Captures of Information on TACACS by The Argonaut

Unauthorised Access UK 0636-708063 10pm-7am 12oo/24oo

Greetings fellow CyberNauts:

This gem was downloaded from the DDN on the InterNet. It is a good
guide for learning to hack the Net. If you like what you see leave
note for Argonaut at Rivendell BBS (816) 563-4845. This is my Home
of Port and a small but growing hack/phreak node.

The Argonaut

===========================================================================

FEATURES OF THE TAC ACCESS CONTROL SYSTEM (TACACS)

To log in to the network via a MILNET TAC, you MUST have a unique ID
and Access Code (TAC Access Card). These cards are issued by the DDN
Network Information Center (NIC) only after a user has been authorized
by the Host Administrator of the host on which the user has his
primary mailbox or account.

IF YOU HAVE NOT RECEIVED YOUR TAC ACCESS CARD, AND HAVE A LEGITIMATE
REQUIREMENT TO ACCESS THE NETWORK VIA A MILNET TAC, CONTACT YOUR HOST
ADMINISTRATOR! (DO NOT CONTACT THE NIC FOR AUTHORIZATION).

If you do not know who your Host Administrator is, you may find out by
using the “WHOIS” command on the NIC.DDN.MIL host. Instructions on
using “WHOIS” are as follows: When you finish reading this message,
type “quit” as instructed. After the connection to NIC.DDN.MIL is closed,
type “@n” again. You will be told how to find your Host Administrator.
When finished, type “logout” at the prompt and you will be
returned to the TAC.

———————————————————————-

TACACS, the access control system for MILNET TACs, requires you to log
in before a connection to a host may be completed. The login process
is automatically started with the first @open (@o) command you issue.
There is a @close (@c) command to close the TAC connection and also a
@logout (@l) command to logout. Otherwise, the functioning of the TAC
is essentially unaffected by the access control system.

Here is a sample of the login dialogue:

First, the command to get the TAC’s attention is Control-Q.

(a) PVC-TAC 111 #: 01 This is the last line of the TAC
herald, which the TAC uses to
identify itself. When you see the
herald, the TAC is ready for your
command.

(b) @o 26.2.0.8 The user inputs the command to
——————- open a connection plus the
internet address of the host to
which he wishes to connect,
followed by a Carriage Return.

(c) TAC Userid: SAMPLE.LOGIN Here the TAC prompts the user for
——————– his Userid. The user enters his
ID exactly as shown as shown on
his TAC Access Card, followed by
a Carriage Return.

(d) Access Code: 22bgx4467 Again the TAC prompts the user,
—————– who responds by entering his
Access Code as shown on his TAC
Access Card, followed by a
Carriage Return.

(e) Login OK The TAC validates the ID/Access
TCP trying…Open code and proceeds to open the
requested connection.

HELPFUL INFORMATION:

When entering your TAC Userid and Access Code:

– A carriage return terminates each input line and causes the next
prompt to appear.

– As you type in your TAC Userid and Access Code, it does not matter
whether you enter an alphabetic character in upper or lower case.
All lower case alphabetic characters echo as upper case for the
Userid.

– The Access Code is not echoed in full-duplex mode. An effort is
made to obscure the Access Code printed on hardcopy terminals in
half-duplex mode.

– You may edit what you type in by using the backspace (Control-H)
key to delete a single character.

– You may delete the entire line and restart by typing Control-U.
A new prompt will appear.

– While entering either the TAC Userid or Access Code, you may type
Control-C to abort the login process and return to the TAC command
mode. You must interrupt or complete the login process in order to
issue any TAC command.

– The @reset (@r) command resets the TAC and returns you to the TAC
welcome banner.

IF YOU HAVE A PROBLEM WITH TAC LOGIN:

Should the login sequence fail (as indicated by the response “Bad
login”), examine your Access Card carefully to ensure that you are
entering the ID and Access Code correctly. Note that Access Codes
never contain a zero, a one, a “Q” or a “Z”, as each of these
characters may be mistaken for another character. If you see what
appears to be one of these characters in your access code, it is
really the letter “O” (oh), or “G” (gee), the letter “L” (el), or the
number “2” (two).

If you have followed all of the above steps as indicated, and if you
are sure you are entering your ID and Access Code correctly, and you
still cannot log in, call the Network Information Center at (415)
859-3695 or (800) 235-3155 for help.

AFTER LOGGING IN:

Your TAC port will remain logged in as long as you have an open
connection. If you close the connection, you will have ten minutes in
which to reopen a connection without having to log in again. If you do
not reopen a connection within ten minutes, the TAC will attempt to
hang up your port, and will automatically log you out.

WHEN YOU ARE FINISHED:

Always close the connection using “@c” then log out using the “@l” command.
Typing “@r” (reset) has no effect on your logged-in status.

If you now wish to log in to the TAC, leave the TACNEWS program by
typing “quit” at the next prompt. This will return you to the TAC,
and you may then begin the login sequence with the @o command to the
TAC.

Downloaded From P-80 Systems 304-744-2253

How to Use the American Military Net

@BEGIN_FILE_ID.DIZ
/\ __ ___
/ U \/ >___
/ / ? \
\______\____ /
\/
How to use the American Military Net
@END_FILE_ID.DIZ
FEATURES OF THE TAC ACCESS CONTROL SYSTEM (TACACS)

To log in to the network via a MILNET TAC, you MUST have a unique ID

and Access Code (TAC Access Card). These cards are issued by the DDN

Network Information Center (NIC) only after a user has been authorized

by the Host Administrator of the host on which the user has his

primary mailbox or account.

IF YOU HAVE NOT RECEIVED YOUR TAC ACCESS CARD, AND HAVE A LEGITIMATE

REQUIREMENT TO ACCESS THE NETWORK VIA A MILNET TAC, CONTACT YOUR HOST

ADMINISTRATOR! (DO NOT CONTACT THE NIC FOR AUTHORIZATION).

If you do not know who your Host Administrator is, you may find out by

using the “WHOIS” command on the NIC.DDN.MIL host. Instructions on

using “WHOIS” are as follows: When you finish reading this message,

type “quit” as instructed. After the connection to NIC.DDN.MIL is closed,

type “@n” again. You will be told how to find your Host Administrator.

When finished, type “logout” at the prompt and you will be

returned to the TAC.

———————————————————————-

TACACS, the access control system for MILNET TACs, requires you to log

in before a connection to a host may be completed. The login process

is automatically started with the first @open (@o) command you issue.

There is a @close (@c) command to close the TAC connection and also a

@logout (@l) command to logout. Otherwise, the functioning of the TAC

is essentially unaffected by the access control system.

Here is a sample of the login dialogue:

First, the command to get the TAC’s attention is Control-Q.

(a) PVC-TAC 111 #: 01 This is the last line of the TAC

herald, which the TAC uses to

identify itself. When you see the

herald, the TAC is ready for your

command.

(b) @o 26.2.0.8 The user inputs the command to

——————- open a connection plus the

internet address of the host to

which he wishes to connect,

followed by a Carriage Return.

(c) TAC Userid: SAMPLE.LOGIN Here the TAC prompts the user for

——————– his Userid. The user enters his

ID exactly as shown as shown on

his TAC Access Card, followed by

a Carriage Return.

(d) Access Code: 22bgx4467 Again the TAC prompts the user,

—————– who responds by entering his

Access Code as shown on his TAC

Access Card, followed by a

Carriage Return.

(e) Login OK The TAC validates the ID/Access

TCP trying…Open code and proceeds to open the

requested connection.

HELPFUL INFORMATION:

When entering your TAC Userid and Access Code:

– A carriage return terminates each input line and causes the next

prompt to appear.

– As you type in your TAC Userid and Access Code, it does not matter

whether you enter an alphabetic character in upper or lower case.

All lower case alphabetic characters echo as upper case for the

Userid.

– The Access Code is not echoed in full-duplex mode. An effort is

made to obscure the Access Code printed on hardcopy terminals in

half-duplex mode.

– You may edit what you type in by using the backspace (Control-H)

key to delete a single character.

– You may delete the entire line and restart by typing Control-U.

A new prompt will appear.

