_____________________________________________________________ |SNETT Phreaking/Telecommunications zine issue #1 April 2000 | | http://snett.crashcentral.com | |____________________________________________________________| "I hope that bum rots in jail, and you can quote me on that" - TheMobBoss "First we slap them around a bit, but the real fun happens later.. Its Amazing how much humiliation a person can take" -ACE, talking about how New people at Northern CT2600 meetings are treated. This issue is dedicated to A.Sleep (www.asleep.net www.ct2600.org) Fuck the MPAA! keep on fighting, brother. Kevin? Kevin who? --------------------------------------------------------------------------- S T A F F A C E- Editor and the guy who never leaves his house(j/k). mp3haven@crashcentral.com Icq# 32438208 AIM= ACEofSNETT b i g H- Editor and emotional support. bigh10@ct2600.org ICQ# 31731840 AIM= bigHofsnett Misty - Contributes a strange smell to all proceedings at SNETT headquarters. She can dance, too! Various Contributors- Content. (thats always a good thing) Note: We Welcome feedback. Send it. now. T H I S I S S U E ' S I N S P I R A T I O N S Music - Scooby Snacks, by the Fun Loving Criminals, and the knightrider theme. Abosolutely nothing - Charlton Heston, Ted Nugent, and these two people: 684-9807, 684-2600 p0rn - Intense Perversions, Volume #9, Terrors from the Clit Ignorance and Damnation- SNET, yeah, the one with only one T And finally, the Word Bonus. --------------------------------------------------------------------------- I N D E X 0. Disclaimer 1. Editors note (Editors note) by ACE 2. SNET AIN system/AIN primer (article) by bigH 3. An easy way to get telco numbers and tools with little risk (article) by ACE and bigH. 4. A few misc numbers to know (article) compiled by bigH 5. A Description of SNET, in there own words. 6. The History of the Telco Industry by Bob Stober, (article) as seen in Outside Plant Magazine. 7. The Basics of the The phone network by Bob Stober, (article) as seen in Outside Plant Magazine. 8. The Basics of Phone Security, making and breaking it. (article) by TheMobboss. 9. Aerial Enclosure Specifications. (Article) by ACE. 10. A conversation between Macki from 2600 and John Markoff (email) 11.The original Hawx log (humor / IRC log) by ACE 12. L I N K S ------------------------------------------------------------------------- 0. Disclaimer: Its a shame a disclaimer is necessary but people will sue ove almost anything these days, so here goes. This information is to be used for educational purposes only, and is all purely theoretical in nature. We do not assume any responsibility for any copyright infringments in this zine. Also, any information created by us for this zine is copyrighted, and action will be taken to the fullest extent of the law to ensure compliance. Blah Blah Blah. Now read the freaking thing. What are you doing reading this legal drivel anyway? ------------------------------------------------------------------------- 1. Editors Note: Welcome to the inaugural issue of the SNETT E-zine. Im thinking the first question youll probably ask is why yet ANOTHER zine? The answer is simple. There are no zines in Southern New England that focus entirely on phreaking- granted, the iirg has the excellent zine 'phantasy' but that particular zine covers a myriad of topics. We plan to focus 100% on telecommunications and phreaking in Southern New England. with occasional deviations for humor and amusement. I hope youll take the time to read through this issue, and form your own opinions, regardless of what you think about us personally.So bear with us through our first issue, and hopefully you wont be Dissapointed. We will certainly get better with time. One more thing: Dont fear the WTO, Echelon and such. Destroy them. ~ACE --------------------------------------------------------------------------- 2. Snet AIN (no not ANI) system by bigH from http://www.snet.com These are just some notes on an interestng service I came across called AIN. There is much more to this service below is just a quick overview. All material is copied directly from SNETs website http://www.snet.com. There are other similar services offered by other Telcos under the SS7 switch. ---AIN--- Features- Sub-Account Billing Area-Wide Centrex Incoming Call Routing AIN Screening Authorization Codes Account Codes Dialed Number Routing Telecommuting Single-Number Servic --Follow Me Service- Feature of AIN SNET Follow Me Service allows a customer to route incoming calls to different telephone numbers to accommodate the current location of the customer. This location could be another landline telephone, a cellular number, or a pager. To activate the service, the customer dials an access number to the ISCP and enters the number to be forwarded and a 4-digit PIN. When the PIN is verified, the customer enters the call- forward-to number. The customer can also receive incoming calls to the call-forward-to phone's listed number. To de-activate the service, the customer dials the access number, enters the number that was forwarded, a PIN, and a cancel code. This service is offered from SNET digital switches. For users who are not served from a digital switch or who do not have a personal number, we can provide a virtual number for Follow Me Service. With the maximum flexibility for forwarding calls provided by Follow-Me Service the customer is guaranteed that important calls are never missed and can be answered personally. Because the customer is not tied to one location to either activate or de-activate the forwarding, personal scheduling becomes easier and more flexible. --Disaster Recovery Service- Feature of AIN NET Disaster Recovery allows a customer to pre-establish an alternate routing plan for use in the event the customer's primary location is unable to receive incoming calls due to fire, PBX failure or a cable cut. The customer activates the alternate routing plan instantly by calling the Intelligent Service Control Point (using another phone) and entering a Personal Identification Number. When the disaster is over, the customer de-activates the alternate plan by calling the ISCP, entering a PIN and a cancel code. Because this feature uses the SSP functionality in the end office, it does not provide survivability in the event of an end office failure. --Wide Area Centrex- Feature of AIN- Multi-Location Extension Dialing enables station users at one Centrex location to call users at other company locations served by a different wire center by dialing only the extension number without the need for tie line facilities. This feature can be used in conjunction with Centrex features such as Call Transfer and Conference Calling. -Features of Centrex- Automatic Call Back Calling Direct Outward Dialing Call Forwarding, All Calls Distinctive Ringing Call Forward, Busy Line Identified Outward Toll Dialing Call Forward Don't Answer Speed Call Call Hold Station Hunting Call Pickup Station Line Restrictions Call Transfer (Including Outside) Station to Station Calling Call Waiting Three Way Calling Direct Inward Dialing Trunk Answer From Any Station ------------------------------------------------------------------------- 3. An Easy way to get Telco Numbers and tools with little risk, by bigH and ACE --Disclaimer-The Actions Described in this text are illegal and completely theoretical and should not be practiced. This text is for informational purposes only.