   | L.E.B. 
|21333  |  IBM TSO   | (Running ACF2) 
|21335  |            | Marketron Research And Sales 
|21339 $|  Port Sel. | USC - ECL Port Selector 
|21344  |  IBM TSO   | SDC/ORBIT Database (Using "ACF2" Sec pkge) 
|21348 $|  Port Sel. | USC - ECL Port Selector 
|21370  |            | XCC-West System X2 
|21372  |            | XCC-West System X3 
|21373  |            | XCC-West System X1 
|21384  |  Port Sel. | (MICOM 600) 
|21385  |  Port Sel. | (MICOM 600) 
|21388  |  19.4.2.1CS| Primenet MSCOST 
|213102 |  20.0.3    | Primenet TRWE.A 
|213105 |  19.4.11   | Primenet MD.WSO 
|213130 |  19.3.7.R4 | Primenet P751 
|213143$|            | 
|213146$|            | 
|213150 |  19.4.3    | Primenet MD.IRV 
|213170 |            | Dialog 
|213219$|  VAX/VMS   | California Tech. Physics Vax 
|213236 |            | Dialog 
|213245 |  Port Sel. | Litton Computer Services 
|213253 |            | Xplex Cluster Controller 
|213255$|            | 
|213668 |  TOPS-20   | 
|213717 |            | TransAmerica Financial Systems and Concepts 
|213765 |  IBM TSO   | Ralph M. Parsons Network 
+-------+------------+--------------------------------------------------------+ 
|21442  |  Prime     | DNA Online 
|21444  |            | Marathon 
|21456  |  20.1.1a   | Primenet BOWSER 
|21460  |  HP-3000   | Welecome to the 68B HP-3000 Computer System 
|21469  |            | 
|21471  |  FB.3.3    | Primenet FASBAC 
|21472  |  IBM TSO   | UCC  (Running "ACF2" Security Package.) 
|21475  |  Univac    | UCC 
|21477  |  Univac    | UCCEL FASBAC 
|214110 |            | FAST-TAX - MARATHON - The Long Distance Runner 
|214149 |            | FAST-TAX - MARATHON - The Long Distance Runner 
|214156 |  HP-3000   | Welcome to the 68B HP-3000 Computer System 
|214176 |  19.2      | Primenet UCCEL FASBAC 
|214607 |  HP-3000   | Welcome to the 68B HP-3000 Computer System 
|214626 |  RT-11     | CTSRTS-E1 (DIBOL) 
+-------+------------+--------------------------------------------------------+ 
|21501  |  Prime     | Newsnet (Save as C NET) 
|21505  |            | 
|21531 $|  VAX/VMS   | VAX V05 
|21532 $|  DG AOS/VS | 
|21535 $|  IBM TSO   | IMS America 
|21536  |  IBM TSO   | IMS America 
|21537  |  IBM TSO   | IMS America 
|21540  |            | VU/TEXT (Same as C VUTEXT) 
|21545  |  IBM TSO   | IMS America 
|21549  |            | Easynet  The Knowledge Gateway 
|21554 $|            | 
|21556  |            | GTE Telenet Async to 3270 Service 
|21566  |            | Newsnet (Save as C NET) 
|21567 $|  IBM       | "Command Unrecognized" 
|215121 |  IBM VM/370| TPF&C Online-Phila 
+-------+------------+--------------------------------------------------------+ 
|21630  |            | "DCS001 Please Signon" 
|21632  |            | "DCS001 Please Signon" 
|21638  |  VMS 4.3   | Timken Corp. 
|21651 $|  HP-3000   | 
|21652  |  HP-3000   | 
|21654  |  19.2.12   | Primenet TRWIAE 
|21665  |  18.3      | Primenet LIPA 
|21666  |  18.3      | Primenet LIPA 
|21679  |  HP-3000   | 
|216140 |            | 
+-------+------------+--------------------------------------------------------+ 
|21725  |  Cyber NOS | U of Illinois 
|21726  |  Unix      | U of I Computing Services 
|21732  |  Cyber NOS | U of I - ALL ACCOUNTS (300 Baud only) 
|21735  |  VAX/VMS   | NCSAVMSB (VAX 11/785) 
|21736  |  Cyber NOS | U of I - ALL ACCOUNTS (1200 Baud only) 
|21740 $|            | 
|21741 $|  19.3.12.X8| Primenet SPRFLD 
|21742 $|            | 
+-------+------------+--------------------------------------------------------+ 
|21830 $|  DG AOS/VS | 
|21831 $|  DG AOS/VS | 
|21838 $|  DG AOS/VS | 
|21841 $|  DG AOS/VS | 
|21845 $|  DG AOS/VS | 
|21853 $|  DG AOS/VS | 
|21856 $|  DG AOS/VS | 
|21868 $|  DG AOS/VS | 
|21875 $|  DG AOS/VS | 
+-------+------------+--------------------------------------------------------+ 
|30120  |  IBM TSO   | National Library of Medicine 
|30121 $|            | NASA Recon 
|30122 $|  Multics   | Dockmaster 
|30123 $|  IBM       | Cross System Communication 
|30124  |            | Source System 10 
|30126  |  Prime     | DNA MD1 Online 
|30128  |            | Source System 13 
|30131  |  19.1.6    | Primenet SYS750 
|30133  |  SYS/32 VOS| United Communciations Computer Services Group 
|30135  |  Unix 4.3  | nlm-vax 
|30136  |            | 
|30138  |            | Source System 11 
|30139 $|            | CASE Communications 
|30145  |            | General Electric 
|30147  |            | Source System 12 
|30148  |            | Sourc% 5^.]em 15 
|30149  |            | Source System 14 
|30152 $|  Prime     | 
|30154  |  LAN       | GOULD Local Area Network 
|30157  |  Burroughs | Gannet Publishing (USA Today) 
|30158  |  Prime     | CDA Online Services 
|30165 $|  SYS/32 VOS| United Communications Computer Services Group 
|301150$|  VAX/VMS   | 
|301157$|  VAX/VMS   | VAX 780 ECRUOS Hose Co. 
|301170$|  SYS/32 VOS| United Communications Computer Services Group 
|301635$|  Port Sel. | University of Maryland 
+-------+------------+--------------------------------------------------------+ 
|30323  |  Prime     | 
|30325  |  RSTS V7.2 | C. R. C. 
|30334  |            | 
|30338  |  20.0.4.R6 | Primenet SL 
|30344  |  CDC Cyber | 
|30350  |  DG AOS/VS | 
|30354  |  DG AOS/VS | 
|30357  |  20.0.4.R2 | Primenet DENVER 
|30358  |            | Interactive Systems PAD 
|30360 $|  DG AOS/VS | 
|30361 $|  DG AOS/VS | 
|30362 $|  DG AOS/VS | 
|30364 $|  DG AOS/VS | 
|30365  |  Burroughs | Network Session (B7900 using Cande op/sys) 
|30366 $|  DG AOS/VS | 
|30369 $|  DG AOS/VS | 
|30375 $|            | "Incorrect Locations ID" 
|30378  |  DG AOS/VS | 
|303100 |  IBM       | "Enter SW Characters" 
|303114$|            | 
|303115$|            | 
|303116$|            | 
|303130 |  DG AOS/VS | 
|303131 |            | Petroleum Information Network 
|303133 |  VAX/VMS   | 
|303134 |  TOPS-20   | SoftSearch Network B 
|303135$|  CDC Cyber | Colorado State University 
|303136 |  HP-3000   | 
|303138 |  DG AOS/VS | 
|303140 |            | Watney Network Services Unit  Colorado Springs 
|303145 |  DG AOS/VS | 
|303146 |  DG AOS/VS | 
|303148 |  DG AOS/VS | 
|303149$|            | "Incorrect Locations ID" 
|303151 |  DG AOS/VS | 
|303164 |  DG AOS/VS | 
|303201 |  DG AOS/VS | 
|303250 |  DG AOS/VS | 
|303260 |  VAX/VMS   | 
|303270 |  20.2.0    | Primenet MD.DEN 
|303271 |  19.4.5    | Primenet CS.BUS 
+-------+------------+--------------------------------------------------------+ 
|30504  |  IBM       | Martin Marietta 
|30520  |  HP-3000   | FDP   ADV1 SYS#14 
|30522  |  HP-3000   | FDP   PEN2 SYS#7 
|30523  |            | 
|30529  |  HP-3000   | FDP   PEN4 SYSY#9 
|30537  |  VAX/VMS   | 
|30556$ |            | 
|30559  |            | "LOGON" 
|30563  |  HP-3000   | FDP 
|30573  |  HP-3000   | 
|30578  |            | Cybernet/system B  Coral Gables, Florida 
|30579  |            | Cybernet/system D  Coral Gables, Florida 
|30584  |            | 
|305129 |  HP-3000   | 
|305136 |  HP-3000   | 
|305137 |  HP-3000   | 