– While entering either the TAC Userid or Access Code, you may type

Control-C to abort the login process and return to the TAC command

mode. You must interrupt or complete the login process in order to

issue any TAC command.

– The @reset (@r) command resets the TAC and returns you to the TAC

welcome banner.

IF YOU HAVE A PROBLEM WITH TAC LOGIN:

Should the login sequence fail (as indicated by the response “Bad

login”), examine your Access Card carefully to ensure that you are

entering the ID and Access Code correctly. Note that Access Codes

never contain a zero, a one, a “Q” or a “Z”, as each of these

characters may be mistaken for another character. If you see what

appears to be one of these characters in your access code, it is

really the letter “O” (oh), or “G” (gee), the letter “L” (el), or the

number “2” (two).

If you have followed all of the above steps as indicated, and if you

are sure you are entering your ID and Access Code correctly, and you

still cannot log in, call the Network Information Center at (415)

859-3695 or (800) 235-3155 for help.

AFTER LOGGING IN:

Your TAC port will remain logged in as long as you have an open

connection. If you close the connection, you will have ten minutes in

which to reopen a connection without having to log in again. If you do

not reopen a connection within ten minutes, the TAC will attempt to

hang up your port, and will automatically log you out.

WHEN YOU ARE FINISHED:

Always close the connection using “@c” then log out using the “@l” command.

Typing “@r” (reset) has no effect on your logged-in status.

***** This file and the number list brought to you by [hunter]

[[email protected]]

[NETINFO:USA-TAC-PHONES.TXT

TAC DIALUPS SORTED BY LOCATION

UNITED STATES

Alabama

Anniston

(ANNISTON.MT.DDN.MIL)

(205) 237-5731 (R8) [300/1200 bps] {B}

Daleville

(RUCKER.MT.DDN.MIL)

(205) 255-4961 (R8) [300/1200 bps] {B}

(205) 255-4049 (R8) [300/1200 bps] {B}

Huntsville

(REDSTONE.MT.DDN.MIL)

(205) 876-8051 (R5) [1200 bps] {B}

(205) 876-9791 (R5) [1200 bps] {B}

Montgomery

(GUNTER.MT.DDN.MIL)

(205) 279-4115 [300/1200 bps] {B}

(205) 279-4303 [300/1200 bps] {B}

Alaska

Anchorage

(ELMENDORF.MT.DDN.MIL)

(907) 552-2821 (R8) [300/1200 bps] {B}

(907) 552-4601 (R8) [300/1200 bps] {B}

Fairbanks

(EIELSON.MT.DDN.MIL)

(907) 377-2500 (R8) [300/1200 bps] {B}

(907) 377-2508 (R8) [300/1200 bps] {B}

Junction City

(GREELEY.MT.DDN.MIL)

(907) 873-4141 (R8) [300/1200 bps] {B}

(907) 873-4153 (R8) [300/1200 bps] {B}

Arizona

Davis Monthan

(DAVIS-MONTHAN.MT.DDN.MIL)

(602) 750-3778 [300/1200 bps] {B}

(602) 750-3973 [300/1200 bps] {B}

(602) 750-4338 [300/1200 bps] {B}

(602) 750-4342 [300/1200 bps] {B}

(602) 750-4378 [300/1200 bps] {B}

(602) 750-4398 [300/1200 bps] {B}

(602) 750-4403 [300/1200 bps] {B}

(602) 750-4411 [300/1200 bps] {B}

(602) 750-4419 [300/1200 bps] {B}

(602) 750-4446 [300/1200 bps] {B}

(602) 750-4471 [300/1200 bps] {B}

(602) 750-4495 [300/1200 bps] {B}

(602) 750-4502 [300/1200 bps] {B}

(602) 750-4509 [300/1200 bps] {B}

(602) 750-4510 [300/1200 bps] {B}

(602) 750-4515 [300/1200 bps] {B}

Glendale

(LUKE.MT.DDN.MIL)

(602) 856-6923 (R8) [300/1200 bps] {B}

Sierra Vista

(HUACHUCA.MT.DDN.MIL)

(602) 538-0770 (R8) [300/1200 bps] {B}

Yuma Proving Ground

(YUMA.MT.DDN.MIL)

(602) 328-3181 (R8) [300/1200 bps] {B}

California

Alameda

(ALAMEDA.MT.DDN.MIL)

(415) 769-6144 (R8) [300/1200 bps] {B}

(415) 769-6216 (R8) [300/1200 bps] {B}

China Lake

(CHINALAKE.MT.DDN.MIL)

[None known]

Corona

(CORONA.MT.DDN.MIL)

(714) 734-4700 (R8) [300/1200 bps] {B}

El Segundo

(EL-SEGUNDO.MT.DDN.MIL)

(213) 536-0308 (R8) [300/1200 bps] {B}

(EL-SEGUNDO2.MT.DDN.MIL)

[None known]

Lathrop

(SHARPE.MT.DDN.MIL)

(209) 982-0831 (R8) [300/1200 bps] {B}

Menlo Park

(MENLO-PARK.MT.DDN.MIL)

(415) 859-5410 (R8) [300/1200 bps] {B}

Monterey

(MONTEREY.MT.DDN.MIL)

[None known]

(MONTEREY2.MT.DDN.MIL)

(408) 647-8422 (R8) [300/1200 bps] {B}

(ORD.MT.DDN.MIL)

(408) 242-0101 (R8) [300/1200 bps] {B}

(408) 242-0102 (R8) [300/1200 bps] {B}

Mountain View

(MOFFETT.MT.DDN.MIL)

(415) 962-8851 (R8) [300/1200 bps] {B}

Oakland

(OAKLAND.MT.DDN.MIL)

(415) 452-1346 [300/1200 bps] {B}

(415) 452-1347 [300/1200 bps] {B}

(415) 452-1348 [300/1200 bps] {B}

(415) 452-1434 [300/1200 bps] {B}

(415) 452-1435 [300/1200 bps] {B}

(415) 452-1436 [300/1200 bps] {B}

(415) 452-1541 [300/1200 bps] {B}

(415) 452-1542 [300/1200 bps] {B}

Oxnard

(PORT-HUENEME.MT.DDN.MIL)

(805) 984-0413 (R8) [300/1200 bps] {B}

(805) 984-0426 (R8) [300/1200 bps] {B}

(805) 984-1467 [300/1200 bps] {B}

(805) 984-2705 [300/1200 bps] {B}

(805) 984-2864 [300/1200 bps] {B}

(805) 984-3347 [300/1200 bps] {B}

(805) 984-3895 [300/1200 bps] {B}

(805) 984-5457 [300/1200 bps] {B}

Point Mugu

(MUGU.MT.DDN.MIL)

(805) 989-1028 (R8) [300/1200 bps] {B}

Riverside

(MARCH.MT.DDN.MIL)

(714) 655-5560 (R8) [300/1200 bps] {B}

(714) 655-5672 (R8) [300/1200 bps] {B}

Rosamond

(EDWARDS.MT.DDN.MIL)

(805) 277-7949 [300/1200 bps] {B}

(805) 277-7966 [300/1200 bps] {B}

(805) 277-7968 [300/1200 bps] {B}

(805) 277-7970 [300/1200 bps] {B}

(805) 277-7971 [300/1200 bps] {B}

(805) 277-7972 [300/1200 bps] {B}

(805) 277-7973 [300/1200 bps] {B}

(805) 277-7974 [300/1200 bps] {B}

Sacramento

(MCCLELLAN.MT.DDN.MIL)

(916) 643-1701 (R8) [300/1200 bps] {B}

(MCCLELLAN2.MT.DDN.MIL)

(916) 643-1002 (R8) [300/1200 bps] {B}

(SACRAMENTO.MT.DDN.MIL)

(916) 388-2604 (R8) [300/1200 bps] {B}

San Diego

(NORTH-ISLAND.MT.DDN.MIL)

[None known]

(SANDIEGO.MT.DDN.MIL)

(619) 222-5809 (R8) [300/1200 bps] {B}

(SANDIEGO2.MT.DDN.MIL)

(619) 224-8251 (R8) [300/1200 bps] {B}

San Francisco

(PRESIDIO.MT.DDN.MIL)