-- This text will describe how one could profit from breaking into a bridging head a.k.a. serving area interface and taking certain items that are inside. The contents of this article can save you alot of scanning time (Although scanning can be very valuable), so read on. -What is a bridging head/serving area interface? In laymens terms theses are big green or teal boxes fastened to telephone poles or fastened to the ground. This is somewhat hard to describe so you can check out a pic at http://snett.crashcentral.com -How do I open the bridging head? Bridging heads are supposed to be locked, but usually are not. If it is locked with a pad lock use your imagination. If it is not locked, it will be held closed by a sunk in nut (aproximately 14mm).There is insufficent room to get a ratchet head or wrench into the slot, and onto the nut, so a flat rigid peice of metal, like a file, can be used to turn the bolt. -Im inside the bridging head but all I see is wires and and huge boards. Well these can be really useful (refer to ACEs beige box text at http://snett.crashcentral.com) but this is not what your looking for. At the top of the boards will be a 12mm nut. You will need a socket wrench with a 12mm socket and an extension for quickest and easiest removal of the board. (Socket sizes may differ according to area.) The nuts are located in the upper left and right corner of the board. Remove these and slowly lower the boards. Chains will catch and the boards will stay in place. Now your looking at the goods. -What should I leave behind? Three things you will probably find are a punching tool (used for adding lines) a plastic bag of clamps, and a plastic bag of rubber seals. These things are mostly useless and can be left in the bridging head unless you want some suveniers. There will also be coils of bridging wire on the doors. This could come in handy, but is not extremely valuable, its just a high guage wire. These things can be left behind if you choose to do so, use your own judgment. Remember you dont want to call too much attention to your looting. -What is valuable? Mainly you will be looking for paper. Any little piece of paper large or small. Stickers or anything typed or written on. Mainly you want work orders. These will contain many valuable numbers, CNAs, DATUs, Carrier Access Codes, and many test numbers that can be found on various documents located in the bridging head. Anything, including stickers, or any other paper is most likely valuable. The lineman leave these documents in the bridging heads for their convience so there is usually at least one in every bridging head. If you dont get lucky, you could try another one, and keep trying. Another item located in bridging heads is the telco test set. This is not often put in bridging heads, especially unlocked ones, but can be found. However, what you will mostly come across are documents with various test numbers. Explore your area, you'll probably come up with some good items. --------------------------------------------------------------------------- 4. A few misc numbers to know. (article) by ACE and bigH Note: ANI's and such change and die quickly. These may be dead, dont get pissed at us. 970 - an ani for Connecticut - works in Our area, try it out in yours. 1-800-487-9240 results confirmed seems to be in code an extremely useful ANI (Memorize, or carry with you) (800)692-6447 (800)MY-ANI-IS (another easy to memorize ANI) An non-800 ANAC that works nationwide is 404-988-9664. The one catch with this number is that it must be dialed with the AT&T Carrier Access Code 10732. Another non-800 nationwide ANAC is Glen Robert of Full Disclosure Magazine's number, 10555-1-708-356-9646. (Most of these work, but some need to be activated, and some only work in certain areas ) Service Tone Pulse/rotary Notes -------------------------------------------------------------------------- Assistance/Police *12 n/a [1] Cancel forwarding *30 n/a [C1] Automatic Forwarding *31 n/a [C1] Notify *32 n/a [C1] [2] Intercom Ring 1 (..) *51 1151 [3] Intercom Ring 2 (.._) *52 1152 [3] Intercom Ring 3 (._.) *53 1153 [3] Extension Hold *54 1154 [3] Call Redial *55 n/a Customer Originated Trace *57 1157 Selective Call Rejection *60 1160 (or Call Screen) Selective Distinct Alert *61 1161 Selective Call Acceptance *62 1162 Selective Call Forwarding *63 1163 ICLID Activation *65 1165 Call Return (outgoing) *66 1166 Number Display Blocking *67 1167 [4] Computer Access Restriction *68 1168 Call Return (incoming) *69 1169 Call Waiting disable *70 1170 [4] No Answer Call Transfer *71 1171 Usage Sensitive 3 way call *71 1171 Call Forwarding: start *72 or 72# 1172 Call Forwarding: cancel *73 or 73# 1173 Speed Calling (8 numbers) *74 or 74# 1174 Speed Calling (30 numbers) *75 or 75# 1175 Anonymous Call Rejection *77 1177 [5] [M: *58] Call Screen Disable *80 1160 (or Call Screen) [M: *50] Selective Distinct Disable *81 1161 [M: *51] Select. Acceptance Disable *82 1162 Select. Forwarding Disable *83 1163 [M: *53] ICLID Disable *85 1165 Call Return (cancel out) *86 1186 [6] [M: *56] Anon. Call Reject (cancel) *87 1187 [5] [M: *68] Call Return (cancel in) *89 1189 [6] [M: *59] Notes: [C1] - Means code used for Cellular One service [1] - for cellular in Pittsburgh, PA A/C 412 in some areas [2] - indicates that you are not local and maybe how to reach you [3] - found in Pac Bell territory; Intercom ring causes a distinctive ring to be generated on the current line; Hold keeps a call connected until another extension is picked up [4] - applied once before each call [5] - A.C.R. blocks calls from those who blocked Caller ID (used in C&P territory, for instance) [6] - cancels further return attempts [M: *xx] - alternate code used for MLVP (multi-line variety package) by Bellcore. It goes by different names in different RBOCs. In Bellsouth it is called Prestige. It is an arrangement of ESSEX like features for single or small multiple line groups. The reason for different codes for some features in MLVP is that call-pickup is *8 in MLVP so all *8x codes are reaasigned *5x CN/A: ----- CN/A, WHICH STANDS FOR CUSTOMER NAME AND ADDRESS, ARE BUREAUS THAT EXIST SO THAT AUTHORIZED BELL EMPLOYEES CAN FIND OUT THE NAME AND ADRESS OF ANY CUSTOMER IN THE BELL SYSTEM. ALL #'S ARE MAINTAINED ON IE INCLUDING UNLISTED #'S. HRE'S HOW IT WORKS: 1) YOU HAVE A # AND YOU WANT TO FIND OUT WHO OWNS IT, E.G. (914) 555-1234. 2) YOU LOOK UP THE CN/A # FOR THAT NPA IN THE LIST BELOW. IN THE EXAMPLE, THE NPA IS 914 AND THE CN/A # IS 518-471-8111. 3) YOU THEN CALL UP THE CN/A # (DURING BUSINESS HOURS) AND SAY SOMETHING LIKE, "HI, THIS IS JOHN JONES FROM THE RESIDENTIAL SERVICE CENTER IN MIAMI. CAN I HAVE THE CUSTOMER'S NAME AT 914-555-1234. THAT # IS 914-555-1234." MAKE UP YOUR OWN REAL SOUNDING NAME, THOUGH. 