|305138 |  HP-3000   | 
|305139 |  HP-3000   | 
|305140 |            | "Invalid Command" 
|305148 |            | 
|305149 |  HP-3000   | 
|305159 |            | VU/TEXT Please Sign On (Same as C VUTEXT) 
|305160 |            | Cybernetics System C 
|305161 |            | Cybernetics System A 
|305162 |            | Cybernetics System D 
|305164 |            | Cybernetics System D 
|305165 |            | Cybernetics System B 
|305166 |            | CSI Timesharing 
|305167 |            | CSI Timesharing 
!305168 |            | Cybernetics System B 
|305169 |            | Cybernetics System C 
|305172 |            | Cybernetics System B 
|305226 |            | Cybernetics System D 
|305239 |  IBM VM/370| 
|305248 |  VAX/VMS   | 
|305262$|            | 
|305273 |            | Viewtron 
|305276 |  VAX/VMS   | 
|305644 |            | "305140H Connected" 
+-------+------------+--------------------------------------------------------+ 
|31230  |            | "Service ID=" 
|31231  |  TOPS-10   | C.I.C. Timesharing 
|31235  |  IBM VTAM  | 
|31236  |  Port Sel. | U of Chicago computer center (Ganalf PACX 2000) 
|31241  |            | C.I.C. Central Library Chicago 
|31242 $|  RSTS V7.2 | Travenol SYSA 
|31243 $|  RSTS V7.2 | Travenol SYSA 
|31244 $|  RSTS V8.07| Travenol SYSA 
|31246 $|            | "Request in violation of system security standards" 
|31249  |            | American Hospital Supplies Corp. 
|31250  |            | American Hospital Supplies Corp. 
|31265  |  IBM TSO   | 
|31270  |            | People/Link 
|312120 |  IBM       | TIME Inc. Chicago Datacenter 
|312121 |            | TIME Inc. "Command:" 
|312131 |  IBM VM/370| 
|312142 |  HP-3000   | 
|312150 |            | "Enter Subscriber ID" OAG 
|312159 |            | "Enter Subscriber ID" OAG 
|312160 |            | 
|312161 |            | 
|312162 |            | 
|312163 |            | "PORT = $X25F00 #VC01  USERID:?" 
|312170$|  VAX/VMS   | SKVAX2 
|312199 |            | 
|312219 |            | Collision estimating system (TWX) 
|312222 |            | "PORT = $X25F00 #VC01  USERID:?" 
|312225 |  Honeywell | "$$ 50 Device Type ID" 
|312227 |            | "PORT = $X25F00 #VC01  USERID:?" 
|312230 |            | 
|312231 |  VM - TSO  | Continental Can Company 
|312233 |            | "PORT = $X25Y00 #VC01  USER ID?" 
|312235 |            | "PORT = $X25Y00 #VC01  USER ID?" 
|312236 |            | "Please re-enter logon proceedure" 
|312237 |  IBM       | 
|312239$|  IBM TSO   | 
|312257 |            | "ID:   Password" 
|312258 |  20.0.4    | Primenet SAM 
|312266 |  RSX-11    | 
|312267 |  HP-3000   | 
|312270 |            | 
|312275 |  19.4.5    | Primenet MD.CHI 
|312276 |  19.4.2    | Primenet MD.LP1 
|312626 |            | Keycom-A C00 
|312629 |            | Keycom-B C00 
|312632 |  IBM VM/370| 
|312633 |  IBM VM/370| 
|312645 |  VAX/VMS   | 
+-------+------------+--------------------------------------------------------+ 
|31325  |            | Comshare 
|31340  |            | ADP Network (Type "AID") 
|31341  |            | ADP Network (Type "AID") 
|31350  |            | Collision Estimating System 
|31370  |  TOPS-20   | GM Timesharing 
|31374  |  TOPS-20   | GM Timesharing 
|31382  |  VM - TSO  | FEP009 - Multi System 
|31383  |  VM - TSO  | FEP009 - Multi System 
|313119 |            | "Port=$X25600 #VC09" 
|313120 |            | "Port=$X25600 #VC09" 
|313131 |            | "USER NUMBER--    Help Fone: 313-556-0216" 
|313133 |            | "Enter Access Code" 
|313134 |  19.4.9    | Primenet SYSA 
|313160 |            | "Port=$X25600 #VC09" 
|313161 |            | "Port=$X25600 #VC09" 
|313162 |            | "Port=$X25600 #VC09" 
|313163 |            | "Port=$X25600 #VC09" 
|313164 |            | VU/TEXT 
|313170 |            | C.A.S.C. Network "Enter Signon" 
|313172 |            | Ollie CPF1107 "Password required for workstation" 
|313202 |  Port Sel. | %MERIT: X25 (DT88:TX00:TI700) 
|313255 |  Multics   | "Channel b.h12800" 
|313256 |  Honeywell | "$$ 50 Device Type ID" 
|313257$|            | 
|313365 |            | 
|313366 |  Port Sel. | Timeshare Network 
|313367 |  Multics   | "Channel b.h10800 Please login" 
|313370 |   20.0.3   | Primenet MD.DET 
|313371 |   20.2.1   | Primenet CS.DET 
|313372 |   19.4.9   | Primenet MD.DATA 
|313373 |   20.0.3   | Primenet PTCDET 
|313376 |   20.0.4   | Primenet MD.DAC 
+-------+------------+--------------------------------------------------------+ 
|31435 $|  DG AOS/VS | 
|314100 |            | WU Medical Computing Dataswitch 
|314150$|            | 
+-------+------------+--------------------------------------------------------+ 
|31520  |            | "Enter System ID" B=BRS  T=VM/CMS 
|31550 $|  IBM VTAM  | Simware 
+-------+------------+--------------------------------------------------------+ 
|31730 $|            | "ID  Incorrect Location ID" 
|31731 $|            | 
|31735  |            | purdue.arpa 
|31736  |  VAX/VMS   | 
|31738 $|            | 
+-------+------------+--------------------------------------------------------+ 
|40125  |  20.1      | Primenet LSIS 
|401612 |  Unix      | Modem City 
+-------+------------+--------------------------------------------------------+ 
|40420  |            | SITENET (Same as C SIT) 
|40427  |  20.0.3.R5 | Primenet EMA1 
|40433 $|  DG AOS/VS | 
|40435 $|  DG AOS/VS | R08F03D02A 
|40436 $|  DG AOS/VS | S29L01A 
|40437 $|  DG AOS/VS | R08F03A 
|40439 $|  DG AOS/VS | S29L02A 
|40451  |  Gateway   | Schering Plough Corp. 
|40457  |            | 
|40459  |            | 
|40460  |  RSTS V8.0 | Computone 
|40462  |  Unix 4.3  | emoryu2 
|40463  |  IBM       | "Invalid sw characters" 
|40464  |            | Martin Marietta Sim 3270 
|40477  |            | 
|40479  |            | "40455E Connected" 
|404130$|  HP-3000   | 
|404153 |            | 
|404161$|            | 
|404162 |            | 
|404166$|            | 
|404174 |            | "Welcome to Coin Support" 
|404193 |            | ACRONET 
|404220 |  19.4.11   | Primenet MD.ATL 
|404221 |  19.4.10.R4| Primenet FNP.AT 
|404230$|            | 
|404248 |            | 
|404249 |            | 
|404256 |            | 
+-------+------------+--------------------------------------------------------+ 
|40634  |  DG AOS/VS | 
|40636  |  DG AOS/VS | 
|40637  |  DG AOS/VS | 
|40640  |  DG AOS/VS | 
|40647  |  DG AOS/VS | 
|406125$|            | 
+-------+------------+--------------------------------------------------------+ 
|40843  |            | "Enter Destination sub-address (DN):" 
|40845 $|            | 
|40848 $|            | 
|40849 $|            | 
|40850  |            | ibm-sj.arpa  San Jose 
|40858  |  VAX/VMS   | Welcome to SOMA 
|408100 |            | 
|408121$|            | 
|408125 |  HP-3000   | 
|408133 |  LAN       | Sun Micro System's X.25 Gateway 
|408134$|            | 
|408139$|  CDC       | 
|408146$|  CDC       | 
|408149$|            | 
|408154 |  19.4.11   | Primenet IVAN 
|408157 |  Unix      | Pyramid Technology Dual Port osx 
|408159 |  VAX/VMS   | 