(415) 561-6490 (R8) [300/1200 bps] {B}

San Miguel

(ROBERTS.MT.DDN.MIL)

(805) 239-2780 (R8) [300/1200 bps] {B}

Sunnyvale

(ONIZUKA.MT.DDN.MIL)

[None known]

Colorado

Aurora

(DENVER.MT.DDN.MIL)

(303) 361-3105 (R16) [300/1200 bps] {B}

Colorado Springs

(PETERSON.MT.DDN.MIL)

(719) 554-6792 (R8) [300/1200 bps] {B}

Denver

(LOWRY.MT.DDN.MIL)

(303) 370-7782 (R8) [300/1200 bps] {B}

(LOWRY2.MT.DDN.MIL)

(303) 370-7591 (R8) [300/1200 bps] {B}

District of Columbia

Washington

(DCAOC.MT.DDN.MIL)

[None known]

(PENTAGON.MT.DDN.MIL)

(703) 553-0229 (R8) [300/1200 bps] {B}

(703) 553-0238 (R8) [300/1200 bps] {B}

(WASHDC-NRL.MT.DDN.MIL)

(202) 574-8308 [300/1200 bps] {B}

(202) 574-8309 [300/1200 bps] {B}

(202) 574-8311 [300/1200 bps] {B}

(202) 574-8313 [300/1200 bps] {B}

(202) 574-8314 [300/1200 bps] {B}

(202) 574-8315 [300/1200 bps] {B}

(202) 574-8318 [300/1200 bps] {B}

(202) 574-8327 [300/1200 bps] {B}

Florida

Cocoa Beach

(PATRICK.MT.DDN.MIL)

(407) 494-4131 (R8) [300/1200 bps] {B}

Fort Walton Beach

(EGLIN.MT.DDN.MIL)

(904) 678-8450 [300/1200 bps] {B}

(904) 678-1237 [300/1200 bps] {B}

(904) 678-1268 [300/1200 bps] {B}

(904) 678-9183 [300/1200 bps] {B}

(904) 678-4937 [300/1200 bps] {B}

(904) 678-6025 [300/1200 bps] {B}

(904) 678-5812 [300/1200 bps] {B}

(904) 678-6315 [300/1200 bps] {B}

Homestead

(HOMESTEAD.MT.DDN.MIL)

(305) 257-7890 (R8) [300/1200 bps] {B}

Jacksonville

(JACKSONVILLE.MT.DDN.MIL)

(904) 777-3006 (R8) [300/1200 bps] {B}

Orlando

(ORLANDO.MT.DDN.MIL)

(407) 277-0005 (R8) [300/1200 bps] {B}

Pensacola

(PENSACOLA.MT.DDN.MIL)

(904) 457-1199 (R8) [300/1200 bps] {B}

Tampa

(MACDILL.MT.DDN.MIL)

(813) 830-4270 (R8) [300/1200 bps] {B}

Georgia

Atlanta

(MCPHERSON.MT.DDN.MIL)

(404) 669-7910 (R8) [300/1200 bps] {B}

Augusta

(GORDON.MT.DDN.MIL)

(404) 791-5426 (R16) [300/1200 bps] {B}

Columbus

(BENNING.MT.DDN.MIL)

(404) 545-5181 (R5) [300/1200 bps] {B}

(404) 545-2111 (R6) [300/1200 bps] {B}

(404) 545-2164 (R5) [300/1200 bps] {B}

Hinesville

(STEWART.MT.DDN.MIL)

(912) 767-5800 (R8) [300/1200 bps] {B}

Marietta

(DOBBINS.MT.DDN.MIL)

(404) 423-0309 (R8) [300/1200 bps] {B}

(404) 423-0320 [300/1200 bps] {B}

(404) 423-0322 [300/1200 bps] {B}

(404) 423-0337 [300/1200 bps] {B}

(404) 423-0355 [300/1200 bps] {B}

(404) 423-0356 [300/1200 bps] {B}

(404) 423-0357 [300/1200 bps] {B}

(404) 423-0511 [300/1200 bps] {B}

Warner Robins

(ROBINS.MT.DDN.MIL)

(912) 926-1650 (R8) [300/1200 bps] {B}

(ROBINS2.MT.DDN.MIL)

(912) 926-2719 (R8) [300/1200 bps] {B}

Hawaii

Camp H.M. Smith

(SMITH.MT.DDN.MIL)

(None Known)

Honolulu

(HICKAM.MT.DDN.MIL)

(808) 449-5421 (R24) (C) [300/1200 bps] {B}

(PEARLHARBOR.MT.DDN.MIL)

(808) 423-9602 (R8) (C) [300/1200 bps] {B}

(808) 423-6611 (R8) (C) [300/1200 bps] {B}

(SHAFTER.MT.DDN.MIL)

(808) 438-7300 (R16) (C) [300/1200 bps] {B}

Wahiawa

(WAHIAWA.MT.DDN.MIL)

[None known]

(WHEELER.MT.DDN.MIL)

[None known]

Illinois

Argonne

(ARGONNE.MT.DDN.MIL)

(708) 972-6241 [300/1200 bps] {B}

(708) 972-6104 [300/1200 bps] {B}

(708) 972-6060 (R6) [300/1200 bps] {B}

Belleville

(SCOTT.MT.DDN.MIL)

[None known]

(SCOTT2.MT.DDN.MIL)

(618) 256-6285 (R3) [300/1200 bps] {B}

(618) 256-6772 (R8) [300/1200 bps] {B}

Highland Park

(SHERIDAN.MT.DDN.MIL)

(708) 926-6060 (R8) [300/1200 bps] {B}

(708) 926-6069 (R8) [300/1200 bps] {B}

North Chicago

(GREAT-LAKES.MT.DDN.MIL)

(708) 578-9000 (R8) [300/1200 bps] {B}

Rock Island

(ROCK-ISLAND.MT.DDN.MIL)

(309) 782-6939 (R8) [300/1200 bps] {B}

Indiana

Crane

(CRANE-TEP.MT.DDN.MIL)

[None known]

Indianapolis

(BENHARRISON.MT.DDN.MIL)

(317) 542-2554 (R8) [300/1200 bps] {B+24}

(317) 542-2555 (R8) [300/1200 bps] {B+24}

(BENHARRISON2.MT.DDN.MIL)

(317) 543-6624 [300/1200 bps] {B}

Kansas

Junction City

(RILEY.MT.DDN.MIL)

(913) 239-3432 (R8) [300/1200 bps] {B}

Leavenworth

(LEAVENWORTH.MT.DDN.MIL)

(913) 651-7041 (R8) [300/1200 bps] {B}

(913) 684-7653 (R8) [300/1200 bps] {B}

Kentucky

Christian

(CAMPBELL.MT.DDN.MIL)

(502) 798-2866 (R8) [300/1200 BPS] {B}

Fort Knox

(KNOX.MT.DDN.MIL)

(502) 624-2761 (R8) [300/1200 bps] {B}

(502) 624-5201 (R8) [300/1200 bps] {B}

Louisiana

Bossier City

(BARKSDALE.MT.DDN.MIL)

(318) 741-3806 (R8) [300/1200 bps] {B}

(318) 456-2301 (R8) [300/1200 bps] {B}

Leesville

(POLK.MT.DDN.MIL)

(318) 535-2962 (R8) [300/1200 bps] {B}

New Orleans

(NEW-ORLEANS.MT.DDN.MIL)

(504) 944-8702 (R8) [300/1200 bps] {B}

Maine

Limestone

(LORING.MT.DDN.MIL)

(207) 999-2283 (R4) [300/1200 bps] {B}

(207) 999-2267 (R4) [300/1200 bps] {B}

Maryland

Aberdeen

(ABERDEEN.MT.DDN.MIL)

(301) 273-6000 (R8) [300/1200 bps] {B}

(ABERDEEN2.MT.DDN.MIL)

(301) 671-6990 (R8) [300/1200 bps] {B}

Bethesda

(CARDEROCK.MT.DDN.MIL)

(301) 229-3100 (R8) [300/1200 bps] {B/V}

(301) 229-4800 (R8) [300/1200 bps] {B/V}

Camp Springs

(ANDREWS.MT.DDN.MIL)