4) IF YOU SOUND NATURAL & CHEERY, THE OPERATOR WILL ASK NO QUESTIONS. HERE'S THE LIST: NPA CN/A # NPA CN/A # --- ------------ --- ------------ 201 201-676-7070 517 313-232-8690 202 202-384-9620 518 518-471-8111 203 203-789-6800 519 416-487-3641 204 ****N/A***** 601 601-961-0877 205 205-988-7000 602 303-232-2300 206 206-382-8000 603 617-787-2750 207 617-787-2750 604 604-432-2996 208 303-232-2300 605 402-345-0600 209 415-546-1341 606 502-583-2861 212 518-471-8111 607 518-471-8111 213 213-501-4144 608 414-424-5690 214 214-948-5731 609 201-676-7070 215 412-633-5600 612 402-345-0600 216 614-464-2345 613 416-487-3641 217 217-525-7000 614 614-464-2345 218 402-345-0600 615 615-373-5791 219 317-265-7027 616 313-223-8690 301 301-534-1168 617 617-787-2750 302 412-633-5600 618 217-525-7000 303 303-232-2300 701 402-345-0600 304 304-344-8041 702 415-546-1341 305 912-784-9111 703 804-747-1411 306 ****N/A***** 704 912-784-9111 307 303-232-2300 705 416-487-3641 308 402-345-0600 707 415-546-1341 309 217-525-7000 709 ****N/A***** 312 312-769-9600 712 402-345-0600 313 313-223-8690 713 713-658-1793 314 314-436-3321 714 213-995-0221 315 518-471-8111 715 414-424-5690 316 816-275-2782 716 518-471-8111 317 317-265-7027 717 412-633-5600 318 318-227-1551 801 303-232-2300 319 402-345-0600 802 617-787-2750 401 617-787-2750 803 912-784-9111 402 402-345-0600 804 804-747-1411 403 403-425-2652 805 415-546-1341 404 912-784-9111 806 512-828-2502 405 405-236-6121 807 416-487-3641 406 303-232-2300 808 212-226-5487 408 415-546-1341 BERMUDA ONLY 412 412-633-5600 809 212-334-4336 413 617-787-2750 812 317-265-7027 414 414-424-5690 813 813-228-7871 415 415-546-1132 814 412-633-5600 416 416-487-3641 815 217-525-7000 417 314-436-3321 816 816-275-2782 418 514-861-6391 817 214-948-5731 419 614-464-2345 819 514-861-6391 501 405-236-6121 901 615-373-5791 502 502-583-2861 902 902-421-4110 503 503-241-3440 903 ****N/A***** 504 504-245-5330 904 912-784-9111 505 303-232-2300 906 313-223-8690 506 506-657-3855 907 ****N/A***** 507 402-345-0600 912 912-784-9111 509 206-382-8000 913 816-275-2782 512 512-828-2501 914 518-471-8111 513 614-464-2345 915 512-828-2501 514 514-861-6391 916 415-546-1341 515 402-345-0600 918 405-236-6121 516 518-471-8111 919 912-784-9111 AT&T NEWSLINES: --------------- NEWSLINES ARE RECORDINGS THAT BELL EMPLOYEES CALL UP TO FIND OUT THE LATEST INFO ON STOCK, TECHNOLOGY, ETC. CONCERNING THE BELL SYSTEM. HERE ARE THE #'S THAT ARE CURRENTLY KNOWN TO PHREAKS (AT LEAST ME, ANYWAY): 201-483-3800 NJ 513-421-9060 OH 203-771-4920 CT 516-234-9914 NY 212-393-2151 NY 518-471-2272 NY 213-621-4141 CA 617-955-1111 MA 213-829-0111 CA (GTE) 702-789-6711 NV 213-449-8830 CA 713-224-6116 TX 312-368-8000 IL 714-238-1111 CA 313-223-7223 MI 717-255-5555 PA 314-247-5511 MO 717-787-1031 PA 408-493-5000 CA 802-955-1111 VE 412-633-3333 PA 808-533-4426 HI 414-678-3511 WI 813-223-5666 FL 416-929-4323 ONT. 914-948-8100 NY 503-228-6271 OR 916-480-8000 CA Note: this article compiled fom various sources --------------------------------------------------------------------------- 5. A description of SNET, in their own words, from snet.com SNET is a leading information, communication and entertainment company in Connecticut, offering a full range of wireline products including SNET All Distance service as well as wireless voice and data services, Internet access and cable TV. In the latest J.D. Power national customer satisfaction survey, SNET was ranked the number one long-distance company in America among mainstream users for the third straight year. SNET is a company of SBC Communications Inc. (www.sbc.com), a global communications leader. Through its trusted brands - Southwestern Bell, Ameritech, Pacific Bell, SBC Telecom, Nevada Bell, SNET and Cellular One - and world-class network, SBC provides local and long-distance phone service, wireless and data communications, paging, high-speed Internet access and messaging, cable and satellite television, security services and telecommunications equipment, as well as directory advertising and publishing. In the United States, the company currently has 87.3 million voice grade equivalent lines, 10.3 million wireless customers and is undertaking a national expansion program that will bring SBC service to an additional 30 markets. Internationally, SBC has telecommunications investments in 22 countries. With more than 200,000 employees, SBC is the 14th largest employer in the U.S., with annual revenues that rank it among the largest Fortune 500 companies. ACE's note: Scary, huh? --------------------------------------------------------------------------- 6. Chapter 1: History of the Telephone Industry Outside Plant Magazine January 2000 Choosing the event that has played the most significant role in the development of the telecommunications industry is difficult. Would it be the passing of the Communications Act of 1934? The breakup of the Bell System? Or the passage of the Telecommunications Act of 1996? Each played a major, major role. Initially, of course, there were the thousands of telephone companies vying for a position in the United States. Often, there were more than one in a particular city, and since interconnection between the companies was the exception rather than the rule, their customers would frequently have to subscribe to more than one; and, as a result, ended up with more than one telephone in their home or office. However, by the middle of the 20th century, some degree of stability had been achieved. The Bell System, under the tutelage of Theodore Vail, had been formed, and it controlled approximately 80% of the telephone service in this country. An agreement had been reached to allow all telephone companies to interconnect with the Bell System-controlled long-distance network. The Bell System, more properly known as American Telephone and Telegraph (AT&T), consisted of four major segments: the long-distance arm (frequently called Long Lines), the local Bell operating companies (26 of them), the manufacturing arm (Western Electric), and the R&D arm (Bell Labs). After a time, this organization raised eyebrows within the Department of Justice (DOJ); with this type of structure, there appeared to be just too much opportunity for abuse. And, indeed, the DOJ thought this was in fact the case and filed suit to break up the corporation. This suit was essentially unsuccessful, but the Justice Department remained diligent and again filed suit, this time in 1974. For the next several years, the suit dragged on at a snail's pace. But when Judge Harold H. Greene was assigned to the case, things sped up. The actual trial began January 15, 1981, and except for brief recesses, continued for the next year. An initial agreement to divest three Bell telcos was proposed in 1981. But none of these solutions came to fruition, and the trial continued. On January 4, 1982, however, a brief announcement by the DOJ indicated that negotiations had reopened, and on January 8, the news hit: AT&T had agreed to break up its $136.8 billion empire. As it finally worked out, the surviving AT&T would consist of the Long Lines division (long distance), Western Electric (the manufacturing arm) and Bell Labs. The divested operating companies would be broken into seven independent segments, identified as the Regional Bell Operating Companies (RBOCs). These seven were named: NYNEX (for New York, New England and X for the unknown), Ameritech, BellSouth, Southwestern Bell, Pacific Telesis, U S WEST and Bell Atlantic. Which sections of the original empire to be included in each of the seven divisions would be negotiated by the presidents of the Bell companies. Of particular interest were the restrictions the 14-page document placed on the two resulting entities: "After the reorganization ...AT&T shall not acquire the stock or assets of any BOC." That is, AT&T was no longer in the local exchange business. And, "...no BOC shall, directly or through any affiliated enterprise: 1. provide interexchange telecom services or information services; 2. manufacture or provide telecommunications products or customer premises equipment (except for provision of customer premises equipment for emergency services); 3. provide any other product or service except exchange telecommunications and exchange access service, that is not a natural monopoly service actually regulated by tariff." That meant the Bell