The ROT Guide to Gandalf XMUX’s by Deicide

The
–=RoT=–
Guide To
GANDALF XMUX’S
———————–
Written by:
Deicide
===========================
*NOTE: While writing this file i assumed that the reader has a working
knowledge of Packet-Switching Networks(Such as Sprintnet, Tymnet & Datapac).
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

The Gandalf XMUX is made by Gandalf Technologies Incorporated. It is
one of the 3 popular systems Gandalf makes, the others being the Starmaster
and the PACX. These systems are very closely knit, as you’ll see later, but
the focus of this g-file is on the XMUX system. I still don’t have a XMUX
manual, so this file will be a bit incomplete, but it will give you a good
sense of the system; How to Identify it, How to Penetrate it, and How to Use
it. There are a number of security flaws in the XMUX, all of which can be
circumvented but frequently are not. Occasionally you will find an
unpassworded console, in that case just move on to the How to Use it section.
The Gandalf systems are very frequently found on all the major
packet-switching networks, as Gandalf’s themselves often serve as network
controllers. Most of the major companies, such as Xerox & Bell Canada, use
XMUX’s, so it is a good idea to become familiar with the system.

How To Find Your XMUX & How To Identify It
——————————————
First of all, if you find an unpassworded XMUX it will tell you by the
herald “Gandalf XMUX Primary Console Menu” followed by the menu itself. Skip
this part for now.
But for the rest of you, you probably still need to find your XMUX, and you
need to know how to identify it.
Before we get further into this, a small amount of knowledge of the whole
scope of the XMUX is needed. Every XMUX is made up of at least 4 parts,
each present on every single XMUX. These parts are called:
– Console
– Fox
– Logger
– Machine
The Console is the actual system, the part that has to be hacked, the part
that contains the information we are attempting to retrieve.
The Fox is a test machine, serving no other purpose except to spout
“THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG 1234567890 DE” over and over
again.
The Logger is displays a line or two of information such as the time & the LCN
called, for the most part unimportant. But it does contain the node name.
The Machine is basically a system information giver. I have yet to discover
all of it’s commands, but S gives some systems stats(including the node name)
and L is an optional command that supplies the user with a system log(which
contains link addresses & UID’s).
All of these can be useful in some way.
The XMUX can be found in a number of ways:
– On a standard NUA(XXXX XXXX)
– On a standard NUA + extention(XXXX XXXX,XXXXXXXX)
– On extentions off of Starmasters & PACXs.(XXXX XXXX,XXXXXXXX)
– On LCN’s(subaddressing) off any other type of system/OS.
??????????????????????????????????????????????????????????????????????????????
NOTE:”Password >” is the password prompt for the XMUX Console, occasionally
proceeded by an operator definable system message such as “Vancouver XMUX”.
To be sure that this is a XMUX prompt, hit . If it returns the message
“Invalid Name
Names must consist of 1 to 8 alphanumeric characters”
Then you are dealing with the XMUX Console.
??????????????????????????????????????????????????????????????????????????????
On a standard NUA it will bring you right to the “Password >” prompt, no
hassles. You can then proceed to the section that deals with hacking the
console.
On a standard NUA + extention, it is not so easy. When you first hit the NUA,
it will give you the “Remote Directive” error message, telling you that you
“forgot” the extention. Now, the error message could mean you forgot the
extention for a VAX, also, but we will assume that it is a XMUX on the NUA.
This is true only a fraction of the time, but try this on every Remote
Directive message, you’ll find a good share of XMUX’s. First of all, try the
LCN(subaddress) of 1 on the NUA. If you come up with the Fox segment of the
XMUX(explained earlier) then you have an XMUX Console on the NUA, it’s just
hiding. If the LCN brings up the Remote Directive message again, then try
the extention of LOGGER on the NUA. If it brings up the XMUX Logger, then
again, the XMUX Console is there, but with a bit of security added on. If you
now know that you are on an XMUX, try the CONSOLE extention. It should bring
you to the “Password >” prompt, or occasionally right inside without needing
a password.
Starmaster’s and PACX’s almost ALWAYS have an XMUX attached on to it. Use the
Starmaster or PACX’s NUA + the extention CONSOLE. It will most likely bring
you to the “Password >” prompt.
The LCN’s off all the other system/OS types is a bit more complicated. You
can either guess,pick the likely ones, or try them all. What this is is an
XMUX in coexistance with another type of system, such as AOS/VS. The most
common way to find these is by adding an LCN of 1 to the NUA of the system.
If it comes up with the XMUX FOX section, then you can be sure an XMUX is
present. To find the XMUX Console, use LCN’s of 4 and above(2 & 3 being Logger
and Machine), up to the LCN of 15(maximum on XMUX). If you still haven’t found
the Console, and it’s returning the Remote Directive error message, now’s the
time to use the CONSOLE extention. In most cases it’ll bring up the
“Password >” prompt, or right into the Console Menu.

HOW TO PENETRATE THE XMUX CONSOLE “PASSWORD >” PROMPT
—————————————————–
To start you off, XMUX Console Passwords MUST be within 1 to 8 alphanumeric
characters. Any combination within that boundary is an acceptable password.
Now, while it is true that the password could be a random letter/number
combination, such as G2Z7SWJ8, and therefore extremely impractical to hack, it
is almost a given that the password is a relevant word or abbreviation, with
not more than one numeric character, which is usually not even included.
Also, you get 4 attempts at a password before being logged off, and remember,
you don’t even need to find a username.
When you first reach the “Password >” prompt it’s a good idea to try the
defaults(in order of occurance):
– Gandalf
– Xmux
– Console
– System
Also, Password(no, really), Network, CPU, Switch & Network are also frequently
found.
Then, if the defaults don’t work, it’s time for a little calculated brute
forcing. If the system has a herald, such as “BenDover Field Communications”
then try everything you possible can thing of that is relevant to the herald,
such as Bendover, Ben, Dover, BDFC, Field, Telecom, etc. Also, combine these
with the defaults, particularly Xmux. As in BenXMUX, or FieldMux, etc.
If there is no herald, or all the thing you can think of to do with the
herald fail as passwords, then it is time to get the node name. The node name
is used very frequently as a password, thus a good thing to try. But where to
get the node name with out getting the password first? It is contained in two
other places other than the Console, with ALWAYS at least one of the
facilities open to you. The Logger(LCN 2, or extention LOGGER) always spurts
out the log name first upon connect. This is always available, i have only
seen one case in which the Logger information was protected, and that was
achieved by wiping it out, which very few people do. The other source is the
Machine(LCN 3, or extention MACHINE), a very handy source of information.
You will recognize the Machine by its “#” prompt. At this prompt type “S” for
system stats. The first thing you see in the system stats is the Node Name.
Also, with machines type “L”. Occasionally it will be set to show the log,
which contains the Link Addresses(usually other netted computers, frequently
Gandalfs) and UID’s as well. Try the Node Name by itself as a password, then
in combination with all the above, such as a combo of Default & Node Name.
If you follow all these above methods, 50% of the time you will find the
password. Remember, people are stupid. An elitist attitude, but it works.
If you don’t get the password, don’t worry, there are many more XMUX’s out
there with poor security, go for those. But before you move on, try the LCN’s
from 4-15, frequently you’ll find another system, often a private PAD or an
outdial.

WHAT TO DO WITH THE XMUX CONSOLE ONCE INSIDE
——————————————–
For those itching to read other people’s mail, or retrieve confidential
files, etc, you will be very disappointed. Although once inside the XMUX
Console you have virtual Superuser status, the commands are all maintenance
related. But, often you will find other systems, quite often networks, PADs,
& outdials from inside.
You will first encounter the primary menu, which looks similar to this:
Gandalf XMUX (date)
Rev(version) Primary Console Menu (time)
Node:(nodename)
Primary Menu:
1. Define
2. Display
3. Maintenance
4. Supervise
5. Exit
Primary selection >

Now, although there are some other useful and interesting features to the
XMUX console, i will only show you the 3 most useful features, those being
Abbreviated Command, Service & Call Status.
Abbreviated Command is an option found in the Define sub-menu. Hit 7 once
inside the Define sub-menu to bring up the Abbreviated Command prompt. Type
a ? to show all the abbreviated commands. If there are none, curse your luck
and move on to the next feature. If there are some, type them in, one at a
time. Each Abbreviated command is really a macro, and a macro of a NUA plus
the subaddressing and data character extension needed to enter the system.
These can be very useful, not only for the NUA & subaddress, but for the fact
that the extension is included. Most times extensions are hard if not
impossible to guess, and the macro throws it right in your face. The
Abbreviated Command is in the format of XXXXXXXXdEXTENSION, in that the X’s
are where the NUA is placed, the EXTENSION is the extension characters, and
the ‘d’ is really where the comma goes to separate the two. So if the
Abbreviated Command was 55500123dabc, the NUA would actually be
– 55500123,abc –
Service is a menu option also from the Define sub-menu. What it enables
you to do is view all the services available, plus their function &
LCN. Type “11” from the define menu, then “?” for a list of the services
available. Console, Fox, Logger & Machine will always be present. Anything
else is a bonus, and should be capitalized upon. For example, if you see
“Modem” as one of the services, then enter “Modem” from the Service
sub-sub-menu to see which LCN the modem is on.
Display Call Status is a handy command used from the Display sub-menu
which gives a log of all the calls the system has handled. In the call log
are the NUA’s of the system that called, often a netted system such as another
Gandalf.

CONCLUSION
———-
Well, that’s all for now..if you have any questions or comments you can
reach me at the RoT HQ’s listed below, or most of the other RoT sites.
BTW, for anybody truly interested in any of the Gandalf types, contact me and
i’ll supply you with the NUA’s for Gandalf Technologie’s BBS &
Employee/Manager Sites…..
Deicide
-=RoT=- H/P Coordinator

-=RoT=- -=RoT=-
WHQ US HQ
6 ŸîîT –ïDäR The Cellar
(604) 824-0317 (401) PRI-VATE

Packet Networks I and other Tymnet Information by Digital Demon, 1990

************************************************************

PACKET NETWORKS I

written and compiled
BY

THE DIGITAL-DEMON
(C) DEC. 29, 1990

************************************************************

Well this phile started out is way as a plain informational text on tymnet. Well I figured not to long into the work that I might as well make it a general thing with just a the basics on tymnet. There are too many packet networks out there, but it is hard to find things just on one networks. So therefore this will be the first installment of a series on packet networks.

Included in this phile are dialups for local tymnet numbers. It is true that it is not necessary for everyone, but they are there just in case. This phile is meant for those novice to the networks, though the lists of nuas provided will be helpful for anyone in the field. Note that from TYMNET it requires special NUIs to access anything in the 3106 DNIC which is tymnet.

Many networks are not accessable from others do to refusing collect calls, non-supported by the network, or network congestion which happens a lot between systems that have few connections between them. If you have problems on anything within this phile please contact me on QSD and I will help you.

QSD for those that don’t know can be accessed by dialing 18002220555 (that is tymnet) entering an ‘a’ or an ‘o’ for terminal identifier (or one of the others presented within), for login type an NUI (in this case try ‘video’) and at the ‘;’ prompt type ‘208057040540’ from there you may see me on the system, if not, then write to ‘FED’ or ‘THANATOS’ in the mailing system.