(301) 967-7930 (R8) [300/1200 bps] {B}

(301) 967-7938 (R8) [300/1200 bps] {B}

Cascade

(RITCHIE.MT.DDN.MIL)

(301) 241-4901 (R8) [300/1200 bps] {B}

(RITCHIE2.MT.DDN.MIL)

[None known]

Frederick

(DETRICK.MT.DDN.MIL)

(301) 695-0300 (R8) [300/1200 bps] {B}

Lexington Park

(PAXRIVER.MT.DDN.MIL)

[None known]

Silver Spring

(WHITE-OAK.MT.DDN.MIL)

(301) 572-5960 (R8) [300/1200 bps] {B}

St. Inigoes

(ST-INIGOES.MT.DDN.MIL)

(301) 872-9002 (R8) [300/1200 bps] {B}

(301) 872-9092 (R8) [300/1200 bps] {B}

Massachusetts

Bedford

(HANSCOM.MT.DDN.MIL)

(617) 377-3000 (R8) [300/1200 bps] {B}

Cambridge

(CAMBRIDGE.MT.DDN.MIL)

(617) 497-0180 [300/1200 bps] {B}

(617) 497-1220 [300/1200 bps] {B}

(617) 497-1229 [300/1200 bps] {B}

(617) 497-2036 [300/1200 bps] {B}

(617) 497-2037 [300/1200 bps] {B}

(617) 497-4235 [300/1200 bps] {B}

(617) 497-4261 [300/1200 bps] {B}

(617) 497-4278 [300/1200 bps] {B}

Michigan

Battle Creek

(BATTLECREEK.MT.DDN.MIL)

(616) 961-4550 (R8) [1200 bps] {B}

Warren

(WARREN.MT.DDN.MIL)

(313) 574-5164 (R8) [300/1200 bps] {B}

Mississippi

Biloxi

(KEESLER.MT.DDN.MIL)

(601) 377-3610 (R5) [300/1200 bps] {B}

(601) 377-3910 (R5) [300/1200 bps] {B}

Missouri

St. Louis

(SAINT-LOUIS.MT.DDN.MIL)

(314) 381-8460 (R8) [300/1200 bps] {B}

(314) 381-5942 [300/1200 bps] {B}

(314) 381-5961 [300/1200 bps] {B}

(314) 381-5988 [300/1200 bps] {B}

(314) 381-6014 [300/1200 bps] {B}

(314) 381-6307 [300/1200 bps] {B}

(314) 381-6433 [300/1200 bps] {B}

(314) 381-2147 [300/1200 bps] {B}

(SAINT-LOUIS2.MT.DDN.MIL)

[None known]

Montana

Great Falls

(MALMSTROM.MT.DDN.MIL)

(406) 731-2140 (R8) [300/1200 bps] {B}

Nebraska

Omaha

(OFFUTT.MT.DDN.MIL)

[None known]

(OFFUTT2.MT.DDN.MIL)

(402) 292-4638 (R8) [300/1200 bps] {B}

(402) 294-6790 (R8) [300/1200 bps] {B}

(OFFUTT3.MT.DDN.MIL)

[None known]

New Jersey

Dover

(DOVERNJ.MT.DDN.MIL)

(201) 724-6731 (R8) [300/1200 bps] {B/V}

Red Bank

(MONMOUTH.MT.DDN.MIL)

(201) 544-3282 (R8) [300/1200 bps] {B}

(201) 544-2767 [300/1200 bps] {B}

(201) 544-4859 [300/1200 bps] {B}

(201) 544-2758 [300/1200 bps] {B}

(201) 544-2636 [300/1200 bps] {B}

(201) 544-2129 [300/1200 bps] {B}

(201) 544-2113 [300/1200 bps] {B}

(201) 544-4718 [300/1200 bps] {B}

(201) 544-2062 [300/1200 bps] {B}

Wrightstown

(DIX.MT.DDN.MIL)

(609) 562-3021 (R8) [300/1200 bps} {B}

New Mexico

Albuquerque

(KIRTLAND.MT.DDN.MIL)

(505) 846-5429 (R6) [300/1200 bps] {B}

(KIRTLAND2.MT.DDN.MIL)

(505) 846-2494 (R8) [300/1200 bps] {B}

Las Cruces

(WHITE-SANDS.MT.DDN.MIL)

[no dialups; contact NSC for access]

Claude (Skeet) Steffey – (505) 678-1271 (DSN) 258-1271

New York

Rome

(GRIFFISS.MT.DDN.MIL)

(315) 339-4913 (R5) [300/1200 bps] {B}

(315) 337-2004 [300/1200 bps] {B}

(315) 337-2005 [300/1200 bps] {B}

(315) 330-2294 [300/1200 bps] {B}

(315) 330-3587 [300/1200 bps] {B}

(315) 330-3044 [300/1200 bps] {B}

(315) 330-3240 [300/1200 bps] {B}

West Point

(WEST-POINT.MT.DDN.MIL)

(914) 446-6715 (R8) [300/1200 bps] {B}

North Carolina

Fayetteville

(BRAGG.MT.DDN.MIL)

(919) 396-1181 (R8) [300/1200 bps] {B}

(919) 396-1251 (R8) [300/1200 bps] {B}

Goldsboro

(SEYMOUR-JHNSN.MT.DDN.MIL)

(919) 736-6850 (R8) [300/1200 bps] {B}

North Dakota

Grand Forks

(GRAND-FORKS.MT.DDN.MIL)

(701) 747-6681 (R8) [300/1200 bps] {B}

Ohio

Bratenahl

(BRATENAHL-OH.MT.DDN.MIL)

(216) 761-6077 (R8) [1200 bps] {B}

Columbus

(COLUMBUS.MMT.DDN.MIL)

[None known]

Dayton

(WRIGHTPAT.MT.DDN.MIL)

(513) 476-4218 (R6) [300/1200 bps] {B/V}

(WRIGHTPAT2.MT.DDN.MIL)

(513) 257-2172 (R8) [300/1200 bps] {B}

(513) 257-2690 (R8) [300/1200 bps] {B}

(513) 257-3625 (R8) [300/1200 bps] {B}

(WRIGHTPAT3.MT.DDN.MIL)

(513) 259-9711 (R8) [300/1200 bps] {B}

(WRIGHTPAT4.MT.DDN.MIL)

(513) 476-4915 [300/1200 bps] {B}

(513) 476-4487 [300/1200 bps] {B}

(513) 476-4489 [300/1200 bps] {B}

(513) 476-4490 [300/1200 bps] {B}

(513) 476-4491 [300/1200 bps] {B}

(513) 476-4542 [300/1200 bps] {B}

(513) 476-4543 [300/1200 bps] {B}

(513) 476-4544 [300/1200 bps] {B}

Newark

(NEWARK.MT.DDN.MIL)

(614) 522-8816 (R8) [1200 bps] {B}

Oklahoma

Lawton

(SILL.MT.DDN.MIL)

(405) 248-7200 (R8) [300/1200 bps] {B}

Oklahoma City

(TINKER.MT.DDN.MIL)

(405) 733-1234 (R8) [300/1200 bps] {B}

Pennsylvania

Mechanicsburg

(MECHANICSBURG.MT.DDN.MIL)

(717) 691-1330 (R8) [300/1200 bps] {B}

New Cumberland

(NEWCMBRLND2.MT.DDN.MIL)

[None known]

(NEWCUMBERLND.MT.DDN.MIL)

(717) 770-7853 (R8) [300/1200 bps] {B}

Philadelphia

(PHILADELPHIA.MT.DDN.MIL)

(215) 725-4073 (R8) [300/1200 bps] {B}

Tobyhanna

(TOBYHANNA.MT.DDN.MIL)

(717) 894-0490 (R8)

Warminster

(JOHNSVILLE.MT.DDN.MIL)

(215) 441-3868 (R8) [300/1200 bps] {B}

Rhode Island

Newport

(NEWPORT.MT.DDN.MIL)

(401) 841-5380 (R8) [300/1200 bps] {B}

South Carolina

Charleston

(CHARLESTON.MT.DDN.MIL)