operating companies would not get in the long-distance business, nor the manufacturing business, nor, for that matter, any business other than exchange telecommunications and exchange access service. A two-year reorganization period began immediately, and the entire agreement was consummated January 1, 1984. That, of course, was only the first step in the turmoil we are seeing today in the telecommunications industry. The next major trigger point was when telecom experts and regulators began saying the Telecommunications Act of 1934 was hopelessly outdated and required revamping. This finally came about in 1996, when a 322-page Communications Act was passed. The salient points of this act (from the standpoint of the telephone companies) were twofold: to promote competition within the local telephone regions (in return for which the BOCs would be allowed entry into long-distance services) and to bring advanced communications to everyone in the United States. This was, of course, pretty vague. What does "promote" mean, and how do you define advanced communications services? The Act didn't say. The Federal Communications Commission (FCC) has interpreted the "promote" issue in the strictest sense: competition WILL take place, whatever it takes. Incidentally, until it does, the BOCs will not be allowed to get in the long-distance business. In fact, as of this writing, none of the seven RBOCs has passed the 14-point checklist necessary to gain entry to the long-distance business. So, the FCC's interpretation of the Communications Act has been a substantial contributor to the turmoil we now see. But it is by no means the only contributor. Merger mania--the eagerness on the part of companies throughout the world (not only the telephone industry) to combine with others, or at the very least to establish joint ventures--has been another major factor. In our industry, SBC has absorbed Pacific Telesis and Ameritech. Bell Atlantic has merged with NYNEX, Qwest, and is acquiring U S WEST. Global Crossing (a virtual unknown) has acquired Frontier (formerly Rochester Telephone). And GTE (the largest of the companies outside of the Bell System) is to be folded into Bell Atlantic. The third reason for the general turmoil is technology. Advances in the field of telecommunications have been appearing at a rapid rate, and we will be discussing many of these in upcoming chapters. Technologies such as asymmetric digital subscriber line, dense wavelength division multiplexing, gigabit transmission, asynchronous transfer mode, Internet and packet switching have come onto the scene. Ten years ago, we knew of none of these, and we couldn't even pronounce "giga." What next? There is no indication that the changes taking place in the industry will stabilize. Companies are buying companies at an increasing rate. (It has been stated that when things are moving as fast as they are, it is impossible to develop a technology in-house; it is necessary to acquire a company that already has developed that technology.) The FCC mandate that there WILL be competition is paying off. New local exchange carriers are appearing daily (called Competitive Local Exchange Carriers, or CLECs, as opposed to Incumbent Local Exchange Carriers, or ILECs. These CLECs lease unbundled segments of the plant owned by the ILEC and set up their own telephone company. In some cases, ILECs move into an adjacent territory and set up their own CLEC. Companies like AT&T have been unable to reach satisfactory access agreements with ILECs and, instead, are pursuing a coaxial cable approach, or, in some cases, a wireless approach. Over the long run (and we should emphasize long run--no major changes are going to take place overnight), we can expect to see the number of ILECs diminish and the number of CLECs increase. We can expect to see cable television companies entering the local exchange business. We can expect to see cellular radio become so important that a cell phone will, for some, be a subscriber's only telephone. (Growth of the cellular industry has not abated; approximately 40,000 new subscribers are signing on each day in the U.S.) The Internet is having a profound impact on the telecommunications industry. The cost of long-distance service continues to drop from ten cents per minute to five cents per minute, down to one cent per minute. Is the end in sight? These and other questions will be at the forefront of our thinking. Bob Stoffels is a telecommunication consultant with over 45 years of experience in the field. He resides in Florida and can be reached at (813)867-5378 or e-mail him at: stoffels@juno.com. --------------------------------------------------------------------------- 7. Chapter 2: The basics of the Public Switched Telephone Network March 2000 issuse of Outside Plant Magazine. The Public Switched Telephone Network--or at least the local exchange part of this network--is configured like a star. At the center is the central office, and radiating from this center are the many lines to businesses and residences. Certainly, this is the most logical and straightforward configuration, but it is not necessarily the least expensive or the most efficient. Next-door neighbors, for instance, each located three miles from the central office, carry on a telephone conversation over six miles of wire. While this conversation is taking place, these six miles of wire cannot be used for other purposes. These two loops--called the local loops--"belong" to the subscriber; they are part of what he pays for in his monthly bill. There are other network configurations, of course, each with its advantages and disadvantages. The cable TV industry uses a tree and branch configuration. In this case all signals being broadcast are sent out over a trunk of that tree, and at various places along the way branches are connected. This is, of course, a configuration ideal for broadcasting--for sending a single huge and complex signal downstream to all subscribers. But going upstream is a different matter; it is not easy to send individual signals--voice conversations, for instance--upstream from the residence to the head end (the equivalent of the central office). Then there is the ring configuration, now becoming quite popular in the transmission of data. In such a configuration, a high-speed trunk--usually fiber optics--is run from business to business throughout a metropolitan area and eventually circles back to the starting point. A major advantage of such a structure is that if there is a break in the line, the signal can be sent to the particular business by going in the other direction around the ring. There are other configurations and, as time goes on, we will likely not see one and only one as a clear winner. Let's look more closely at the local loop. In those days when each loop was a physical entity (that is, before electronics was applied to the local exchange plant), cables extending out from the end office were huge; in each cable there was one pair dedicated to one subscriber. As time went on, it was possible to multiplex these voice channels on a signal pair using electronics, and then de-multiplex these signals when the cable reached a particular office park or neighborhood. There was no right way of doing this; each bit of geography had its own characteristics. However, we can speak in generalities, and say that the cables emanating from the central office were called the feeder plant. When a particular point in the territory was reached, the cables were split apart, heading for