Computer choicethen exactly were entering direct dial password requested. costs
governed number
exchanged than distance actual time call. typical
thus contain following running costs: call (on
regular billtime-related) charges (dependent sent) bills (which could time-related
per record fixed subscription). techniques confined uses them
its mini-network
various retrieval (the ones into)
update mailbox handle gateway connections. newer private switched. 77
valued (vans) basic telecoms facilities some additional service--data processing
hosting publishing ventures example--has added. offering easier cheaper boon hacker.
no longer hacker worry about protocols normally expects see
users. x.25 adaptability mean even comms talk
anything tariff structurefavouringmeans any anywhere
world target.
austin poulsen arpanet hackersmade dramatic packet-switched net milwaukee 414s ran
around gte
telenet biggest us.
self-adopted comes telephone
city chiefly hitherto centre american beer
industry.during spring summer 1983 publicly directories usual guessing games
pass-numbers pass-words dropped security
pacific bank
los angeles sloan-kettering cancer clinic newyork (it still clear me actually altered
patients
records merely looked them) canadian cement company alamos research laboratory
mexicohome atomic
bomb where
nuclear weapons continues day.
believed saw sensitive classifiedfiles.
commenting activities prominent
consultantjoesph coatessaid: babies great
kind kids anyone would - be...there nothing
wrong kids. problem idiots who sold ignorant people bought it. nobody should buy
knowing . built in....you timid dealing foolish. couple months 1984british carried
out thorough exploration sercnet sponsored science engineering council
centred rutherford appleton cambridge. linkstogether technology universities
polytechnics united kingdom gateways cern (european research). 78
almost every type mainframelarge mini-computer discovered hanging 3032 370
itselfprime 400s550s 750s over placevax 11/780s
oxforddaresbury vaxs durhameast anglia newcastle gec 4000 family members odd
pdp11 unix.
penetration was achieved when appeared popular hobbyist suggestion instruction
40might results. soon typed demo asked establishmentthings started happen. several
days left
messagesreporting
lack eventually became obvious supposed suggests limited demonstration
casual had insecurely up. i remember night pulled down manual filewatching after
scroll my vdu baud. do word
guide fetching lists addresses
mnemonics members. included extensive
descriptions relationpss-style complete chapter know certain forms shut appears
continue. best stories definite
ending. offer brief extracts captured sessions.
03eoehaae node 3. service?
com
fad>CALL 40
Welcome to SERCNET-PSS Gateway. Type HELP for help.
Gatew::~cInkging in
user HELP
ID last used Wednesday, 18 January 1984 16:53
Started - Wed 18 Jan 19a4 17:07:55
Please enter your name and establishment DEMO
Due to a local FTP problem messages entered via the HELP system
during the last month have been lost. Please resubmit if
problem/question is still outstanding 9/1/84
No authorisation is required for calls which do not incur charges at
the Gateway. There is now special support for TELEX. A TELEX service
may be announced shortlY.
Copies of the PSS Guide issue 4 are available on request to Program
Advisory Office at RAL, telephone 0235 44 6111 (direct dial in) or
0235 21900 Ext 6111. Requests for copies should no longer be placed
in this help system.
The following options are available:
NOTES GUIDE TITLES ERRORS EXAMPLES HELP QUIT
Which option do you require? GUIDE
The program 'VIEW' is used to display the Gateway guide
Commands available are:
<cr> or N next page
p previous page
n list page n
+n or -n go forward or back n pages
S first page
E last page
L/string find line Containing string
F/string find line beginning string
Q exit from VIEW
VIEW Vn 6> Q
The following options are available:
NOTES GUIDE TITLES ERRORS EXAMPLES HELP OUIT
Which option do you require? HELP
NOTES replies to user queries & other notes
GUIDE Is the complete Gateway user guide (including the Appendices)
TITLES 1- a list of SERCNET L PSS addresses & mnemonics (Guide
Appendix 1)
ERRORS List of error codes you may receive EXAMPLES are ome examples
of use of the Gateway (Guide Appendix 2)
QUIT exits from this session
The following options are available:
NOTES GUIDE TITLES ERRORS EXAMPLES HELP QUIT
Which option do you require? TITLES
VIEW Vn o>
If you have any comments, please type them now, terminate with E
on a line on its own. Otherwise just type <cr>
CPU used: 2 ieu, Elapsed: 14 mins, IO: 2380 units, Break: 114
Budgets: this period = 32.000 AUs, used = 0.015 AU, left - 29.161 AUs
User HELP terminal 2 logged out Wed 18 Jan 1984 17:21:59
84/04/18. 18.47.00.
I.C.C.C. NETWORK OPERATING SYSTEM. NOS 1.1-430.20A
USER NUMBER:
PASSWORD:
IMPROPER LOG IN, TRY AGAIN.
USER NUMBER:
PASSWORD:
>SCIENCE AND ENGINEERING RESEARCH COUNCIL
>RUTHERFORD APPLETON LABORATORY
COMPUTING DIVISION
>
> ThE SERCNET - PSS Gateway
> User's Guide
A S Dunn
>Issue 4 16 February 1983
>Introduction
Frm 1; Next>
The SERCNET-PSS Gateway provides access from SERCNET to PSS and PSS
to SERCNET. It functions as a 'straight through' connection between
the networks, ie it is protocol transparant. It operates as a
Transport Level gateway, in accordance with the 'Yellow book'
Transport Service. However the present implementation does not have a
full Transport Service. and therefore there are some limitations in
the service provided. For X29 which is incompatible with the Yellow
book Transport Service. special facilities are provided for the input
of user identification and addresses.
No protocol conversion facilities are provided by the Gateway -
protocol conversion facilities (eg X29 - TS29) can be provided by
calling through a third party machine (usually on SERCNET).
The Transport Service addressing has been extended to include
authorisation fields, so that users can be billed for any charges
they incur.
The Gateway also provides facilities for users to inspect their
accounts and change their passwords, and also a limited HELP
facility.
User Interface
The interface which the user sees will depend on the local equipment
to
Frm 2; Next>
which he is attached. This may be a PAD in which case he will
probably be using the X29 protocol, or a HOST (DTE) in which case he
might be using FTP for example. The local equipment must have some
way of generating a Transport Service Called Address for the Gateway,
which also includes an authorisation field - the format of this is
described below. The documentation for the local system must
therefore be consulted in order to find out how to generate the
Transport Service Called Address. Some examples given in Appendix 2.
A facility is provided for the benefit of users without access to the
'Fast Select' facility, eg BT PAD users (but available to all X29
terminal users) whereby either a minimal address can be included in
the Call User Data Field or an X25 subaddress can be used and the
Call User Data Field left absent.
The authorisation and address can then be entered when prompted by
the Gateway.
Unauthorised Use
Frm 5: Next>
No unauthorised use of the Gateway is allowed regardless of whether
charges are Incurred at the Gateway or not.
However, there is an account DEMO (password will be supplied on
request) With a small allocation which is available for users to try
out the Gateway but it should be noted that excessive use of this
account will soon exhaust the allocation thus depriving others of its
use.
Prospective users of the Gateway should first contact User Interface
Group In the Computing Division of the Rutherford Appleton
Laboratory.
Addressing
To connect a call through the Gateway the following information is
required in the Transport Service Called Address:
1) The name of the called network
2) Authorisation. consisting of a USERID, PASSWORD and ACCOUNT, and
optionally, a reverse charging request
3) The address of the target host on the called network
The format is as follows:
<netname>(<authorisation>).<host address>
1) <netname> is one of the following:
SERCNET to connect to the SERC network
PSS to connect to PSS
S an alias for SERCNET
69 another alias for SERCNET
2) <authorisation> is a list of positional or keyword
parameters or booleans as follows:
keyword Meaning
US User identifier
PW User's password
AC the account - not used at present - talen to be same as US
RF 'reply paid' request (see below)
R reverse charging indicator (boolean)
keywords are separated from their values by '='.
keyword-value pairs positional parameters and booleans are separated
from each other by ','. The whole string is enclosed in parentheses:
().
Examples:
(FRED.XYZ R)
(US=FRED,PW=XYZ,R)
(R,PW=XYZ,US=FRED)
All the above have exactly the same meaning. The first form is the
most usual.
When using positionals, the order is: US,PW,AC,RP,R
3)<host address> is the address of the machine being called on the
target network. It may be a compound address, giving the service
within the target machine to be used. It may begin with a mnemonic
instead of a full DTE address. A list of current mnemonics for both
SERCNET and PSS is given in Appendix 1.
A restriction of using the Gateway is that where a Transport Service
address (service name) is required by the target machine to identify
the service to be used, then this must be included explicitly by the
user in the Transport Service Called Address, and not assumed from
the mnemonic, since the Gateway cannot Inow from the mnemonic. which
protocol is being used.
Examples:
RLGS.FTP
4.FTP
Both the above would refer to the FTP service on the GEC 'B' machine
at Rutherford.
RLGB alone would in fact connect to the X29 server, since no service
name is Frm 7; Next>
required for X29.
In order to enable subaddresses to be entered more easily with PSS
addresses, the delimiter '-' can be used to delimit a mnemonic. When
the mnemonic is translated to an address the delimiting '-' is
deleted so that the following string is combined with the address.
Eg:
SERC-99 is translated to 23422351919199
Putting the abovementioned three components together, a full
Transport Service Called Address might look like:
S(FRED,XYZ,R).RLGS.FTF
Of course a request for reverse charging on SERCNET is meaningless,
but not illegal.
Reply Paid Facility (Omit at first reading)
In many circumstances it is necessary for temporary authorisation to
be passed to a third party. For example, the recipient of network
MAIL may not himself be authorised to use the Gateway, and therefore
the sender may wish to grant him temporary authorisation in order to
reply. With the Job Transfer and maniplulation protocol, there is a
requirement to return output documents from jobs which have been
executed on a remote site.
The reply paid facility is involved by including the RP keyword in the
authorisation. It can be used either as a boolean or as a
keyword-value pair. When used as a boolean, a default value of I is
assumed.
The value of the RP parameter indicates the number of reply paid
calls which are to be authorised. All calls which use the reply paid
authorisation will be charged to the account of the user who
initiated the reply paid authorisation.
Frm 9; Next:
The reply paid authorisation parameters are transmitted to the
destination address of a call as a temporary user name and password
in the Transport Service Calling Address. The temporary user name and
password are in a form available for use by automatic systems in
setting up a reply to the address which initiated the original call.
Each time a successful call is completed using the temporary user
name and password, the number of reply paid authorisations is reduced
by 1, until there are none left, when no further replies are allowed.
In addition there is an expiry date of I week, after which the
authorisations are cancelled.
In the event of call failures and error situations, it is important
that the effects are clearly defined. In the following definitions,
the term 'fail' is used to refer to any call which terminates with
either a non-zero clearing cause or diagnostic code or both,
regardless of whether data has been communicated or not. The rules
are defined as follows:
1) If a call which has requested reply paid authorisation fails for
any reason, then the reply paid authorisation is not set up.
2) If the Gateway is unable to set up the reply paid authorisation
for any reason (eg insufficient space), then the call requesting the
authorisation will be refused.
Hacker's Handbook
file:///E|/Books/Hackers Handbook.htm (80 of 133) [11/28/2000 5:58:49 AM]
3) A call which is using reply paid authorisation may not create
another reply paid authorisation.
4) If a call which is using reply paid authorisation fails due to a
network error (clearing cause non zero) then the reply paid count is
not reduced.
5) If a call which is using reply paid authorisation fails due to a
host clearing (clearing cause zero, diagnostic code non-zero) then
the reply paid count is reduced, except where the total number of
segments transferred on the call is zero (ie call setup was never
completed).
Frm 11; Next?
X29 Terminal Protocol
There is a problem in that X29 is incompatible with the Transport
Service. For this reason, it is possible that some PAD
implementations will be unable to generate the Transport Service
Called Address. Also some PAD's, eg the British Telecom PAD, may be
unable to generate Fast Select calls - this means that the Call User
Data Field is only 12 bytes long - insufficient to hold the Transport
Service Address.
If a PAD is able to insert a text string into the Call User Data Field
beginning at the fifth byte, but is restricted to 12 characters
because of inability to generate Fast Select calls, then a partial
address can be included consisting of either the network name being
called, or the network name plus authorisation.
The first character is treated as a delimiter, and should be entered
as the character '7'. This is followed by the name of the called
network - SERCNET.
Alternatively, if the PAD is incapable of generating a Call User Data
Field, then the network name can be entered as an X25 subaddress. The
mechanism employed by the Gateway is to transcribe the X25 subaddress
to the beginning of the Transport Service Called Address, converting
the digits of the subaddress into ASCII characters in the process.
Note that this means only SERCNET can be called with this method at
present by using subaddress 69.
The response from the Gateway will be the following message:
Please enter your authorisation and address required in form:
(user,password).address
Reply with the appropriate response eg:
(FRED,XYZ).RLGB
There is a timeout of between 3 and 4 minutes for this response.
after which the call will be cleared. There is no limit to the number
of attempts which may be made within this time limit - if the
authorisation or address entered is invalid, the Gateway will request
it again. To abandon the attempt. the call should be cleared from the
local PAD.
A restriction of this method of use of the Gateway is that a call
must be correctly authorised by the Gateway before charging can
begin, thus reverse charge calls from PSS which do not contain
authorisation in the Call Request packet will be refused. However it
is possible to include the authorisation but not the address in the
Call Request packet. The authorisation must then be entered again
together with the address when requested by the Gateway.
The above also applies when using a subaddress to identify the called
network. In this case the Call User Data Field will contain only the
authorisation in parentheses (preceded by the delimiter '@')
- 5 -
Due to the lack of a Transport Service ACCEPT primitive in X29 it will be
found, on some PADs, that a 'call connected' message will appear on the
terminal as soon as the call has been connected to the Gateway. The 'call
connected' message should not be taken to imply that contact has been made
With the ultimate destination. The Gateway will output a message 'Call
connected to remote address' when the connection has been established.