(803) 566-2963 (R8) [300/1200 bps] {B}

Columbia

(JACKSON.MT.DDN.MIL)

(803) 751-3621 (R8) [300/1200 bps] {B}

Tennessee

Memphis

(MEMPHIS.MT.DDN.MIL)

(901) 373-6091 (R8) [300/1200 bps] {B}

Texas

Corpus Christi

(CORPUS.MT.DDN.MIL)

(512) 939-8113 (R8) [300/1200 bps] {B}

Fort Bliss

(BLISS.MT.DDN.MIL)

(915) 568-3229 (R8) [300/1200 bps] {B}

Killeen

(HOOD.MT.DDN.MIL)

(817) 287-2886 (R8) [300/1200 bps] {B}

San Antonio

(BROOKS.MT.DDN.MIL)

(512) 536-3081 (R6) [300/1200 bps] {B/V}

(KELLY.MT.DDN.MIL)

(512) 925-8005 (R8) [300/1200 bps] {B}

(LACKLAND.MT.DDN.MIL)

(512) 671-1501 (R8) [300/1200 bps] {B}

(512) 671-1509 (R8) [300/1200 bps] {B}

(RANDOLPH.MT.DDN.MIL)

(512) 659-0323 (R4) [300/1200 bps] {B}

(512) 659-2061 (R4) [300/1200 bps] {B}

(RANDOLPH2.MT.DDN.MIL)

(512) 659-9033 (R4) [300/1200 bps] {B}

(512) 659-2006 (R4) [300/1200 bps] {B}

(RANDOLPH3.MT.DDN.MIL)

(512) 659-9022 (R4) [300/1200 bps] {B}

(512) 652-2047 (R4) [300/1200 bps] {B}

(SAM-HOUSTON.MT.DDN.MIL)

(512) 227-2648 (R8) [300/1200 bps] {B}

Utah

Dugway

(DUGWAY.MT.DDN.MIL)

(801) 831-3050 (R8) [300/1200 bps] {B}

Ogden

(HILL.MT.DDN.MIL)

(801) 777-5514 (R8) [300/1200 bps] {B}

(801) 777-7709 (R8) [300/1200 bps] {B}

(HILL2.MT.DDN.MIL)

(801) 777-5514 (R8) [300/1200 bps] {B}

(801) 777-7709 (R8) [300/1200 bps] {B}

Virginia

Alexandria

(ALEXANDRIA.MT.DDN.MIL)

(703) 461-7900 (R8) [300/1200 bps] {B}

(ALEXANDRIA3.MT.DDN.MIL)

[None known]

Arlington

(DCAOC2.MT.DDN.MIL)

[None known]

(PENTAGON2.MT.DDN.MIL)

(703) 979-4901 (R8) [300/1200 bps] {B}

(ROSSLYN.MT.DDN.MIL)

[None known]

(ROSSLYN2.MT.DDN.MIL)

[None known]

Dahlgren

(DAHLGREN.MT.DDN.MIL)

(703) 663-2162 (R8) [300/1200 bps] {B}

Fairfax

(BELVOIR.MT.DDN.MIL)

(703) 781-0050 (R8) [300/1200 bps] {B}

(703) 781-0100 (R8) [300/1200 bps] {B}

Fort Lee

(LEE.MT.DDN.MIL)

(804) 734-2091 (R8) [300/1200 bps] {B}

Hampton

(LANGLEY.MT.DDN.MIL)

(804) 764-7640 (R8) [300/1200 bps] {B}

McLean

(MCLEAN.MMT.DDN.MIL)

(703) 506-0056 (R8) [300/1200 bps] {B}

(MCLEAN.MT.DDN.MIL)

(703) 506-0056 (R8) [300/1200 bps]

(MCLEAN2.MT.DDN.MIL)

[None known]

Newport News

(EUSTIS.MT.DDN.MIL)

(804) 878-1414 (R16) [300/1200 bps] {B}

Norfolk

(NORFOLK.MT.DDN.MIL)

(804) 423-0241 (R8) [300/1200 bps] {B}

Reston

(RESTON-DCEC.MT.DDN.MIL)

(703) 437-2892 (R5) [300/1200 bps] {B}

(703) 437-2925 (R3) [300/1200 bps] {B}

(703) 437-2928 (R2) [300/1200 bps] {B}

(703) 435-4050 (R8) [300/1200 bps] {B}

Washington

Bangor

(PUGET-SOUND.MT.DDN.MIL)

(206) 779-1682 (R8) [300/1200 bps] {B}

Keyport

(KEYPORT.MT.DDN.MIL)

(206) 779-1082 (R8) [300/1200 bps] {B}

Spokane

(FAIRCHILD.MT.DDN.MIL)

(509) 247-2733 (R8) [300/1200 bps] {B}

Tacoma

(LEWIS.MT.DDN.MIL)

(206) 967-2291 (R8) [300/1200 bps] {B}

(MCCHORD.MT.DDN.MIL)

(206) 984-6521 (R8) [300/1200 bps] {B}

Notes:

1. Rotary lines are in parenthesis following the phone number.

For example, “(R10)” indicates a rotary with 10 lines.

2. (M) = Military DoD Telephone System, (C) = Commercial Telephone System.

3. Modem compatibility is in curley braces {}.

B/V = Bell and Vadic

B = Bell 212A only

V = Vadic 3400 only

24 = 2400 Baud capability (CCITT V.22 bis)

4. This list is contained in the file NETINFO:USA-TAC-PHONES.TXT on the

NIC.DDN.MIL host.

5. Phone numbers for European and Pacific rim TACS are in

NETINFO:FOREIGN-TAC-PHONES.TXT.

6. The MILNET toll-free TAC number is (800) 368-2217.

_ _ _ _ _ _ _ _ _
/ \ _ / \ _ / \ / \_/ \ / \ _ / \_/ \ / \
\_/ _ \ / \_/ _ \ / \_/ _ \ / _ _ \_/ _ \ / \_/ _ _ \ / _ \_/
/ \ \_/ _ / \ \_/ _ / \ \_/ / \_/ \ / \ \_/ _ / \_/ \ \_/ / \
\_/ \ / \_/ \ / \_/ \ / \_/ \ / \_/ \ / \_/
\_/ \_/ \_/ \_/ \_/

THIS FILE PASSED ONE OF EUROPES FASTEST:
_ _ __ _ _ __. _ __. _ __. _ __. _ __ _ __. _ __. _ __ _ _.
_ __/\_______/|____/|______/| __/| __/\_____/|_____/|_____/\____|\___
_ __/ _________ \ ______ |_ \ |_ \____ ___ /\ | __ \ __ \
_ _\___ \/ _/ / __)__/ | \/ | \/ / / | \/ | \/ \ \/|/ \
_ __/ \ / \__/ | / | / | / / \ | / | / \ / / \
_ _\______\_____________\___________\_______/____________\___/\__/|______/

–+ S.K.I.D. R.O.W. S.H.Q –+– R.O.M.K.I.D.S. S.H.Q. +–

NODE1:+46-PRIVATE!
NODE2:+46-PRIVATE!
NODE3:+46-PRIVATE!
NODE4:+46-PRIVATE!
NODE5:+46-SOOOOON!

THE COMPETITION IS NONE!
THERE CAN BE ONLY ONE!