the particular neighborhoods or business parks; this was called the distribution plant. Finally, individual drops extended from the cable, leading to the individual homes. Together, this was called the local exchange plant. What is this network of local loops made of? The obvious answer is copper pairs, but in recent days we are seeing more and more fiber being used; in some cases, even coaxial cable is being deployed. Coaxial cable is capable of transmitting wider band signals and hence more data than unshielded copper pairs. Fiber optics, a hair-thin strand of glass, is capable of transmitting even wider band signals than is coaxial cable. In fact, fiber is capable of transmitting billions of characters of data per second. We will learn more about coax and fiber in future chapters. But what about the long-distance network? That's easy; it is almost totally composed of fiber. The network we have described is a circuit-switched network. That is, in both the local exchange network and in the long-distance network, a circuit is established between the calling party and the called party, and this circuit is theirs to use as they see fit. To take an absurd example, if two parties both choose to talk at once (come to think of it, that's not too absurd), then the telephone network can accommodate it. If, on the other hand, both parties remain quiet, the circuit is still theirs to be used, and they are paying for it. This is not a particularly efficient method of operation, but it is what we had, what we have, and what we will have for a long time. In a later chapter, we will describe a packetswitched network--a network used by the Internet, by automated teller machines, and by credit card validation machines. The packet-switched network is more efficient than the circuit-switched network and is being deployed at an ever-increasing rate around the world. Returning to the circuit-switched network of today, just how is a call established? The obvious answer (though not the correct one) is that dial pulses, or touch calling tones, are being sent from the customer premises equipment (the telephone) to the end office. The call seizes a talking path through the hierarchy of switching systems to the distant central office, and the called telephone rings. But what if the final leg of the desired transmission path is busy? Then all this effort has been wasted. This method, incidentally, is called in-band signaling; all talking and signaling are accomplished over the same path. Also, what if a particular call is being directed to an 800 or 900 number? Should each central office in the country be programmed to know where these numbers are located? That would not be a very good solution. In the mid-1970s, AT&T began planning and implementing a solution known as Common Channel Interoffice Signaling (CCIS). This is basically a high-speed data network, completely separate from the talking path (hence it is known as out-of-band signaling). All trunk signaling and supervisory information, as well as call routing information, is transmitted over this data network. Each toll switch is connected to special systems called Signal Transfer Points (STPs). All STPs are interconnected and are usually also connected to a Service Control Point (SCP)--a huge database housing customer and network information. This network makes it possible to establish long-distance calls without keeping all end offices up to date with traffic and network information. It provides for speed and tremendous flexibility. It is called, incidentally, the Intelligent Network. This common channel signaling system, not so incidentally, is a packetswitching network. And, again, we will hear more of this later. Are there other networks.? Of course! We mentioned before the ring configuration that allows data to be transmitted throughout a metropolitan area, with a high assurance of total reliability. The system that uses this ring configuration most frequently is SONET--Synchronous Optical Network. Then, there is the Local Area Network (LAN)--a system whereby businesses provide their own network, feeding off the main public network. We are even seeing this concept used in our personal lives; two computers in a home can be connected to share data. When extended and expanded, the local area network becomes a Wide Area Network (WAN)--a network utilized by a major corporation to interconnect offices. Then, there are virtual networks; networks that are really not there (they "borrow" trunks from the PSTN on an as-needed basis), but from the standpoint of the user, they are in fact networks and always available. And there are others. The network utilized by the local exchange telephone companies is, and for years to come will remain, a circuit-switched network. It is likely that the long-distance networks, however, will rapidly move to packet-switching technology. These networks will use a combination of unshielded twisted pair, coaxial cable and fiber. In every case, no matter what the network configuration, the transmission facilities--the outside plant--will be critical to the operation of our telecommunications system. Bob Stoffels is a telecommunication consultant with over 45 years of experience in the field. --------------------------------------------------------------------------- 8. Basic Phone Security Making and Breaking It By The Mob Boss The other day I was sitting in class and I was bored out of my head so I picked up a dictionary. I was curious to see how a hacker was defined, considering that seems to be one of the most passionately fought arguments, good against evil, hackers against crackers. I found the definition to be "A computer enthusiast, someone who breaks into computers". Not suprising but when I went to look for "Phreak" and "Phone Phreak", low and behold, it was not there. This seems to be common these days. Everyone is shaking in their boots about big, bad, evil hackers and what might happen to their home or business computer, but no one ever stops to think about the phone system. This article is not geared towards anyone specific, in fact this is just an abstract to guide all those who are interested in general security, privacy, and h/p. Whether your a small business owner, a homemaker, or an executive, there is something here that you should know, if you don't already. Phone Phreaking can be loosely defined as the exploration and exploitation of the phone system and everything that goes along with it. Back in the 60's and 70's there was blue boxing, back in the eighties and early nineties there was red boxing, but nothing compares to the things that are here now, in the early part of the 21st century. Seems everything is hooked up to the phone system one way or another these days. People are sporting voicemail, pagers, cell phones, home answering machines, fax machines, computers hooked up to the internet, cell phones hooked up to the internet, and there are plans to have cars on the internet pretty soon as well (i.e. 2600 issue 16:4, I OWN YOUR CAR). 