Frm 14; Next
ITP Terminal Protocol
The terminal protocol ITP is used extensively on SERCNET and some
hosts support only this terminal protocol. Thus it will not be
possible to make calls directly between these hosts on SERCNET and
addresses on PSS which support only X29 or TS29. In these cases it
will be necessary to go through an intermediate machine on SERCNET
which supports both x29 and ITP or TS29 and ITP, such as a GEC ITP.
This is done by first making a call to the GEC MUM, and then making
an outgoing call from there to the desired destination.
PTS29 Terminal Protocol
This is the ideal protocol to use through the Gateway. since there
should be no problem about entering the Transport Service address.
However, it is divisable first to ascertain that the machine to be
called will support
When using this protocol, the service name of the TS29 server should be
entered explicitly, eg:
S(FRED,XYZ).RLGB.TS29
Restrictions
Due to the present lack of a full Transport Service in the Gateway,
some primitives are not fully supported.
In particular, the ADRESS, DISCONNECT and RESET primitives are not
fully supported. Howerver this should not present serious problems,
since the ADDRESS and REASET primitives are not widely used, and the
DISCONNECT primitive can be carried in a Clear Request packet.
IPSS
Access to IPSS is through PSS. Just enter the IPSS address in place
of the PSS address.
................ and on and on for 17 pages
Viewdata Systems
Viewdata, or videotex, has had a curious history. At one stage, in
the late 1970s, it was possible to believe that it was about to take
over the world, giving computer power to the masses via their
domestic tv sets. It was revolutionary in the time it was developed,
around 1975, in research laboratories owned by what was then called
the Post Office, but which is now British Telecom. It had a
colour-and-graphics display, a user-friendly means of talking to it
at a time when most computers needed precise grunts to make them
work, and the ordinary layperson could learn how to use it in five
minutes.
The viewdata revolution never happened, because Prestel, its most
public incarnation, was mismarketed by its owners, British Telecom,
and because, in its original version, it is simply too clumsy and
limited to handle more sophisticated applications. All information is
held on electronic file cards which can easily be either too big or
too small for a particular answer and the only way you can obtain the
desired information is by keying numbers, trundling down endless
indices. In the early days of Prestel, most of what you got was
indices, not substantive information. By the time that viewdata sets
were supposed to exist in their hundreds of thousands, home
computers, which had not been predicted at all when viewdata first
appeared, had already sold into the millionth British home.
Yet private viewdata, mini-computers configured to look like
Prestel and to use the same special terminals, has been a modest
success. At the time of writing there are between 120 and 150
significant installations. They have been set up partly to serve the
needs of individual companies, but also to help particular trades,
industries and professions. The falling cost of viewdata terminals
has made private systems attractive to the travel trade, to retail
stores, the motor trade, to some local authorities and to the
financial world.
The hacker, armed with a dumb viewdata set, or with a software
fix for his micro, can go ahead and explore these services. At the
beginning of this book, I said my first hack was of a viewdata
service. Viditel, the Dutch system. It is astonishing how many
British hackers have had a similar experience. Indeed, the habit of
viewdata hacking has spread throughout Europe also: the wonder- fully
named Chaos Computer Club of Hamburg had some well-publicised fun
with Bildschirmtext, the West German Prestel equivalent
colloquially-named Btx.
What they appear to have done was to acquire the password of the
Hamburger Sparkasse, the country's biggest savings bank group.
Whereas telebanking is a relatively modest part of Prestel --the
service is called Homelink--the West German banks have been a
powerful presence on Btx since its earliest days. In fact, another
Hamburg bank, the Verbraucher Bank, was responsible for the world's
first viewdata Gateway, for once in this technology, showing the
British the way. The 25-member Computer Chaos Club probably acquired
the password as a result of the carelessness of a bank employee.
Having done so, they set about accessing the bank's own, rather high
priced, pages, some of which cost almost DM10 (£2.70). In a
deliberate demonstration, the Club then set a computer to
systematically call the pages over and over again, achieving a
re-access rate of one page every 20 seconds. During a weekend in
mid-November 1984, they made more than 13,000 accesses and ran up a
notional bill of DM135,000 (£36,000). Information Providers, of
course, are not charged for looking at their own pages, so no bill
was payable and the real cost of the hack was embarrassment.
In hacking terms, the Hamburg hack was relatively trivial-- simple
password acquisition. Much more sophisticated hacks have been
perpertrated by British enthusiasts.
Viewdata hacking has three aspects: to break into systems and become
user, editor or system manager thereof; to discover hidden parts of
systems to which you have been legitimately admitted, and to uncover
new services.
Viewdata software structures
An understanding of how a viewdata database is set up is a great
aid in learning to discover what might be hidden away. Remember,
there are always two ways to each page--by following the internal
indexes, or by direct keying using *nnn#. In typical viewdata
software, each electronic file card or 'page' exists on an overall
tree-like structure:
Page
0
|
---------------------+----------------------- ...
1 2 3 4 5 6 7 8
|
------------+-------------------------------- ...
31 32 33 34 35 36 37 38
|
------------------------+-------------------- ...
351 352 353 354 355 356 357 358 3-digit
| node
-------------+------------------------------- ...
3531 3532 3533 3534 3535 3536 3537 3538
|
-------------------------------------------+-- ...
Top pages are called parents; lower pages filials. Thus page 3538
needs parent pages 353, 35, 3 and 0 to support it, i.e. these pages
must exist on the system. On Prestel, the parents owned by
Information Providers (the electronic publishers) are 3 digits long
(3-digit nodes). Single and double-digit pages (0 to 99) are owned by
the 'system manager' (and so are any pages beginning with the
sequences 100nn-199nn and any beginning with a 9nnn). When a page is
set up by an Information Provider (the process of going into 'edit'
mode varies from software package to package; on Prestel, you call up
page 910) two processes are necessary--the overt page (i.e. the
display the user sees) must be written using a screen editor. Then
the IP must select a series of options--e.g. whether the page is for
gathering a response from the user or is just to furnish information;
whether the page is to be open for viewing by all, by a Closed User
Group, or just by the IP (this facility is used while a large
database is being written and so that users don't access part of it
by mistake); the price (if any) the page will bear--and the 'routing
instructions'. When you look at a viewdata page and it says 'Key 8
for more information on ABC', it is the routing table that is
constructed during edit that tells the viewdata computer: 'If a user
on this page keys 8, take him through to the following next page'.
Thus, page 353880 may say 'More information on ABC....KEY 8'. The
information on ABC is actually held on page 3537891. The routing
table on page 353880 will say: 8=3537891. In this example, you will
see that 3537891 i9 not a true filial of 353880--this does not
matter; however, in order for 3537891 to exist on the system, its
parents must exist, i.e. there must be pages 353789, 35378, 3537
etc.
P R E S T E L
PRESTEL EDITING SYSTEM
Input Details -
Update option of
Pageno 4190100 Frame-Id a
User CUG User access y
Frame type i Frame price 2p
Choice type s
Choices
0- * 1- 4196121
2- 4196118 3- 4196120
4- 4196112 5- 4196119
6- 4196110 7- *
8- 4190101 9- 4199
Prestel Editing. This is the 'choices' page which se s up the frame
before the overt page - the one the user sees - is prepared.
These quirky features of viewdata software can help the hacker
search out hidden databases:
* Using a published directory, you can draw up a list of 'nodes' and
who occupies them. You can then list out apparently 'unoccupied'
nodes and see if they contain anything interesting. It was when a
hacker spotted that an 'obvious' Prestel node, 456, had been unused
for a while, that news first got out early in 1984 about the Prestel
Micro computing service, several weeks ahead of the official
announcement.
* If you look at the front page of a service, you can follow the
routings of the main index--are all the obvious immediate filials
used? If not, can you get at them by direct keying?
* Do any services start lower down a tree than you might expect
(i.e. more digits in a page number than you might have thought)? In
that case, try accessing the parents and see what happens.
* Remember that you can get a message 'no such page' for two
reasons: because the page really doesn't exist, or because the
Information Provider has put it on 'no user access'. In the latter
case, check to see whether this has been done consistently--look at
the immediate possible filials. To go back to when Prestel launched
its Prestel Microcom- puting service, using page 456 as a main node,
456 itself was closed off until the formal opening, but page 45600
was open.
Prestel Special Features
In general, this book has avoided giving specific hints about
individual services, but Prestel is so widely available in the UK and
so extensive in its coverage that a few generalised notes seem
worthwhile.
Not all Prestel's databases may be found via the main index or in
the printed directories; even some that are on open access are
unadvertised. Of particular interest over the last few years have
been nodes 640 (owned by the Research and Development team at
Martlesham), 651 (Scratchpad--used for ad hoc demonstration
databases), 601 (mostly mailbox facilities but also known to carry
experimental advanced features so that they can be tried out), and
650 (News for Information Providers--mostly but not exclusively in a
Closed User Group). Occasionally equipment manufacturers offer
experimental services as well: I have found high-res graphics and
even instruction codes for digitised full video lurking around.
In theory, what you find on one Prestel computer you will find on
all the others. In practice this has never been true, as it has
always been possible to edit individually on each computer, as well
as on the main updating machine which is supposed to broadcast to all
the others. The differences in what is held in each machine will
become greater over time.
Gateway is a means of linking non-viewdata external computers to
the Prestel system. It enables on-screen buying and booking, complete
with validation and confirmation. It even permits telebanking, Most
'live' forms of gateway are very secure, with several layers of
password and security. However, gateways require testing before they
can be offered to the public; in the past, hackers have been able to
secure free rides out of Prestel....
Careful second-guessing of the routings on the databases including
telesoftware(*) have given users free programs while the
telesoftware(*) was still being tested and before actual public
release.
Prestel, as far as the ordinary user is concerned, is a very
secure system--it uses 14-digit passwords and disconnects after three
unsuccessful tries. For most purposes, the only way of hacking into
Prestel is to acquire a legitimate user's password, perhaps because
they have copied it down and left it prominently displayed. Most
commercial viewdata sets allow the owner to store the first ten
digits in the set (some even permit the full 14), thus making the
casual hacker's task easier. However, Prestel was sensationally
hacked at the end of October 1984, the whole system Iying at the feet
of a team of four West London hackers for just long enough to
demonstrate the extent of their skill to the press. Their success was
the result of persistence and good luck on their side and poor
security and bad luck on the part of BT. As always happens with
hacking activities that do not end up in court, some of the details
are disputed; there are also grounds for believing that news of the
hack was deliberately held back until remedial action had taken
place, but this is the version I believe:
The public Prestel service consists of a network of computers,
Hacker's Handbook
file:///E|/Books/Hackers Handbook.htm (87 of 133) [11/28/2000 5:58:50 AM]
mostly for access by ordinary users, but with two special-purpose
machines, Duke for IPs to update their information into and Pandora,
to handle Mailboxes (Prestel's variant on electronic mail). The
computers are linked by non-public packet-switched lines. Ordinary
Prestel users are registered (usually) onto two or three computers
local to them which they can access with the simple three-digit
telephone number 618 or 918. In most parts of the UK, these two
numbers will return a Prestel whistle. (BT Prestel have installed a
large number of local telephone nodes and
(*)Tefesoftware is a technique for making regular computer programs
available via viewdata the program lines are compressed according to
a simple set of rules and set up on a senes of viewdata frames. Each
frame contains a modest error-checking code. To receive a program,
the user's computer, under the control of a 'download' routine calls
the first program page down from the viewdata host, runs the error
check on it, and demands a re transmission if the check gives a
'false' If it gives a 'true', the user's machine unsqueezes the
programmes and dumps them into the Computers main memory or disc
store. It then requests the next viewdata page unfil the whole
program is collected. You then have a text file which must be
Converted into program instructions. Depending on what model of
micro you have, and which telesoftware package, you can either run
the program immediately or expect it. Personally I found the
telesoftware experience interesting the first time I tried it, and
quite useless in terms of speed, reliability and quality afterwards.
leased lines to transport users to their nearest machine at local
call rates, even though in some cases that machine may be 200 miles
away). Every Prestel machine also has several regular phone numbers
associated with it, for IPs and engineers. Most of these numbers
confer no extra privileges on callers: if you are registered to a
particular computer and get in via a 'back-door' phone number you
will pay Prestel and IPs exactly the same as if you had dialled 618
or 918. If you are not registered, you will be thrown off after three
tries.
In addition to the public Prestel computers there are a number of
other BT machines, not on the network, which look like Prestel and
indeed carry versions of the Prestel database. These machines, left
over from an earlier stage of Prestel's development, are now used for
testing and development of new Prestel features. The old Hogarth
computer, originally used for international access, is now called
'Gateway Test' and, as its name implies, is used by IPs to try out
the interconnections of their computers with those of Prestel prior
to public release. It is not clear how the hackers first became aware
of the existence of these 'extra' machines; one version is that it
was through the acquisition of a private phone book belonging to a BT
engineer. Another version suggests that they tried 'obvious' log-in
pass-numbers--2222222222 1234--on a public Prestel computer and found
themselves inside a BT internal Closed User Group which contained
lists of phone numbers for the develop computers. The existence of at
least two stories suggests that the hackers wished to protect their
actual sources. In fact, some of the phone numbers had, to my certain
knowledge, appeared previously on bulletin boards.
At this first stage, the hackers had no passwords; they could
simply call up the log-in page. Not being registered on that
computer, they were given the usual three tries before the line was
disconnected.
For a while, the existence of these log-in pages was a matter of
mild curiosity. Then, one day, in the last week of October, one of
the log-in pages looked different: it contained what appeared to be a
valid password, and one with system manager status, no less. A
satisfactory explanation for the appearance of this password
imprinted on a log-in page has not so far been forthcoming. Perhaps
it was carelessness on the part of a BT engineer who thought that, as
the phone number was unlisted, no unauthorised individual would ever
see it. The pass-number was tried and admission secured.