GET IN TOUCH WITH [ V^C^M ] FOR AN ACCOUNT!
_ _ _ _ _ _ _ _ _
/ \ _ / \ _ / \ / \_/ \ / \ _ / \_/ \ / \
\_/ _ \ / \_/ _ \ / \_/ _ \ / _ _ \_/ _ \ / \_/ _ _ \ / _ \_/
/ \ \_/ _ / \ \_/ _ / \ \_/ / \_/ \ / \ \_/ _ / \_/ \ \_/ / \
\_/ \ / \_/ \ / \_/ \ / \_/ \ / \_/ \ / \_/
\_/ \_/ \_/ \_/ \_/
sWEDEN’s hIGHESt! : sWEDEN’s hIGHESt!
: : |
_ _|________________ ____| | ______ ________
_ __ __\____ /\__ /_\__ \ |_\__ \_\_ ____/___ __ _
/____/ \/| \ \ | _/ \_ \
___/ | | \ | \ / \
| | | |\ | \ /
_ __ ______| |______| |_____|____\ /\_______ __ _
f^i | | \/
__ /\ | |H2o!
________ ____\// \ ___________ ______ ___________ _________ __
_ __ _\____ /_\_ \/ \_\____ /_\__ \_\____ /_\__
\/| \ / \ / / _/ \_ /____/_ \
| \/ \ /____/ \ / / | \__ __ _
| / \ | . \ / | \
_ __ ________|____/ \__| | _ ___\ /\___________|______\_ _
/ \ | \/ |
sYs: STAiN/2kAD /______________\ | cONSOLe : aMIGa : ASCý :
. |
cOs:MR SPoCK/HCD, mERY/RMK,2kAD| | tHe sILENCEr/TDS , U-MAN/2kAD
| :
: +46-550-18128
[A­RaDDer v3.1 By A­Rcí]



Milnet Access Codes

3. (0) NOSC-CC, (2) LOGICON, (3) NPRDC
8. (0) NRL, (1) NRL-AIC, (3) NRL-TOPS10, (6) NRL-ARCTAN, (7) NRL-CSS
13. (1) GUNTER-ADAM, (2) GUNTER-TAC
14. (0) CMU-CS-B
16. (0) AMES-TSS, (1) AMES-TAC, (2) AMES-VMSA, (3) AMES-VMSB,
(4) AMES-UNIXA, (5) AMES-UNIXb
17. (0) MITRE, (2) MITRE-TAC
18. (0) RADC-MULTICS, (2) RADC-TAC, (3) RADC-TOPS20, (5) RADC-UNIX,
(6) GE-CRD
19. (0) NBS-VMS, (1) NBS-SDC, (2) NBS-UNIX, (3) NBS-PL, (6) NBS-AMRF,
(7) NBS-SSI
20. (0) DCEC-ITEL, (2) DCEC-TAC, (4) DCA-EMS
21. (0) LLL-TIS, (1) LLL-MFE, (2) LLL-ZDIVISION
23. (0) USC-ECLB, (3) USC-ECL
24. (0) NADC
Press [RETURN]   26. (0) PENTAGON-TAC
28. (0) ARPA-TAC2, (1) ARPA-TAC1
29. (0) BRL, (1) APG-1, (2) BRL-TAC, (3) BRL-GATEWAY
30. (0) BROOKS-AFB-TAC
33. (0) NPS, (2) NPS-TAC, (3) FNOC-SECURE
34. (0) LBL-NMM, (1) LBL-CSAM
35. (0) NOSC-SECURE2, (1) NOSC-TECR, (2) ACCAT-TAC, (3) NOSC-SECURE3,
(4) NOSC-F4
36. (0) COINS-TAS, (1) CINCPACFLT-WM, (2) CINCPAC-TAC
40. (0) NCC-TAC, (1) BBN-MINET-M-GW
41. (2) REDSTONE-TAC
43. (0) OFFICE-1, (1) OFFICE-2, (2) OFFICE-3, (3) OFFICE-7
44. (3) MIT-MC
45. (0) ARRADCOM-TAC, (1) ARDC
46. (3) OKC-UNIX
47. (0) WPAFB, (1) WPAFB-AFWAL, (2) WPAFB-TAC, (3) WPAFB-INFO1
(4) WPAFB-JALCF, (5) WPAFB-FITA
48. (1) AFWL, (2) AFWL-TAC
49. (1) BBNB, (3) BBNC
54. (2) ACC, (3) JPL-VAX
Press [RETURN]   55. (1) ANL-MCS, (2) COMPION-VMS
57. (0) TYCHO, (1) COINS-GATEWAY, (2) MARYLAND
58. (0) NYU, (2) BNL
59. (1) SCOTT-TAC
60. (1) CORADCOM-TAC, (2) CORADCOM2-TAC
61. (0) STL-HOST1, (1) ALMSA-1, (2) STLA-TAC
64. (1) MARTIN-B, (2) ROBINS-TAC, (3) ROBINS-UNIX
65. (0) AFSC-SD, (1) AFSC-SD-TAC, (2) AEROSPACE
66. (1) AFGL, (2) AFGL-TAC, (3) MITRE-BEDFORD
67. (0) AFSC-HQ, (1) AFSC-HQ-TAC
68. (0) USGS1-MULTICS, (2) USGS1-AMDAHL, (3) USGS1-TAC
69. (0) USGS2-MULTICS, (1) USGS2-TAC
70. (0) USGS3-MULTICS, (1) USGS3-TAC, (2) USGS3-VMS
73. (0) SRI-NIC, (1) SRI-WARF, (4) SRI-TACACS
74. (0) SIMTeL20, (1) WSMR70A, (2) WSMR-TAC, (3) WSMR70B
75. (2) YUMA-TAC, (3) YUMA
78. (3) MCCLELLAN
81. (0) NEMS, (1) NALCON, (2) DAVID-TAC, (3) DTRC
82. (0) BBNCCT, (3) DDN-1, (4) BBN-RSM, (5) TEP-TAC, (7) TEST-MAILBR
83. (0) MINET-LON, (1) MINET-NOC, (3) TEST-BRIDGE
Press [RETURN]   84. (0) NSWC-DL, (1) NSWC-G, (2) NSWC-TAC, (3) NSWC-OAS
88. (0) NLM-MCS
90. (0) LANL
92. (2) NUSC-NPT, (3) NUSC
93. (0) OFFICE-8, (1) OFFICE-10, (2) OFFICE-15
95. (0) S1-GATEWAY, (1) S1-A, (2) S1-B, (3) S1-C
97. (2) PAXRV-NES, (3) PAX-RV-TAC
100. (0) TEST-TAC
103. (1) USC-ISIE, (2) ADA-VAX, (3) USC-ISI
105. (1) SAC2-TAC
117. (2) KOREA-TAC

***** ARPANET HOSTS AND TACS *****

1. (0) UCLA-CS, (1) UCLA-CCN, (2) UCLA-LOCUS, (3) UCLA-ATS
2. (0) SRI-NSC11, (1) SRI-KL, (2) SRI-CSL, (3) SRI-TSC, (4) SRI-AI,
(5) SRI-IU
4. (0) UTAH-CS, (2) UTAH-TAC, (3) UTAH-20
5. (0) BBNF, (1) BBNG, (2) BBN-PTIP-GATEWAY, (3) BBNA,
Press [RETURN]   6. (0) MIT-MULTICS, (1) MIT-DMS, (2) MIT-AI-RESERVED, (3) MIT-ML
7. (1) RAND-RELAY, (2) RAND-TAC, (3) RAND-UNIX
9. (0) HARV-10, (2) YALE
11. (0) SU-AI, (1) STANFORD GATEWAY, (2) SU-TAC, (3) SU-SCORE
14. (1) CMU-CS-A, (2) CMU-GATEWAY, (3) CMU-CS-C
15. (0) ROCHESTER
17. (1) MITRE-GATEWAY, (3) DCN-GATEWAY, (4) MITRE-LAN
18. (1) RADC-PSAT-IG
20. (1) DCEC-GATEWAY, (3) EDN-UNIX, (5) DCEC-PSAT-IG
22. (0) ISI-SPEECH11, (3) ISI-PSAT-IG
23. (1) USC-ECLC, (2) USC-TAC
24. (3) WHARTON-10
25. (0) SEISMO, (2) CSS-GATEWAY
27. (0) USC-ISID, (1) ISI-PNG11, (2) ISI-VAXA, (3) ISI-GATEWAY
28. (3) ARPA-PNG11
31. (0) CCA-UNIX, (2) CCA-VMS, (3) CCA-TAC
32. (0) PARC-MAXC, (2) PARC-GW, (3) KESTREL
37. (0) PURDUE, (2) PURDUE-CS-GW
38. (0) BRAGG-GWY1, (1) BRAGG-STA1, (2) BRAGG-TAC, (3) NET-5-GATEWAY
40. (2) BBN-PSAT-IG, (3) BBN-VAN-GW
Press [RETURN]   44. (0) MIT-XX, (2) MIT-TSTGW
46. (0) COLLINS-PR, (1) COLLINS-GW, (2) COLLINS-TAC
49. (1) BBN-CGTWY, (4) BBN-CLXX, (5) CLARKSBURG-IG
51. (0) ST-NIC, (1) SRI-C3PO, (2) SRI-UNIX, (3) SRI-R2D2
52. (0) USC-ISIC, (2) USC-ISIF, (3) USC-ISIB
58. (2) RUTGERS
62. (0) UTEXAS-11, (1) UTEXAS-20, (2) UT-SALLY
63. (0) BBN-TEST0-GWY, (1) BBN-TAC
72. (0) BBN-NOC, (1) BBN-UNIX, (3) BBN-NET-GATEWAY
73. (3) SRI-IU,
77. (0) MIT-GW, (1) CISL-SERVICE-MULTICS, (2) MIT-TAC, (3) MIT-OZ
78. (0) UCB-ARPA, (2) UCB-VAX)
79. (0) DEC-TOPS20, (1) DEC-MARLBORO
80. (0) HI-MULTICS, (1) SAC1-TAC, (3) SAC-GATEWAY
82. (1) BBN-VAX, (2) BBN-INOC, (6) BBN-NOC2
89. (0) COLUMBIA
91. (0) WASHINGTON, (2) WASHINGTON-TAC, (3) UW-VLSI
94. (0) WISC-GATEWAY, (1) CSNET-SH
96. (0) UdEL-RELAY, (1) UDEL-TCP, (2) UDEL-EE, (3) CORNELL
98. (2) PURDUE-X25
Press [RETURN]   99. (3) UWISC-X25
106. (2) IPTO-GATEWAY