1984 is here, just a little late . Now considering all that why would someone ignore learning about the phone system considering the whole backbone of telecommunications is the phone system. Thet's a mistake a lot of companies and individuals make. Besides theft of phone service, as there are so many legal ways to make a free call these days, but how about privacy. How would you like someone monitoring your business via the voicemail system or maybe monitoring your house by using the remote access feature on your answering machine to actually listen in on what's going on. How about someone tapping your analog cell phone or old cordless phone? Now from the attackers point of view, what better way to watch a target? You want to break into a computer network, monitor the voicemail systems for possible technical information and logins. You want to break into a house, listen to messages on the answering machine to find out the patterns of those who reside there. Want to blackmail, extort, and steal, well then there are tons of possibilities for you. Lets start at home. What communication devices do you own? Cordless phone, PC, Fax machine, answering machine? I'm willing to bet you have at least one or all of those items in your home. First I will touch on answering machines, personally I could live without it. Most people hate talking on answering machines , and when its not meant to be its not meant to be. But I still own one and the first thing I did when I learned about breaking into answering machines was to check my manual to see if my machine had remote access. As it turned out, it did have remote access but lucky for me it has a strong security policy, two bad tries will boot you off, plus the code is a good one. Now machines I have encountered in businesses and homes were as easy as dialing 123 after the tone. So what you say? You have nothing to hide? Well privacy is privacy and either way I don't want some thug hearing when I'll be at the dentist or vacation. This is twice as bad if you're a business and you have customers leave orders on the phone after hours. Credit card fraud has been booming since the 1980's and two decades later its still a problem, and its a safe bet that it always will be a problem. Here is an easy to follow system for getting into an answering machine, out of the many techniques I have read, tried, or heard of this one is the most rewarding... after the tone start dialing this sequence, 9876543210000123456789 then 2000, 3000, till you hit 9000, then 1111, 2222, and so on till you hit 9999. That technique will break into answering machines in the homes of government officials, mail order stores, and places that should be more secure. Try that on your machine or a friends (with his permission of course) and see how secure that answering machine really is. Another problem that has been around for many years is that of people tapping cordless phones with simple frequency scanners. Now this problem has been dying out but when I flip on the Ol' Bearcat I still hear morons yacking away on there old, ten dollar, garage sale, cordless phones. These aren't wholesome conversations either. Drug deals, phone sex, and fights. I guess it all depends on where you live but just the same there are a lot of possibilities here. Like I said, this is not a new problem, but its still wide spread even though a whole decade of cordless terror has gone by. By programming the following frequencies into your scanner you'll here many conversations: Base Handset 1 43.720 48.760 2 43.740 48.840 3 43.820 48.860 4 43.840 48.920 5 43.920 49.000 6 43.960 49.080 7 44.120 49.100 8 44.160 49.160 9 44.180 49.200 10 44.200 49.240 11 44.320 49.280 12 44.360 49.360 13 44.400 49.400 14 44.460 49.480 15 44.480 49.500 16 46.610 49.670 17 46.630 49.845 18 46.670 49.860 19 46.710 49.770 20 46.730 49.875 21 46.770 49.830 22 46.830 49.890 23 46.870 49.930 24 46.930 49.990 25 46.970 49.970 Obviously you want to listen into the base frequencies so that you hear both sides of the conversation. Now you may say well I don't have an old phone, "I have a brand new cordless phone that runs on the 900mhz band and scrambles the conversation". The only thing I have to say to that is, what if your business partner, mistress, and/or accomplice are using a old cordless phone, then your security measures mean nothing and its out there. That's why you have to analyze security from afar, missing the big picture will really screw you up. Are you running a dialup server at your residence or small business? If you think its safe because no one but you had the dialup then you my friend are dead wrong. For years people have been using programs called war dialers (i.e. ToneLoc) to scan exchanges looking for computers and just because times have changed and the internet seems to dominate all doesn't mean that people have stopped looking to their local exchanges either. In fact much can still be found by having a war dialer go for a few hours and attackers know this. A company can have a big fancy firewall but a dialup sticking out like a sore thumb a few numbers up from their main switchboard number. That kind of ignorance can be very very costly and it would be wise to see how your computers are set up. If a dialup server is necessary be sure to pick strong passwords and keep up with a good policy for protecting that data, physically and remotely. Lets move on to your small (or large) business. Most businesses worth anything at least have a small PBX and voicemail system, plus the kind of stuff you may have at home, as all the same of rules of home security apply at the office as well. Its very important that a person takes his sweet time with setting up the phone system, baby it just as much you would the computer network because leaving the phone system open will lead the path to your precious network. If someone gets into your phone system what do you have to lose? Privacy, valuable information about customers (credit card information), use of your lines to call Europe and what not. I must say that PBXs are more challenging now then they were ten years ago but considering most voicemail systems run hand in hand with the PBX, having weak passcodes on your voicemail system can lead to exploitation of your PBX services. Meridian Mail, which is put out by Nortel (www.nortel.com) for instance has a nice little feature where you can set the operator assistance number, which in what I have seen is local numbers, just the same it can be useful for bouncing through to avoid tracing. I don't think anyone wants their phone system used as a jumping off point for attack against something big. The same rules of breaking into answering machines applies to voicemail, but one can get more creative here. There is usually multiple accounts on a system so if you can't get into one, more onto another. 999 or 9999 is usually an administrators box and 100 or 1000 is usually a general delivery box. Its been my experience that the general delivery box can be the most influential as that's where your general information can be obtained and that's also a very easy box to get into, a lot of the time the passcode is just 1000. In general though some passcodes to try are the number of the box as the passcode, 1234, 1111 to 9999, 1000 to 9000, the name of the person or company in DTMF, and the last four digits of the phone number. Knowing that, its possible to use these private phone networks for a lot of different things and I think its very clear why someone should take this into consideration. Ok now that its clear that your everyday conversations are at risk lets talk about some of the ways we can insure that our distant party is the only other person to hear the conversation. Remember the only secure conversation is one in person, free of any monitoring. Getting back to the point, one must consider what level of security is needed for a conversation before they begin to put security measures in place. For instance I doubt you need to encrypt a voice conversation with your grandmother (unless she