After a short period of exploration of the database, which
appeared to be a 'snapshot' of Prestel rather than a live version of
it--thus showing that particular computer was not receiving constant
updates from Duke--the hackers decided to explore the benefits of
System Manager status. Since they had between them some freelance
experience of editing on Prestel, they knew that all Prestel special
features pages are in the *9nn# range: 910 for editing; 920 to change
personal passwords; 930 for mailbox messages and so ...what would
pages 940, 950, 960 and so on do? It became obvious that these pages
would reveal details of users together with account numbers
(systelnos), passwords and personal passwords. There were facilities
to register and deregister users.
However, all this was taking place on a non-public computer. Would
the same passwords on a 'live' Prestel machine give the same
benefits? Amazingly enough, the passwords gave access to every
computer on the Prestel network. It was now time to examine the user
registration details of real users as opposed to the BT employees who
were on the development machine. The hackers were able to assume any
personality they wished and could thus enter any Closed User Group,
simply by picking the right name. Among the CUG services they swooped
into were high-priced ones providing investment advice for clients of
the stockbroker Hoare Govett and commentary on international currency
markets supplied by correspondents of the Financial Times. They were
also able to penetrate Homelink, the telebanking service run by the
Nottingham Building Society. They were not able to divert sums of
money, however, as Homelink uses a series of security checks which
are independent of the Prestel system.
Another benefit of being able to become whom they wished was the
ability to read Prestel Mailboxes, both messages in transit that had
not yet been picked up by the intended recipient and those that had
been stored on the system once they had been read. Among the
Mailboxes read was the one belonging to Prince Philip. Later, with a
newspaper reporter as witness, one hacker sent a Mailbox, allegedly
from Prince Philip to the Prestel System Manager:
I do so enjoy puzzles and games. Ta ta. Pip! Pip!
H R H Hacker
Newspaper reports also claimed that the hackers were able to gain
editing passwords belonging to IPs, enabling them to alter pages and
indeed the Daily Mail of November 2nd carried a photograph of a
Prestel page from the Financial Times International Financial Alert
saying:
FT NEWSFLASH!!! oe1 EQUALS $50
The FT maintained that, whatever might theoretically have been
possible, in fact they had no record of their pages actually being so
altered and hazarded the suggestion that the hacker, having broken
into their CUG and accessed the page, had 'fetched it back' onto his
own micro and then edited there, long enough for the Mail's
photographer to snap it for his paper, but without actually
retransmitting the false page back to Prestel. As with so many other
hacking incidents, the full truth will never be known because no one
involved has any interest in its being told.
However, it is beyond doubt that the incident was regarded with the
utmost seriousness by Prestel itself. They were convinced of the
extent of the breach when asked to view page 1, the main index page,
which bore the deliberate mis-spelling: Idnex. Such a change
theoretically could only have been made by a Prestel employee with
the highest internal security clearance. Within 30 minutes, the
system manager password had been changed on all computers, public and
research. All 50,000 Prestel users signing on immediately after
November 2nd were told to change their personal password without
delay on every computer to which they were registered. And every IP
received, by Special Delivery, a complete set of new user and editing
passwords.
Three weeks after the story broke, the Daily Mail thought it had
found yet another Prestel hack and ran the following page 1 headline:
'Royal codebuster spies in new raid on Prestel', a wondrous
collection of headline writer's buzzwords to capture the attention of
the sleepy reader. This time an Information Provider was claiming
that, even after new passwords had been distributed, further security
breaches had occurred and that there was a 'mole' within Prestel
itself. That evening, Independent Television News ran a feature much
enjoyed by cognoscenti: although the story was about the Prestel
service, half the film footage used to illustrate it was wrong: they
showed pictures of the Oracle (teletext) editing facility and of
some-one using a keypad that could only have belonged to a TOPIC set,
as used for the Stock Exchange's private service. Finally, the name
of the expert pulled in for interview was mis-spelled although he was
a well-known author of micro books. The following day, BBC-tv's
breakfast show ran an item on the impossibility of keeping Prestel
secure, also full of ludicrous inaccuracies.
It was the beginning of a period during which hackers and hacking
attracted considerable press interest. No news service operating in
the last two months of 1984 felt it was doing an effective job if it
couldn't feature its own Hacker's Confession, suitably filmed in deep
shadow. As happens now and again, press enthusiasm for a story ran
ahead of the ability to check for accuracy and a number of Hacks That
Never Were were reported and, in due course, solemnly commented on.
BT had taken much punishment for the real hack--as well as causing
deep depression among Prestel staff, the whole incident had occurred
at the very point when the corporation was being privatised and
shares being offered for sale to the public--and to suffer an
unwarranted accusation of further lapses in security was just more
than they could bear. It is unlikely that penetration of Prestel to
that extent will ever happen again, though where hacking is
concerned, nothing is impossible.
There is one, relatively uncommented-upon vulnerability in the
present Prestel set-up: the information on Prestel is most easily
altered via the bulk update protocols used by Information Providers,
where there is a remarkable lack of security. All the system
presently requires is a 4-character editing password and the IP's
systel number, which is usually the same as his mailbox number
(obtainable from the on-system mailbox directory on page *7#) which
in turn is very likely to be derived from a phone number.
Other viewdata services
Large numbers of other viewdata services exist: in addition to the
Stock Exchange's TOPIC and the other viewdata based services
mentioned in chapter 4, the travel trade has really clutched the
technology to its bosom: the typical High Street agent not only
accesses Prestel but several other services which give up-to-date
information on the take-up of holidays, announce price changes and
allow confirmed air-line and holiday bookings.
Several of the UK's biggest car manufacturers have a stock locator
system for their dealers: if you want a British Leyland model with a
specific range of accessories and in the colour combinations of your
choice, the chances are that your local dealer will not have it
stock. He can, however, use the stock locator to tell him with which
other dealer such a machine may be found.
Stock control and management information is used by retail chains
using, in the main, a package developed by a subsidiary of Debenhams.
Debenhams had been early enthusiasts of Prestel in the days when it
was still being pitched at a mass consumer audience--its service was
called Debtel which wags suggested was for people who owed money or,
alternatively, for upper-class young ladies.
Later it formed DISC to link together its retail outlets, and this
was hacked in 1983. The store denied that anything much had
happened, but the hacker appeared (in shadow) on a tv program
together with a quite convincing demonstration of his control over
the system.
Audience research data is despatched in viewdata mode to
advertising agencies and broadcasting stations by AGB market
research. There are even alternate viewdata networks rivalling that
owned by Prestel, the most important of which is, at the time of
writing, the one owned by Istel and headquartered at Redditch in the
Midlands. This network transports several different trade and
professional services as well as the internal data of British
Leyland, of whom Istel is a subsidiary.
A viewdata front-end processor is a minicomputer package which
sits between a conventionally-structured database and its ports which
look into the phone-lines. Its purpose is to allow users with
viewdata sets to search the main database without the need to
purchase an additional conventional dumb terminal. Some view- data
front-end processors (FEPs) expect the user to have a full alphabetic
keyboard, and merely transform the data into viewdata pages 40
characters by 24 lines in the usual colours. More sophisticated FEPs
go further and allow users with only numeric keypads to retrieve
information as well. By using FEPs a database publisher or system
provider can reach a larger population of users. FEPs have been known
to have a lower standard of security protection than the conventional
systems to which they were attached.
Viewdata standards
The UK viewdata standard--the particular graphics set and method
of transmitting frames -- is adopted in many other European countries
and in former UK imperial possessions. Numbers and passwords to
access these services occasionally appear on bulletin boards and the
systems are particularly interesting to enter while they are still on
trial. As a result of a quirk of Austrian law, anyone can
legitimately enter their service without a password; though one is
needed if you are to extract valuable information. However, important
variants to the UK standards exist: the French (inevitably) have a
system that is remarkably similar in outline but incompatible.
In North America, the emerging standard which was originally put
together by the Canadians for their Telidon service but which has
now, with modifications, been promoted by Ma Bell, has high
resolution graphics because, instead of building up images from block
graphics, it uses picture description techniques (eg draw line, draw
arc, fill-in etc) of the sort relatively familiar to most users of
modern home micros. Implementations of NALPS (as the US standard is
called) are available for the IBM PC.
The Finnish public service uses software which can handle nearly
all viewdata formats, including a near-photographic mode.
Software similar to that used in the Finnish public service can be
found on some private systems. Countries vary considerably in their
use of viewdata technology: the German and Dutch systems consist
almost entirely of gateways to third-party computers; the French
originally cost-justified their system by linking it to a massive
project to make all telephone directories open to electronic enquiry,
thus saving the cost of printed versions. French viewdata terminals
thus have full alpha-keyboards instead of the numbers-only versions
common in other countries. For the French, the telephone directory is
central and all other information peripheral. Teletel/Antiope, as the
service is called, suffered its first serious hack late in 1984 when
a journalist on the political/satirical weekly Le Canard Finchaine
claimed to have penetrated the Atomic Energy Commission's computer
files accessible via Teletel and uncovered details of laser projects,
nuclear tests in the South Pacific and an experimental nuclear
reactor.
Viewdata: the future
Viewdata grew up at a time when the idea of mass computer
ownership was a fantasy, when the idea that private individuals could
store and process data locally was considered far-fetched and when
there were fears that the general public would have difficulties in
tackling anything more complicated than a numbers- only key-pad.
These failures of prediction have lead to the limitations and
clumsiness of present-day viewdata. Nevertheless, the energy and
success of the hardware salesmen plus the reluctance of companies and
organisations to change their existing set-ups will ensure that for
some time to come, new private viewdata systems will continue to be
introduced...and be worth trying to break into.
There is one dirty trick that hackers have performed on private
viewdata systems. Entering them is often easy, because high-level
editing passwords are, as mentioned earlier, sometimes desperately
insecure (see chapter 6) and it is easy to acquire editing status.
Once you have discovered you are an editor, you can go to edit
mode and edit the first page on the system, page 0: you can usually
place your own message on it, of course; but you can also default all
the routes to page 90. Now *90# in most viewdata systems is the
log-out command, so the effect is that, as soon as someone logs in
successfully and tries to go beyond the first page, the system logs
them out....
However, this is no longer a new trick, and one which should be
used with caution: is the database used by an important organisation?
Are you going to tell the system manager what you have done and
urge more care in password selection in future?
Radio Computer Data
Vast quantities of data traffic are transmitted daily over the
radio frequency spectrum; hacking is simply a matter of hooking up a
good quality radio receiver and a computer through a suitable
interface. On offer are news services from the world's great press
agencies, commercial and maritime messages, meteorological data, and
plenty of heavily-encrypted diplomatic and military traffic. A
variety of systems, protocols and transmission methods are in use and
the hacker jaded by land-line communication (and perhaps for the
moment put off by the cost of phone calls) will find plenty of fun on
the airwaves.
The techniques of radio hacking are similar to those necessary for
computer hacking. Data transmission over the airwaves uses either a
series of audio tones to indicate binary 0 and 1 which are modulated
on transmit and demodulated on receive or alternatively frequency
shift keying which involves the sending of one of two slightly
different radio frequency carriers, corresponding to binary 0 or
binary 1. The two methods of transmission sound identical on a
communications receiver (see below) and both are treated the same for
decoding purposes. The tones are different from those used on
land-lines--'space' is nearly always 1275 Hz and 'mark' can be one of
three tones: 1445 Hz (170 Hz shift--quite often used by amateurs and
with certain technical advantages); 1725 Hz (450 Hz shift--the one
most commonly used by commercial and news services) and 2125 Hz (850
Hz shift--also used commercially). The commonest protocol uses the
5-bit Baudot code rather than 7-bit or 8-bit ASCII. The asynchronous,
start/stop mode is the most common. Transmission speeds include: 45
baud (60 words/minute), 50 baud (66 words/minute), 75 baud (100
words/ minute). 50 baud is the most common. However, many
interesting variants can be heard--special versions of Baudot for
non- European languages, error correction protocols, and various
forms of facsimile.
The material of greatest interest is to be found in the high
frequency or 'short wave' part of the radio spectrum, which goes from
2 MHz, just above the top of the medium wave broadcast band, through
to 30 MHz, which is the far end of the 10-meter amateur band which
itself is just above the well-known Citizens' Band at 27 MHz.
The reason this section of the spectrum is so interesting is that,
unique among radio waves, it has the capacity for world-wide
propagation without the use of satellites, the radio signals being
bounced back, in varying degrees, by the ionosphere. This special
quality means that everyone wants to use HF (high frequency)
transmission--not only international broadcasters, the propaganda
efforts of which are the most familiar uses of HF. Data transmission
certainly occurs on all parts of the radio spectrum, from VLF (Very
Low Frequency, the portion below the Long Wave broadcast band which
is used for submarine communication), through the commercial and
military VHF and UHF bands, beyond SHF (Super High Frequency, just
above 1000 MHz) right to the microwave bands. But HF is the most
rewarding in terms of range of material available, content of
messages and effort required to access it.
Before going any further, hackers should be aware that in a number
of countries even receiving radio traffic for which you are not
licensed is an offence; in nearly all countries making use of
information so received is also an offence and, in the case of news
agency material, breach of copyright may also present a problem.
However, owning the equipment required is usually not illegal and,
since few countries require a special license to listen to amateur
radio traffic (as opposed to transmitting, where a license is needed)
and since amateurs transmit in a variety of data modes as well,
hackers can set about acquiring the necessary capability without
fear.
Equipment
The equipment required consists of a communications receiver, an
antenna, an interface unit/software and a computer.
Communications receiver - This is the name given to a good quality
high frequency receiver. Suitable models can be obtained,
second-hand, at around £100; new receivers cost upwards of £175.
There is no point is buying a radio simply designed to pick up
shortwave broadcasts which will lack the sensitivity, selectivity and
resolution necessary. A minimum specification would be:
Coverage 500 kHz--30 MHz
Resolution >100 Hz
Modes AM, Upper Side Band, Lower Side Band,
CW (Morse)
Tuning would be either by two knobs, one for MHz, one for kHz, or
by keypad. On more expensive models it is possible to vary the
bandwidth of the receiver so that it can be widened for musical
fidelity and narrowed when listening to bands with many signals close
to one another.