[Phreak][1-37][?=Menu,=quit]:

DDN: The Defense Data Network (A Map)

Unauthorised Access UK  0636-708063  10pm-7am  12oo/24oo

                DDN - The Defense Data Network

                            \|/
                   By  Star -*- Fire  [a member of Mysterion Grp]
                            /|\

   Diagram of DDN:

 _______________            __________         *
|Community MC   |           |  TAC   |                              ________
|---------------| /---------|  with  |---------*---\                |MILNET|
| Terminal      |/          |_TACACS_|              \               |MCsite|
|_______________|               |              *     \              | _____|
| MC      |  | \                |                     \_____________||Term-|
| HOST    |--|E3>----\          |              *                    ||inal |
|_________|  |_/       \        |                                   ||_____|
 __________        _     \ _____|_____      _  * ___    ________    | |S&R |
|Subscriber|      | \     /           \    / |  |Bri|  /        \   |/| MC |
|HOST/Gate |------|E3>----|  DISNET   |---|E3|-*|dge|__| MILNET |__/| |HOST|
|way_______|      |_/     \___________/   |  |  |HOST  \________/   |_|____|
 ___________    _        / | | |    |      \_| *|___|   /  / |   \_
| TAC with  |  | \      /  | | |    |                  /  /  |     \_____
|  TACACS   |--|E3>----+   | | |    |          *      /  /   |     |Subsc|
|___________|  |_/    /    | | |   /'\               /  /    |     |riber|
_____________        /    _| | | / E3  \       *   _/  /     |     |HOST |
|S&R |DISNET|       /   _/  / /'\----|--          /   |      |     |_____|
| MC |MCsite|   ___/  _/  / / E3  \ _|___    *   /  __|____  |_______
|HOST|______|__/    _/  /'\ ---|--- | E3|    ___/_ |TACACS|  |Bridge|
|____|______|     _/  / E3  \  |    |KDC| * |Name| |login |  | HOST |--/
               __/    ---|---__|___ |___|   |Serv| | HOST |  |______| /
             /'\         |   | E3 |       * |er  | |______|          |
           / E3 \    ____|__ |ACC |         |HOST|                ___|____
           ---|---  |TACACS ||____|       *  ----                /        \
______________|____ |login  |                                    | ARPANET|
|Name Server HOST | |_HOST__|             *                      \________/
|_________________|
                                          *

end of file...

Downloded From P-80 Systems 304-744-2253

DDN: Information on the Defense Data Network from Unauthorized Access UK

Unauthorised Access UK  0636-708063  10pm-7am  12oo/24oo

                  DDN - The Defense Data Network

    The Department of Defense started the major networking scene in the US in
    the late '70s and early 80s.  Their first baby was ARPANET (Advanced
    Research Projects Agency NETwork).  It was just a development system to see
    how feasible a national computer network would be and to help facillitate
    information transfer between defense researchers (and some university
    projects).  The world of InterNET has grown up around that existing
    foundation to become one of the most (THE most?) used network in the world
    as researchers in other nations found they also needed access to
    counterparts around the nation to exchange knowledge and ideas.  Well to end
    this simple history I will get back to the DDN and its workings (what little
    I do really know of them) and it structure.

    The DoD  (Dept of Defense) has been maintaining its own separate networks
    ever since ARPANET became a success and was "gobbled up" by the growing
    InterNET structure.  The DoD wanted to be able to secure its important work
    and research and to do so it needed to be isolated from the existing
    infrastructure.  They decided that a somewhat free flow of information would
    be necessary between constituents and that some kind of framework similar to
    Internet would be beneficial but that access to their systems would have to
    be limited by means more secure than anything available on the public
    Internet system.  They developed MILNET for this specific purpose (to carry
    unclassified data traffic between defense contractors and researchers).

    Beyond MILNET there were also been establish three other military nets under
    the auspices of the Defense Secure NETwork (DSNET).  The three were DSNET1
    for Secret data, DSNET2 for Top Secret data, and DSNET3 for special Top
    Secret data (probably weapons systems and plans, and ELINT/SIGINT systems --
    but that is only a guess).  These three each had a separate communications
    hub including local and widearea nets.  The 3 DSNETS have been combined (are
    being combined) in a unified DISNET (Defense Integrated Security NETwork).

    The Defense Communication Agency (DCA) was put in charge of maintaining the
    backbones of the defense networks (except ARPANET which is primarily used by
    the R&D community and is maintained by DARPA and is not really associated
    with DDN) as part of the Defense Communication System (DCS).  All DDN Nets
    are not part (officially) of InterNET because of the security risks
    involved.

    The restructuring of DDN into DISNET is a continually evolving project
    (especially in the area of Defense Messaging System - which I know little
    about at this time and WOULD LIKE TO SEE MORE INFO about if anyone knows
    about it ), but I will explain its structure as presently laid out...

    "(1) Security architecture should include a well-defined set of network
    security services offered to subscribers"
         Services:
    CONFIDENTIALITY:
         1.Mandatory Confidentiality - protects classified data using DDN
                                       rule based security
         2.Discretionary Confid. - identity based (Need-to-Know) security
         3.Traffic Flow Confid. - protects against disclosure by observing
            \                     characteristics of data flow
              \_____See the encrypthion and communities descriptions below for
                    more on this.

    DATA INTEGRITY - protects against (OR ATLEAST TRYS TO DETECT) unauthorized
                     changes of data

    IDENTIFICATION, AUTHENTICATION, AND ACCESS CONTROL :  *
         1.Identification- standard name for each system entity (just like
                           every net.
         2.Authentication- ensures that a stated identity is correct (HOW???)
         3.Access Control- limits system resources to a correctly identified
                           system

    "(2) Subscribers should not pay for or be hampered by unneedded security"
      ^\______ Interesting...who does pay for un-needed security then?!?

    ""(4) Subscribers should share responsibility for security where appro-
       priate"  <----<<<< COULD THIS BE A MAJOR DOWNFALL?? Hmm...
         * - As for I,A, and AC(above) These services are subscriber respons-
             ibility except for major communities and subcommunities.

                        STRUCTURE OF THE DDN :
    The primary elements are computers called switches which communicate
    via inter-switch trunks.(DCA owns the switches and leases most trunks)

    Each subscriber connects to DDN as a HOST or a TERMINAL.  DDN serves hosts
    at the OSI (Open Systems Interconnect) network level; the Host - Switch
    interface is the standard X.25 (CCITT). Many of the hosts are gateways to
    other nets (mainly LANs) and the number of gateways is increasing.