CTR NUA NAME,UID,PW,REMARK
============================================================AUS 05052 28621000 ANGLO/AUSTRALIAN OBSERVATORY
AUS 05053 210003 MIDAS FOX TEST
CH 02284 64110115 DATA.STAR
CH 02284 6911003 NOS.CYBER,CIA0543,GUEST
CH 02284 79110650 KOMETH.TELEPAC
CH 02284 64110110 DATASTAR
CH ? 02284 68113150 MANAGEMENT JOINT TRUST
D 02624 5221040006 MEDICAL DOCS,COLOGNE
D 02624 5400030035
D 02624 5400030041
D 02624 5400030104
D 02624 5400030138
D 02624 5400030296 DFH2001I
D ? 02624 5400030519
D 02624 5400030566 DFH2001I
D 02624 5400090184 VAX
D 02624 5400091110 DT.MAILBOX
D 02624 5621040000 TELEBOX
D 02624 5621040025 OEVA
D ? 02624 5621040026 HOST
D 02624 5621040532
D 02624 5621040580 DYNAPAC MULTI-PAD.25
D 02624 5621040581 DYNAPAC MULTI-PAD.25
D 02624 5621040582
D 02624 5724740001 GERMAN CENTRE FOR TECH.
D 02624 5890040004 ACS.MUNICH
D 02624 5890040220 HOST
D 02624 5890040221 HOST
D 02624 5890040281 DATUS.PAD/PCX.PAD
D 02624 5890040510
D 02624 5890040522 PLESSEY.SEMICOND.VAX
F 02080 34020258
F 02080 91190258 LURE SYNCHROTRON SOURCE
GB 02342 12300120 D.I.SERV.
GB 02342 12301186
GB 02342 1300011
GB 02342 1440012
GB 02342 15710104
GB 02342 19200118 AUTONET
GB 02342 19200146
GB 02342 19200154
GB 02342 19200190 PERG.INFOLN.
GB 02342 19200203
GB 02342 19200222
GB 02342 19200300 UNI.LONDON
GB 02342 19200304
GB 02342 19200394 SIANET
GB 02342 19200871
GB 02342 19201002
GB 02342 1920100515 HOSTESS
GB 02342 1920100615
GB 02342 192010100513
GB 02342 1920101013
GB 02342 1920101030
GB 02342 19709111
GB 02342 206411411 UNI.ESSEX
GB 02342 20641141 UNI.ESSEX
GB 02342 22236236
GB 02342 2271511 —,GUEST,FRIEND (CALL PIP)
GB 02342 2790014302 ALCATEL
GB 02342 12080105
GB 02342 12300120 DIALOG VIA DIALNET IN LONDON
GB 02342 123002920
GB 02342 12301281 ONE TO ONE COMMS
GB 02342 13900101 ALVEY MAIL FACILITY
GB 02342 1390010150 ALVEY MAIL SYS FTP
GB 02342 19200100 UNI OF LONDON COMPUTING CENTRE
GB 02342 19200171
GB 02342 19200220 BRITISH LIBRARY ON-LINE SYSTEM
GB 02342 19200300 UNIVERSITY COLLEGE, LONDON
GB 02342 19200394 COMPUTER SERVICES, LONDON
GB 02342 1920100513 BRITISH TELECOM SERVICES
GB 02342 1920100620 P. ON-LINE BILLING SERVICE
GB 02342 1920102517
GB 02342 20641141 UNI OF ESSEX FTP
GB 02342 2223616300 CARDIFF UNIVERSITY MULTICS
GB 02342 27200110 GEAC 8000 ITI
GB 02342 27200112 HEWLETT PACKARD LABS, BRISTOL
GB 02342 31300101 PRIME OFFICE, EDINBURGH
GB 02342 31300102 FORESTRY COMMISSION FTP
GB 02342 31300105 LATTICE LOGIC LTD
GB 02342 31300107
GB 02342 34417117 ICL BRACKNELL
GB 02342 41200107
GB 02342 4620010243 ICL WEST GORTON ‘B’ SERVICE
GB 02342 4620010248 ICL WEST GORTON ‘X’ SERVICE
GB 02342 4620010277 FTP FOR ICL WEST GORTON PERQ
GB 02342 4620010277 ICL WEST GORTON PERQ
GB 02342 46240240 ICL KIDSGROVE
GB 02342 53300124 LEICESTER
GB 02342 5820010604 AGRENET CPSE
GB 02342 60227227 UNI OF LEICESTER FTP
GB 02342 61600133 IBM – SALE
GB 02342 61600133 IBM SALE FTP
GB 02342 61643365 ICLBRA
GB 02342 6164336543 ICL WEST GORTON ‘B’ SERVICE
GB 02342 6164336548 ICL WEST GORTON ‘X’ SERVICE
GB 02342 6164336577 FTP FOR ICL WEST GORTON PERQ
GB 02342 6164336577 ICL WEST GORTON PERQ
GB 02342 64200136 PRIMENET
GB 02342 70712217 HATFIELD POLYTECHNIC
GB 02342 75312212 BRITISH OXYGEN
GB 02342 75312212 THE WORLD REPORTER
GB 02342 78228282 ICL LETCHWORTH
GB 02342 78228288 ICL LETCHWORTH
GB 02342 90468168
GB 02342 90840111 SCICON, SOUTH ENGLAND
GB 02342 93765265 BRITISH LIBRARY LENDING DIVI.
IRL 02724 31540002 EUROKOM (UNIV COLLEGE DUBLIN)
IRL 02724 3154000803 IRL.HEA.TCD.DEC20 (TOPS-20)
IRL 02724 3159000630
NL 02041 294002 DUPHAR WEESP,HOLLAND
SF 02442 03008 VAX 11/750 IN FINLAND
USA 03020 58700900 DATAPAC
USA 03020 60100010 UNI.ALBERTA
USA 03106 0050
USA 03106,DELPHI TYMNET
USA 03110 2020014275
USA 03110 20423
USA 03110 4150002000 D.I.SERV.
USA 03110 60300020 COL.DARTMOUTH
USA 03106 GATEWAYS
USA 03106 000000 Unknown
USA 03106 000023
USA 03106 000032
USA 03106 000034
USA 03106 000050 NLM MIS bsd unix
USA 03106 000060
USA 03106 000065
USA 03106 000066 BCS ** to be investigated **
USA 03106 000071
USA 03106 000081 COMPUTONE ** to be investigated **
USA 03106 000093
USA 03106 000096 REMOTE COMPUTING
USA 03106 000098 LOCKHEED DATAPLAN
USA 03106 000101 SIO
USA 03106 000113 1=LINK SYS
3=BANK OF USA,ABACIS,DIRECTOR)
USA 03106 000155
USA 03106 000173 TYMNET/CODAN NET. Inter-link
USA 03106 000179 LBL
USA 03106 000188
USA 03106 000210
USA 03106 000227
USA 03106 000241 HOST A,4 BAIFS BANK OF AMERICA
S,3 SFDCS1
USA 03106 000249
USA 03106 000280 HONEYWELL MPL
USA 03106 000289 ROSS SYSTEM (32,26,2,3,12,20,21)
7,5,17,18,47,51,A – unknown VAX systems
14,15 – RSTS ROSS SYSTEMS
9,43,44,45,48 – MICRO VMS VAX
USA 03106 000307 INFOMEDIA SERVICE CENTRE ONE
USA 03106 000315
USA 03106 000327
USA 03106 000331 (VM/370 system)
USA 03106 000377 MONSANTO AD RESEARCH PRODUCTION
APPLICATION NETWORK
USA 03106 000379
USA 03106 000401 TMCS PUBLIC NETWORK
USA 03106 000411 TYMNET/BOSTON/TNS-PK1 interlink
USA 03106 000423 CORPORATE COMPUTER SERVICES
USA 03106 000424 (link to 4 VM/370 systems)
USA 03106 000428 AAMNET
USA 03106 000439 MIS 2 (cierr 1402)
USA 03106 000463 SIGNETICS VM/370
USA 03106 000464
USA 03106 000496
USA 03106 000497 UBS COMPUTER SYSTEMS (host)
USA 03106 000498
USA 03106 000515 ONTYME II
USA 03106 000581
USA 03106 000585 C/C/M
USA 03106 000619 SPNB VM/370
USA 03106 000632 TYMNET/TRWNET inter-link
USA 03106 000633 PUBLIC TYMNET/TRWNET INTERLINK
USA 03106 000636 LINK TO TRAC SYSTEMS (over one 120 terminal)
USA 03106 000646
USA 03106 000664
USA 03106 000674
USA 03106 000685 MTS-A RESEARCH (HOST) 10 – TOPS-20,
12 – UNKNOWN
14 – UNKNOWN,
20 – MTS(C) TOPS-20
30 – MTS(F) TOPS-20,
32 – UNKNOWN
USA 03106 000704 TYMNET-CUP(704)/DUBB-NTS(4) inter-link
USA 03106 000715 TYMNET TEST system
USA 03106 000729 (VM/370 system)
USA 03106 000731
USA 03106 000742 LADC L66A
USA 03106 000755 CORPORATE COMPUTER SERVICES
USA 03106 000759
USA 03106 000760 DEC host Solar Cae/Cam
USA 03106 000761 DOJ host
USA 03106 000788 TYMNET-6754/McGRAWHILL inter-link
USA 03106 000793 J&J HOST
USA 03106 000798
USA 03106 000800 link to: CSG VAX, CYBER 815, SB1,
SB2, SB3, SCN-NET
USA 03106 000821
USA 03106 000832 ONTYME II
USA 03106 000842
USA 03106 000850 CISL SERVICE MACHINE
USA 03106 000859
USA 03106 000871
USA 03106 000898 P&W
USA 03106 000932
USA 03106 001010 DITYMNET01
USA 03106 001024
USA 03106 001030
USA 03106 001036 IBM1
USA 03106 001042 IDC/370
USA 03106 001043
USA 03106 001053 STRATEGIC INFORMATION
USA 03106 001056 SYNTEX TIMESHARING
USA 03106 001105 HOST SGNY 1 – VAX II PRODUCTIONS SYSTEM
3 – VAX II PRODUCTIONS SYSTEM
(tried to 5)
USA 03106 001110
USA 03106 001134 COMPUSERVE
USA 03106 001141 MESSAGE SERVICE SYSTEM (FOX)
USA 03106 001143
USA 03106 001152
USA 03106 001158 TYMNET USER SERVICE
USA 03106 001227 ACF2
USA 03106 001288
USA 03106 001304 ONTYME II
USA 03106 001309
USA 03106 001316
USA 03106 001320
USA 03106 001328
USA 03106 001330 MULTICS, HVN 862-3642
USA 03106 001341
USA 03106 001358
USA 03106 001361 THOMPSON COMPONENTS-MOSTEK CORPORATION
USA 03106 001383 HOST 1,A – TILLINGHAST BENEFITS T.SHAR.SYS.
2,C – TILLINGHAST INSURANCE T.SHAR.SYS.
4,D – OUTDIALS
6 – TILLINGHAST VAX 8600
(tried to 10,G)
USA 03106 001391 SOCAL
USA 03106 001399 C80
USA 03106 001400 TMCS PUBLIC NETWORK
USA 03106 001410 DATALYNX/3274 TERMINAL
USA 03106 001417
USA 03106 001434 (host system) – double digits
VM is active, tried to BZ
USA 03106 001438
USA 03106 001443
USA 03106 001467 STN INTERNATIONAL
USA 03106 001482 FNOC DDS
USA 03106 001483 ADR HEADQUARTERS
USA 03106 001487
USA 03106 001488 (cierr 1402)
USA 03106 001502 ARGON NATIONAL LAB
USA 03106 001508 IDC/370
USA 03106 001509
USA 03106 001514 (HOST) DC-10
USA 03106 001519
USA 03106 001533 SBS DATA CENTRE
USA 03106 001557
USA 03106 001560
USA 03106 001572 PRIMECON NETWORK (system 50)
USA 03106 001578
USA 03106 001589
USA 03106 001594 CON138
USA 03106 001611
USA 03106 001612 TYMNET-NEWARK/TSN-MRI inter-link
USA 03106 001616 TYMNET-5027/McGRAW HILL inter-link
USA 03106 001624
USA 03106 001642 Host, A – CORNELLA (system choices displayed)
USA 03106 001659 BYTE INFORMATIO EXCHANGE,GUEST,GUEST
USA 03106 001663 PEOPLE LINK
USA 03106 001665
USA 03106 001709
USA 03106 001715 TYMNET/BOFANET inter-link
USA 03106 001727
USA 03106 001757
USA 03106 001763
USA 03106 001765
USA 03106 001766 PRIMENET
USA 03106 001769 S.C. JOHNSON & SON R & D COMPUTER SYSTEMS
USA 03106 001789 HOST WYLBUR.N – CICS TWX A,C,D,G,H,P,R,S,V,Z
USA 03106 001799 (HOST) classes: 5 – VM/370, 20,23,26 UNKNOWN
(TRIED TO 32)
USA 03106 001807
USA 03106 001817 MITEL Host (no luck up to sys 20)
USA 03106 001819 TMCS PUBLIC NETWORK
USA 03106 001831 MULTICS
USA 03106 001842
USA 03106 001844
USA 03106 001851
USA 03106 001853
USA 03106 001854
USA 03106 001857
USA 03106 001864 SUNGARDS CENTRAL COMPUTER FACILITY NETWORKS
USA 03106 001873 MULTICS MR10.2I
USA 03106 001874
USA 03106 001880
USA 03106 001881
USA 03106 001892 PRIMENET (certain hours)
USA 03106 001897