Broadcast stations transmit using AM (amplitude modulation), but
in the person-to-person contacts of the aeronautical, maritime and
amateur world, single-side-band-suppressed carrier techniques are
used--the receiver will feature a switch marked AM, USB, LSB, CW etc.
Side-band transmission uses less frequency space and so allows more
simultaneous conversations to take place, and is also more efficient
in its use of the power available at the transmitter. The chief
disadvantage is that equipment for receiving is more expensive and
must be more accurately tuned. Upper side band is used on the whole
for voice traffic, and lower side band for data traffic. (Radio
amateurs are an exception: they also use lower side-band for voice
transmissions below 10 MHz.) Suitable sources of supply for
communications receivers are amateur radio dealers, whose addresses
may be found in specialist magazines like Practical Wireless, Amateur
Radio, Ham Radio Today.
Antenna - Antennas are crucial to good shortwave reception--the sort
of short 'whip' aerial found on portable radios is quite insufficient
if you are to capture transmissions from across the globe. When using
a computer close to a radio you must also take considerable care to
ensure that interference from the CPU and monitor don't squash the
signal you are trying to receive. The sort of antenna I recommend is
the 'active dipole', which has the twin advantages of being small and
of requiring little operational attention. It consists of a couple of
1-meter lengths of wire tied parallel to the ground and meeting in a
small plastic box. This is mounted as high as possible, away from
interference, and is the 'active' part. From the plastic box descends
coaxial cable which is brought down to a small power supply next to
the receiver and from there the signal is fed into the receiver
itself. The plastic box contains special low-noise transistors.
It is possible to use simple lengths of wire, but these usually
operate well only on a limited range of frequencies, and you will
need to cover the entire HF spectrum. Active antennas can be obtained
by mail order from suppliers advertising in amateur radio
magazines--the Datong is highly recommended.
Interface The 'interface' is the equivalent of the modem in landline
communications; indeed, advertisements of newer products actually refer to
radio modems. Radio tele-type, or RTTY, as it is called, is traditionally
received on a modified teleprinter or telex machine; and the early interfaces
or terminal units (TUs) simply converted the received audio tones into 'mark'
and 'space' to act as the equivalent of the electrical line conditions of a
telex circuit. Since the arrival of the microcomputer, however, the design
has changed dramatically and the interface now has to perform the following
functions:
1 Detect the designated audio tones
2 Convert them into electrical logic states
3 Strip the start/stop bits, convert the Baudot code into ASCII
equivalents, reinsert start/stop bits
4 Deliver the new signal into an appropriate port on the computer.
(If RS232C is not available, then any other port, e.g. Game, that
is)
A large number of designs exist: some consist of hardware
interfaces plus a cassette, disc or ROM for the software; others
contain both the hardware for signal acquisition and firmware for its
decoding in one box.
Costs vary enormously and do not appear to be related to quality
of result. The kit-builder with a ZX81 can have a complete set-up for
under £40; semi-professional models, including keyboards and screen
can cost in excess of £1000.
The kit I use is based on the Apple II (because of that model's
great popularity in the USA, much hardware and software exists); the
interface talks into the game port and I have several items of
software to present Baudot, ASCII or Morse at will. There is even
some interesting software for the Apple which needs no extra
hardware--the audio from the receiver is fed direct into the cassette
port of the Apple, but this method is difficult to replicate on other
machines because of the Apple's unique method of reading data from
cassette.
Excellent inexpensive hard/firmware is available for many Tandy
computers, and also for the VlC20/Commodore 64. On the whole US
suppliers seem better than those in the UK or Japan-- products are
advertised in the US magazines QST and 73.
Setting Up Particular attention should be paid to linking all the
equipment together; there are special problems about using sensitive
radio receiving equipment in close proximity to computers and VDUs.
Computer logic blocks, power supplies and the synchronising pulses on
VDUs are all excellent sources of radio interference (rfi). RFI
appears not only as individual signals at specific points on the
radio dial, but also as a generalised hash which can blank out all
but the strongest signals.
Interference can escape from poorly packaged hardware, but also
from unshielded cables which act as aerials. The remedy is simple to
describe: encase and shield everything, connecting all shields to a
good earth, preferably one separate from the mains earth. In
practice, much attention must be paid to the detail of the
interconnections and the relative placing of items of equipment. In
particular, the radio's aerial should use coaxial feeder with a
properly earthed outer braid, so that the actual wires that pluck the
signals from the ether are well clear of computer-created rfi. It is
always a good idea to provide a communications receiver with a proper
earth, though it will work without one: if used with a computer, it
is essential.
Do not let these paragraphs put you off; with care excellent
results can be obtained. And bear in mind my own first experience:
ever eager to try out same new kit, I banged everything together with
great speed--ribbon cable, poor solder joints, an antenna tapedx
quickly to a window in a metal frame less than two meters from the
communications receiver--and all I could hear from 500 kHz to 30
MHz, wherever I tuned, was a great howl-whine of protest...
Where to listen
Scanning through the bands on a good communications receiver, you
realise just how crowded the radio spectrum is. The table in Appendix
VI gives you an outline of the sandwich-like fashion in which the
bands are organised.
The 'fixed' bands are the ones of interest; more particularly, the
following ones are where you could expect to locate news agency
transmissions (in kHz):
3155 -- 3400 14350 -- 14990
3500 -- 3900 15600 -- 16360
3950 -- 4063 17410 -- 17550
4438 -- 4650 18030 -- 18068
4750 -- 4995 18168 -- 18780
5005 -- 5480 18900 -- 19680
5730 -- 5950 19800 -- 19990
6765 -- 7000 20010 -- 21000
7300 -- 8195 21850 -- 21870
9040 -- 9500 22855 -- 23200
ggoo -- 9995 23350 -- 24890
10100 -- 11175 25010 -- 25070
11400 -- 11650 25210 -- 25550
12050 -- 12330 26175 -- 28000
13360 -- 13600 29700 -- 30005
13800 -- 14000
In addition, amateurs tend to congregate around certain spots on the
frequency map: 3590, 14090, 21090, 28090, and at VHF/UHF: 144.600,
145.300, MHz 432.600, 433.300.
Tuning In
Radio Teletype signals have a characteristic two-tone warble sound
which you will hear properly only if your receiver is operating in
SSB (single-side-band) mode. There are other digital tone-based
signals to be heard: FAX (facsimile), Helschcrieber (which uses a
technique similar to dot-matrix printers and is used for Chinese and
related pictogram-style alphabets), SSTV (slow scan television, which
can take up to 8 seconds to send a low-definition picture), and
others.
But with practice, the particular sound of RTTY can easily be
recognised. More experienced listeners can also identify shifts and
speeds by ear.
You should tune into the signal watching the indicators on your
terminal unit to see that the tones are being properly captured--
typically, this involves getting two LEDs to flicker simultaneously.
The software will now try to decode the signal, and it will be up
to you to set the speed and 'sense'. The first speed to try is 66/7
words per minute, which corresponds to 50 baud, as this is the most
common. On the amateur bands, the usual speed is 60 words per minute
(45 baud); thereafter, if the rate sounds unusually fast, you try 100
words per minute (approximately 75 baud).
By 'sense' or 'phase' is meant whether the higher tone corresponds
to logical 1 or logical 0. Services can use either format; indeed
the same transmission channel may use one 'sense' on one occasion and
the reverse 'sense' on another. Your software can usually cope with
this. If it can't, all is not lost: you retune your receiver to the
opposite, side-band and the phase will thereby be reversed. So, if
you are listening on the lower side-band (LSB), usually the
conventional way to receive, you simply switch over to USB (upper
side-band), retune the signal into the terminal unit, and the sense'
will have been reversed.
Many news agency stations try to keep their channels open even if
they have no news to put out: usually they do this by sending test
messages like: 'The quick brown fox....' or sequences like
'RYRYRYRYRYRY...' such signals are useful for testing purposes, if
a little dull to watch scrolling up the VDU screen.
You will discover many signals that you can't decode: the
commonest reason is that the transmissions do not use European
alphabets, and all the elements in the Baudot code have been
re-assigned--some versions of Baudot use not one shift, but two, to
give the required range of characters. Straightforward en- crypted
messages are usually recognisable as coming in groups of five
letters, but the encryption can also operate at the bit- as well as
at the character-level -- in that case, too, you will get
gobbleydegook.
A limited amount of ASCII code as opposed to Baudot is to be
found, but mostly on the amateur bands.
Finally, an error-correction protocol, called SITOR, is
increasingly to be found on the maritime bands, with AMTOR, an amateur
variant, in the amateur bands, SITOR has various modes of operation
but, in its fullest implementation, messages are sent in blocks which
must be formally acknowledged by the recipient before the next one is
despatched. The transmitter keeps trying until an acknowledgement is
received. You may even come across, on the amateur bands, packet
radio, which has some of the features of packet switching on digital
land lines. This is one of the latest enthusiasms in amateur radio
with at least two different protocols in relatively wide use.
Discussion of SITOR and packet radio is beyond the scope of this
book, but the reader is referred to BARTG (the British Amateur Radio
Teletype Group) and its magazine Datacom for further information. You
do not need to be a licensed radio amateur to join. The address is:
27 Cranmer Court, Richmond Road, Kingston KT2 SPY.
Operational problems of radio hacking are covered at the end of
Appendix I, the Baudot code is given Appendix IV and an outline
frequency.
The material that follows represents some of the types of common
transmissions: news services, test slips (essentially devices for
keeping a radio channel open), and amateur. The corruption in places
is due either to poor radio propagation conditions or to the presence
of interfering signals.
REVUE DE LA PRESSE ITALIENNE DU VENDREDI 28 DECEMBRE 1984
LE PROCES AUX ASSASSINS DE L~ POIELUSZKO, LA VISITE DE
M. SPADOLINI A ISRAEL, LA SITUATION AU CAMBODGE ET LA GUERILLA
AU MOZAMBIQUE FONT LES TITES DES PAGES POLITIQUES
MOBILISATION TO WORK FOR THE ACCOUNT OF 1985
- AT THE ENVER HOXHA AUTOMOBILE AND
TRACTOR COMBINE IN TIRANA 2
TIRANA, JANUARY XATA/. - THE WORKING PEOPLE OF THE ENVER HOXH~/
AUTOMOBILE AND TRACTOR COMBINE BEGAN THEIR WORR WITH VIGOUR
AND MOBILISATION FOR THE ACCOUNT OF 1985. THE WORK IN THIS
IMPROVOWNT CENTER FOR MECHANICAL INDUSTRY WAS NOT INTERRUPTED
FOR ONE MOMENT AND THE WORKING PEOPLE 8~S ONE ANOTHER FOR
FRESHER GREATER VICTORIES UNDER THE LEADERSHIP OF THE PARTY
WITH ENVER HOXHA AT THE HEAD, DURING THE SHIFTS, NEAR
THE FURNANCES~ PRESSES ETC.. JUST LIKE SCORES OF WORKING COLLECTIVES
OF THE COUNTRY WHICH WERE NOT AT HOME DURING THE NEW
YEAR B
IN THE FRONTS OF WORK FOR THE BENEFITS OF THE SOCIALIST
CONSTRUCTION OF THE COUNTRY.
PUTTING INTO LIFE THE TEACHINGS OF THE PARTY AND THE INSTRUCTIONS
OF COMRADE ENVER HOXHA, THE WORKING COLLECTIVE OF THIS
COMBINE SCORED FRESH SUCCESSES DURING 1984 TO REALIZE THE
INDICES OF THE STATE PLAN BY RASING THE ECEONOMIC EFFECTIVENESS.
THE WORKING PEOPLE SUCCESSFULLY REALIZED AND OVERFUL
FILLED THE OBJECTIVE OF THE REVOLUTIONARY DRIVE ON THE HIGHER
EFFECTIOVENESS OF PRODUCTION, UNDERTAKEN IN KLAIDQAULSK SO~
WITHIN 1984 THE PLANNED PRODUCTIVITY, ACCORDING TO THE INDEX
OF THE FIVE YEAR PLAN, WAS OVERFULFILLED BY 2 PER CENT.
MOREOVER, THE FIVE YEAR PLAN FOR THE GMWERING OF THE COST OF
PRODUCTION WAS RAISED 2 MONTHS AHEAD OF TIME, ONE FIVE YEAR
PLAN FOR THE PRODUCTION OF MACHINERIES LAND EQUIPMENT AND
THE PRODUCTION OF THE TRACTORS WAS OVERFULFILLED.
THE NET INCOME OF THE FIVE YEAR PLAN WAS REALIZED
WITHIN 4 YEARS. ETCM
YRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRY
RYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYR
YRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRY
YRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRY
RYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYRYR~ u UL ~v_.~v
GJ4YAD GJ4YAD DE G4DF G4DF
SOME QRM BUT MOST OK. THE SHIFT IS NORMAL...SHIFT IS NORMAL.
FB ON YOUR RIG AND NICE TO MEET YOU IN RTTY. THE WEATHER HERE
TODAY IS FINE AND BEEN SUNNY BUT C9LD. I HAVE BEEN IN THIS MODE
BEFORE BUT NOT FOR A FEW YEARS HI HI.
GJ4YAD GJ4YAD DE G4DF G4DF
PSE KKK
G4ElE G4EJE DE G3IMS G3IMS
TNX FOR COMING BACk. RIG HERE IS ICOM 720A BUT I AM SENDING
AFSk; NOT FSk'. I USED TO HAVE A CREED BUT CHUCKED IT OUT IT WAS
TOO NOISY AND NOW HAVE VIC2D SYSTEM AND SOME US kIT MY SON
BROUGHT ME HE TRAVELS A LOT.
HAD LOTS OF TROUBLE WITH RFI AND HAVE NOT YET CURED IT. VERTY BAD
QRM AT MOMENT. CAN GET NOTHING ABOVE 1CI MEGS AND NOT MUCH EX-G ON
S(:). HI HI. SUNSPOT COUNT IS REALLY LOW.