|408171$|            | 
|408235 |  DG AOS/VS | Global Weather Dynamics - MV2 
|408238$|            | 
|408605 |  HP-3000   | Office Automation 
|408629 |            | "Welcome to the new data switch" 
+-------+------------+--------------------------------------------------------+ 
|41220  |  Port Sel. | MSA PGH Communications Network 
|41222  |  IBM TSO   | (Running ACF2) 
|41223  |  IBM TSO   | (Running ACF2) 
|41230  |  Port Sel. | Channel 04 - connected - Enter Class 
|41247  |  IBM TSO   | 
| 48-52 |  IBM TSO   | 
|41255  |            | "invalid command" 
|41268 $|  DG AOS/VS | R09F21D01A 
|412172 |            | 
|412173$|  CDC Cyber | USX PGH Service Center 
|412262 |  20.0.4    | Primenet PITTCS 
|412264 |  19.4.9    | Primenet MD.PIT 
|412670 |  Port Sel. | Carnegie-Mellon University Micom-A 
|412671 |  Port Sel. | Carnegie-Mellon University Micom-B 
|412672 |  Port Sel. | C.M.U. Multi-System Network A-Z 
|412703 |            | The Meccon Network 
|412704 |  IBM       | (Running ACF2) 
|412706 |  IBM       | (Running ACF2) 
+-------+------------+--------------------------------------------------------+ 
|41321 $|            | (type TW81) DFH READY 
+-------+------------+--------------------------------------------------------+ 
|41431 $|  DG AOS/VS | R09F10A 
|41434 $|            | 
|41435 $|            | 
|41436  |  DG AOS/VS | R09F10D05A 
|41438 $|            | 
|41443 $|            | "ID" 
|41444  |            | Welcome  Type Service Identifier 
|41450  |  VAX/VMS   | Allen-Bradley CTD1 
+-------+------------+--------------------------------------------------------+ 
|41507  |  HP-3000   | .admin .a 
|41520  |           | Dialog 
|41527  |  IBM 3033A | Stanford Data Center (SYS A) 
|41530  |            | 
|41532  |  IBM VM/370| 
|41533  |  IBM VM/370| 
|41534  |  DG AOS/VS | 
|41537  |  HP-3000   | CASTOR 
|41538  |  HP-3000   | POLLUX 
|41539  |  RSX-11    | 
|41545 $|  19.2.17   | Primenet CESSF 
|41548  |            | Dialog 
|41549  |            | Dialog 
|41550 $|            | "Network (BUR) terminal must sign-on" 
|41553  |  VMS 3.5   | 
|41557 $|            | "Network (BUR) terminal must sign-on" 
|41559  |  19.2.11   | Primenet MD.NWR 
|41560  |            | Leasametric 
|41566 $|            | 
|41567 $|            | "Network (BUR) terminal must sign-on" 
|41574 $|  DG AOS/VS | 
|41575  |  20.2.1    | Primenet MD.SCV 
|41577  |  20.2.0    | Primenet RS.WC 
|41578  |  19.2.11   | Primenet MD.SAC 
|41579  |  19.4.2.R11| Primenet MD.SFO 
|41580 $|  Systar Elf| Harper Group Information Network 
|41585  |  19.1.1    | Primenet COUR 
|415111 |  Burroughs | RCC Palo Alto B7800 (348) 
|415120$|  IBM VTAM  | USS-10 Please Sign On: 
|415124 |            | "Enter Session Establishment Request:" 
|415125 |            | "Enter Session Establishment Request:" 
|415130$|  DG AOS/VS | R05A 
|415131$|  DG AOS/VS | R05F14A 
|415133 |            | hplabst.arpa  San Jose 
|415138$|            | 
|415140 |  19.3.4    | Primenet ROSCOA 
|415154$|            | 
|415157 |  VAX/VMS   | VAX Node One 
|415158 |  Systar Elf| ESPRIT DE CORP Info System 
|415164$|  DG AOS/VS | S27A 
|415166 |  IBM VM/370| "Enter System ID" (Type V for VM/370) 
|415167 |  19.4.3    | Primenet VESTEK 
|415168$|            | 
|415169$|  DG AOS/VS | R05F14D58A 
|415175 |  HP-3000   | 
|415233 |  DG AOS/VS | Berkely Solar Group 
|415234 |  HP-3000   | 
|415242 |  VAX/VMS   | 
|415254 |  IBM VM/370| "Enter System ID" (Type V for VM/370) 
|415257 |  IBM TSO   | (Running ACF2) 
|415258 |  IBM TSO   | (Running ACF2) 
|415260 |  19.3.6    | Primenet CORP1 
+-------+------------+--------------------------------------------------------+ 
|50335 $|  DG AOS/VS | R06F12D07A 
|50340 $|  DG AOS/VS | R06F12D01A 
|50345 $|  DG AOS/VS | R06F16D02A 
|50371 $|  DG AOS/VS | R06F01A 
|50373 $|  DG AOS/VS | R06F18D04A 
|50374 $|            | 
|50375  |            | "Please Sign On" 
|50376  |  DG AOS/VS | R06F07A 
|50377  |  DG AOS/VS | R06F18D03A 
|50378  |  DG AOS/VS | R06F01D01A 
+-------+------------+--------------------------------------------------------+ 
|50420 $|            | 
|50431 $|            | "ID  Incorrect Location ID" 
|50433 $|  DG AOS/VS | R008F07D14A 
|50436 $|            | 
|50437 $|  DG AOS/VS | R08F07D14A 
|50438 $|            | 
|50444 $|            | 
|50445 $|  DG AOS/VS | R08F06D05A 
|50446 $|  20.0.4.R2 | Primenet BROUGE 
|50450 $|  DG AOS/VS | R08F06D04A 
+-------+------------+--------------------------------------------------------+ 
|50530 $|  DG AOS/VS | R03A 
|50540 $|  DG AOS/VS | R03F06A 
|50560 $|            | 
|50570 $|            | 
|50575 $|            | 
+-------+------------+--------------------------------------------------------+ 
|50921  |  19.1.1    | Primenet AIS 
|50926 $|  DG AOS/VS | R06F17D07A 
|50927 $|            | 
|50931 $|            | 
|50932 $|            | 
|50933 $|            | 
|50934 $|            | 
|50935 $|            | 
+-------+------------+--------------------------------------------------------+ 
|51250 $|            | AHSC (American High School CXXX) 
+-------+------------+--------------------------------------------------------+ 
|51330  |            | Lexis/Nexis 
|51331  |  Port Sel. | Meadnet 
|51337 $|  19.4.8.GE9| Primenet E03 
|51350 $|  HP-3000   | 
|51351 $|  HP-3000   | 
+-------+------------+--------------------------------------------------------+ 
|51530  |            | Lexis/Nexis 
+-------+------------+--------------------------------------------------------+ 
|51630  |  VAX/VMS   | New York Institute of Technology Node Office:: 
|51635  |            | CCI Multilink Services 
|516140$|            | TDK Electronics Corp. 
|516200 |  VAX/VMS   | "909 208 Connected" Telenet INFO System 
|516201 |  VAX/VMS   | "909 208 Connected" Telenet INFO System 
|516601$|  TOPS-20   | Contel Business Networks, N.A.C. 
|516610 |  19.3.6    | Primenet P550 
|516620 |            | S.W.I.F.T. GLOBAL 
|516622 |            | VTI NYK 
|516623 |            | VTI NYK 
|516624 |            | VTI NYK  VITEL SAV978447 
|516625 |  VAX/VMS   | 
+-------+------------+--------------------------------------------------------+ 
|51729  |  RSTS      | Scientific CC 
|51730  |  IBM TSO   | 
|51731  |  IBM TSO   | 
|51740 $|            | 
+-------+------------+-------------------------------------------------------+ 
|51830  |            | "USS MGG10 MHP201A UPK06X01 * Version 4 * Application 
|51831  |            | "USS MGG10 MHP201A UPK06X01 * Version 4 * Application 
|51835  |            | "USS MGG10 MHP201A UPK06X01 * Version 4 * Application 
|518601 |  VAX/VMS   | <SYSTEM PASSWORD INSTALLED> 
|518617 |            | IAS Program Dev. Metcalf & Eddy Engineering Computing 
+-------+------------+--------------------------------------------------------+ 
|60333 $|  DG AOS/VS | 
|60336 $|            | 
|60340 $|  VAX/VMS   | 
|60346  |            | "User Number--" 
|60352  |  Gateway   | DEC Easynet X.29/DECnet Gateway 
|60353  |  IBM VM/370| TELUS Proposal System - Chubb Securities 