USA 03106 001912
USA 03106 001977
USA 03106 002040
USA 03106 002041
USA 03106 002046 MITEL CORP IN KANATA
USA 03106 002050 TYMNET/BOFANET inter-link,ABACIS,SFDCS1
1 – link,
2 – SFDCS1,DIRECTOR,
3 – ABACIS,ABACIS
A – ABACIS 2
(note, Abacis may be used as
U/N for many systems on tymnet)
USA 03106 002060
USA 03106 002070
USA 03106 002086
USA 03106 002095 COMODEX ONLINE SYSTEM
USA 03106 002098 D & B,COMMANDO,DIRECTOR,FUCK
USA 03106 002099 D & B,COMMANDO,ASSASIN,SHIT
USA 03106 002100 D & B,COMMANDO,DIRECTOR,FUCK,RAIDER
USA 03106 002109 TYMNET/15B (inter-link)
USA 03106 002164 MITRE SYSTEM
USA 03106 002179
USA 03106 002188
USA 03106 002196
USA 03106 002200
USA 03106 002201
USA 03106 002212
USA 03106 002222
USA 03106 002286 Primenet TFGI
USA 03106 002299 CONSILIUM
USA 03106 002306
USA 03106 002314
USA 03106 002320
USA 03106 002329 MFE
USA 03106 002330
USA 03106 002384
USA 03106 002387 ** TO BE INVESTIGATED **
USA 03106 002391
USA 03106 002408
USA 03106 002418 UNC VAX
USA 03106 002443 DATAHUB
USA 03106 002445
USA 03106 002446
USA 03106 002453 PRIMENET
USA 03106 002470
USA 03106 002496 NOS SOFTWARE SYSTEM
USA 03106 002519
USA 03106 002537
USA 03106 002539 TYMNET/CIDN Inter-link
USA 03106 002545 CENTRE FOR SEISMIC STUDIES
USA 03106 002578 SEL
USA 03106 002580 ** to be investigated **
USA 03106 002584 (HOST)
USA 03106 002602 MULTICS
USA 03106 002603 MULTICS system M
USA 03106 002609 CON5
USA 03106 002614 HOST
USA 03106 002623 VAX/VMS,GUEST
USA 03106 002624 SUNEX-2060 TOPS-20
USA 03106 002632
USA 03106 002635 QUOTDIAL
USA 03106 002646
USA 03106 002657
USA 03106 002667
USA 03106 002677 THE TIMES
USA 03106 002694 PVM3101,SPDS/MTAM, MLCM,VM/SP,STRATUS-1,STRATUS-2
USA 03106 002700 ANALYTICS SYSTNE
USA 03106 002709 AUTONET
USA 03106 002713
USA 03106 002730
USA 03106 002732
USA 03106 002744
USA 03106 002765 MULTICS
USA 03106 002768 (cierr 1402)
USA 03106 002779 SCJ TIMESHARING
USA 03106 002790 VM/370
USA 03106 002800
USA 03106 002807 ISC
USA 03106 002824
USA 03106 002842
USA 03106 002843
USA 03106 002851 CHEM NETWORK DTSS
USA 03106 002864 RCA SEMICUSTOM
USA 03106 002871 (same as 5603)
USA 03106 002875 (cierr 1402) MTECH/COMMERCIAL SERVICES DIVISION
USA 03106 002889 ** to be investigated **
USA 03106 002901
USA 03106 002910 (CIERR 1402)
USA 03106 002921 CHRYSLER NETWORK
USA 03106 002971
USA 03106 002991 US MIS IS400
USA 03106 002995 VAIL VAX
USA 03106 002998 TYMNET/FIRN DATE NETWORK Inter-link
USA 03106 003002 MULTICS
USA 03106 003009
USA 03106 003028 DCOM class – 0
USA 03106 003030 DCOM class – 0 *investigate*
USA 03106 003036
USA 03106 003050 ATPCO FARE INFORMATION SYSTEM
USA 03106 003062 (Host) class 0,1 ** to be investigated **
USA 03106 003079 VM/370
USA 03106 003092 TYMNET/PROTECTED ACCESS SERVICE SYS. Inter-link
USA 03106 003168 VM/370
USA 03106 003214 VM/370
USA 03106 003220 VM/370
USA 03106 003221 VM/370
USA 03106 003248
USA 03106 003284 COMPUFLIGHT
USA 03106 003286 VAX
USA 03106 003295 TYMNET/PROTECTED ACCESS SERVICE SYSTEMS
Inter-link,ABACIS
USA 03106 003297 TYMNET/PROTECTED ACCESS SERVICE SYSTENS
Inter-link,ABACIS
USA 03106 003310
USA 03106 003321
USA 03106 003356
USA 03106 003365
USA 03106 003373 IOCSQ
USA 03106 003394 (HOST WYN) 1 – VM/370,
2 – VM/370,
3 – IKJ53020A,
5 – VM/370
6 – NARDAC – NARDAC
USA 03106 003420
USA 03106 003443 ** TO BE INVESTIGATED **
USA 03106 003520
USA 03106 003527
USA 03106 003529 (CIERR 1402)
USA 03106 003534
USA 03106 003564 (CIERR 1402)
USA 03106 003568 OAK TREE SYSTEMS LTD
USA 03106 003572 NORTH AMERICA DATA CENTRE
USA 03106 003579
USA 03106 003604 VM/370
USA 03106 003605
USA 03106 003623
USA 03106 003797
USA 03106 003828 TYMNET/AKNET Inter-link
USA 03106 003831
USA 03106 003846 (same as 5603)
USA 03106 003879 (CIERR 1402)
USA 03106 003882 BEKINS COMPANY MUS/XA ACF/VTAM NETWORK
USA 03106 003946
USA 03106 003973 FORD -ELECTRICAL ELECTRONIC DIRECTORY
USA 03106 003994 FORD -ELECTRICAL ELECTRONIC DIRECTORY
USA 03106 004007
USA 03106 004016
USA 03106 004028 MDS-870
USA 03106 004041 RCA GLOBCOM’S PACKET SWITCHING SERICE
USA 03106 004092
USA 03106 004125
USA 03106 004129 —,ABACIS
USA 03106 004131 —,ABACIS
USA 03106 004137 TSO, VM/370
USA 03106 004173
USA 03106 004174 VM/370
USA 03106 004202
USA 03106 004206 MAINSTREAMS
USA 03106 004210
USA 03106 004288
USA 03106 004296
USA 03106 004341 (HOST) 2 – VM/370, T – VM/370, 1,3,4,A,C,E,Z
USA 03106 004350 AEC ** TO BE INVESTIGATED **
USA 03106 004365 NATIONAL LIB.OF MEDICINE’S TOXIC.DATA NETWORK
USA 03106 004389 BUG BUSTING MACHINE OF NYN
USA 03106 004468 BETINS COQ,6R5u(VACF/VTAM NETWORK
USA 03106 004472 ROLM CBX DATA-SWITCHING
USA 03106 004499 MRCA
USA 03106 004514 US MISS (IS400)
USA 03106 004530 (Host) active centre AA, ** investigate ! **
USA 03106 004541 (Host)
USA 03106 004545 HMN
USA 03106 004555 #2 CASTER BACKUP
USA 03106 004562
USA 03106 004573
USA 03106 004579
USA 03106 004580 TSO
USA 03106 004619
USA 03106 004645
USA 03106 004702 PRIMENET
USA 03106 004706 (Host)
USA 03106 004726 NALCOCS DEC-10
USA 03106 004743 TYMNET INFO SERVICE
USA 03106 004755 STORE DEVELOPMENT MACHINE
USA 03106 004759 (Host)
USA 03106 004791 MIS GROUP/CAD DIVISION/COMPUTERLAND CORP.
USA 03106 004828 VTAM007
USA 03106 004865 GAB BUSINESS SERVICES
USA 03106 004869
USA 03106 004898
USA 03106 004946
USA 03106 004949
USA 03106 004956 (Host) 0 – Vax,
1 – KL1,
2 – KL,
3 – IBM,
8 – VAX 2,
11 – PC1-130
USA 03106 004957 NEC SEMI-CUSTOM DESIGN CENTRE
USA 03106 005018 (Host)
USA 03106 005034 (cierr 1402)
USA 03106 005058
USA 03106 005062 UIS SUPPB=MQDIRNET
USA 03106 005080
USA 03106 005082 COMPAQ
USA 03106 005107
USA 03106 005119 (Host)
USA 03106 005124 OPERATIONAL INFO SYSTEM VAX
USA 03106 005136 ** to be investogated **
USA 03106 005224 (Host)
USA 03106 005229 UNI.OF PENCILVANIA SCHOOL OF ARTS AND SCIENCE
USA 03106 005267 CHANEL 01
USA 03106 005320 (Host) US DIGMAL COMPUTER SERVICES
USA 03106 005433
USA 03106 005438
USA 03106 005453
USA 03106 005463 VM/370
USA 03106 005528 STRATUS/32
USA 03106 005531 STRATUS/32
USA 03106 005539 VA II/730
USA 03106 005564 STRATUS/32
USA 03106 005566 Host sys A,1 – 3M TRAC SERVICE system ALICE
B,2 – 3M TRAC SERVICE system BAMBI
3 – 3M TRAC SERVICE system CHIP
4 – 3M TRAC SERVICE system DALE
5 – 3M TRAC SERVICE system ELLIOT
6 – 3M TRAC SERVICE system FLOWER
12,7 – 3M TRAC SERVICE system GRUMPY
8 – TRAC CLUSTER VIRGO, SYSTEM HAPPY
9 – TRAC CLUSTER VIRGO, SYSTEM ISABEL
10 – TRAC CLUSTER VIRGO, SYSTEM JUMBO
11 – TRAC CLUSTER VIRGO, SYSTEM KANGA
13 – VAX
18 – DIGITAL ETHERNET
28 – unknown
31 – CIERR 1402
32 – CIERR 1402
33 – CIERR 1402
34 – CIERR 1402
35 – CIERR 1402
36 – unknown
37 – CIERR 1402
38 – unknown
40 – CPU-STP-A
41 – CIERR 1402
43 – UNKNOWN
44 – ATLAS VAX
45 – FAXON INFO SERVICE
46 – ELECTRICAL PRODUCTS
LABORATORY VASX II/750
47,48,49 – unknown
52 – SERC COMPUTER RESOURCES VAX
53 – unknown
54 – SERC COMPUTER RESOURCES VAX
55 – BDS UNIX
81,61 – TRAC CLUSTER LIBRA system LADY
62 – TRAC CLUSTER LIBRA system MICKEY
63 – TRAC CLUSTER GEMINI system NEMO
64 – TRAC CLUSTER GEMINI system OWL
65 – TRAC CLUSTER LIBRA system PLUTO
67 – TRAC CLUSTER GEMINI system QUASAR
68 – unknown
70 – TRAC TIMESHARING VAX
71 – TRAC TIMESHARING VAX
72 – TRACE TIMESHARING VAX
73 – DIGITAL ETHERNET TERMINAL SERVER
74 – TRAC TIMESHARING VAX
76 – TRAC TIMESHARING VAX
81 – TRAC TIMESHARING VAX
USA 03106 005569 STRATUS/32
USA 03106 005571 STRATUS/32
USA 03106 005603 (Host) systems 1,2,3,4,5,C (5=Outdial)
USA 03106 005622
USA 03106 005683 TECHNICAL SUPPORT PRODUCTIONS
USA 03106 005697
USA 03106 005702 AUTH
USA 03106 005704 SPOOL
USA 03106 005705
USA 03106 005706
USA 03106 005707
USA 03106 005708 IFPSE
USA 03106 005709 IFPSE
USA 03106 005711 IFXMP
USA 03106 005712
USA 03106 005725 PRIMENET
USA 03106 005744 (Cierr 1402)
USA 03106 005755 Host system, active links = A,B,C,E,F,H,G,I,
J,K,L,M,O,P,Q,R,
S,T,U,V,W,X,Y,Z
USA 03106 005758 SEI/MUS SYSTEM
USA 03106 005805
USA 03106 005818 CORPORATE MANAGEMENT INFO SYSTEMS
USA 03106 005846 (Host)
USA 03106 005897
USA 03106 005903
USA 03106 005941
USA 03106 005969 PLESSEY SEMICONDUCTORS-IRVINE
USA 03106 005984 CREDIT AGRICOLE-USA
USA 03106 006019 PRIMENET
USA 03106 006046
USA 03106 006093 NALCO CHEMICAL COMPANY NETWORK
USA 03106 006121 CORPORATE MANAGEMENT INFO SERVICE
USA 03106 006187
USA 03106 006190 CLEVELAND
USA 03106 006191
USA 03106 006227
USA 03106 006251
USA 03106 006281 EDCS
USA 03106 006283 EDCS
USA 03106 006296
USA 03106 006432 EASYLINK
USA 03106 006434 EASYLINK
USA 03106 006440
USA 03106 006590 US CENTRA SERVICE
USA 03106 006597
USA 03106 006686
USA 03106 006722 INTERNATIONAL NETWORK
USA 03106 006828
USA 03106 006832 A&A DATANET (SYSTEMS 1,8,0,14)
USA 03106 006833 (GO AWAY)
USA 03106 006834
USA 03106 006835 TOC
USA 03106 006867 DATABILITY TIMESHARING SYSTEM II
USA 03106 006994
USA 03106 007028
USA 03106 007103
USA 03106 007177
USA 03106 007272 (CIERR 1402)
USA 03106 007351 PRIMENET
USA 03106 007352 PRIMENET
USA 03106 007377
USA 03106 007596 (Host) A – VM/370, B – VM/370
USA 03106 007640