    Special Hosts:
         Montitor Centers (MC) : they manage the switches, trunks, and other
                   special hosts.
         Name Server hosts - they translate the addresses of the other hosts

         Terminal Access Controllers (TACs) - more limited DDN service. Instead
                   of a direct Host-to-Switch connection you can connect to a
                   TAC (via dial-up) and be addressed as a terminal by DDN
                   through TAC. TAC uses TELNET protocol so terminal can
                   communicate with a second DDN Host as if directly connected.

         TAC Access Control Systems (TACACS) - prompt user to login at a TAC

    Priority Access:
    All DDN switches can handle data packets according to 4 level hierarchy
    system.  precedence lavels are assigned to hosts and terminals by the Joint
    Chiefs of Staff.  To my knowledge this hasn't been implemented yet.

    Host to Host Encryption:
    DISNET uses a end-to-end encryption system (E3) called BLACKER. These are
    installed on each host-to-switch path of all hosts including TACs .  These
    BLACKER front end devices (BFEs) encrypt all data packets but leave the X.25
    header unencrypted for the backbone to use.  The BLACKER system includes a
    Key Distribut-ion Center (KDC) and Access Control Center (ACC) hosts.
    BLACKER is a Class A1 System (under the Trusted Computer System Evaluation
    Criteria / "Orange Book"), and it will be able to prevent a community MC
    from communicating with other MCs in other communities; this will not happen
    for a while and the MC sites will still have a terminal through a TAC
    directly to a switch without going through BFE.

    Bridges between Nets:
    The plan calls for limited gateways between MILNET and DISNET to allow
    unclassified data traffic (in the form of store-and-forward electronic mail
    in both directions).  Data entering DISNET from MILNET will be identified as
    such by the bridge.
    The DDN plans forbid a subscriber from connecting to both MILNET and DISNET
    and also forbids DoD system to connect both to a DDN segment and to a
    segment that does not conform to DDN security structure.

    Other Stuff:
    To insure that every subscriber system can exercise discretionary access
    control over its resources through DDN, and of DDN resources via the
    subscriber system, DDN requires that all subscribers be TCSEC Class C2
    secure.  By september '92 any non-complying system will need OSD and JCS
    waivers or DCA can remove them from the Net.

    DDN plans to segregate subscribers according to whether or not they meet the
    TCSEC C2 requirement.  Conforming systems comprise a Trusted Subcommunity
    within each security level.  Within this subcommunity hosts can freely
    communicate.  NonConforming systems with waivers will form Closed
    Communities within each  level.  Direct net communications between
    subcommunities will be prevented by switching logic in MILNET and by BLACKER
    in DISNET except over trusted bridges.

             Downloaded From P-80 Systems 304-744-2253

Defense Data Network Security Bulletin #6

**********************************************************************
DDN Security Bulletin 06         DCA DDN Defense Communications System
1 Nov 89                Published by: DDN Security Coordination Center
                                     (SCC@NIC.DDN.MIL)  (800) 235-3155

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The bulletin
pathname is SCC:DDN-SECURITY-nn (where "nn" is the bulletin number).

**********************************************************************

                       SUN RCP VULNERABILITY

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
!                                                                       !
!   The following important advisory was issued by the Computer         !
!   Emergency Response Team (CERT) and is being relayed via the Defense !
!   Communications Agency's Security Coordination Center distribution   !
!   system as a means of providing DDN subscribers with useful          !
!   security information.                                               !
!                                                                       !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

			    CERT Advisory

			   October 26, 1989

			Sun RCP vulnerability

A problem has been discovered in the SunOS 4.0.x rcp.  If exploited,
this problem can allow users of other trusted machines to execute
root-privilege commands on a Sun via rcp.

This affects only SunOS 4.0.x systems; 3.5 systems are not affected.

A Sun running 4.0.x rcp can be exploited by any other trusted host
listed in /etc/hosts.equiv or /.rhosts.  Note that the other machine
exploiting this hole does not have to be running Unix; this
vulnerability can be exploited by a PC running PC/NFS, for example.

This bug will be fixed by Sun in version 4.1 (Sun Bug number 1017314),
but for now the following workaround is suggested by Sun:

Change the 'nobody' /etc/passwd file entry from

nobody:*:-2:-2::/:

to

nobody:*:32767:32767:Mismatched NFS ID's:/nonexistant:/nosuchshell

If you need further information about this problem, please contact
CERT by electronic mail or phone.

J. Paul Holbrook
Computer Emergency Response Team (CERT)
Carnegie Mellon University
Software Engineering Institute

Internet: <cert@SEI.CMU.EDU>
(412) 268-7090 (24 hour hotline)
*******************************************************************
����
Downloaded From P-80 International Information Systems 304-744-2253

Defense Data Network Security Bulletin #5

***********************************************************************
DDN Security Bulletin 05         DCA DDN Defense Communications System
23 Oct 89               Published by: DDN Security Coordination Center
                                     (SCC@NIC.DDN.MIL)  (800) 235-3155

                        DEFENSE  DATA  NETWORK
                          SECURITY  BULLETIN

The DDN  SECURITY BULLETIN  is distributed  by the  DDN SCC  (Security
Coordination Center) under  DCA contract as  a means of  communicating
information on network and host security exposures, fixes, &  concerns
to security & management personnel at DDN facilities.  Back issues may
be  obtained  via  FTP  (or  Kermit)  from  NIC.DDN.MIL  [26.0.0.73 or
10.0.0.51] using login="anonymous" and password="guest".  The bulletin
pathname is SCC:DDN-SECURITY-nn (where "nn" is the bulletin number).

**********************************************************************

                      ULTRIX 3.0 BREAK-IN ATTEMPTS

+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +
!  Although there are only thirteen MILNET sites running any version of   !
!  Ultrix, the SCC is forwarding this CERT Advisory as an aid to those    !
!  Internet sites which may be affected.  Note that these problems        !
!  have affected only sites running Ultrix 3.0.                           !
+ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +

			     CERT Advisory
			DEC/Ultrix 3.0 Systems

Recently, the CERT/CC has been working with several Unix sites that
have experienced break-ins.  The bulk of the problems have stemmed from
hosts running tftpd, accounts with guessable passwords or no
passwords, and known security holes not being patched.

The intruder, once in, gains root access and replaces key programs
with ones that create log files which contain accounts and passwords in
clear text.  The intruder then returns and collects the file.  By using
accounts which are trusted on other systems, the intruder then installs
replacement programs which start logging.

There have been many postings about the problem from several other net
users.  In addition to looking for setuid root programs in users' home
directories, hidden directories '..  ' (dot dot space space), and a modified
telnet program, we have received two reports from Ultrix 3.0 sites that
the intruders are replacing the /usr/bin/login program.  The Ultrix security
hole being used in these attacks is only found in Ultrix 3.0.

Suggested steps:
	1) Check for a bogus /usr/bin/login.  The sum program reports:
		27379    67	for VAX/Ultrix 3.0

	2) Check for a bogus /usr/etc/telnetd.  The sum program reports:
		23552    47	for VAX/Ultrix 3.0

	3) Look for .savacct in either /usr/etc or in users' directories.
	   This may be the file that the new login program creates.  It
	   could have a different name on your system.

	4) Upgrade to Ultrix 3.1 ASAP.

	5) Monitor accounts for users having passwords that can be found in
	   the /usr/dict/words file or have simple passwords like a persons
	   name or their account name.

	6) Search through the file system for programs that are setuid root.

	7) Disable or modify the tftpd program so that anonymous access to
	   the file system is prevented.

If you find that a system that has been broken into,  changing the password
on the compromised account is not sufficient.  The intruders do remove copies
of the /etc/passwd file in order to break the remaining passwords.  It is best
to change all of the passwords at one time.  This will prevent the intruders
from using another account.

Please alert CERT if you do find a problem:

Computer Emergency Response Team
Email: cert@sei.cmu.edu
Telephone: 412-268-7090 (answers 24 hours a day)

For general questions, contact the SCC:

DDN Security Coordination Center
Email: scc@nic.ddn.mil
Telephone: 800-235-3155 (7 a.m. to 5 p.m. Pacific time)

**********************************************************************
����������������������������������������������������������������������������������������������������������������������������
Downloaded From P-80 International Information Systems 304-744-2253