|60354  |  IBM VM/370| TELUS CMSSEG - System Name 
|60366  |            | "User Number--" 
|603605 |  VAX/VMS   | 
+-------+------------+--------------------------------------------------------+ 
|60733  |  IBM VM/370| 
|60734  |  IBM VM/370| 
|60744  |  IBM VM/370| "Enter System ID" (Type B for VM/370) 
|60745  |  IBM VM/370| "Enter System ID" (Type B for VM/370) 
|60767  |  IBM VM/370| Cornell Computer Services 
+-------+------------+--------------------------------------------------------+ 
|60921  |  IBM VM/370| CIGMA Corporate Network  (Type VM then LOGON) 
|60922  |            | "!!SUYHK!!" 
|60923 $|  Port Sel. | P.C.C. (1=TOPS-20) 
|60925  |            | CIGMA Corporate Network 
|60938  |  IBM VM/370| (Running ACF2) 
|60942  |            | Dow Jones 
|60963 $|            | "XXX" 
|60968 $|            | "XXX" 
|60977  |  IBM VM/370| 
|60978  |  IBM VM/370| 
|609100 |  Prime     | 
|609138 |  19.4.11   | Primenet PRINCE 
|609230 |            | "909 849 Connected" 
|609242 |            | Dow Jones 
+-------+------------+--------------------------------------------------------+ 
|61223  |            | Westlaw 
|61236  |  TOPS-10   | A.C. Nielson Information Center 
|61237  |            | Westlaw 
|61239  |            | Westlaw 
|61241  |  TOPS-10   | A.C. Nielson Information Center 
|61246 $|  Port Sel. | 
|61252 $|  Prime     | 
|61256  |            | Westlaw 
|61257  |            | Westlaw 
|61262  |            | Westlaw 
|61276  |            | Westlaw 
|612135 |  VAX/VMS   | 
+-------+------------+--------------------------------------------------------+ 
|61421  |            | STN INTL 
|61430  |            | "ID  Incorrect Location ID" 
|61431  |            | STN INTL 
|61433  |  19.4.5.R7 | Primenet SYSC 
|61442  |  DG AOS/VS | 
|61444  |  Prime     | "Good Evening" 
|61445  |  Prime     | "Good Evening" 
|61447  |  Prime     | "Good Evening" 
|61448  |  Prime     | "Good Evening" 
|61449  |  HP-3000   | 
+-------+------------+--------------------------------------------------------+ 
|61641 $|            | 
|61642  |            | Telenet Async to 3270 Service 
|61643A |            | Telenet Async to 3270 Service 
|61650  |  Port Sel. | 
|61660  |            | 
|61661  |            | "Incompatable Destination" 
+-------+------------+--------------------------------------------------------+ 
|61720  |  19.4.11.A | Primenet PBN27 
|61722  |  19.4.11.A | Primenet BDSD 
|61723 $|  RSX-11    | 
|61724  |  Port Sel. | "ts=tso i=interact v=vm" 
|61730 $|  LAN       | GTE-LAN  GS/1> 
|61737  |  19.4.11.A | Primenet BDSH 
|61738 $|            | BBN-TC-TELNET 
|61746 $|  19.2.7F   | Primenet BDSS 
|61747 $|  Port Sel. | "HOST:" 
|61748  |  Prime     | IRI System 4 
|61749  |  19.4.11.A | Primenet OASD 
|61750 $|  19.4.11.A | Primenet BDSP 
|61751 $|  VAX/VMS   | 
|61761  |  IBM TSO   | 
|61763  |  Prime     | IRI System 3 
|61764 $|  19.4.11.A | Primenet ALLYN 
|61767  |  Prime     | IRI System 1 
|61772  |  Prime     | IRI System 2 
|61778 $|  20.2.0    | Primenet MD.D 
|61784 $|  LAN       | Marlboro HPS/C Software Engineering  X28SRV 
|617114$|  20.2.0    | Primenet MD.B 
|617115 |  20.2.0    | Primenet TRNG.E 
|617119 |  Port Sel. | "Enter i=irving t=test w=interact c=idmsdc" 
|617127$|  RSX-11    | 
|617130 |  Honeywell | "$$ 00 * Datanet8 DNS 2.6" 
|617133 |            | Weather Services International (WSI) 
|617135$|  VAX/VMS   | Arthur D. Little Inc. 
|617137 |  IBM VM/370| 
|617138 |  Multics   | Massachusetts  Institute of Technology 
|617143 |  IBM VM/370| IDC 
|617148 |  19.4.11.A | Primenet OASQ 
|617151$|  IBM TSO   | "Enter logon or )aplogon" (Running ACF2) 
|617152 |  IBM TSO   | (Running ACF2) 
|617153 |  Unix 4.2  | (csnet-relay) 
|617158 |  19.4.11.A | Primenet BDSW 
|617160 |  19.4.8    | Primenet S38 
|617163$|  19.4.2.R3 | Primenet BARBIE 
|617164 |  Gateway   | Systar Corporation Gateway/GTE Sylvania Gateway 
|617169 |  19.4.11.A | Primenet PBN36 
|617191 |  Prime     | IRI System 5 
|617196 |  Port Sel. | Yankee Data Communications Network 
|617200$|  VAX/VMS   | Joint Computer Facility Vax 
|617226 |  IBM VM/SP | IRI System 6 
|617230 |  IBM VM/370| 
|617239 |  Prime     | 
|617255 |  19.4.11.A | Primenet PBN43 
|617256 |            | MGH Teaching Supervisor 
|617270 |  VAX/VMS   | 
|617272$|            | "Incorrect Location ID" 
|617275$|  LAN       | BBN TC-TELNET  Address 192.1.2.11 
|617315$|  19.2.7F   | Primenet BDSP 
|617338$|  DG AOS/VS | Shawmut Bank Of Boston  MV10A 
|617343 |  VAX/VMS   | Sylvania Lighting Center Engineering Comp. & Math Dept. 
|617350 |  19.2.7F   | Primenet PBN39 
|617351 |  19.4.11.A | Primenet BDSU 
|617352$|  19.4.11.A | Primenet OASB 
|617353 |  19.4.11.A | Primenet PBN34 
|617361$|  VMS 4.3   | DECnet Node3  Information Services Cluster 
|617380 |  19.4.8    | Primenet L01 
|617381 |  19.3.7    | Primenet P01 
|617382 |  19.4.8    | Primenet Y01 
|617383 |  19.3.7    | Primenet H02 
|617384 |  19.4.8    | Primenet V01 
|617385 |  19.3.7    | Primenet R01 
|617387 |  19.3.7    | Primenet B01 
|617403 |  Prime     | 
|617443 |  IDC/370   | 
|617446 |  19.4.10.R4| Primenet ENO 
|617510 |  20.2.0    | Primenet EN.C06 
|617512 |  19.4.11.A | Primenet EN.C19 
|617516 |  19.4.11.A | Primenet PBN38 
|617525 |  Prime     | IRI System 8 
|617551 |  19.4.10   | Primenet CSP-A 
|617552 |  Prime     | 
|617554 |  19.4.11.A | Primenet PBN29 
|617558 |  20.2.0    | Primenet CS9950 
|617559 |  19.4.5    | Primenet EN.C02 
|617560 |  19.4.11.A | Primenet BDSN 
|617562 |  19.4.11.A | Primenet BDSZ 
|617563 |  Prime     | 
|617564 |  20.0.4    | Primenet MD.NE 
|617566 |  20.2.0    | Primenet MF.NPL 
|617568 |  19.4.11.A | Primenet CASI 
|617572 |  19.4.10   | Primenet S59 
|617587 |  19.4.3    | Primenet TR.SCH 
|617592 |  19.4.5.E4 | Primenet CS 
|617605$|  DG AOS/VS | Shawmut Bank of Boston 
|617609 |  VAX/VMS   | Xyplex CC8 Controller (Type Connect) Waltham Comp. 
|617611$|  Unix 4.2  | (sh.cs.net) 
|617613$|  TOPS-10   | NIH - Prophet  Node DNA 
|617614$|            | 
|617622 |  Unix 4.3  | (media-lab.mit.edu) 
|617637 |  IBM VM/370| 
|617638 |  IBM VM/370| MIT-VM 
|617641 |  DG AOS/VS | Timeplace, Inc. 
|617644$|  DG AOS/VS | Shawmut Bank of Boston 
|617645 |            | 
|617663 |  IBM TSO   | "PCI Please enter logon DFH2001" 
|617735 |            | GTE Telenet Async 3270 Service  Norton Corporate Network 
+-------+------------+--------------------------------------------------------+ 
|61931 $|  OS/32     | Terminal Monitor 08-02 Beta  San Diego 
|61941  |  IBM VM/370| 
|61943 $|  HP-3000   | 
+-------+------------+--------------------------------------------------------+ 
|70320  |  DG AOS/VS | R09F21D04A 
|70321  |  DG AOS/VS | R09F21D05A 
|70330  |  DG AOS/VS | R08F08A 
|70333  |  DG AOS/VS | R08F14A 
|70340  |  VAX/VMS   | Gannet News Media Services 
|70341  |  VAX/VMS   | 
|70343  |  UNIX      | DCA-EMS C70UNIX 
|70344  |  DG AOS/VS | AOS Project HOPE - MV10 System 