NAME NUA
———————————————————-

Us Telemail |031102020014 | |KKCHUNG |520dlk79 |
Uni Brighton |023427050015 | |GUEST |WELCOME |
Sysnet Wien |023224221142 |MAI |Gast |Gast |
|023424126010604 |,5020015 |Birch/Bryan|
Mehlbox HAM | 45400090184 | |Mike |Datexp |
E C H O | 0270448112 | |UK85041D |KS97516E |
B I X |031060057878 | |Rupert |———–|
E X C O N |022849911102001 |Call 130 |EX |
|023422351919169 |,49000001 |Mehlbox/User
Emery ADO | 03106907626 | |CICS4^D |CICS4 |
Netztest AU | 05053210001 | | | |
The Source |0311030100038| |Jinatari |Subscribe |
The Source |0311030100038| |Josh1 |ST861229 |
Delphi |0311061703088| |————|———–|
Nuclear Res. | 03110500061 | | | |
Datapac | 030292100086| |————|———–|
Dallas | 0310600787 | |————|———–|
A M P |023422020010700 |Use Demo Account |
Canada |0302067100901| |————|———–| Telenet |0311020200141| |Telemailintl|Intl Phones|
Sharp Comp. |0234219200203| | | | College LON |0234219200333| | | |
Brit. TELECOM |023421920101030 |,TSTB | |
Database |023422351911198 |,DAADA | | Space Research|0234290524242| | | |
Brit. Oxig. |0234293212212| |,BOC | |
C E R N |022846811405 | | | |
B B D A |02062221006 | | | |
Dialne |0234212300120| | | |
Euclid LON |0234219200333| | | |
T S T B |023421920101030 | | |
U C L |0234219200300| | | |
|03106001977 | | | |
————————————————————
Software, South Africa………………………0655011101207
RUB Univ. of Bochum…………………………….026245234040194
ALTHH Altos Computer Systems Hamburg, West Germany…..026245400050233
ALTGER Altos Computer Systems Munich, West Germany……026245890040004
TCHH Teletex & Computer Hamburg, West Germany………026245400050570
OIS Markt & Technik Munich, West Germany………….026245890010006
RMI RMI Datentechnik Aachen, West Germany…………026245241090832

At all Systems, except RUB, u may login as “guest”.

—————————————-
302091600122 Primenet
302091600120 OD
302091600123
302091600127
311061700313
302067100901
302058700900 ^All above ODs
234212303101 Unix
26800401032811 Vax
302060100010 UCS
31104150002000 Dialog Info
208076020367 MCOM Int’l
208057040540 QSD
3110321001600 ???
31102020014275 ???

Try to hack these TymNet accounts:

monitor
operator
tape
telephone
outdial
paper
t.lloy03
come

Name NUA
—————————————–
RMT 26245441090832
2680040103281
03421920018
TCHH 26245400050570
262454890010006
222620021
20807602036797
UNIX system 26245241093062
UNIX system 23421330248
UNIX system 234212303101
UNIX SYSTEM 655012101361
Devel NET 311051300059
2740119910000
VAX SYSTEm 02222280173
VAX SYSTEM 0222 26500016
Portugal BBS system 268005229048
Telecom Gold 023421920100474
Washington Post 310600584401
Lutzifer 26245400080177
VSFLA 311090400158
Interet 311020100019
2222280173 login:guest
Lisbon University 26800401032811
[3020 60501245 Wallace & Carey Ltd System [Vax]
[3020] 80100062 PRIMENET 21.0.1 OTTAWA [Prime]
[3020] 62600146 University of Calgary [Cyber 630]
[3020] 64100016 TMPL-KAMLOOPS MV/2000 [AOS/VS
[3106] 004174 HOST [VM/SP]
[3106] 005034 : [HP-3000]
[3020] 62600057 SunOS [Unix]
[3020] 85801264 pad login:

These are Dialcom regional office phone numbers:

New York NY (212) 947-7995 Manager Virginia Marshalek
Houston/San Francisco (713) 690-6311
Chigaco (312) 694-2536
Washington DC (301) 770-4280

Their Telex (or as they call it XMAIL) service is pretty nifty. It offers both telelex and TWX links as well as hardcopy services via Mailgramme and cablegramme. Also each XMAIL user has a unique Telex address and not a common address with your user code having to be entered in the first line of the text. (Any one out there know of any other telex service which offers users an individual
unique telex number )

Here are some of ther NUA’s: DNIC is 3106
System 50 301 222
System 51 301 240
System 52 301 243
System 57 301 241
I believe however that they have simplified matters and that you can know use 301 3xx – where xx is the system number ( I have not tried this)
Also you can access them through any Telenet or Tymenet dial-up number in the USA. For Telenet when you get to the prompt type C and the system NUA e.g. ‘C 301 222’ for system 50. On Tymenet at the ‘PLEASE LOG IN: prompt you type in ‘DIALCOM;xx’ where xx is the system number.
For people in New York NY or Washington DC areas they also have their own dial in network.

COUNTRY NETWORK DNIC
——- ——- —-
ANDORA ANDORPAC 2945
ANTIGUA AGANET 3443
ARGENTINA ARPAC 7220
ARPAC 7222
AUSTRIA DATEX-P 2322
DATEX-P TTX 2323
RA 2329
AUSTRALIA AUSTPAC 5052
OTC DATA ACCESS 5053
AUSTPAC 5054
BAHAMAS BATELCO 3640
BAHRAIN BAHNET 4263
BARBADOS IDAS 3423
BELGIUM DCS 2062
DCS 2068
DCS 2069
BERMUDA BERMUDANET 3503
BRAZIL INTERDATA 7240
RENPAC 7241
RENPAC 7248
RENPAC 7249
CAMEROON CAMPAC 6242
CANADA DATAPAC 3020
GLOBEDAT 3025
INFOGRAM 3028
INFOSWITCH 3029
CAYMAN ISLANDS IDAS 3463
CHAD CHAD 6222
CHANNEL IS PSS 2342
CHILE ENTEL 7302
CHILE-PAC 7303
VTRNET 7305
ENTEL 7300
CHINA PTELCOM 4600
COLOMBIA COLDAPAQ 7322
COSTA RICA RACSAPAC 7120
RACSAPAC 7122
RACSAPAC 7128
RACSAPAC 7129
CURACAU UDTS 3400
CYPRUS CYTAPAC 2802
CYTAPAC 2807
CYTAPAC 2808
CYTAPAC 2809
DENMARK DATAPAK 2382
DATAPAK 2383
DJIBOUTI STIPAC 6382
DOMINICAN REP. UDTS-I 3701
EGYPT ARENTO 6020
FINLAND DATAPAK 2441
DATAPAK 2442
DIGIPAK 2443
FRANCE TRANSPAC 2080
NTI 2081
TRANSPAC 2089
TRANSPAC 9330
TRANSPAC 9331
TRANSPAC 9332
TRANSPAC 9333
TRANSPAC 9334
TRANSPAC 9335
TRANSPAC 9336
TRANSPAC 9337
TRANSPAC 9338
TRANSPAC 9339
FR ANTILLIES TRANSPAC 2080
FR GUIANA TRANSPAC 2080
DOMPAC 7420
FR POLYNESIA TOMPAC 5470
GABON GABONPAC 6282
GERMANY F.R. DATEX-P 2624
DATEX-C 2627
GREECE HELPAK 2022
HELLASPAC 2023
GREENLAND KANUPAX 2901
GUADELOUPE DOMPAC 3400
GUAM LSDS-RCA 5350
PACNET 5351
GUATEMALA GUATEL 7040
GUATEL 7043
HONDURAS HONDUTEL 7080
HONDUTEL 7082
HONDUTEL 7089
HONG KONG INTELPAK 4542
DATAPAK 4545
INET HK 4546
HUNGARY DATEX-P 2160
DATEX-P 2161
ICELAND ICEPAK 2740
INDIA GPSS 4042
INDONESIA SKDP 5101
IRELAND EIRPAC 2721
EIRPAC 2724
ISRAEL ISRANET 4251
ITALY DARDO 2222
ITAPAC 2227
IVORY COAST SYTRANPAC 6122
JAMAICA JAMINTEL 3380
JAPAN GLOBALNET 4400
DDX 4401
NIS-NET 4406
VENUS-P 4408
VENUS-P 9955
VENUS-C 4409
KOREA REP DACOM-NET 4501
DNS 4503
KUWAIT BAHNET 4263
LEBANON SODETEL 4155
LUXEMBOURG LUXPAC 2704
LUXPAC 2709
MACAU MACAUPAC 4550
MALAYSIA MAYPAC 5021
MARTININQUE DOMPAC 3400
MAURITIUS MAURIDATA 6170
MEXICO TELEPAC 3340
MOROCCO MOROCCO 6040
NETHERLANDS DATANET-1 2040
DATANET-1 2041
DABAS 2044
DATANET-1 2049
N. MARIANAS PACNET 5351
NEW CALEDONIA TOMPAC 5460
NEW ZEALAND PACNET 5301
NIGER NIGERPAC 6142
NORWAY DATAPAC TTX 2421
DATAPAK 2422
DATAPAC 2423
PANAMA INTELPAQ 7141
INTELPAQ 7142
PERU DICOTEL 7160
PHILIPPINES CAPWIRE 5150
CAPWIRE 5151
PGC 5152
GMCR 5154
ETPI 5156
PORTUGAL TELEPAC 2680
SABD 2682
PUERTO RICO UDTS 3300
UDTS 3301
QATAR DOHPAC 4271
REUNION (FR) TRANSPAC 2080
DOMPAC 6470
RWANDA RWANDA 6352
SAN MARINO X-NET 2922
SAUDI ARABIA ALWASEED 4201
SENEGAL SENPAC 6081
SINGAPORE TELEPAC 5252
TELEPAC 5258
ITELPAK 4542
SOUTH AFRICA SAPONET 6550
SAPONET 6551
SAPONET 6559
SOUTH KOREA DACOM-NET 4501
SPAIN TIDA 2141
IBERPAC 2145
SWEDEN DATAPAK TTX 2401
DATAPAK-1 2402
DATAPAK-2 2403
TELEPAK 2405
SWITZERLAND TELEPAC 2284
TELEPAC 2289
TAIWAN PACNET 4872
PACNET 4873
UDAS 4877
THAILAND THAIPAC 5200
IDAR 5201
TOGOLESE REP. TOGOPAC 6152
TORTOLA IDAS 3483
TRINIDAD DATANETT 3745
TEXTET 3740
TUNISIA RED25 6050
TURKEY TURPAC 2862
TURPAC 2863
TURKS&CAICOS IDAS 3763
U ARAB EMIRATES EMDAN 4241
EMDAN 4243
TEDAS 4310
URUGUAY URUPAC 7482
URUPAC 7489
USSR IASNET 2502
U.S. VIRGIN I UDTS 3320
U. KINGDOM IPSS-BTI 2341
PSS-BT 2342
MERCURY 2350
MERCURY 2351
HULL 2352
USA AUTONET 3126
COMPUSERVE 3132
FTCC 3124
ITT/UDTS 3103/310
MARKET 3136
RCA/LSDS 3113
TELENET 3110/312
TRT-DTAPAK 3119
TYMNET 3106
UNINET 3125
WUI-DBS 3104
WUTCO 3101
YUGOSLAVIA YUGOPAC 2201
ZIMBABWE ZIMNET 6482
——————————————————————
McDonell Douglas Information Systems Company
FOR IMMEDIATE RELEASE
89-191
ST.LOUIS, July 31, 1989 — McDonnell Douglas Corporation today announced that it will sell two of its information systems businesses and that it intends to convert its Information Systems International unit into a publuic company headquartered in the United Kingdom.
McDonnell Douglas has reached a prelimibnary agreement to sell its Network Systems Business which includes the Tymnet public data network, to British Telecom for $355 million. The acquisition is conditional on a full due diligence and regulatory clearances.
————————-
the commands at the ‘please log in:’ prompt are: (in summary)
^R – flow control the host (e.g. bix) with xon/xoff
^X – allow host to flow control you with xon/xoff
^H – set half duplex (turn local echo on)
^P – set even parity
– ignore the garbage I just typed and give me another ‘please log in:’