G4EJE G4EJE DE G3IMS G3IMS
~I.Of;KKKk'KKKK
RYRYRYRYRYRYRYRYRYR
~K~fk'KKKKKKK
G3IMS G3IMS DE G4EJE G4EJE
FB OM. URM IS GETTING WORSE. I HAVE ALWAYS LIk.ED ICOM RIGS BUT
THEY ARE EXEPENSIVE. CAN YOU RUN FULL 1QCI PER CENT DUTY CYCLE ON
RTTY OR DO YOU HAVE TO RUN AROUND 50 PER CENT. I GET OVER-HEATING
ON THIS OLD YAESU lQl. WHAT SORT OF ANTENNA SYSTEM DO YOU USE.
HERE IS A TRAPPED VERTICAL WITH 8CI METERS TUNED TO RTTY SPOT AT
~;59(:1.
I STILL USE CREED 7 THOUGH AM GETTING FED UP WITH MECHANICAL
BREAK- W WN AND NOISE BUT I HAVE HEARD ABOUT RFI AND HOME
COMPUTER5. MY NEPHEW HAS A SPECTRUM, CAN YOU GET RTTY SOFTWARE
FOR THAT/.
G3IMs G3IMS DE G4EJE G4EJE
Hacking: the Future
Security is now probably the biggest single growth area within the
mainstream computer business. At conference after conference,
consultants compete with each other to produce the most frightening
statistics.
The main concern, however, is not hacking but fraud. Donn Parker,
a frequent writer and speaker on computer crime based at the Stanford
Research Institute has put US computer fraud at $3000 million a year;
although reported crimes amount to only $100 million annually. In
June 1983 the Daily Telegraph claimed that British computer-related
frauds could be anything between £500 million and £2.5 billion a
year. Detective Inspector Ken McPherson, head of the computer crime
unit at the Metropolitan Police, was quoted in 1983 as saying that
within 15 years every fraud would involve a computer. The trouble is,
very few victims are prepared to acknowledge their losses. To date,
no British clearing bank has admitted to suffering from an
out-and-out computer fraud, other than the doctoring of credit and
plastic ID cards. Few consultants believe that they have been immune.
However, to put the various threats in perspective, here are two
recent US assessments. Robert P Campbell of Advanced Information
Management, formerly head of computer security in the US Army,
reckons that only one computer crime in 100 is detected; of those
detected, 15 per cent or fewer are reported to the authorities, and
that of those reported, one in 33 is successfully prosecuted--a
'clear-up' rate of one in 22,000.
And Robert Courtney, former security chief at IBM produced a list
of hazards to computers: 'The No 1 problem now and forever is errors
and omissions'. Then there is crime by insiders, particularly
non-technical people of three types: single women under 35; 'little
old ladies' over 50 who want to give the money to charity; and older
men who feel their careers have left them neglected. Next, natural
disasters. Sabotage by disgruntled employees. Water damage. As for
hackers and other outsiders who break in, he e
Here in the UK, the National Computing Centre says that at least
90 per cent of computer crimes involve putting false information into
a computer, as opposed to sophisticated logic techniques; such crimes
are identical to conventional embezzlement: looking for weaknesses
in an accounting system and taking advantage. In such cases the
computer merely carries out the fraud with more thoroughness than a
human, and the print-out gives the accounts a spurious air of being
correct.
In the meantime, we are on the threshold of a new age of
opportunities for the hacker. The technology we can afford has
suddenly become much more interesting.
The most recent new free magazines to which I have acquired
subscriptions are for owners of the IBM PC, its variants and clones.
There are two UK monthlies for regular users, another for corporate
buyers and several US titles.
The IBM PC is only partly aimed at small business users as a
stand-alone machine to run accounting, word processing, spread- sheet
calculation and the usual business dross; increasingly the marketing
is pitching it as an executive work-station, so that the corporate
employee can carry out functions not only local to his own office,
but can access the corporate mainframe as well--for data, messaging
with colleagues, and for greater processing power.
In page after page, the articles debate the future of this
development--do employees want work-stations? Don't many bosses still
feel that anything to do with typing is best left to their secretary?
How does the executive workstation relate to the mainframe? Do you
allow the executive to merely collect data from it, or input as well?
If you permit the latter, what effect will this have on the integrity
of the mainframe's files? How do you control what is going on? What
is the future of the DP professional? Who is in charge?
And so the articles go on. Is IBM about to offer packages which
integrate mainframes and PCs in one enormous system, thus effectively
blocking out every other computer manufacturer and software publisher
in the world by sheer weight and presence?
I don't know the answers to these questions, but elsewhere in
these same magazines is evidence that the hardware products to
support the executive workstation revolution are there--or, even if
one has the usual cynicism about computer trade advertising ahead of
actual availability, about to be.
The products are high quality terminal emulators, not the sort of
thing hitherto achieved in software--variants on asynchronous
protocols with some fancy cursor addressing--but cards capable of
supporting a variety of key synchronous communications, like 327x
(bisynch and SDLC), and handling high-speed file transfers in CICs,
TSO, IMS and CMS.
These products feature special facilities, like windowing or
replicate aspects of mainframe operating systems like VM (Virtual
Machine), giving the user the experience of having several different
computers simultaneously at his command. Other cards can handle IBM's
smaller mini- mainframes, the Systems/34 and /38. Nor are other
mainframe manufacturers with odd-ball comms requirements ignored:
ICL, Honeywell and Burroughs are all catered for. There are even
several PC add-ons which give a machine direct X.25; it can sit on a
packet-switched network without the aid of a PAD.
Such products are expensive by personal micro standards, but it
means that, for the expenditure of around £8000, the hacker can call
up formidable power from his machine. The addition of special
environments on these new super micros which give the owner direct
experience of mainframe operating systems--and the manuals to go with
them--will greatly increase the population of knowledgeable computer
buffs. Add to this the fact that the corporate workstation market, if
it is at all succesful, must mean that many executives will want to
call their mainframe from home --and there will be many many more
computer ports on the PTSN or sitting on PSS.
There can be little doubt that the need for system security will
play an increasing role in the specification of new mainframe
installations. For some time, hardware and software engineers have
had available the technical devices necessary to make a computer
secure; the difficulty is to get regular users to implement the
appropriate methods--humans can only memorise a limited number of
passwords. I expect greater use will be made of threat monitoring
techniques: checking for sequences of unsuccessful attempts at
logging in, and monitoring the level of usage of customers for
extent, timing, and which terminals or ports they appear on.
The interesting thing as far as hackers are concerned is that it
is the difficulty of the exercise that motivates us, rather than the
prospect of instant wealth. It is also the flavour of naughty, but
not outright, illegality. I remember the Citizens Band radio boom of
a few years ago: it started quietly with just a handful of London
breakers who had imported US sets, really simply to talk to a few
friends. One day everyone woke up, switched on their rigs and
discovered overnight there was a whole new sub-culture out there,
breathing the ether. Every day there were more and more until no
spare channels could be found. Then some talented engineers found out
how to freak the rigs and add another 40 channels to the original 40.
And then another 40. Suddenly there were wholesalers and retailers
and fanzines, all selling and promoting products the using or
manufacturing of which was illegal under British law.
Finally, the government introduced a legalised CB, using different
standards from the imported US ones. Within six months the illegal
scene had greatly contracted, and no legal CB service of comparable
size ever took its place. Manufacturers and shop- keepers who had
expected to make a financial killing were left with warehouses full
of the stuff. Much of the attraction of AM CB was that it was
forbidden and unregulated. There is the desire to be an outlaw, but
clever and not too outrageous with it, in very many of us.
So I don't believe that hacking can be stopped by tougher
security, or by legislation, or even by the fear of punishment.
Don't get me wrong: I regard computers as vastly beneficial. But
they can threaten our traditional concepts of freedom, individuality
and human worth I like to believe hacking is a curious
re-assertion of some of those ideas.
The challenge of hacking is deeply ingrained in many computer
enthusiasts; where else can you find an activity the horizons of
which are constantly expanding, where new challenges and dangers can
be found every day, where you are not playing a visibly artificial
'game', where so much can be accessed with so little resource but a
small keyboard, a glowing VDU, an inquisitive and acquisitive brain,
and an impish mentality?
APPENDIX I
Trouble Shooting
The assumption is that you are operating in the default mode of
300/300 baud asynchronous using CCITT tones, 7 bits, even parity, one
stop bit, full-duplex/echo off, originate. You have dialled the
remote number, seized the line and can hear a data tone. Something is
not working properly. This is a partial list of possibilities.
The screen remains blank.
* A physical link has failed -- check the cables between computer,
modem and phone line.
* The remote modem needs waking up--send a <cr> or failing that, a
ENQ (<ctrl>E), character.
* The remote modem is operating at a different speed. Some modems
can be brought up to speed by hitting successive <cr>s; they usually
begin at 110 baud and then go to 300,so two successive <cr>s should
do the trick.
* The remote modem is not working at V21 standards, either because
it is a different CCITT standard, e.g. V22, V22 bis, V23 etc or
operates on Bell (US) tones.
* Since different standards tend to have different 'wake-up' tones
which are easily recognised with practice, you may be able to spot
what is happening. It shouldn't need to be said that if you are
calling a North American service you should assume Bell tones.
* Both your modem and that of the remote service are in answer or in
originate and so cannot 'speak' to each other. Always assume you are
in the originate mode.
* The remote service is not using ASCII/International Alphabet No 5.
The screen fills with random characters
* Data format different from your defaults--check 7 or 8 bit
characters, even/odd parity, stop and start bits.
* Mismatch of characters owing to misdefined protocol--check
start/stop, try alternately EOB/ACK and XON/XOF.
* Remote computer operating at a different speed from you-- try, in
order, 110, 300, 600, 1200, 75.
** Page 112
* Poor physical connection--if using an acoustic coupler check
location of handset, if not, listen on line to see if it is noisy or
crossed.
* The remote service is not using ASCII/International Alphabet No 5.
Every character appears twice
* You are actually in half-duplex mode and the remote computer as
well as your own are both sending characters to your screen--switch
to full-duplex/echo off.
All information appears on only one line, which is constantly
overwritten.
* The remote service is not sending line feeds--if your terminal
software has the facility, enable it to induce line feeds when each
display line is filled. Many on-line services and public dial-up
ports let you configure the remote port to send line feeds and vary
line length. Your software may have a facility to show control
characters, in which case you will see <ctrl>J if the remote service
is sending line feeds.
Wide spaces appear between display lines.
* The remote service is sending line feeds and your software is
inducing another one simultaneously--turn off your induced carriage
return facility. In 'show control character' mode, you will see
<ctrl>Js.
Display lines are broken awkwardly
* The remote service is expecting your screen to support more
characters than it is able. Professional services tend to expect 80
characters across whilst many personal computers may have less than
40, so that they can be read on a tv screen. Check if your software
can help, but you may have to live with it. Alternatively, the
remote computer may let you reconfigure its character stream.
Most of the display makes sense, but every so often it becomes
garbled
* You have intermittent line noise--check if you can command the
remote computer to send the same stream again and see if you get the
garbling.
* The remote service is sending graphics instructions which your
computer and software can't resolve.
The display contains recognisable characters in definite groupings,
but otherwise makes no sense The data is intended for an intelligent
terminal, which will combine the transmitted data with a local
program so that it makes sense.
* The data is intended for batch processing.
* The data is encrypted Although the stream of data appeared
properly on your vdu, when you try to print it out, you get
corruption and over-printing
* Most printers use a series of special control characters to enable
various functions--line feeds, back-space, double- intensity, special
graphics etc. The remote service is sending a series of control
characters which, though not displayed on your screen, are
'recognised' by your printer, though often in not very helpful ways.
You may be able to correct the worst problems in software, e.g. by
enabling line-feeds; alternatively many printers can be re-configured
in hardware by appropriate settings of DIL switches internally.
When accessing a viewdata service, the screen fills with squares.
* The square is the standard display default if your viewdata
terminal can't make sense of the data being sent to it.
* Check physical connections and listen for line noise.
* The viewdata host does not work to UK viewdata standards-- French
viewdata uses parallel attributes and has a number of extra features.
The CEPT standard for Europe contains features from both the UK and
French systems and you may be able to recognise some of the display.
North American videotex is alpha-geometric and sends line drawing
instructions rather than characters.
* The viewdata host has enhanced graphics features, perhaps for
dynamically redefined character sets, alphageometric instructions, or
alpha-photographic (full resolution) pictures. If the host has some
UK standard-compatible features, you will be able to read them
normally. If the cursor jumps about the screen, the host has dynamic
graphics facilities. If the viewdata protocol is anything at all like
the UK standard, you should see regular clear-screens as each new
page comes up; however, advanced graphics features tend to work by
suppressing clear-screens.
* The service you have dialled is not using viewdata. PSS is
accessible at 75/1200, as are one or two direct-dial services. In
this case you should be seeing a conventional display or trying one
of the other suggestions in this appendix. It is usual to assume that
any subscriber dialling into a 75/1200 port has only a 40 character
display.
You can't see what you are typing
* The remote computer is not echoing back to you--switch to
half-duplex. If the remote computer's messages now appear doubled;
that would be unusual but not unique; you will have to toggle back to
full-duplex for receive.
Data seems to come from the remote computer in jerky bursts rather
than as a smooth stream.
* If you are using PSS or a similar packet-switched service and it
is near peak business hours either in your time zone or in that of
the host you are accessing, the effect is due to heavy packet
traffic. There is nothing you can do--do not send extra commands to
'speed things up' as those commands will arrive at the host
eventually and cause unexpected results.
* The host is pausing for a EOB/ACK or XON/XOF message-- check your
protocol settings--try sending ctrl-Q or ctrl-F.
You have an apparently valid password but it is not accepted.
* You don't have a valid password, or you don't have all of it.
* The password has hidden control characters which don't display on
the screen. Watch out for <ctrl>H -- the back-space, which will
over-write an existing displayed character.
* The password contains characters which your computer doesn't
normally generate--check your terminal software and see if there is a
way of sending them.