|70346  |  UNIX      | DCA-EMS C70UNIX 
|70357  |  Port Sel. | "Select Service" (Wylbur, PCI, CMS, TSO) 
|70368 $|  DG AOS/VS | R08F08D02A 
|70370 $|  DG AOS/VS | R08F08D03A 
|70371 $|  DG AOS/VS | R08F08D05A 
|70372 $|  DG AOS/VS | R08F14D05A 
|70374  |  TOPS-20   | AAMSHARE Remote Computing Services 
|703101 |            | "Please Login" ADNET 
|703102 |            | "Please Login" ADNET 
+-------+------------+--------------------------------------------------------+ 
|70430  |  19.4.7    | Primenet JONES 
|70460 $|  DG AOS/VS | 
+-------+------------+--------------------------------------------------------+ 
|71115  |  Prime     | GTCNET 
|71116  |            | 
+-------+------------+--------------------------------------------------------+ 
|71325 $|  TOPS-20   | 
|71329 $|  Port Sel. | M.E.I. Systems 
|71334 $|  18.3.175  | Primenet GVC 
|71347  |  DG AOS/VS | Dresser Magcobar 
|71353 $|  IBM TSO   | Hou..D. Tenneco Inc. (ACF2) 
|71354 $|  IBM TSO   | Hou..D. Tenneco Inc. (ACF2) 
|71355 $|  IBM VM/370| Tenneco Corporate VM Systems (ACF2) 
|71356 $|  IBM VM/370| Tenneco Corporate VM Systems (ACF2) 
|71357  |  IBM       | (Running ACF2) 
|71359 $|  DG AOS    | 
|71365  |            | "ERR-Invalid Action Code" 
|71369  |            | "ERR-Invalid Action Code" 
|71386 $|  IBM MVS/SP| Tenneco MVS/SP System (ACF2) 
|713170 |  20.2.1    | Primenet MD.HOU 
|713171 |  20.2.1    | Primenet CS.HOU 
|713172 |  19.4.5    | Primenet IR.HOU 
|713173 |  19.4.5    | Primenet MD.AUS 
|713176 |  20.2.0    | Primenet TRNG.D 
|713196 |  19.4.2.R  | Primenet PREVS1 
+-------+------------+--------------------------------------------------------+ 
|71430 $|  HP-3000   | 
|71438 $|  19.4.2    | Primenet SYS1  PacTel Mobile Companies 
|71441 $|  DG AOS/VS | R05F 
|71448  |  19.3.3    | Primenet TWCALF 
|71449  |  Port Sel. | "Service ID:" 
|71455 $|  HP-3000   | 
|71472  |  19.4.9    | Primenet FSCOPE 
|714123$|  HP-3000   | 
|714142 |  HP-3000   | 
|714143 |            | 
|714606 |  HP-3000   | 
|714608 |            | "Select:" 
+-------+------------+--------------------------------------------------------+ 
|71625  |  Burroughs | 
|71641  |  VAX/VMS   | 
|716605 |  IBM       | Bausch & Lomb Data Center 
+-------+------------+--------------------------------------------------------+ 
|71730 $|            | 
|71731 $|            | 
|71732 $|            | 
|71733 $|            | 
|71734 $|            | 
+-------+------------+--------------------------------------------------------+ 
|80125  |            | Wasatch Security Services Timeshare 
|80126  |  Unix 4.1  | Berkeley Wasatch System VAX/UNIX BSD 4.1 
|80144 $|  DG AOS/VS | 
|80149 $|            | 
|80150 $|  DG AOS/VS | S22A 
|80154 $|  VAX/VMS   | 
|80160 $|  DG AOS/VS | 
|80162 $|            | 
|80165 $|  DG AOS/VS | 
+-------+------------+--------------------------------------------------------+ 
|80423  |  Port sel. | Babcock and Wilcox Computer Center 
|80424  |  Port sel. | Babcock and Wilcox Computer Center 
|80435  |  VAX/VMS   | 
|80460 $|            | "ID  Incorrect Location ID" 
|80461 $|            | 
|80462 $|            | 
+-------+------------+--------------------------------------------------------+ 
|80530 $|  DG AOS/VS | R05F07D55A 
|80550  |  VAX/VMS   | 
|80551  |  VAX/VMS   | 
|80558 $|  HP-3000   | 
|80560 $|            | 
|80561 $|            | 
|80562 $|            | 
|80563 $|            | 
|80564 $|            | 
|80565 $|            | 
+-------+------------+--------------------------------------------------------+ 
|80850  |            | ">>" 
|80855  |            | "ID ?" 
|80865  |            | "ID ?" 
|80870  |            | ">>" 
|80885  |            | "ID ?" 
|80895  |            | "ID ?" 
|808500 |  HP-3000   | 
+-------+------------+--------------------------------------------------------+ 
|81230 $|  DG AOS/VS | R09F11A 
+-------+------------+--------------------------------------------------------+ 
|81331 $|  IBM VM/370| 
|81335  |  19.4.5    | Primenet S9750 
|81343  |  Honeywell | "$$ Device Type Identifier:" (Type A1) 
|81352 $|  TOPS-20   | Price Waterhouse Timesharing 
|81353 $|  TOPS-20   | Price Waterhouse Timesharing 
|81355 $|            | Price Waterhouse System 
|81359 $|            | 
|81360  |            | 
|81365  |            | 
|81373  |  IBM VM/370| 
|81374  |  Honeywell | "$$ Device Type Identifier:" (Type A1) 
|81377  |            | "MCS: Transaction "" is not recognized(205) 
|813132$|  IBM VM/370| 
|813140 |            | IBM Information Network (3270 Emulation only) 
|813143 |            | IBM Information Network (ASCII Emulation) 
|813144 |  Honeywell | 
|813160 |  VAX/VMS   | 
|813170 |            | "Access Code:" 
|813172 |            | IBM Information Network (ASCII) 
|813255$|            | "Security Subsystem  Please enter your security code" 
|813620 |  IBM VM/370| 
+-------+------------+--------------------------------------------------------+ 
|81450  |  19.4.8    | Primenet SYSA 
+-------+------------+--------------------------------------------------------+ 
|81634  |            | 
|81636  |            | 
|81644 $|  DG AOS/VS | R09F05D22A 
|81645 $|            | 
|81657 $|            | 
|81658 $|            | 
|81659 $|            | 
|81690  |  TOPS-20   | AMCI - Kansas City (SAME AS C AMC) 
+-------+------------+--------------------------------------------------------+ 
|90160 $|            | 
|901651 |  Gateway   | Schering Plough Corporation  Systar Corp. Gateway 
|901652 |  Gateway   | Schering Plough Corporation  Systar Corp. Gateway 
+-------+------------+--------------------------------------------------------+ 
|90445 $|  DG AOS/VS | 
|90449  |  VAX/VMS   | Alliance Mortgage Automated Communication System 
|90450 $|  DG AOS/VS | 
|90451  |  IBM       | "Command Uncrecognized" 
+-------+------------+--------------------------------------------------------+ 
|90995  |            | Telemail 
|909761 |            | Telemail 
+-------+------------+--------------------------------------------------------+ 
|91433  |  IBM VM/370| (Running ACF2) 
|91438 $|  IBM VM/370| 
|91441 $|  IBM VM/370| 
|91442 $|            | "ZAN0001 com-plete is active" 
|91456  |            | 
|914247 |  VAX/VMS   | Pergamon Infoline 
+-------+------------+--------------------------------------------------------+ 
|91655  |  19.4.10   | Primenet FIMSAC 
|916607 |  Unix      | 
+-------+------------+--------------------------------------------------------+ 
|91830 $|            | "ID  Incorrect Location ID" 
|91831 $|  DG AOS/VS | R08F09D06A 
|91870 $|  DG AOS/VS | 
+-------+------------+--------------------------------------------------------+ 
|91930  |  IBM       | "Please reenter logon line" 
|91931  |  IBM       | "Please reenter logon line" 
|91932  |  IBM       | 
|91933 $|            | 
|91943  |  IBM VM/370| "Enter System ID" (Type 'd') 
|91946  |  IBM VM/370| "Enter System ID" (Type 'd' 'j' 'v' 'r' 'p') 
+-------+------------+--------------------------------------------------------+ 
 