The host computer can and usually does reset/set these parameters depending on how the host interface is configured. After the ‘please log in:’ point the user cannot change these settings. If you entered a BS (^H) accidently causing double echoing and bix doesn’t reset it
then your only choice is to hangup and try it again.
The other terminal types are primarily for terminals that require line-feed/carriage return delay.

Terminal Identifiers
——————–
A ASCII 300baud and up CRT’s, PC’s
B ASCII 150baud All terminals
C ASCII 300baud Impact printers
D ASCII 100baud All terminals
E ASCII 300baud Thermal printers ( TI Silent 700)
F ASCII 150 in/300 out BETA terminals
G ASCII 300,1200 Belt printers, G.E. Terminet
I ASCII 1200baud Matrix printers
P EBCD/Correspondence 147.5baud Selectric-type terminals (2741)
————————–

DTE originated means that either the host that you were connected to or the local PAD cleared the call. The message usually tells you which by indicating either “local” or “remote” with the message.

cxx is the reason code for the clear, while dxx is the diagnostic code. If it is a dte originated clear then the reason code will always be the same. CCITT only allows DCEs (the Network) to generate meaningful reason codes.

The functions of an X.25 PAD(Packet Assembler/Disassembler) are to take the data from one protocol (async, SNA, Bisync, etc.) ond format it so that it can be placed onto an X.25 network.

The command interface used to configure a port on an Async PAD only by the user is called X.28. The parameters that you would be changing are called X.3 parameters. Before you can use the X.28 commands you need to know the escape character to enable you to talk to the PAD and not the destination. Not all ports have an escape character
enabled, for obvious reasons. Once you are talking to the PAD the two main commands that are used in X.28 is PAR and SET.

PAR is used to display the value of the 18-22 X.3 parameters, depending on whether your PAD is 1980 or 1984 compatible. SET is used to change the parameter value. This command is followed by the paramer number a
colon and then the new value.
————————–

TYMNET CLEARING CAUSE AND DIAGNOSTIC CODES
——————————————
Note: All Cause and diagnostic values are specified in decimal.

Cause Diagnostic Explanation
—– ———- —————————————–
00 — DTE originated;
Any Diagnostic is DTE provided.
01 — Number busy;
129 An ‘out of ports’ condition occurred.
03 — Invalid facility request;
65 Call set-up problem, facility code not allowed.
66 Call set-up problem, facility parameter not allowed.
05 — Network congestion;
20 Packet type invalid for state p1 [ready]
21 Packet type invalid for state p2 [STE-X call request]
22 Packet type invalid for state p3 [STE-Y call request]
23 Packet type invalid for state p4 [data transfer]
24 Packet type invalid for state p5 [call collision]
25 Packet type invalid for state p6 [STE-X clear request]
26 Packet type invalid for state p7 [STE-Y clear request]
33 Packet not allowed; unidentifiable packet
38 Packet not allowed; packet too short
39 Packet not allowed; packet too long
41 Logical channel non-zero in restart/restart confirm.
49 Timer expired for incoming call
50 Timer expired for clearing indication
51 Timer expired for reset indication
64 Call set-up problem (incorrect facility/utility field)
67 Call set-up problem, invalid called address
68 Call set-up problem, invalid calling address
128 Internal malfunction
129 The network supervisor sent ‘circuits busy’ message
130 The network supervisor sent ‘try again later’
131 The network supervisor sent ‘bad mud’
133 The network supervisor sent ‘no host specified’
134 The network supervisor sent ‘mud error’
135 Calling address does not match CHKCLG sysgen statement
138 Login error. TKSUP sysgen option not specified
139 The network supervisor sent ‘error, type username’
140 Received clear before getting normal circuit complete
141 Circuit timeout before sending call accept
142 Login timeout
143 INFOSWITCH login timeout
145 Utility length missing^L^L
05 — Network congestion (continued);
146 Non-CCITT protocol identifier
147 Call user data in call accept without fast select
148 Internal problem; illegal dialect message
150 The Q-bit was set on a non-data packet
151 Call user data field too long
152 Data lost in network
153 Login failure; node unable to complete request
154 Login failure; format error
155 Login failure; bad username
156 Login failure; bad mud
157 Login failure; system unavailable
158 Login failure; downline load or dial-out failure
159 Login failure; timeout
160 Login failure; access not permitted
161 Login failure; out of origination ports
162 Login failure; try ggain later
163-168 Login failure; unknown reason
169 Non-DSP call to DSP host
170 Invalid dialect level response
171 DSP call to non-DSP host
172 Buffer capacity exceeded
174 Error in received clear request packet
175 Invalid dialect message
176 Unimplemented dialect message
178 DNIC received in RPOA facility matches our DNIC
179 Unknown DNIC specified i RPOA facility
180 Illegal call accept dialect message
181 Illegal national utility/facility in call request
184 Duplicated utility/facility
185 Requested packet size not acceptable in negotiation
186 Requested packet window not acceptable in negotiation
188 Missing call identifier utility in call request
190 Call request received on an assigned logical channel
191 XOM shut
192 NNo available internal ports
09 — Out of order;
129 The network supervisor sent ‘host shut’ message
130 The network supervisor sent ‘host down’ message^L^L
11 — Access barred
129 The network supervisor sent ‘access not permitted’
130 The network supervisor sent ‘please see your rep.’
182 Outgoing calls barred within closed user group
183 Incoming calls barred within closed user group
13 — Not obtainable
129 The network supervisor sent ‘host not available’
130 The network supervisor sent ‘bad host’
17 — Remote procedure error;
17 Packet type invalid for state r1 [packet level ready]
18 Packet type invalid for state r2/r3 [STE-X/Y restart]
33 Packet not allowed; unidentifiable packet
41 Logical channel non-zero in restart/restart confirm.
52 Timer expired for restart indication
33 — Incompatible destination
40 Invalid GFI; D-bit not implemented
41 — Fast select acceptance not subscribed
65 Invalid facility request^L^L
————————–
[How does it all work?] Rather larger question. First, packets switchs are not identical. They have different internal implementations, different sets of external interfaces and different sets of external protocols. Their implementations of the external protocols may also vary. (Gives you a nice, warm feeling, doesn’t it.) In general,
packets networks receive (or generator) packets of data at the edge of the network which they then transport to the desired destination. The facilities (links between packet nodes) of the network are shared among all the users thus sharing the costs of the facilities. The two most popluar ways of getting data into a packets network are: async; and
X.25.

Async: Characters are received using start/stop delimiting. These characters are gathered into a packet and the packet is forwarded to the destination when it is full, certain character have been encountered or after a specified delay. This function is called a PAD (Packet ssembler/Disassembler) and is specified in the X.3 and X.29 standards of the CCITT. The packet network normally charges a premium to perform
the PAD function since it consumes CPU resources. Async lines support one connection.

X.25: X.25 is a synchronous protocol (ie. the interface must provide both the data and the clock for sampling the data at the appropriate time). Data is gathered into packets by the user and then transmitted to the packet network. X.25 provides a method of multiplexing multiple connections on one physical line (up to 4095, however, most packets networks only support a small subset). (I know, this is the condensed Reader’s Digest version, but a full explanation of X.25 would take too long for me to write.)

The hardware interface that you would see may depend on the speed of interface you require and the distance between you and the packet network. If you are not close to the node (say in the same building), the normal method of connection would be via modems. Some of the “standard” interfaces include RS232 (V.24), V.35 and RS449 (RS422/RS423). RS232 is only specified to 19200 bits/s and 50 feet.
Many people push RS232 well beyond its spec. (and have some problems with it. I wouldn’t go beyond 64K bps and only then with with VERY short cables, say 1-3 feet). The V.35 spec doesn’t go above 48K bps but with a proper cable I have run 300-500K bps. I have seen T1 (1.544M bps) on V.35, but, you need a well shielded, short cable. The RS-449 spec
contains a speed/length graph (which I don’t have at home). I beleive that it can be run up to 1M bps over a reasonable distance (say 50 feet).

For what you are doing (Unix BBS), you need to find a match between the external interfaces and protocols supported by your Unix box and the packet network. What kind of bandwidth are you looking for (per connection and over all)? What hardware interfaces does your box support? Does your box support X.25 or just async?

As an example, I have a Sun 3/60 at my desk with a 19.2K bps X.25 connection to a packet network. I run an X.29 PAD on the Sun. It can support a total of about 50-60 connections (a Unix socket limitation with BSD 4.03). The line has both incoming and outgoing call capabilities. On incoming calls, I can provide different actions based on the calling address, called address and protocol id bytes of the call. I can provide a Unix login prompt if I desire or I can drop the user directly into an application (eg. a BBS).

——————————————-
Info on acquiring and using a demo nui
and making one valid.
——————————————
200000 UN:USA.DEMO)
BELGIUM (C:BELGIUM,PUB:RTT,O:ASSOCIATES, 02062223344 UN:DEMO.X400)
CANADA (C:CANADA,PUB:TELECOM.CANADA, 0302089400900 O:TELECOM.SPE, ID:SALES.DEMO)
CHILE (C:CHILE,PUB:TOMMAIL,O:CORRESPONSALES, 0730520000450 UN:TELENET)
HONG KONG (C:HONGKONG, PUB:INET.HK, 0454610100500 O:TELENET.HONGKONG, UN:SALES.DEMO)
ITALY (C:ITALY,PUB:MASTER4OOT,O:TELEO, 022222600331 UN:BBERNSTEIN)
JAPAN (C:JAPAN,PUB:ATI,O:DEMO,UN:SALES.REPS) 0440020098810
MALAYSIA (C:MALAYSIA, PUB:STM.TELEMAIL, O:STM, 0502113205290 UN:SALES.DEMO)
MEXICO NOT AVAILABLE AT THIS TIME
NORWAY NOT AVAILABLE AT THIS TIME
SWEDEN (C:SWEDEN,PUB:TBXSPA,O:EXTERNAL, 02402001325 UN:SWEDEMAIL)
TAIWAN (C:ROC,PUB:PIPMAIL,O:PIP,UN:TELEMAIL) 0487220250
U.A.E. NOT AVAILABLE AT THIS TIME
UK (C:GB,PUB:TMAILUK,O:CCI,UN:TM.DEMO) 0234212300187
——————————————————–

DEMO PROCEDURES

Compose a message in your mailbox on the SprintMail USA system and in the “TO:” field of the envelope enter the appropriate “INT’L DEMO MAILBOX X.400 ADDRESS” listed above, including the parentheses. When complete, type “Y” at the “Send?” prompt. If desired, you can use the delivery receipt feature (DEL) to receive a confirmation-of-delivery
message back to your mailbox. An example of the “TO:” field of the envelope for a message sent to SprintMail Ltd. UK is shown below:

TO: (C:GB,PUB:TMAILUK,O:CCI,UN:TM.DEMO) (DEL)
Once you have typed “Y” followed by a carriage return, the message will be sent to the demo mailbox on the overseas messaging system via the international interconnection.