Most of the time everything works smoothly, but you can't get past
certain prompts
* The remote service is looking for characters your computer doesn't
normally generate. Check your terminal software and see if there is a
way of sending them.
A list or file called up turns out to be boring--can you stop it?
* Try sending <ctrl>S; this may simply make the remote machine
pause, until a <ctrl>Q is sent--and you may find the list resumes
where it left off. On the other hand it may take you on to a menu.
* Send a BREAK signal (<ctrl>1). If one BREAK doesn't work, send
another in quick succession.
You wish to get into the operating system from an applications
program.
* Don't we all? There is no standard way of doing this, and indeed
it might be almost impossible, because the operating system can only
be addressed by a few privileged terminals, of which yours (and its
associated password) is not one. However, you could try the
following:
* Immediately after signing on, send two BREAKs (<ctrl>1).
* Immediately after signing on, try combinations of ESC, CTRL and
SHIFT. As a desperate measure, send two line feeds before signing
on--this has been known to work!.
* At an options page, try requesting SYSTEM or some obvious
contraction like SYS or X. If in the Basic language, depending on the
dialect, SYSTEM or X in immediate mode should get you the operating
system.
You are trying to capture data traffic from a short-wave radio and are having
little success
* Your computer could be emitting so much radio noise itself that
any signal you are attempting to hear is squashed. To test: tune your
radio to a fairly quiet short-wave broadcast and then experiment
listening to the background hash with the computer switched first
on, then off. If the noise level drops when you turn off the
computer, then you need to arrange for more rf suppression and to
move the computer and radio further apart. Another source of rf noise
is the sync scan in a tv tube.
* If you can hear the two-tones of rtty traffic but can't get
letters resolved, check that your terminal unit is locking on to the
signal (often indicated by LEDs); you should then at least get some
response on your screen, if it doesn't make immediate sense.
* Once you have letters on screen, try altering the speed at which
you are receiving (see chapter 10); check also that you are reading
in the right 'sense', ie that mark and space have not been reversed.
* In addition to signals sent with the conventional International
Telegraphic Code No 2 (Baudot), variants exist for foreign letter
sets, like Cyrillic, which your software may not be able to resolve.
* There are other data-type services which sound a little like RTTY,
but are not: they include FAX (facsimile) hellschreiber ( a form of
remote dot-matrix printing), SITOR (see chapter 10) and special
military/diplomatic systems.
APPENDIX II
Glossary
This glossary collects together the sort of name, word, abbreviation
phrase you could come across during your network adventures
and for which you may not be able to find a precise definition
ACK
Non--printing character used in some comms protocols to indicate that
a block has been received and that more can be sent; used in
association with EOB.
ANSI
American National Standards Institute--one of a number of standards
organizations.
Answer mode
When a modem is set up to receive calls--the usual mode for a host.
The user's computer will be in originate.
ARQ
Automatic Repeat Request--method of error correction.
ASCII
American Standard Code for Information Interchange--alternate name
for International Telegraph Alphabet No 5: 7-bit code to symbolise
common characters and comms instructions, usually transmitted as
8-bit code to include a parity bit.
ASR
Automatic Send Receive--any keyboard terminal capable of generating a
message into off-line storage for later transmission; includes
paper-tape telex machines as well as microcomputers.
Asynchronous
Description of communications which rely on 'start' and 'stop' bits
to synchronise originator and receiver of data--hence asynchrnous
protocols, channels, modems, terminals etc.
Backward channel
Supervisory channel, not used as main channel of communication; in
viewdata the 75 baud back from the user to the host.
Baud
Measure of the signalling rate on a data channel, number of
signalling elements per second.
Baseband
Modulation is direct on the comms line rather than using audio or
radio frequencies; used in some local area networks. A baseband or
'short-haul' modem can be used to link computers in adjacent offices,
but not over telephone lines.
Baudot
5-bit data code used in telegraphy, telex and RTTY--also known as
International Telegraph Alphabet No 2.
Bell
(1) non-printing character which sounds a bell or bleep, usually
enabled by <ctrl> G; (2) Common name for US phone company and, in
this context, specifiers for a number of data standards and services,
e.g. Bell 103a, 202a, 212a, etc--see Appendix V
Bit Binary digit
value 0 or 1.
Broadband
Broadband data channels have a wider bandwidth than ordinary
telephone circuits--12 times in fact, to give a bandwidth of 48kHz,
over which may simultaneous high-speed data transfers can take place.
Broadcast service
Data service in which all users receive the same information
simultaneously, without the opportunity to interrogate or query;
e.g. news services like AP, Reuters News, UPI etc. See also on-line
service.
Bisynchronous
IBM protocol involving synchronous transmission of binary coded data.
BLAISE
British Library Automated Information Service-- substantial
bibliographic on-line host.
BREAK
Non-printing character used in some data transmission protocols and
found on some terminals--can often be regenerated by using <ctrl> 1.
BSC
Binary Synchronous Communications--see bisynchronous.
I Byte
Group of bits (8) representing one data character.
Call accept
In packet-switching, the packet that confirms the party is willing to
proceed with the call.
Call redirection
In packet-switching, allows call to be automatically redirected from
original address to another, nominated address.
Call request
In packet-switching, packet sent to initiate a datacall.
CCITT
Comite Consultatif International Telephonique et Telegraphique
--committee of International Telecommunications Union which sets
international comms standards. Only the US fails to follow its
recommendations in terms of modem tones, preferring 'Bell' tones. The
CCITT also sets such standards as V21, 24, X25 etc.
Character terminal
In packet-switching, a terminal which can only access via a PAD.
Cluster
When two or more terminals are connected to a data channel at a
single point.
Common Carrier
A telecommunications resource providing facilities to the public.
Connect-time
Length of time connected to a remote computer, often the measure of
payment. Contrast with cpu time or cpu units, which measures how
much 'effort' the host put into the communication.
CPS
Characters Per Second.
Cpu Time
In an on-line session, the amount of time the central processor
actually spends on the interaction process, as opposed to connecttime;
either can be used as the basis of tariffing.
CRC
Cyclic Redundancy Check--error detection method.
CUG
Closed User Group--group of users/terminals who enjoy privacy with
respect to a public service.
Datacall
In packet-switching, an ordinary call, sometimes called a 'switched
virtual call'.
Dataline
In packet-switching, dedicated line between customer's terminal and
packet-switch exchange (PSE).
DCE
Data Circuit-terminating Equipment--officialese for modems.
DTE
Data Terminal Equipment--officialese for computers.
EBCDIC
Extended Binary Coded Decimal Interchange Code--IBM's alternative to
ASCII, based on an 8-bit code, usually transmitted synchronously. 256
characters are available.
Emulator
Software/hardware set-up which makes one device mimic another, e.g. a
personal computer may emulate an industry-standard dumb terminal like
the VT100. Compare simulator, which gives a device the attributes of
another, but not necessarily in real time, e.g. when a large mini
carries a program making it simulate another computer to develop
software.
Euronet-Diane
European direct access information network.
Datel
BT's name for its data services, covering both the equipment and the
type of line, e.g. Datel 100 corresponds to telegraph circuits, Datel
200 is the usual 300/300 asynchronous service, Datel 400 is for
one-way transmissions e.g. monitoring of remote sites, Datel 600 is
a two- or four-wire asynchronous service at up to 1200 baud, Datel
2400 typically uses a 4-wire private circuit at 2400 baud
synchronous, etc. etc.
DES
Data Encryption Standard--a US-approved method of encrypt- ing data
traffic, and somewhat controversial in its effectiveness.
Dialog
Well-established on-line host available world-wide covering an
extensive range of scientific, bibiographic and news services. Also
known as Lockheed Dialog.
Dial-up
Call initiated via PTSN, no matter where it goes after that; as
opposed to service available via permanent leased line.
Duplex
Transmission in two directions simultaneously, sometimes called
full-duplex; contrast half-duplex, in which alternate transmissions
by either end are required. NB this is terminology used in data
communications over land-lines. Just to confuse matters, radio
technology refers to simplex, when only one party can transmit at a
time and a single radio frequency is used; two-frequency-simplex or
half-duplex when only one party can speak but two frequencies are
used, as in repeater and remote base working; and full-duplex, when
both parties can speak simultaneously and two radio frequencies are
used, as in radio-telephones.
Echo
(1) When a remote computer sends back to the terminal each letter as
it is sent to it for confirming re-display locally. (2) Effect on
long comms lines caused by successive amplifications
--echo-suppressors are introduced to prevent disturbance caused by
this phenomenon, but in some data transmission the echo- suppressors
must be switched off.
** Page 121
EIA
Electronic Industries Association, US standards body.
ENQ
Non-printing character signifying 'who are you?' and often sent by
hosts as they are dialled up. When the user's terminal receives ENQ
it may be programmed to send out a password automatically.
Corresponds to <esc> E.
EOB
End Of Block--non-printing character used in some protocols, usually
in association with ACK.
Equalisation
Method of compensation for distortion over long comms channels.
FDM
Frequency Division Multiplexing--a wide bandwidth transmission
medium, e.g. coaxial cable, supports several narrow band- width
channels by differentiating by frequency; compare time division
multiplexing.
FSK
Frequency Shift Keying--a simple signalling method in which
frequencies but not phase or amplitude are varied according to
whether '1' or '0' is sent--used in low-speed asynchronous comms both
over land-line and by radio.
Handshaking
Hardware and software rules for remote devices to communicate with
each other, supervisory signals such as 'wait', 'acknowledge',
'transmit', 'ready to receive' etc.
HDLC
In packet-switching, High Level Data Link Control procedure, an
international standard which detects and corrects errors in the
stream of data between the terminal and the exchange--and to provide
flow control. Host The 'big' computer holding the information the
user wishes to retrieve.
Infoline
Scientific on-line service from Pergamon.
ISB
see sideband.
ISO
International Standards Organisation.
LAN
Local Area Network--normally using coaxial cable, this form of
network operates at high speed over an office or works site, but no
further. May have inter-connect facility to PTSN or PSS.
LF
Line Feed--cursor moves active position down one line--usual code is
<ctrl>J; not the same as carriage return, which merely sends cursor
to left-hand side of line it already occupies. However, in many
protocols/terminals/set-ups, hitting the <ret> or <enter> button
means both <lf> and <cr>.
Logical Channel
Apparently continuous path from one terminal to another.
LSB
see sideband.
KSR
Keyboard Send Receive--terminal with keyboard on which anything that
is typed is immediately sent. No off-line preparation facility, e.g.
teletypewriter, 'dumb' terminals.
Macro software
Facility frequently found in comms programs which permits the
preparation and sending of commonly-used strings of information,
particularly passwords and routing instructions.
Mark
One of the two conditions on a data communications line, the other
being 'space'; mark indicates 'idle' and is used as a stop bit.
** Page 123
Message switching
When a complete message is stored and then forwarded, as opposed to a
packet of information. This technique is used in some electronic mail
services, but not for general data transmission.
Modem
Modulator-demodulator.
Multiplexer
Device which divides a data channel into two or more independent
MVS
Multiple Virtual Storage--IBM operating system dating from mid-70s.
NUA
Network User Address, number by which each terminal on a
packet-switch network is identified (character terminals don't have
them individually, because they use a PAD). In PSS, it's a 10-digit
number.
NUI
Network User Identity, used in PSS for dial-up access by each user.
Octet
In packet-switching, 8 consecutive bits of user data, e.g. 1
character.
On-line service
Interrogative or query service available for dial-up. Examples
include Lockheed Dialog, Blaise, Dow Jones News Retrieval, etc;
leased-line examples include Reuters Monitor, Telerate.
Originate
Mode-setting for a modem operated by a user about to call another
computer.
OSI
Open Systems Interconnect--intended world standard for digital
network connections--c.f. SNA. Packet terminal Terminal capable of
creating and disassembling packets, interacting with a
packet-network, c.f. character terminal.
PAD
Packet Assembly/disassembly Device--permits 'ordinary' terminals to
connect to packet switch services by providing addressing, headers,
(and removal), protocol conversion etc.
Parity checking
Technique of error correction in which one bit is added to each data
character so that the number of bits is always even (or always odd).
PDP/8 & /11
Large family of minis, commercially very sucessful, made by DEC. the
PDP 8 was 12-bit, the PDP 11 is 16-bit. The LSI 11 have strong family
connections to the PDP 11, as have some configurations of the
desk-top Rainbow.
Polling
Method of controlling terminals on a clustered data network, where
each is called in turn by the computer to see if it wishes to
transmit or receive.
Protocol
Agreed set of rules.
PSE
Packet Switch Exchange--enables packet switching in a network.
PTSN
Public Switched Telephone Network--the voice-grade telephone network
dialled from a phone. Contrast with leased lines, digital networks,
conditioned lines etc.
PTT
jargon for the publicly-owned telecommunications authority/ utility
PVC
Permanent Virtual Circuit--a connection in packet switching which is
always open, no set-up required.
Redundancy checking
Method of error correction.
RS232C
The list of definitions for interchange circuit: the US term for
CCITT V24--see Appendix III.
RSX-ll
Popular operating system for PDP/11 family.
RTTY
Radio Teletype -- method of sending telegraphy over radio waves.
RUBOUT
Back-space deleting character, using <ctrl>H.
Secondary channel
Data channel, usually used for supervision, using same physical path
as main channel; in V23 which is usually 600 or 1200 baud
half-duplex, 75 baud traffic is supervisory but in viewdata is the
channel back from the user to the host, thus giving low-cost full
duplex.
Segment
Chargeable unit of volume on PSS.
Serial transmission
One bit at a time, using a single pair of wires, as opposed to
parallel transmission, in which several bits are sent simultaneously
over a ribbon cable. A serial interface often uses many more than two
wires between computer and modem or computer and printer, but only
two wires carry the data traffic, the remainder being used for
supervision, electrical power and earthing, or not at all.