UNINET HOSTS AVAILABLE ON TELENET: 
 
______________________________________________________________________________ 
|C APPLE    | Ultrix V1.2 |                                                   | 
|C BOEING   | Unix        | 
|C PRIME    | 19.4.9      | Primenet SYS750 
|C AMC      | TOPS-20 V5.1| AMCI - Kansas City 
|C SUMEX    | TOPS-20 V6.1| Stanford University 
|C INFO     | TOPS-20     | 
|C EIES     |             | NJIT Electronic Information Exchange System 
|C FSU      | CDC Cyber   | Florida State University Cyber Network 
|C ESC      | SYS/32 VOS  | United Computer Services Group 
|C ITS      | SYS/32 VOS  | United Computer Services Group 
|C SIS      |             | Scientific Information Services 
|C NETWORK  |             | AAMNET 
|C ADNET    |             | ADNET 
|C OLS      |             | OLS System 3 
|C CMS      |             | "Enter a for astra" 
|C COS      |             | "Enter a for astra" 
|C NSF      |             | "Access to this address not permitted" 
|C SPR      |             | UIS Supra 
|C VUTEXT   |             | VUTEXT Services 
|C MAIL     |             | Telemail 
|C TELEX    |             | Telemail 
|C NET      |             | Newsnet 
|C SIT      |             | Sitenet 
|C DOW      |             | Dow Jones 
|C CIS      | TOPS-20     | The Information Service 
|C DELPHI   | VAX/VMS     | Delphi Computer services 
|C S10 - S19| Prime       | Source System 10 to Source System 19 Respectively 
|C WELL     |             | The Well Mail Service 
|C BLUE     |             | 
|C K3C      |             | 
|C COM     *|             | 
|C OAG     *|             | Official Airlines Guide 
|C DIR     *|             | 
|C ABJ     *|             | 
|C AFS     *|             | 
|C CEN     *|             | 
|C KCI     *|             | 
|___________|_____________|___________________________________________________| 
 