To retrieve the message and verify delivery for the customer, you will need to connect to the overseas messaging system via SprintNet and directly access the demo mailbox. To do this, first type “BYE” to disconnect from SprintMail. You will then receive the SprintNet ” prompt on your PC/terminal. After SprintNet gives an ” prompt you will need to enter your SprintNet NUI (ID/Password account).
Type “ID”, skip a space, and then enter your PDN ID code followed by a carriage return. Next the SprintNet will prompt you for “PASSWORD=”. Enter your password followed by a carriage return.

NOTE: IF YOU DO NOT ALREADY HAVE A U.S. SPRINT NUI FOR DEMO PURPOSES, PLEASE COMPLETE A U.S. SPRINT “USER ID ORDER FORM” AND MAIL IT TO:
Order Entry Department
U.S. Sprint Communication Corporation
12490 Sunrise Valley Drive
Reston, VA 22096
MAIL SLOT OP212B

The top of the form should be filled out as follows:
Customer Name = US Sprint
Master Agreement No. = (LEAVE BLANK)
Customer Number = (LEAVE BLANK)
Sales Office Log No. = (LEAVE BLANK)
Customer Admin. = Office Administrator
Admin. Phone No. = Office Phone Number

———————————————————–
Fill in the body of the form as necessary and put “For Internal US Sprint Use” in the comments section. The form must be signed by your branch manager for approval.
After you have correctly entered your NUI(ID/Password), the SprintNet will again prompt you with an “. At thispoint, type “C”, skip a space, and then enter the “OVERSEAS MESSAGING SYSTEM NETWORK ADDRESS” provided above followed by a carriage return. For example, to connect to the SprintMail messaging host in UK you would type the following at the SprintNet ” prompt:
C 0234212300187
Please note that all the international network X.121
addresses shown on the list above ALREADY have been
proceeded by a 0 (zero), which is the SprintNet terminal
handler for formatting the X.121 address.
SprintNet will respond with a “CONNECTED” notice,
after which you will receive the “User name?” prompt from
the overseas messaging system. Enter the appropriate user
name from the table above, followed by a carriage return. The name after “UN:” is the user name. In the case of the UK, the user name would be “TM.DEMO”. Next you will be prompted for “Password?”. Enter the correct demo mailbox password followed by a carriage return.
NOTE: TO OBTAIN THE APPROPRIATE PASSWORD FOR A DEMO MAILBOX, PLEASE SEND A REQUEST ON SPRINTMAIL TO SALES.SUPPORT. PASSWORDS WILL BE PROVIDED ONLY ON AN AS NEEDED BASIS. IN YOUR MESSAGE,PLEASE INDICATE THE NAME OF THE CUSTOMER THE DEMO IS FOR AND THE DESIRED DEMO DATE.
You are now using the demo mailbox on the overseas messaging system. The Scan table will show the message you previously sent from the SprintMail USA system. Use the READ command to show the customer the contents of the message and verify delivery.
If you wish to demo the service in the reverse direction, type “Compose” at the “Command?” prompt and address a message to your mailbox or the customer’s mailbox. In the “TO:” field of the envelope you must follow the X.400
addressing format, as follows:
TO: (C:USA,PUB:SPRINTMAIL,O:XXXXXXX,UN:YYYYYY)

where XXXXXXX is the Organization name
and YYYYYYY is the User name
At the “Command?” prompt type “BYE” followed by a carriage return to disconnect from the overseas messaging system.