Sideband
In radio the technique of suppressing the main carrier and limiting
the transmission to the information-bearing sideband. To listen at
the receiver, the carrier is re-created locally. The technique, which
produces large economies in channel occupany, is extensively used in
professional, non-broadcast applications. The full name is single
side-band, supressed carrier. Each full carrier supports two
sidebands, an upper and lower, USB and LSB respectively; in general,
USB is used for speech, LSB for data, but this is only a
convention--amateurs used LSB for speech below 10 MHz, for example.
ISB, independent side-band, is when the one carrier supports two
sidebands with separate information on them, usually speech on one
and data on the other. If you listen to radio teletype on the 'wrong'
sideband, 'mark' and 'space' values become reversed with a consequent
loss of meaning.
** Page 126
SITOR
Error-correction protocol for sending data over radio-path using
frequent checks and acknowledgements.
SNA
System Network Architecture-- IBM proprietary networking protocol,
the rival to OSI.
Space
One of two binary conditions in a data transmission channel, the
other being 'mark'. Space is binary 0.
Spooling
Simultaneous Peripheral Operation On-Line--more usually, the ability,
while accessing a database, to store all fetched information in a
local memory buffer, from which it may be recalled for later
examination, or dumped to disc or printer.
Start/Stop
Asynchronous transmission; the 'start' and 'stop' bits bracket each
data character.
Statistical Multiplexer
A statmux is an advanced multiplexer which divides one physical link
between several data channels, taking advantage of the fact that not
all channels bear equal traffic loads.
STX
Start Text--non-printing character used in some protocols.
SVC
Switched Virtual Circuit--in packet switching, when connection
between two computers or computer and terminal must be set up by a
specific call.
SYN
Non-printing character often used in synchronous transmission to tell
a remote device to start its local timing mechanism.
Synchronous
Data transmission in which timing information is super-imposed ~,n
pure data. Under this method 'start/stop' techniques are not used
and data exchange is more efficient, hence synchronous channel,
modem, terminal, protocol etc.
TDM
Time Division Multiplex--technique for sharing several data channels
along one high-grade physical link. Not as efficient as statistical
techniques.
Telenet
US packet-switch common carrier.
Teletex
High-speed replacement for telex, as yet to find much commercial
support.
Teletext
Use of vertical blanking interval in broadcast television to transmit
magazines of text information, e.g. BBC's Ceefax and IBA's Oracle.
Telex
Public switched low-speed telegraph network.
TOPIC
The Stock Exchange's market price display service; it comes down a
leased line and has some of the qualities of both viewdata and
teletext.
Tymnet
US packet-switch common carrier.
V-standards
Set of recommendations by CCITT--see Appendix III.
VAX
Super-mini family made by DEC; often uses Unix operating system.
** Page 128
Viewdata
Technology allowing large numbers of users to access data easily on
terminal based (originally) on modified tv sets. Information is
presented in 'page' format rather than on a scrolling screen and the
user issues all commands on a numbers-only keypad. Various standards
exist of which the UK one is so far dominant; others include the
European CEPT standard which is similar to the UK one, a French
version and the US Presentation Level Protocol. Transmission speeds
are usually 1200 baud from the host and 75 baud from the user.
Viewdata together with teletext is known jointly as videotex(t).
Virtual
In the present context, a virtual drive, store, machine etc is one
which appears to the user to exist, but is merely an illusion
generated on a computer; thus several users of IBM's VM operating
system each think they have an entire separate computer, complete
with drives, discs and other peripherals--in fact the one actual
machine can support several lower-level operating systems
simultaneously.
VT52/100
Industry-standard general purpose computer terminals with no storage
capacity or processing power but with the ability to be locally
programmed to accept a variety of asynchronous transmission
protocols--manufactured by DEC. The series has developed since the
VT100
X-standards
Set of recommendations by CCITT--see Appendix III.
XON/XOF
Pair of non-printing characters sometimes used in protocols to tell
devices when to start or stop sending. XON often corresponds to
<ctrl>Q and XOF to <ctrl>S.
80-80
Type of circuit used for telex and telegraphy--mark and space are
indicated by conditions of--or + 80 volts. Also known in the UK as
Tariff J. Usual telex speed is 50 baud, private wire telegraphy (news
agencies etc) 75 baud.
APPENDIX III
Selected CCITT Recommendations
V series: Data transmission over telephone circuits
V1 Power levels for data transmission over telephone lines
V3 International Alphabet No S (ASCII)
V4 General structure of signals of IA5 code for data
transmission over public telephone network
V5 Standardisation of modulation rates and data signalling
rates for synchronous transmission in general switched
network
V6 Ditto, on leased circuits
V13 Answerback simulator
V15 Use of acoustic coupling for data transmission
V19 Modems for parallel data transmission using telephone
signalling frequencies
V20 Parallel data transmission modems standardised for
universal use in the general switched telephone network
V21 200 baud modem standardised
V22 1200 bps full-duplex 2-wire modem for PTSN
V22bis 2400 bps full-duplex 2-wire modem for PTSN
V23 600/1200 bps modem for PTSN
V24 List of definitions for interchange circuits between data
terminal equipment and data circuit-terminating equipment
V25 Automatic calling and/or answering equipment on PTSN
V26 2400 bps modem on 4-wire circuit
V26bis 2400/1200 bps modem for PTSN
V27 4800 bps modem for leased circuits
V27bis 4800 bps modem (equalised) for leased circuits
V27 4800 bps modem for PTSN
V29 9600 bps modem for leased circuits
V35 Data transmission at 48 kbits/sec using 60-108 kHz band
circuits
** Page 130
X series: recommendations covering data networks
X1 International user classes of services in public data networks
X2 International user facilities in public data networks
X3 Packet assembly/disassembly facility (PAD)
X4 General structure of signals of IA5 code for transmission
over public data networks
X20 Interface between data terminal equipment and data
circuit-terminating equipment for start-stop transmission
services on public data networks
X20bis V21-compatible interface
X21 Interface for synchronous operation
X25 Interface between data terminal equipment and data
circuit-terminating equipment for terminals operating in
the packet-switch mode on public data networks
X28 DTE/DCE interface for start/stop mode terminal equipment
accessing a PAD on a public data network
X29 Procedures for exchange of control information and user
data between a packet mode DTE and a PAD
X95 Network parameters in public data networks
X96 Call progress signals in public data networks
X121 International addressing scheme for PDNs
APPENDIX IV
Computer Alphabets
Four alphabets are in common use for computer communications:
ASCII, also known as International Telegraphic Alphabet No 5; Baudot,
used in telex and also known as International Telegraphic Alphabet No
2; UK Standard videotex, a variant of ASCII; and EDCDIC, used by IBM.
ASCII
This is the standard, fully implemented character set. There are a
number of national variants: # in the US variant is £ in the UK
variant. Many micro keyboards cannot generate all the characters
Hacker's Handbook
file:///E|/Books/Hackers Handbook.htm (121 of 133) [11/28/2000 5:58:50 AM]
directly, particularly the non-printing characters used for control
of transmission, effectors of format and information separators. The
'keyboard' column gives the usual method of providing them, but you
should check the firmware/software manuals for your particular
set-up. You should also know that many of the 'spare' control
characters are often used to enable special features on printers.
HEX DEC ASCII Name Keyboard Notes
00 0 NUL Null ctrl @
01 1 SOH Start heading ctrl A
02 2 STX Start text ctrl B
03 3 ETX End text ctrl C
04 4 EOT End transmission ctrl D
05 5 ENQ Enquire ctrl E
06 6 ACK Acknowledge ctrl F
07 7 BEL Bell ctrl G
08 8 BS Backspace ctrl H or special key
09 9 HT Horizontal tab ctrl I or special key
OA 10 LF Line feed ctrl J
OB 11 VT Vertical tab ctrl K
0C 12 FF Form feed ctrl L
OD 13 CR Carriage return ctrl M or special key
OE 14 SO Shift out ctrl N
OF 15 Sl Shift in ctrl O
10 16 DLE Data link escape ctrl P
11 17 DC1 Device control 1 ctrl Q also XON
12 18 DC2 Device control 2 ctrl R
13 19 DC3 Device control 3 ctrl S also XOF
14 20 DC4 Device control 4 ctrl T
15 21 NAK Negative acknowledge ctrl U
16 22 SYN Synchronous Idle ctrl V
17 23 ETB End trans. block ctrl W
18 24 CAN Cancel ctrl X
19 25 EM End medium ctrl Y
1A 26 SS Special sequence ctrl Z spare
1B 27 ESC Escape check manuals to
transmit
1C 28 FS File separator
1D 29 GS Group separator
1E 30 RS Record separator
1F 31 US Unit separator
20 32 SP Space
21 33 ~
22 34 "
23 35 # £
24 36 $
25 37 %
26 38 &
27 39 ' Apostrophe
28 40 (
29 41 )
2A 42 ~
2B 43 +
2C 44 , Comma
2D 45 -
2E 46 . Period
2F 47 / Slash
30 48 0
31 49 1
32 50 2
33 51 3
34 52 4
35 53 5
36 54 6
37 55 7
38 56 8
39 57 9
3A 58 : Colon
3B 59 ; Semicolon
3C 60 <
3D 61
3E 62 >
3F 63 ?
40 64 @
41 65 A
42 66 B
43 67 C
44 68 D
45 69 E
46 70 F
47 71 G
48 72 H
49 73 1
4A 74 J
4B 75 K
4C 76 L
4D 77 M
4E 78 N
4F 79 O
50 80 P
51 81 Q
52 82 R
53 83 S
54 84 T
55 85 U
56 86 V
57 87 W
58 88 X
59 89 Y
5A 90 Z
5B 91 [
5C 92 \ Backslash
5D 93 1
5E 94 ^ Circumflex
5F 95 _ Underscore
60 96 Grave accent
61 97 a
62 98 b
** Page 134
63 99 c
64 100 d
65 101 e
66 102 f
67 103 9
68 104 h
69 105 i
6A 106 j
6B 107 k
6C 108 l
6D 109 m
6E 110 n
6F 111 o
70 112 p
71 113 q
72 114 r
73 115 s
74 116 t
75 117 u
76 118 v
77 119 w
78 120 x
79 121 y
7A 122 z
7B 123 {
7C 124
7D 125 }
7E 126 ~ Tilde
7F 127 DEL Delete
Baudot
This is the telex/telegraphy code known to the CCITT as International
Alphabet No 2. It is essentially a 5-bit code, bracketed by a start
bit (space) and a stop bit (mark). Idling is shown by 'mark'. The
code only supports capital letters, figure and two 'supervisory'
codes: 'Bell' to warn the operator at the far end and 'WRU'--'Who are
you?' to interrogate the far end 'Figures' changes all characters
received after to their alternates and 'Letters' switches back. The
letters/figures shift is used to give the entire character set.
Viewdata
This is the character set used by the UK system, which is the most
widely used, world-wide. The character-set has many features in
common with ASCII but also departs from it in significant ways,
notably to provide various forms of graphics, colour controls,
screen-clear (ctrl L) etc. The set is shared with teletext which in
itself requires further special codes, e.g. to enable sub-titling to
broadcast television, news flash etc. If you are using proper
viewdata software, then everything will display properly; if you are
using a conventional terminal emulator then the result may look
confusing. Each character consists of 10 bits:
Start binary 0
7 bits of character code
Parity bit even
Stop binary 1
ENQ (Ctrl E) is sent by the host on log-on to initiate the
auto-log-on from the user's terminal. If no response is obtained, the
user is requested to input the password manually. Each new page
sequence opens with a clear screen instruction (Ctrl L, CHR$12)
followed by a home (Ctrl M, CHR$14).
Some viewdata services are also available via standard asynchronous
300/300 ports (Prestel is, for example); in these cases, the graphics
characters are stripped out and replaced by ****s; and the pages will
scroll up the screen rather than present themselves in the
frame-by-frame format.
If you wish to edit to a viewdata system using a normal keyboard,
or view a viewdata stream as it comes from a host using
'control-show' facilities, the table below gives the usual
equivalents. The normal default at the left-hand side of each line is
alphanumeric white. Each subsequent 'attribute', i.e. if you wish to
change to colour, or a variety of graphics, occupies a character
space. Routing commands and signals to start and end edit depend on
the software installed on the viewdata host computer: in Prestel
compatible systems, the edit page is *910#, options must be entered
in lower case letters and end edit is called by <esc>K.
esc A alpha red esc Q graphics red
esc B alpha green esc R graphics green
esc C alpha yellow esc S graphics yellow
esc D alpha blue esc T graphics blue
esc E alpha magenta esc U graphics magenta
esc F alpha cyan esc V graphics cyan
esc G alpha white esc W graphics white
esc H flash esc I steady
esc L normal height esc M double height
esc Y contiguous graphics esc Z separated graphics
esc ctrl D black background esc-shift M new background
(varies)
esc J start edit esc K end edit
EBCDIC
The Extended Binary Coded Decimal Interchange Code is a 256-state
8-bit extended binary coded digit code employed by IBM for internal
purposes and is the only important exception to ASCII. Not all 256
codes are utilised, being reserved for future expansion, and a number
are specially identified for application- specific purposes. In
transmission, it is usual to add a further digit for parity checking.
Normally the transmission mode is synchronous, so there are no
'start' and 'stop' bits. The table shows how EBCDIC compares with
ASCII of the same bit configuration.