'*' at end of UNINET host name signifies system temporarily out of service. 
'$' at end of address signifies 'will not accept collect connection' thus, you 
need a 'Telenet ID' or some other means to connect to the system. 
Any addresses responding with "Rejecting" or "Not Operating", are temporarily 
down.  ALL above addresses were working as of the date of update. 
 
 
Definitions of abbreviations: 
 
DG - Data General 
P-E - Perkin-Elmer 
AOS - Advanced Operating System (DG) 
ACF2 - Access Control Facility 2, Software Security Package for IBM Mainframes. 
CICS - Customer Information Control System (IBM) 
TSO - Time Sharing Option (IBM) 
TOPS - Total OPerating System (DEC) 
RSTS/E - Resource System Time Sharing /Environment (DEC) 
Multics - O/S Made by Honeywell (no longer in production) 
CDC - Control Data Corporation (Makes CYBER Computers) 
LAN - Local Area Network 
Port Sel. - Port Selector - could be a MICOM, a PACX, or other which enables 
                            you to connect to various host systems. 
 
           Legion Of Hackers 
             Contributors: 
 
     Lex Luthor / Gary Seven (LOH) 
 
(>---------------------------------------------------------------------------<) 
 (>---------------------------------------------------------------------------<) 
The LOD/H Technical Journal: File #12 of 12 
 
 
                             Network News & Notes 
 
------------------------------------------------------------------------------- 
 
ISDN passes first real-world test (ComputerWorld, Nov. 24th, 1986) 
 
     After at least five years development work and prototyping on vendors' 
premises, the first operational Integrated Services Digital Network involving 
customer premises equipment was successfully tested. 
 
     In two initial tests, Arizona government officials transmitted both voice 
and data between their offices through a Northern Telecom, ISDN digital switch 
residing on Mountain Bell's Phoenix Central Office. 
 
     The trial offers participating vendors the opportunity "to evaluate ISDN 
technology and determine customer benefits outside the research lab". Customer 
premises equipment used in the trial is still in the prototype phase, however. 
No time frames for introducing commercial offerings were discussed. 
 
     In the first of two ISDN applications demonstrated at a news conference, 
Don Cline, Mountain Bell's Arizona VP and CEO, placed a five minute voice call 
at the Phoenix Civic Plaza to Arizona Secretary of State Rose Mofford and 
simultaneously transmitted a certificate commemorating the event.  The 
transmissions were handled by Northern Telecom's Meridian digital telephone 
sets and workstations and passed through a Northern Telecom DMS-100 ISDN 
switch as Mountain Bell's Phoenix CO. 
 