———————————————————-

*[TYMNET]*
TYMNET ACCESS SORTED BY NODE NUMBER 10/17/1990

NODE CITY STATE DEN ACCESS NUMBER
—– —————– ————– —- ————-
00000 ANCHORAGE ALASKA INTL 907/258-7222
00000 # ANCHORAGE ALASKA INTL 907/258-6607
00000 BARROW ALASKA INTL 907/852-2425
00000 BETHEL ALASKA INTL 907/543-2411
00000 COLD BAY ALASKA INTL 907/532-2371
00000 CORDOVA ALASKA INTL 907/424-3744
00000 DEAD HORSE ALASKA INTL 907/659-2777
00000 DELTA JUNCTION ALASKA INTL 907/895-5070
00000 DILLINGHAM ALASKA INTL 907/842-2688
00000 FAIRBANKS ALASKA INTL 907/456-3282
00000 # FAIRBANKS ALASKA INTL 907/452-5848
00000 GLENNALLEN ALASKA INTL 907/822-5231
00000 HAINES ALASKA INTL 907/766-2171
00000 HOMER ALASKA INTL 907/235-5239
00000 ILIAMNA ALASKA INTL 907/571-1364
00000 JUNEAU ALASKA INTL 907/789-7009
00000 # JUNEAU ALASKA INTL 907/789-1976
00000 KENAI ALASKA INTL 907/262-1990
00000 KETCHIKAN ALASKA INTL 907/225-1871 00000 KING SALMON ALASKA INTL 907/246-3049
00000 KODIAK ALASKA INTL 907/486-4061
00000 KOTZEBUE ALASKA INTL 907/442-2602
00000 MCGRATH ALASKA INTL 907/524-3256
00000 MENANA ALASKA INTL 907/832-5214
00000 NOME ALASKA INTL 907/443-2256
00000 NORTHWAY ALASKA INTL 907/778-2301
00000 PALMER/WASILLA ALASKA INTL 907/745-0200
00000 PETERSBURG ALASKA INTL 907/772-3878
00000 PRUDHOE BAY ALASKA INTL 907/659-2777
00000 SEWARD ALASKA INTL 907/224-3126
00000 SITKA ALASKA INTL 907/747-5887
00000 SKAGWAY ALASKA INTL 907/983-2170
00000 SOLDOTNA/KENAI ALASKA INTL 907/262-1990
00000 ST. PAUL ALASKA INTL 907/546-2320
00000 TALKEETNA ALASKA INTL 907/733-2227
00000 TANANA ALASKA INTL 907/366-7167
00000 TOK ALASKA INTL 907/883-4747
00000 VALDEZ ALASKA INTL 907/835-4987
00000 WASILLA ALASKA INTL 907/745-0200
00000 WHITTIER ALASKA INTL 907/472-2467 00000 WRANGELL ALASKA INTL 907/874-2394
00000 YAKUTAT ALASKA INTL 907/784-3453
02026 # MARSHALLTOWN IOWA LOW 515/753-0670
02035 #ALEXANDRIA/FAIRFAX VIRGINIA HIGH 703/352-3136
02035 # ARLINGTON/FAIRFAX VIRGINIA HIGH 703/352-3136
02035 # BETHESDA MARYLAND HIGH 703/352-3136
02035 # FAIRFAX VIRGINIA HIGH 703/352-3136
02035 # WASHINGTON D.C. HIGH 703/352-3136
02045 # ALBANY NEW YORK MED 518/458-9724
02045 #SCHENECTADY/ALBANY NEW YORK MED 518/458-9724
02050 # CASPER WYOMING LOW 307/234-4211
02057 # SEVIERVILLE TENNESSEE LOW 615/453-0401
02066 INDIANAPOLIS INDIANA HIGH 317/631-1002
02071 # LAS CRUCES NEW MEXICO LOW 505/525-3401
02074 # INDIANAPOLIS INDIANA HIGH 317/632-6408
02124 # YAKIMA WASHINGTON LOW 509/248-1462
02145 + NORRISTOWN PENNSYLVANIA HIGH 215/668-1984
02155 # BLOOMINGTON INDIANA LOW 812/332-0544
02163 # CHEYENNE WYOMING LOW 307/638-0403
02244 # DOWNRS GROV ILLINOIS MED 708/790-4955
02244 # GLEN ELLYN ILLINOIS MED 708/790-4955
02244 # WHEATON/GLN ELLYN ILLINOIS MED 708/790-4955
02246 BIRMINGHAM ALABAMA HIGH 205/942-4141
02252 # VINELAND NEW JERSEY LOW 609/691-6446 02256 ELGIN ILLINOIS LOW 708/888-8113
02263 # LAWTON OKLAHOMA LOW 405/353-6987
02265 # ALBUQUERQUE NEW MEXICO MED 505/242-8931
02301 # EAU CLAIRE WISCONSIN LOW 715/833-0121
02304 NEW YORK NEW YORK HIGH 212/269-4640
02323 # ST. CLOUD MINNESOTA LOW 612/251-4942
02326 # ORMOND BEACH FLORIDA LOW 904/673-0034
02346 # NORRISTOWN PENNSYLVANIA WATS 800/###-####
02354 BALTIMORE MARYLAND HIGH 301/547-8100
02357 BLOOMFIELD CONNECTICUT HIGH 203/242-7140
02357 HARTFORD/BLMFIELD CONNECTICUT HIGH 203/242-7140
02364 MESA/PHOENIX ARIZONA HIGH 602/254-5811
02364 PHOENIX ARIZONA HIGH 602/254-5811
02367 # CHAMPAIGN/URBANA ILLINOIS LOW 217/344-3400 02367 # URBANA ILLINOIS LOW 217/344-3400
02376 # LIMA OHIO LOW 419/228-6343
02377 MINNEAPOLIS MINNESOTA HIGH 612/338-0845
02377 ST. PAUL/MINN MINNESOTA HIGH 612/338-0845
02402 # HATTIESBURG MISSISSIPPI LOW 601/582-0286 02414 AURORA/DENVER COLORADO HIGH 303/830-9210
02414 BOULDER/DENVER COLORADO HIGH 303/830-9210
02414 DENVER COLORADO HIGH 303/830-9210
02425 # MESA/PHOENIX ARIZONA HIGH 602/258-0554
02425 # PHOENIX ARIZONA HIGH 602/258-0554
02432 # CHATTANOOGA TENNESSEE MED 615/265-1020 02435 # WILLIAMSBURG VIRGINIA LOW 804/229-6786
02440 BROOKFIELD WISCONSIN HIGH 414/785-1614
02440 MIL/BROOKFIELD WISCONSIN HIGH 414/785-1614
02443 # BURBANK CALIFORNIA LOW 818/841-4795
02443 # GLENDALE/BURBANK CALIFORNIA LOW 818/841-4795
02446 # TEXARKANA TEXAS LOW 214/792-4521
02450 #KING-PRUSA/NORSTWN PENNSYLVANIA MED 215/666-9190 02450 # NORRISTOWN PENNSYLVANIA MED 215/666-9190 02450 # VLY FORGE/NORSTWN PENNSYLVANIA MED 215/666-9190
02453 DALLAS TEXAS HIGH 214/638-8888
02465 DWNRS GRV/GLN ELN ILLINOIS MED 708/790-4400
02465 GLEN ELLYN ILLINOIS MED 708/790-4400
02465 WHTON/GLEN ELLYN ILLINOIS MED 708/790-4400
02502 # LAWRENCE MASSACHUSETTS LOW 508/683-2680
02503 BELLEVUE/SEATTLE WASHINGTON HIGH 206/285-0109
02503 SEATTLE WASHINGTON HIGH 206/285-0109
02521 + JACKSONVILLE FLORIDA MED 904/724-5994
02544 ALXANDRIA/FAIRFAX VIRGINIA HIGH 703/691-8200
02544 ARLINGTON/FAIRFAX VIRGINIA HIGH 703/691-8200
02544 BETHESDA MARYLAND HIGH 703/691-8200
02544 FAIRFAX VIRGINIA HIGH 703/691-8200
02544 WASHINGTON D.C. HIGH 703/691-8200
02545 ALXANDRIA/FAIRFAX VIRGINIA HIGH 703/691-8200
02545 ARLINGTON/FAIRFAX VIRGINIA HIGH 703/691-8200
02545 BETHESDA MARYLAND HIGH 703/691-8200
02545 FAIRFAX VIRGINIA HIGH 703/691-8200
02545 WASHINGTON D.C. HIGH 703/691-8200
02555 # MYRTLE BEACH SOUTH CAROLINA LOW 803/448-5401
02557 # TYLER TEXAS LOW 214/581-8652
02564 # RICHLAND WASHINGTON MED 509/375-3367
02565 BOISE IDAHO MED 208/343-0404
02566 # PIERRE SOUTH DAKOTA LOW 605/224-7700
02570 DAYTON OHIO MED 513/898-0124
02606 ELIZABETH/NEWARK NEW JERSEY HIGH 201/824-1212
02606 JERSEY CITY/NWK NEW JERSEY HIGH 201/824-1212
02606 NEWARK NEW JERSEY HIGH 201/824-1212
02606 UNION/NEWARK NEW JERSEY HIGH 201/824-1212
02613 CHAPEL HILL/DURHAM NORTH CAROLINA MED 919/549-8952
02613 DURHAM NORTH CAROLINA MED 919/549-8952
02614 # LANCASTER CALIFORNIA LOW 805/945-4962
02616 # MANCHESTER MASSACHUSETTS LOW 508/526-1506
02630 # SHERMAN TEXAS LOW 214/868-0089 0631 NEWPRT BEACH CALIFORNIA HIGH 714/756-8341
02631 IRVINE/NEWPORT CALIFORNIA HIGH 714/756-8341
02631 NEWPORT BEACH CALIFORNIA HIGH 714/756-8341
02631 SANTA ANA/NEWPRT CALIFORNIA HIGH 714/756-8341
02640 # PETERBOROUGH NEW HAMPSHIRE LOW 603/924-7090 02644 ANAHEIM/NEWPRT CALIFORNIA HIGH 714/752-1493
02644 IRVINE/NEWPORT CALIFORNIA HIGH 714/752-1493
02644 NEWPORT BEACH CALIFORNIA HIGH 714/752-1493
02644 SANTA ANA/NEWPRT CALIFORNIA HIGH 714/752-1493
02653 STAMFORD CONNECTICUT HIGH 203/965-0000
02655 COLTON/RIVERSIDE CALIFORNIA MED 714/370-1200
02655 RIVERSIDE CALIFORNIA MED 714/370-1200
02655 SAN BERN/RIVRSD CALIFORNIA MED 714/370-1200
02665 # SAN DIEGO CALIFORNIA HIGH 619/296-8747
02666 # JACKSON MICHIGAN LOW 517/788-9191
02674 # TUPELO MISSISSIPPI LOW 601/841-0090
02703 # BELLEVUE/SEATTLE WASHINGTON HIGH 206/281-7141
02703 # SEATTLE WASHINGTON HIGH 206/281-7141
02704 # SAN FRANCISCO CALIFORNIA WATS 800/###-####
02706 # MIDLAND TEXAS LOW 915/683-5645 02706 # ODESSA/MIDLAND TEXAS LOW 915/683-5645
02711 # KINGSPORT TENNESSEE LOW 615/378-5746 02720 # LA CROSSE WISCONSIN LOW 608/784-9099
02723 BATON ROUGE LOUISIANA MED 504/924-5102
02735 # SAN ANTONIO TEXAS HIGH 512/222-9877 02737 SALT LAKE UTAH HIGH 801/364-0780
02744 # ELIZABETH/NEWARK NEW JERSEY HIGH 201/824-3044
02744 # JERSEY CITY/NWK NEW JERSEY HIGH 201/824-3044
02744 # NEWARK NEW JERSEY HIGH 201/824-3044
02744 # UNION/NEWARK NEW JERSEY HIGH 201/824-3044
02745 # BATON ROUGE LOUISIANA MED 504/291-0967
02753 SAN ANTONIO TEXAS HIGH 512/225-8002
02754 AUSTIN TEXAS HIGH 512/444-3280
02760 # NEW CASTLE PENNSYLVANIA LOW 412/658-5056
02771 # WHEELING WEST VIRGINIA LOW 304/233-7676
03001 DALLAS TEXAS HIGH 214/638-8888
03026 MERIDEN CONNECTICUT LOW 203/634-9249
03026 MDLTOWN/MERIDEN CONNECTICUT LOW 203/634-9249
03031 AURORA ILLINOIS LOW 708/844-0700
03031 ST. CHRLES/AURORA ILLINOIS LOW 708/844-0700
03035 # SAN FRANCISCO CALIFORNIA WATS 800/###-#### 03036 SAN FRANCISCO CALIFORNIA HIGH 415/974-1300
03046 SANTO DOMINGO DOMINICAN RPBL INTL 809/685-6151
03051 + TULSA OKLAHOMA HIGH 918/585-8400
03100 JACKSONVILLE FLORIDA MED 904/721-8100
03106 MISHAWAKA/SOUTH B INDIANA MED 219/234-5005
03106 SOUTH BEND INDIANA MED 219/234-5005
03107 BOULDER CITY NEVADA MED 702/293-0300
03107 LAS VEGAS/BOLDER NEVADA MED 702/293-0300
03112 # MORGANTOWN WEST VIRGINIA LOW 304/292-3092
03112 # WESTOVER/MORGANTO WEST VIRGINIA LOW 304/292-3092 03114 # CANTON OHIO LOW 216/456-0840
03120 # VALLEJO CALIFORNIA LOW 707/644-1192
03121 # AUGUSTA/MARTINEZ GEORGIA LOW 404/855-0442
03121 # MARTINEZ GEORGIA LOW 404/855-0442
03122 HUNTSVILLE ALABAMA MED 205/882-3003
03123 # MEDFORD OREGON LOW 503/772-0831
03125 # WILKES BARRE PENNSYLVANIA LOW 717/826-8991
03127 CORPUS CHRISTI TEXAS MED 512/883-8050
03137 # BURNABY/VANCOUVER BRITSH COLUMBI CANH 604/683-7620
03137 # VANCOUVER BRITSH COLUMBI CANH 604/683-7620
03144 ST. JOSEPH MISSOURI LOW 816/232-1455
03151 CHICAGO ILLINOIS HIGH 312/922-4601
03152 CHICAGO ILLINOIS HIGH 312/922-4601
03154 # FRANKFORT KENTUCKY LOW 502/223-0724
03165 FT. LAUDERDALE FLORIDA MED 305/463-0882
03165 HOLLYWD/FT. LAUDR FLORIDA MED 305/463-0882
03165 POMPNO BCH/FT. LD FLORIDA MED 305/463-0882
03166 TULSA OKLAHOMA HIGH 918/585-2010
03167 # TULSA OKLAHOMA HIGH 918/585-2706
03204 BUTLER PENNSYLVANIA LOW 412/283-2286
03213 # COCOA FLORIDA LOW 407/639-3022
03213 # MELBOURNE/COCOA FLORIDA LOW 407/639-3022
03213 # MERRIT ISLE/COCOA FLORIDA LOW 407/639-3022
03224 # NORTH HAMPTON NEW HAMPSHIRE LOW 603/964-7779
03230 # INDEPENDENCE/MISS MISSOURI HIGH 913/384-5012
03230 # KANSAS CITY/MISSI MISSOURI HIGH 913/384-5012
03230 # KANSAS CITY/MISSI KANSAS HIGH 913/384-5012
03230 # MISSION KANSAS HIGH 913/384-5012
03230 # SHAWNEE/MISSION KANSAS HIGH 913/384-5012
03263 PHILADELPHIA PENNSYLVANIA HIGH 215/592-8309
03266 COLUMBIA SOUTH CAROLINA MED 803/254-7563
03300 SACRAMENTO CALIFORNIA HIGH 916/448-4300
03302 NEW BEDFORD MASSACHUSETTS LOW 508/999-4521
03307 # CHICO CALIFORNIA LOW 916/343-4401
03322 MAYAQUEZ PUERTO RICO INTL 800/462-4213
03322 PONCE PUERTO RICO INTL 800/462-4213
03324 # ANNISTON ALABAMA LOW 205/236-3342
03344 # BURTON MICHIGAN LOW 313/743-8350
03344 # FLINT/BURTON MICHIGAN LOW 313/743-8350
03356 WATERBURY CONNECTICUT LOW 203/755-5994
03377 # POUGHKEEPSIE NEW YORK LOW 914/473-0401
03401 CAMDEN/PENNSAUKEN NEW JERSEY LOW 609/665-5600