works for a three letter agency) nor do I think you want to be on that old cordless phone while buying arms from third world terrorists (not that I'm advocating that). Lets say you are interested in securing voice communication, here are some ideas on what you can do to protect your privacy. The first method is accomplished through PGPphone, a nice little program from the makers of PGP (Pretty Good Privacy). This program allows for secure modem to modem or tcp/ip based voice communication. Using PGP keys at the strength preselected the conversation can be encrypted and secured from prying ears. Only drawback is that there is a little bit of lag and the stronger the key, the more static and breakup you will get. Another idea for shaking any taps on your phone line or your counterparts phone line is through the use of a number of payphone. If you keep a good list of payphone numbers in your area that allow for incoming calls you can be at a certain payphone at a preselected time to receive that call. If its busy you can always have a backup payphone not too far away or your contact will simply try back every two minutes. In my area at least there are still some neighborhood COCOTs (customer owned coin operated telephone) that still take in calls. Your best bet is to call a voicemail number that has ANI every time your at a payphone. When you get home call all the payphone numbers you accumulated and see which ones take in calls. Some owned by the Telco will not allow the call to go through, some COCOTs will have a modem pick up. As another approach you could always invest in one of those expensive communication devices that hook up to the telephone and allow you to call another telephone with the device. The price is definitely a drawback ($500 area) so using one of the less expensive methods is most likely the best way to go). Be creative and use your common sense, doing that you'll come up with many creative ideas. This was meant simply as a primer to phone security. Yes these are old problems but they needed to retouched on because it seems many people are still mystified by simple phone phreaking techniques. There are other phone risks, such as beige boxing and social engineering, but those topics have been covered already in some very well detailed articles that are available on sites all over the internet and fine BBSs like Ripco. I hope this has opened your eyes to the dangers out there or at least refreshed your memory. And to cut off all those flames that I ripped this information off and what not, I have spent many hours on the phone testing and perfecting these techniques, there is nothing here that I don't have first hand knowledge of. I'd like to leave off with these words that good friend recently told me, "When you take from one its plagiarism, but when you take from many its research.". --------------------------------------------------------------------------- 9. Aerial Enclosure Specifications (article) by ACE This is taken in its entirety from the aerial enclosure installation manual. The 3M SLiC Aerial Terminals and Spial End Seal made for use with Raychem DTerminator2 and Lucent TEchnolgies Flexterm terminal blocks, and with external bonding hanger brackets, are designed fo fixed count terminating up to 25 pair. Two terminal sizes are avaialable, in protected and non- protected, 3" x 28" (76 mm x 711 mm) and 5" x 30" (127 mm x 762 mm). They are availabel empty to handle configurations of either 5, 10, 15 or 25 pair. They can accomodate a 3" (76 mm) or 5" (127 mm) diameter splice bundle and cable up to 2.67" (68 m) diameter or 3.00" (76 mm) diameter respectively. --------------------------------------------------------------------------- 10. A conversation between MAcki from 2600 and John Markoff. (email) ACE's note: This is not really a matter of public record. This is a conversation between macki from 2600 and john Markoff, exactly as it was sent to the Free Kevin Mailing list by Macki. ITs Worth reading, and proves once and for all how evil J. Markoff really is. From: Macki To: Subject: [mitnick] computer history talk Date: Friday, March 24, 2000 7:16 AM I recently had teh privilage of attending a talk at the Computer History Museum featuring John Markoff. The following is a rough transcript of my question to him in the Q&A session. I haven't proof read it for errors yet, but it should be fairly accurate. ---------- First in line to ask a question, as I signed the release form I entered '2600 Magazine' as my company affiliation, prompting a sly look of approval from the person administering the release form. As I stood at the mic waiting to be acknowledge I unzipped my jacket revealing my 2600 shirt, at which point Markoff (who was sitting at the end of the table closest to the microphone) and I exchanged grins. Macki: My question is for John Markoff. First I would like to say that I enjoyed your talk entitled "Kevin and Me" which didn't mention Kevin at all [laughter] I hope it's the beginning of a trend. Markoff [I think]:That was intentional Diffie [I think]:He had to. [Applauds] Macki: It's fitting - perhaps ironic that we're at the computer history talk, and I can think of no other individual who has done more to obfuscate that history. [Scattered chuckles] Your July 4th, 1994 article on Kevin Mitnick ah contained many things, which you now must know are false. Such as his break-in, or alleged break-in to NORAD - which never happened and other things which have been repeated for the last six years in the media as fact, when we all know they are all are not. My question to you is why hasn't you - why haven't you issued a retraction and do you still stand by those claims as you said to Ziff Davis recently. [Applauds] Markoff:Is this an audience or a lynch mob? [Laughter and shouting] Macki:Kevin couldn't be here to defend himself so- Markoff:Well I, you know, I knew this question would come up and I really don't have a lot to say, um I simply note the fact that uh the person you are refering to was uh testified infront of the senate uh several weeks ago where he described himself as a social-engineer uh who worked as a private investigator for several years uh it's my understanding that's why the FBI became interested in 1993. So I think that sort of the heart of your question is that Kevin's problem is me- Macki:No that's not it- Markoff:-based on- -I beg to differ with you- Macki: [still interrupting] that's not it you printed false things about him, and haven't retracted them and haven't backed them up. I want my question answered. Markoff:[interrupting towards the end] you know, you know I beg to differ with you. I did not print false things about him. Macki: [after receiving a subtle reprimand from the release form person that "you have to let him answer the question"] So you are claiming now that Kevin Mitnick broke into NORAD? Markoff:I think that's what you said. Macki: [holding up print out of the article] well that's what you said in your article. Markoff:The NORAD- the NORAD point is an interesting one. My source on NORAD was Steven Robes. Uh and Steven Robes told me that, in an interview, Steven Robes in case you don't know is a friend of Kevin's, late 1970's and early 80's. And that fact was reported earlier than I had reported in the LA Times. Um but I don't think that's what the issue is really. Um I think the issue is what was going on in the fall of 1993 while he was on probation. When he attracted the attention ultimately of four law enforcement agencies - why do you think he did