     In the second ISDN application an NCR  PC was used to access and alter a 
driver's record residing on an Amdahl 5850 host in the Motor Vehicles Division 
from two blocks away. 
 
     Sending both voice and data in digital form over the same twisted-pair 
telephone wiring is more reliable than analog communications and in the long 
run will save a lot of money. Workstations linked over an ISDN basic interface 
can be moved as easily as you can move telephones, as opposed to having to 
restring coaxial cable. 
 
------------------------------------------------------------------------------- 
 
Long-awaited McDonald's ISDN trial to start in two weeks (ComputerWorld 12-1) 
 
     During the second user-site ISDN trial, scheduled to begin Dec. 16, at 
least four rival communications equipment vendors will test whether their 
terminal interfaces conform closely enough to the telecommunications standard 
to communicate. 
 
     McDonalds's Corp, agreed more than two years ago to participate in the 
trial, which is sponsored by Ameritech divested BOC Illinois Bell, because 
the fast-food giant wanted the emerging technology for its own use. 
 
     Slated to continue at least through early 1988, the trial ISDN network 
will link a variety of workstations and hosts at McDonalds headquarters located 
in Oak Brook, Ill., through a Northern Telecom DMS-100 ISDN switch residing at 
Illinois Bell's CO. 
 
     The company will start with 50 basic-rate digital subscriber lines and 
gradually ramp up to a projected 300 to 400 lines by the end of 1987. The 
basic interface defines two 64K bit/sec B channels and a separate 16K bit/sec 
D channel to carry data packets and signaling information. 
 
     All the products used in the trial are designed to communicate with AT&T's 
5ESS switch. While the basic ISDN interface is sufficiently well defined to 
permit different vendor's implementations to communicate, different vendors' 
CO switch products still retain software incompatibilities. 
 
     The way terminal adapters communicate via ISDN is still defined by the CO 
switch, terminals can be modified to communicate with either AT&T's or Northern 
Telecom's ISDN switch, but you can't just unplug a terminal and move it from 
one switch to the other. 
 
     Originally slated to be the first ISDN trail to begin operations, the 
project was delayed for approximately a month while AT&T finished implementing 
software on the 5ESS ISDN switch at Illinois Bell's CO. While the hardware used 
in AT&T's ISDN switch is commercial, the software is coming slowly. 
 
------------------------------------------------------------------------------- 
 
Growth forces split in 305 area code 
 
     Southern Bell announced that rapid growth will force them to split the 305 
area code in two, with Broward, Dade, and Monroe counties remaining 305 and 
Palm Beach County to Orlando becoming 407. "If we didn't make the split we'd 
literally run out of phone numbers". 
 
     The split is slated to take place in April 1988, making 407 Florida's 
fourth area code and the first new one in 23 years. 
 
------ 
 
  617 currently with 533 exchanges will be splitting off into 508 in 1988. 
  303 will be split with Denver remaining 303 and 719 will cover Colorado 
Springs. 
 
This leaves the following NPA's open: 708, 903, 908, 909, 917 
not including X10 where X is 4,6,7,8, and 9. 
 
------------------------------------------------------------------------------- 
 
  Secret Service Buys Telenet Network (Communications Week) 
 
     US Sprint Communications Corp's Telenet Communications Corp subsidiary 
has signed a $35 million multiyear contract to build a private data network 
for the US Secret Service. 
 
     The contract marks Telenet's first major private network coup in the 
highly competitive market of sensitive government communications. While 
telenet would not reveal the extensiveness of the network or its applications, 
the Secret Service acknowledges having 4,300 employees and about 100 locations 
in the United States. 
 
     Data transmission plays a significant role in the Secret Service's 
mandate, which beyond guarding the president includes the investigation of 
counterfeiting, securities and electronic funds transfer violations and credit 
card fraud. 
 
     Encryption or other security measures are expected to be employed in the 
new system, but telenet does not provide those functions. 
 
     In addition to its public network, Telenet has sold about 70 private 
networks, about 100 hybrid networks using public and private capabilities, and 
many hundreds of virtual private networks. 
 
     It will take more than a year to complete construction. 
 
------------------------------------------------------------------------------- 
 
     New Social Security Net (Communications News) 
 
     The US Social Security Administration will install new modems and 
diagnostic and control systems as part of a program to establish its Data 
Communications Utility Network, which covers 1500 offices in the US. 
 
     The new network will handle interactive Social Security claims processing. 
Equipment for this phase is being provided by Racal-Milgo in an $11 million 
contract. 
 
------------------------------------------------------------------------------- 
 
Allnet extends southward with big capacity purchase (Communications News) 
 
     Through the purchase of capacity from three providers, Allnet 
Communications Corporation has added 4,000 miles of fiber-optic route to its 
network. 
 
     In a $36 million deal, the company purchased capacity, in the southeastern 
US from Microtel, SouthernNet and Southland FiberNet. All three are members of 
the National Telecommunications Network. 
 
------------------------------------------------------------------------------- 
 
Southern Cal to link 11,000 users on net (Communications News) 
 
     The University of Southern California is in the process of establishing a 
$21.8 million University Communications Network that will link more than 11,000 
users throughout 185 buildings. 
 
     Voice and data will be transmitted over the network, which will use an 
AT&T System 85 PBX, a system of local-area networks, and an intercampus 
microwave network. 
 
     Approximately 12 miles of fiber-optic cable will be used to link 21 USC 
schools. The system will include 10 Information System Networks and 504 
Starlan networks. 
 
     The telecommunications project is scheduled for completion in March of 
1988. 
 
------------------------------------------------------------------------------ 
 
Dallas to use Cell System (Communications News) 
 
     The city of Dallas has begun a $2.9 million program to outfit personnel in 
various city departments with mobile cell roaming data communications systems. 
The network will consist of 545 Mobile Data International MDI 9031 mobile data 
terminals with the 8020 integral data radio, 20 6000 series hand-held portable 
data terminals, related base equipment and automatic zone transfer between six 
calls using 11 radio frequencies with frequent re-use. 
 
     Full roaming between the cell sites will be handled on a transparent basis 
to the operator. 
 
------------------------------------------------------------------------------- 
 
Singapore in Net Upgrade (Communications News) 
 
     The Republic of Singapore will install two digital international gateway 
exchanges as part of a total network upgrade program. 
 
     The Telecommunications Authority of Singapore and AT&T International will 
provide AT&T's 5ESS digital switch.  The company said this is the first 
application of the 5ESS as an international switching point. 
 
     The first switch will be handed to the authority in April of 1988 and the 
second in April of 1989. 
 
------------------------------------------------------------------------------- 
 
That's it for Network News & Notes, some of these articles may not be too 
interesting, but each has some significance as in interesting systems to 
hack, box, defeat or find more information about. If you know of any 
interesting news articles be sure to drop them in mail. 
 
  