** Page 138
IBM control characters:
EBCDIC bits Notes
NUL 0000 0000 Nul
SOH 0000 0001 Start of Heading
STX 0000 0010 Start of Text
ETX 0000 0011 End of Text
PF 0000 0100 Punch Off
HT 0000 0101 Horizontal Tab
LC 0000 0110 Lower Case
DEL 0000 0111 Delete
0000 1000
RLF 0000 1001 Reverse Line Feed
SMM 0000 1010 Start of Manual Message
VT 0000 1011 Vertical Tab
FF 0000 1100 Form Feed
CR 0000 1101 Carriage Return
SO 0000 1110 Shift Out
Sl 0000 1111 Shift In
DLE 0001 0000 Data Link Exchange
DC1 0001 0001 Device Control 1
DC2 0001 0010 Device Control 2
TM 0001 0011 Tape Mark
RES 0001 0100 Restore
NL 0001 0101 New Line
BS 0001 0110 Back Space
IL 0001 0111 Idle
CAN 0001 1000 Cancel
EM 0001 1001 End of Medium
CC 0001 1010 Cursor Control
CU1 0001 1011 Customer Use 1
IFS 0001 1100 Interchange File Separator
IGS 0001 1101 Interchange Group Separator
IRS 0001 1110 Interchange Record Separator
IUS 0001 1111 Interchange Unit Separator
DS 0010 0000 Digit Select
SOS 0010 0001 Start of Significance
FS 0010 0010 Field Separator
0010 0011
BYP 0010 0100 Bypass
LF 0010 0101 Line Feed
ETB 0010 0110 End of Transmission Block
** Page 139
EBCDIC bits Notes
ESC 0010 0111 Escape
0010 1000
0010 1001
SM 0010 1010 Set Mode
CU2 0010 1011 Customer Use 1
0010 1100
ENQ 0010 1101 Enquiry
ACK 0010 1110 Acknowledge
BEL 0010 1111 Bell
0011 0000
0011 0001
SYN 0011 0010 Synchronous Idle
0011 0011
PN 0011 0100 Punch On
RS 0011 0101 Reader Stop
UC 0011 0110 Upper Case
EOT 0011 0111 End of Transmission
0011 1000
0011 1001
0011 1010
CU3 0011 1011 Customer Use 3
DC4 0011 1100 Device Control 4
NAK 0011 1101 Negative Acknowledge
0011 1110
SUB 0011 1111 Substitute
SP 0100 0000 Space
** Page 140
APPENDIX V
Modems and Services
The table below shows all but two of the types of service you are likely to
come across; V-designators are the world-wide 'official names given by the
CCITT; Bell-designators are the US names:
Service Speed Duplex Transmit Receive Answer
Designator 0 1 0 1
V21 orig 300(*) full 1180 980 1850 1650 -
V21 ans 300(*) full 1850 1650 1180 980 2100
V23 (1) 600 half 1700 1300 1700 1300 2100
V23 (2) 1200 f/h(**) 2100 1300 2100 1300 2100
V23 back 75 f/h(**) 450 390 450 390 -
Bell 103 orig 300(*) full 1070 1270 2025 2225 -
Bell 103 ans 300(*) full 2025 2225 1070 1270 2225
Bell 202 1200 half 2200 1200 2200 1200 2025
(*)any speed up to 300 baud, can also include 75 and 110 baud
services
(**)service can either be half-duplex at 1200 baud or asymmetrical
full duplex, with 75 baud originate and 1200 baud receive (commonly
used as viewdata user) or 1200 transmit and 75 receive (viewdata
host)
The two exceptions are:
V22 1200 baud full duplex, two wire
Bell 212A The US equivalent
Both these services operate by detecting phase as well as tone.
British Telecom markets the UK services under the name of Datel as
follows--for simplicity The list covers only those services which use
the PTSN or are otherwise easily accessible--4-wire services, for
example are excluded.
Datel Speed Mode Remarks
100(H) 50 async Teleprinters, Baudot code
100(J) 75-110 async News services etc, Baudot code
50 async Telex service, Baudot code
200 300 async full duplex, ASCII
400 600 Hz async out-station to in-station only
600 1200 async several versions exist--for 1200
half-duplex; 75/1200 for viewdata
users; 1200/75forviewdata hosts; and
a rare 600 variant. The 75 speed is
technically only for supervision but
gives asymetrical duplex
BT has supplied the following modems for the various services-- the
older ones are now available on the 'second-user' market:
Modem No Remarks
1200 half-duplex--massive
2 300 full-duplex--massive
11 4800 synchronous--older type
12 2400/1200 synchronous
13 300 full-duplex--plinth type
20(1) 1200 half-duplex--'shoe-box' style
(2) 1200/75 asymetrical duplex--'shoe-box' style
(3) 75/1200 asymetrical duplex--'shoe-box' style
21 300 full-duplex--modern type
22 1200 half-duplex--modern type
24 4800 synchronous--modern type (made by Racal)
27A 1200 full duplex, sync or async (US made &
modified from Bell 212A to CCITT tones)
27B 1200 full duplex, sync or async (UK made)
You should note that some commercial 1200/1200 full duplex modems
also contain firmware providing ARQ error correction protocols;
modems on both ends of the line must have the facilities, of course.
BT Line Connectors
Modems can be connected directly to the BT network ('hard- wired')
simply by identifying the pair that comes into the building. Normally
the pair you want are the two outer wires in a standard 4 x 2 BT
junction box. (The other wires are the 'return' or to support a
'ringing' circuit.)
A variety of plugs and sockets have been used by BT. Until
recently, the standard connector for a modem was a 4-ring jack, type
505, to go into a socket 95A. Prestel equipment was terminated into a
similar jack, this time with 5 rings, which went into a socket type
96A. However, now all phones, modems, viewdata sets etc, are
terminated in the identical modular jack, type 600. The corresponding
sockets need special tools to insert the line cable into the
appropriate receptacles.
Whatever other inter-connections you see behind a socket, the two
wires of the twisted pair are the ones found in the centres of the
two banks of receptacles. North America also now uses a modular jack
and socket system, but not one which is physically compatible with UK
designs...did you expect otherwise?
The Radio Spectrum
The table gives the allocation of the radio frequency spectrum up
30 MHz. The bands in which radio-teletype and radio-data traffic are
most common are those allocated to 'fixed' services, but data traffic
is also found in the amateur and maritime bands.
LF,MF,HF, RADIO FREQUENCY SPECTRUM TABLE
9 -- 14 Radionavigation
14 -- 19.95 Fixed/Maritime mobile
20 Standard Frequency & Time
20.05 -- 70 Fixed & Maritime mobile
70 -- 90 Fixed/Maritime mobile/Radionavigation
90 -- 110 Radionavigation
110 -- 130 Fixed/Maritime mobile/Radionavigation
130 -- 148.5 Maritime mobile/Fixed
148.5 -- 255 Broadcasting
255 -- 283.5 Broadcasting/Radionavigation(aero)
283.5 -- 315 Maritime/Aeronautical navigation
315 -- 325 Aeronautical radionavigation/Maritime
radiobeacons
325 -- 405 Aeronautical radionavigation
405 -- 415 Radionavigation (410 = DF)
415 -- 495 Aeronautical radionavigation/Maritime mobile
495 -- 505 Mobile (distress & calling) > 500:cw&rtty
505 -- 526.5 Maritime mobile/Aeronautical navigation
526.5 -- 1606.5 Broadcasting
1606.5 -- 1625 Maritime mobile/Fixed/Land mobile
1625 -- 1635 Radiolocation
1635 -- 1800 Maritime mobile/Fixed/Land mobile
1800 -- 1810 Radiolocation
1810 -- 1850 Amateur
1850 -- 2000 Fixed/Mobile
2000 -- 2045 Fixed/Mobile
2045 -- 2160 Maritime mobile/Fixed/Land mobile
2160 -- 2170 Radiolocation
2170 -- 2173.5 Maritime mobile
2173.5 -- 2190.5 Mobile (distress & calling) >2182--voice
2190.5 -- 2194 Maritime & Mobile
2194 -- 2300 Fixed & Mobile
2300 -- 2498 Fixed/Mobile/Broadcasting
2498 -- 2502 Standard Frequency & Time
2502 -- 2650 Maritime mobile/Maritime radionavigation
2650 -- 2850 Fixed/Mobile
2850 -- 3025 Aeronautical mobile (R)
3025 -- 3155 Aeronautical mobile (OR)
3155 -- 3200 Fixed/Mobile/Low power hearing aids
3200 -- 3230 Fixed/Mobile/Broadcasting
3230 -- 3400 Fixed/Mobile/Broadcasting
3400 -- 3500 Aeronautical mobile (R)
3500 -- 3800 Amateur/Fixed/Mobile
3800 -- 3900 Fixed/Aeronautical mobile (OR)
3900 -- 3930 Aeronautical mobile (OR)
3930 -- 4000 Fixed/Broadcasting
4000 -- 4063 Fixed/Maritime mobile
4063 -- 4438 Maritime mobile
4438 -- 4650 Fixed/Mobile
4650 -- 4700 Aeronautical mobile (R)
4700 -- 4750 Aeronautical mobile (OR)
4750 -- 4850 Fixed/Aeronautical mobile (OR)/
Land mobile/Broadcasting
4850 -- 4995 Fixed/Land mobile/Broadcasting
4995 -- 5005 Standard Frequency & Time
5005 -- 5060 Fixed/Broadcasting
5060 -- 5450 Fixed/Mobile
5450 -- 5480 Fixed/Aeronautical mobile (OR)/Land mobile
5480 -- 5680 Aeronautical mobile (R)
5680 -- 5730 Aeronautical mobile (OR)
5730 -- 5950 Fixed/Land mobile
5950 -- 6200 Broadcasting
6200 -- 6525 Maritime mobile
6525 -- 6685 Aeronautical mobile (R)
6685 -- 6765 Aeronautical mobile ~OR)
6765 -- 6795 Fixed/lSM
7000 -- 7100 Amateur
7100 -- 7300 Broadcasting
7300 -- 8100 Maritime mobile
8100 -- 8195 Fixed/Maritime mobile
8195 -- 8815 Maritime mobile
8815 -- 8965 Aeronautical mobile (R)
8965 -- 9040 Aeronautical mobile ~OR)
9040 -- 9500 Fixed
9500 -- 9900 Broadcasting
ggoo -- 9995 Fixed
9995 -- 10005 Standard Frequency & Time
10005 -- 10100 Aeronautical mobile (R)
10100 -- 10150 Fixed/Amateur(sec)
10150 -- 11175 Fixed
11175 -- 11275 Aeronautical mobile (OR)
11275 -- 11400 Aeronautical mobile (R)
11400 -- 11650 Fixed
11650 -- 12050 Broadcasting
2050 -- 12230 Fixed
12230 -- 13200 Maritime mobile
13200 -- 13260 Aeronautical mobile (OR)
13260 -- 13360 Aeronautical mobile (R)
13360 -- 13410 Fixed/Radio Astronomy
13410 -- 13600 Fixed
13600 -- 13800 Broadcasting
13800 -- 14000 Fixed
14000 -- 14350 Amateur
14350 -- 14990 Fixed
14990 -- 15010 Standard Frequency & Time
15010 -- 15100 Aeronautical mobile (OR)
15100 -- 15600 Broadcasting
15600 -- 16360 Fixed
16360 -- 17410 Maritime mobile
17410 -- 17550 Fixed
17550 -- 17900 Broadcasting
17900 -- 17970 Aeronautical mobile (R)
17970 -- 18030 Aeronautical mobile (OR)
18030 -- 18052 Fixed
18052 -- 18068 Fixed/Space Research
18068 -- 18168 Amateur
18168 -- 18780 Fixed
18780 -- 18900 Maritime mobile
18900 -- 19680 Fixed
19680 -- 19800 Maritime mobile
19800 -- 19990 Fixed
19990 -- 20010 Standard Frequency & Time
20010 -- 21000 Fixed
21000 -- 21450 Amateur
21450 -- 21850 Broadcasting
21850 -- 21870 Fixed
21870 -- 21924 Aeronautical fixed
21924 -- 22000 Aeronautical (R)
22000 -- 22855 Maritime mobile
22855 -- 23200 Fixed
23200 -- 23350 Aeronautical fixed & mobile (R)
23350 -- 24000 Fixed/Mobile
24000 -- 24890 Fixed/Land mobile
24890 -- 24990 Amateur
24990 -- 25010 Standard Frequency & Time
25010 -- 25070 Fixed/Mobile
25070 -- 25210 Maritime mobile
25210 -- 25550 Fixed/Mobile
25550 -- 25670 Radio Astronomy
25670 -- 26100 Broadcasting
26100 -- 26175 Maritime mobile
26175 -- 27500 Fixed/Mobile (CB) (26.975-27.2835 ISM)
27500 -- 28000 Meteorological aids/Fixed/Mobile (CB)
28000 -- 29700 Amateur
29700 -- 30005 Fixed/Mobile
Note: These allocations are as they apply in Europe, slight variations occur
in other regions of the globe.
APPENDIX VII
Port-finder Flowchart
This flow-chart will enable owners of auto-diallers to carry out
an automatic search of a range of telephone numbers to determine
which of them have modems hanging off the back.
It's a flow-chart and not a program listing, because the whole
exercise is very hardware dependent: you will have to determine what
sort of instructions your auto-modem will accept, and in what form;
you must also see what sort of signals it can send back to your
computer so that your program can 'read' them.
You will also need to devise some ways of sensing the phone line,
whether it has been seized, whether you are getting 'ringing', if
there is an engaged tone, a voice, a number obtainable tone, or a
modem whistle. Line seizure detect, if not already available on your
modem, is simply a question of reading the phone line voltage; the
other conditions can be detected with simple tone decoder modules
based on the 567 chip.
The lines from these detectors should then be brought to a A/D
board which your computer software can scan and read.
** End of File
:-)
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
Another file downloaded from: & the Temple of the Screaming Electron
NIRVANAnet(tm) HQ (510) 935-5845
! \ AREA CODE WILL BE (925) AS OF 03/98
-$- -------- *
! . / Raw Data for Raw Nerves
/_\ /-o-\ Information * Innuendo * Lies
(o..) | * Full access for first-time callers
+ |:| /^\ /~\ Thousands of text files * Multi-line Chat
! |:|/\ _| |____|:| We don't want to know who you are, where you
/^\ / O |/...\ /_-_\ live, or what your phone number is
|@ \_| @ /:::::|/|- : -| We are not Big Brother
| | | /~ |/| _ |
|____|/~ @ /~\ |/|_(_)_| Free Speech * Anonymous Access * User-Supported
/_______|_|_|/ To make a $10 donation call (900)443-4227 x145
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
No comments:
Post a Comment