that? [Silence] Macki:Why did he want to attr- Markoff:Why would four law enforcement agencies interested in what he was doing? [Pause] Cliff Stoll [I think]: Because he was such a nice guy. [Laughter and applauds] Markoff: [Interrupting as Macki begins to respond] No the question is, was it the story in the New York Times in 1994, July 1994, which was Kevin's problem or was it what Kevin was doing? I believe it was [inaudible]- Macki: [Now given an opportunity to move on to point 2] Well what I- well what I would like to know is why was the reporter that was following him also actively participating in the investigation? Markoff:That's not right- Macki: Joe Orsak was recorded in two books, two separate books, Joe Orsak cellular technition said- Markoff:That was inaccurate. Macki:They used their car so- Markoff:That was inaccurate. Macki:Two books- Markoff:That was inaccurate. Macki: So, two books, both wrong, Joe Orsak made it up? Markoff:That's that's not what Joe Orsak said. [voice says "okay" scattered "that's enough" type "next question" things said.] Macki: What about when you talked to John Littman- Voice: I think we've heard enough- [Wide spread clamoring for Macki to stop] Moderator:We've had one question and we've had one answer, may we have the next question? Macki returns to his seat triumphant and enjoying nods of approval from audience members along the way. -------------------------------------------------------------------------- 11. ACE's note: The Original Hawxlog (humor/ irc log) ACE's Note: This log is from about a year ago. It takes place over a period of several weeks, as a complete idiot becomes convinced Ill sell him 'satellite control software.' Its Funny. (Btw, ignore the timestamps, they arent accurate, as my cmos battery is fried) Session Start: Tue May 06 07:27:14 1997 *** Now talking in #2500 *** Retrieving #2500 info... *** ACE sets mode: +nt+l 10 *** Retrieving #2500 info... *** ACE changes topic to '-=2500=- The muted tone.. operator is ACE' *** Hawx (AcEdUdE@HSE-TOR-ppp21220.sympatico.ca) has joined #2500 y0 ok whats the problem first off ... r u busy Uh, no ok sorry to bother u but i saw u were in a room alone ok whats the problem i got some ips and i want to now a way to get the passwords explain through telnet ERK! Uh, newbie, huh 198.103.98.139 well kind of just check it out if u want its a gov thing Its nothing, apparently I didnt get a login prompt Uh, want to buy some satellite control software? what did it say sure!!! sure!!! I told you, nothing Ok, you want my po box Send me 50 bucks, and Ill send you the software ok but first tell me what the screen said It didnt say anything, I told you WTF Hmm, let me try again it tells me the gov has been notified and shit try .133 at the end Telnetting to an ip isnt illegal Hmm, that was odd what?? Hmmm yah, it gave me the same thing, so? 198.103.98.139 i want to get by that you what? are you stupid? Assuming what... assuming what? That you are repeatedly masked, on a clean dialup, from someone elses number.. There is no way by that FUCK thats just a warning that is what i thought but i still had to check shit telling you there is no telnet service do u want any smpt ips smtp no, Im fine ok what does ur equipment do??? Well, it would theoretically allow control of Military satellites You know, the ones with lasers you could takeout other satellites knocking out world communications But Im a wuss hell ill try anything Cool, cool But, its be pretty dangerous man i just do not care AT ALL Cool, cool ok, let me give you my address hold on my friend hacked the rcmp from my house one second ok, heres my addy Gates,William H,E21 Send Cards Send Flowers & Gifts 5000 Columbia Center Seattle, WA 98104-7028 206 623 7580 - oops Gates,William H,E21 5000 Columbia Center Seattle, WA 98104-7028 206 623 7580 - Oh and by the way, uh please dont come back unless you send me my money 12*!*@*.domain banning Hawx... *** ACE sets mode: +b *!*@*.sympatico.ca bye-bye *** Hawx was kicked by ACE (12 FUCK YOU!) Session Start: Tue May 06 07:55:16 1997 Session Ident: Hawx (AcEdUdE@HSE-TOR-ppp21220.sympatico.ca) y0 wassup i need some help can u go to ur room?? #2500 Uh, sure thanx dude just a second ok Im there WTF WTF WTF whats up ur ass send the money to the address i did not even have time to get it down!!! oops. sorry Here, Ill send it to you again thnax... Gates,William H,E21 5000 Columbia Center Seattle, WA 98104-7028 206 623 7580 you get it? where r u going to send my shit how can i trust u??? I guess you cant youll just have to hope, but thats how life works can u e-mail me the programms The satellite control programs? yeah cant u Hmmm the money is not a problem I guess I could, but Tht'd be hard Its pretty big software ill give u $65 shit, you know what, ill have to talk to you tomorrow, talk to some friends of mine, work out a deal cool? yeah sure see ya!! okay, be in #ct2600, not #2500 tomorrow at 9:00 okay ok bye Session Start: Mon May 05 11:55:51 1997 Session Ident: Hawx (Hawx@HSE-TOR-ppp21418.sympatico.ca) hey wat up ACE is 20:15 pssssst y00000000000000000000000000000000000000000000000000000000000000000000 hey ACE is 20:30 y0 so whats up y0000000 when can i get it??? Soon, ahve patience... ok but DO NO TGET CAUGHT alright See you later why r the frdz after u fedz Ive done alot of shit man I cant talk about it... ha... why not But lets say this There was on fucker that wont be talking to the feds about me ever again did u kill him GOOD something like that kill him again and again and again till hes dead lol I dont know if hes dead i live in canada But last time I saw him, his head and body were in two different places if u want to get rid of it e-mail me hawx001@sympatico.ca Ill do that... soon wright it down ok, I got it good shit if u get in trouble blame me uh you sure? im serious yup why? my name is Terry i live in toronto, canada cause u live in the states Whats your home phone #? and i take care of people i like Cool, Cool the number is classified u dont need it if they want me they can get me good point Im just testing, of course ??? testing wat if i told it to u one should try to get everything one can, right? right Nothing personal understood fell free to rat anytime man alright than go to ct what do you mean? "go to ct" ur there one m,ore thing the people in here tell me u r a mean person why??? --------------------------------------------------------------------------- 12. L I N K S Check these websites out, we love them, or something. www.snet.com & .net - The Gestapo, in the flesh! www.hackernews.com - News http://come.to/mobdomain - TheMobbosses Articles. www.ct2600.org - CT2600 website (represent, baby!) www.hackersclub.com - Good source for underground progs and such. www.2600.com - Kevin? Kevin who? www.bow.org - Trout? Trout who? http://astalavista.box.sk - Excellent Underground only search engine www.phonelosers.org - Who the hell put this in here?!?! www.iirg.org - Some ct guys who get drunk and shoot things, or something. That Mercenary dude scares the hell out of me! www.slashdot.org - Slashdot www.paulszoldra.com - Hal0's website. Slashdot on Crack. www.waaf.com - The Only Station that REALLY rocks. http://nettwerk.hypermart.net - TheClones site. He owns me. http://www.redrival.com/supruzr - Supruzrs Site, he owns me too. www.crashcentral.com - Obligatory p1mp1ng of host. www.pigdog.org - Humor, and home of the (new!) decss, heh. www.attrition.org - What can I say? The best there is. www.ospmag.com - A Free PHYSICAL Telecommunications mag.