03401 CHERRY HILL/PENNS NEW JERSEY LOW 609/665-5600
03401 PENNSAUKEN NEW JERSEY LOW 609/665-5600
03405 # FORT MEYERS FLORIDA LOW 813/337-0006
03406 LONG BEACH CALIFORNIA MED 213/435-0900
03406 NORWALK/LONG BEAC CALIFORNIA MED 213/435-0900
03406 SAN PEDRO/LONG BE CALIFORNIA MED 213/435-0900
03407 ALHAMBRA CALIFORNIA MED 818/308-1800
03407 ARCADIA/ALHAMBRA CALIFORNIA MED 818/308-1800
03407 EL MONTE/ALHAMBRA CALIFORNIA MED 818/308-1800
03407 PASADENA/ALHAMBRA CALIFORNIA MED 818/308-1800
03410 BEVERLY HILLS/SHR CALIFORNIA MED 818/789-9002
03410 CANOGA PARK/SHRM CALIFORNIA MED 818/789-9002
03410 SAN FERNANDO/SHM CALIFORNIA MED 818/789-9002
03410 SHERMAN OAKS CALIFORNIA MED 818/789-9002
03410 VAN NUYS/SHERMAN CALIFORNIA MED 818/789-9002
03410 WEST L.A./SHRMN O CALIFORNIA MED 818/789-9002
03412 # SALINAS CALIFORNIA LOW 408/754-2206
03415 NEW HAVEN/NO. HAV CONNECTICUT MED 203/773-0082
03415 NORTH HAVEN CONNECTICUT MED 203/773-0082
03420 KNOXVILLE TENNESSEE MED 615/690-1543
03422 + VILLE ST. LAURENT QUEBEC CANL 514/748-8057
03437 # GREENSBORO NORTH CAROLINA MED 919/273-0332
03443 # DALLAS TEXAS HIGH 214/630-5516
03453 BIRMINGHAM ALABAMA HIGH 205/942-0297
03456 CLEARWATER FLORIDA MED 813/441-9017
03456 ST. PETERSBRG/CLR FLORIDA MED 813/441-9017
03461 # DES MOINES IOWA MED 515/277-9684
03471 # FLAGSTAFF ARIZONA LOW 602/774-3857
03505 SANTA CRUZ CALIFORNIA MED 408/475-0981
03511 # BLOOMFIELD CONNECTICUT HIGH 203/242-1986
03514 # TALLAHASSEE FLORIDA LOW 904/878-2267
03515 # PENSACOLA FLORIDA LOW 904/477-3344
03516 # KALAMAZOO MICHIGAN MED 616/388-2130
03521 # POCATELLO IDAHO LOW 208/233-2501
03522 STOCKTON CALIFORNIA LOW 209/467-0601
03523 + AUSTIN TEXAS LOW 512/448-4611
03530 # DETROIT MICHIGAN HIGH 313/963-3460
03532 DES MOINES IOWA MED 515/277-7752
03533 # BINGHAMPTON NEW YORK LOW 607/724-4351
03543 COLUMBUS OHIO HIGH 614/221-1862
03545 # MONTGOMERY ALABAMA LOW 205/265-4570
03546 MOBILE ALABAMA MED 205/343-8414
03547 # ENID OKLAHOMA LOW 405/242-0113
03566 TOLEDO OHIO MED 419/255-7790
03572 # INDEPENDENCE MISSOURI HIGH 913/384-5012
03572 # KANSAS CITY/MISSI MISSOURI HIGH 913/384-5012
03572 # KANSAS CITY/MISSI KANSAS HIGH 913/384-5012
03572 # MISSION KANSAS HIGH 913/384-5012
03572 # SHAWNEE/MISSION KANSAS HIGH 913/384-5012
03603 # COLORADO SPRINGS COLORADO MED 719/590-1003
03606 # BOYNTN BCH/WPALM FLORIDA MED 407/471-9310
03606 # WEST PALM BEACH FLORIDA MED 407/471-9310
03607 # SAVANNAH GEORGIA LOW 912/232-6751
03614 # MANKATO MINNESOTA LOW 507/387-7313
03615 # MEMPHIS TENNESSEE MED 901/527-8122
03623 # ERIE PENNSYLVANIA LOW 814/456-8501
03624 RALEIGH NORTH CAROLINA LOW 919/829-0536
03625 # MIAMI FLORIDA HIGH 305/599-2964
03630 # IDAHO FALLS IDAHO LOW 208/522-3624
03634 GREENVILLE SOUTH CAROLINA MED 803/271-9213
03643 HARRISBURG/LEMOYN PENNSYLVANIA MED 717/763-6481
03643 LEMOYNE PENNSYLVANIA MED 717/763-6481
03651 # GREEN BAY WISCONSIN LOW 414/432-3064
03652 # TRENTON NEW JERSEY LOW 609/394-1900
03653 # FT. WAYNE INDIANA LOW 219/422-2581
03654 # SOUTHFIELD MICHIGAN MED 313/424-8024
03656 # EVANSVILLE INDIANA LOW 812/464-8181
03657 # BAKERSFIELD CALIFORNIA LOW 805/325-0371
03661 # CHARLESTON WEST VIRGINIA LOW 304/345-9575
03662 # ALLENTOWN/BETHLEH PENNSYLVANIA MED 215/865-6978
03662 # BETHLEHEM PENNSYLVANIA MED 215/865-6978
03663 MESA/PHOENIX ARIZONA HIGH 602/258-4528
03663 PHOENIX ARIZONA HIGH 602/258-4528
03666 LANSING MICHIGAN MED 517/482-5721
03673 # CARSON CITY NEVADA MED 702/885-8411
03673 # RENO/CARSON CITY NEVADA MED 702/885-8411 03675 # WORCESTER MASSACHUSETTS LOW 508/791-9000
03677 # JOPLIN MISSOURI LOW 417/781-8718
03703 HEMPSTEAD NEW YORK MED 516/485-7422
03703 MINEOLA/HEMPSTEAD NEW YORK MED 516/485-7422
03704 NIAGARA FALLS NEW YORK LOW 716/285-2561
03705 ALBANY NEW YORK MED 518/458-8300
03705 SCHENECTADY/ALBAN NEW YORK MED 518/458-8300
03706 SAN FRANCISCO CALIFORNIA HIGH 415/974-1300
03720 # WINSTON-SALEM NORTH CAROLINA MED 919/765-1221
03725 LOS ALTOS/SAN JOS CALIFORNIA HIGH 408/432-0804
03725 SAN JOSE CALIFORNIA HIGH 408/432-0804
03725 SANTA CLARA/SAN J CALIFORNIA HIGH 408/432-0804
03725 SUNNYVALE/SAN JOS CALIFORNIA HIGH 408/432-0804
03726 # BILLINGS MONTANA LOW 406/252-4880
03731 # SHREVEPORT LOUISIANA LOW 318/688-5840
03737 + CLEARWATER FLORIDA MED 813/443-4515
03774 # PORT ANGELES WASHINGTON LOW 206/452-6800
03775 # NEWARK OHIO LOW 614/345-8953
04000 LONGWOOD/ORLANDO FLORIDA MED 407/841-0020
04000 ORLANDO FLORIDA MED 407/841-0020
04004 BELLEVUE/SEATTLE WASHINGTON HIGH 206/285-0109
04004 SEATTLE WASHINGTON HIGH 206/285-0109
04014 PLEASANTON CALIFORNIA LOW 415/462-2101
04020 # TACOMA WASHINGTON LOW 206/572-2026
04025 MORRISTOWN NEW JERSEY LOW 201/539-1222
04027 # KINGSTON MASSACHUSETTS LOW 617/585-7616
04040 # NEW LONDON CONNECTICUT LOW 203/444-7030
04040 # NORWICH/NEW LONDO CONNECTICUT LOW 203/444-7030
04044 DANBURY CONNECTICUT LOW 203/797-9539
04045 HUNTINGTON/MELVIL NEW YORK MED 516/420-1221
04045 MELVILLE NEW YORK MED 516/420-1221
04046 + COLTON CALIFORNIA MED 714/872-0394
04061 # TACOMA WASHINGTON LOW 206/572-2026
04063 + CLEVELAND OHIO LOW 216/696-0545
04064 # TAMPA FLORIDA MED 813/933-6210
04073 # PINE BLUFF ARKANSAS LOW 501/535-2629
04074 # STEUBENVILLE/WNTS OHIO LOW 614/266-2170
04074 # WINTERSVILLE OHIO LOW 614/266-2170
04075 # ALEXANDRIA/FAIRFA VIRGINIA HIGH 703/352-3136
04075 # ARLINGTON/FAIRFAX VIRGINIA HIGH 703/352-3136
04075 # BETHESDA MARYLAND HIGH 703/352-3136
04075 # FAIRFAX VIRGINIA HIGH 703/352-3136
04075 # WASHINGTON D.C. HIGH 703/352-3136
04076 # FAIRFAX VIRGINIA HIGH 703/352-3136
04100 TAMPA FLORIDA MED 813/932-7070
04107 # FRESNO CALIFORNIA LOW 209/442-4328
04111 # MISSOULA MONTANA LOW 406/721-8960
04114 # CEDAR FALLS IOWA LOW 319/236-9020
04114 # WATERLOO IOWA LOW 319/236-9020
04117 # GRAND RAPIDS MICHIGAN MED 616/459-2304
04121 # ROANOKE VIRGINIA LOW 703/344-2762
04122 # MANCHESTER NEW HAMPSHIRE LOW 603/623-0409
04126 RAHWAY NEW JERSEY LOW 201/396-8550
04142 # LONGWOOD/ORLANDO FLORIDA MED 407/841-0217
04142 # ORLANDO FLORIDA MED 407/841-0217
04153 # SANTA ROSA CALIFORNIA LOW 707/527-6180
04154 # OXNARD/PRT HUENE CALIFORNIA MED 805/985-7843
04154 # PORT HUENEME CALIFORNIA MED 805/985-7843
04154 # VENTURA/HUENEME CALIFORNIA MED 805/985-7843
04157 # TUCSON ARIZONA MED 602/297-2239
04161 # ELKHART INDIANA LOW 219/293-8860
04164 # LAKELAND FLORIDA LOW 813/858-6970
04164 # WINTERHAVEN/LAKEL FLORIDA LOW 813/858-6970
04165 LAKELAND FLORIDA LOW 813/858-6970
04165 WINTERHAVEN/LAKEL FLORIDA LOW 813/858-6970
04166 # TRENTON NEW JERSEY LOW 609/394-1900
04175 ALAMEDA/OAKLAND CALIFORNIA HIGH 415/430-2900
04175 BERKELEY/OAKLAND CALIFORNIA HIGH 415/430-2900
04175 HAYWARD/OAKLAND CALIFORNIA HIGH 415/430-2900
04175 OAKLAND CALIFORNIA HIGH 415/430-2900
04212 ALBUQUERQUE NEW MEXICO MED 505/242-8344
04220 # PORTLAND MAINE LOW 207/775-5971
04222 # YOUNGSTOWN OHIO LOW 216/759-8892
04223 PHILADELPHIA PENNSYLVANIA HIGH 215/592-8309
04225 # BENTON HARBOR MICHIGAN LOW 616/925-3134
04225 # ST. JOE/BENTON HR MICHIGAN LOW 616/925-3134
04232 # HUNTINGTON/MELVIL NEW YORK MED 516/420-4579
04232 # MELVILLE NEW YORK MED 516/420-4579
04236 # ANAHEIM/NEWPRT BE CALIFORNIA HIGH 714/852-8141
04236 # IRVINE/NEWPORT BE CALIFORNIA HIGH 714/852-8141
04236 # NEWPORT BEACH CALIFORNIA HIGH 714/852-8141
04236 # SANTA ANA/NEWPRT CALIFORNIA HIGH 714/852-8141
04252 # SPRINGFIELD OHIO LOW 513/325-0511
04253 # BOISE IDAHO LOW 208/345-5951
04255 # SAN LUIS OBISPO CALIFORNIA LOW 805/549-0770 04257 MEMPHIS TENNESSEE MED 901/527-8006
04262 # ESCONDIDO/VISTA CALIFORNIA MED 619/941-6700
04262 # VISTA CALIFORNIA MED 619/941-6700
04263 # COVINA/DIAMOND CALIFORNIA MED 714/860-0057
04263 # DIAMOND BAR CALIFORNIA MED 714/860-0057
04263 # ONTARIO/DIAMOND CALIFORNIA MED 714/860-0057
04263 # POMONA/DIAMOND B CALIFORNIA MED 714/860-0057
04263 # W.COVINA/DIAMOND CALIFORNIA MED 714/860-0057
04277 ARLINGTON/FORT WO TEXAS MED 817/877-3630
04277 FORT WORTH TEXAS MED 817/877-3630
04304 # BLOOMFIELD CONNECTICUT HIGH 203/242-1986
04304 # HARTFORD/BLOOMFLD CONNECTICUT HIGH 203/242-1986
04305 # DECATUR ILLINOIS LOW 217/425-8864
04311 SPRINGFIELD ILLINOIS MED 217/525-8025
04313 NORFOLK VIRGINIA MED 804/855-7751
04313 PORTSMOUTH/NORFOL VIRGINIA MED 804/855-7751
04313 VIRGINIA BCH/NORF VIRGINIA MED 804/855-7751
04316 MINNEAPOLIS MINNESOTA HIGH 612/333-2799
04316 ST. PAUL/MINNEAPO MINNESOTA HIGH 612/333-2799
04321 # MINNEAPOLIS MINNESOTA HIGH 612/332-4024 04321 # ST PAUL/MINNEAPO MINNESOTA HIGH 612/332-4024
04325 # HEMPSTEAD NEW YORK MED 516/481-0150
04327 # SALEM OREGON LOW 503/370-4314
04330 # LUBBOCK TEXAS LOW 806/797-0765
04334 # NASHVILLE TENNESSEE HIGH 615/889-5790
04340 # BROWNSVILLE TEXAS LOW 512/548-1331
04346 ALEXANDRIA/FAIRF VIRGINIA HIGH 703/691-8200
04346 ARLINGTON/FAIRFA VIRGINIA HIGH 703/691-8200
04346 BETHESDA VIRGINIA HIGH 703/691-8200
04346 FAIRFAX VIRGINIA HIGH 703/691-8200
04346 WASHINGTON D.C. HIGH 703/691-8200
04351 # ATLANTIC CITY NEW JERSEY LOW 609/345-4050
04353 # BEVERLY HILLS/SH CALIFORNIA MED 818/789-9557
04353 # CANOGA PARK/SHRM CALIFORNIA MED 818/789-9557
04353 # SAN FERNANDO/SHR CALIFORNIA MED 818/789-9557
04353 # SHERMAN OAKS CALIFORNIA MED 818/789-9557
04353 # VAN NUYS/SHERMAN CALIFORNIA MED 818/789-9557
04353 # WEST L.A./SHRMN O CALIFORNIA MED 818/789-9557
04354 # PASCAGOULA MISSISSIPPI LOW 601/769-0121
04360 SAN DIEGO CALIFORNIA HIGH 619/296-3370
04363 # LAWRENCE KANSAS LOW 913/843-4870
04372 # NORRISTOWN PENNSYLVANIA WATS 800/###-####
04375 CONCORD NEW HAMPSHIRE LOW 603/228-4732
04406 ITHACA NEW YORK LOW 607/257-6601
04411 # BELMONT/REDWOOD C CALIFORNIA HIGH 415/361-8701
04411 # PALO ALTO/REDWD C CALIFORNIA HIGH 415/361-8701
04411 # REDWOOD CITY CALIFORNIA HIGH 415/361-8701
04415 # BIRMINGHAM ALABAMA HIGH 205/942-7898
04423 # CORPUS CHRISTI TEXAS MED 512/887-9621
04425 # MINNEAPOLIS MINNESOTA HIGH 612/332-4024
04425 # ST PAUL/MINNEAPOL MINNESOTA HIGH 612/332-4024
04430 NEWARK/WILMINGTON DELAWARE MED 302/652-2060
04430 WILMINGTON DELAWARE MED 302/652-2060
04440 # AUSTIN TEXAS HIGH 512/448-1096
04443 # COLUMBUS GEORGIA LOW 404/327-0597
04444 # COLUMBUS OHIO HIGH 614/221-1612
04447 # SALT LAKE UTAH HIGH 801/533-8152
04453 BELLEVUE/SEATTLE WASHINGTON HIGH 206/283-3677
04453 SEATTLE WASHINGTON HIGH 206/283-3677
04455 # DETROIT MICHIGAN HIGH 313/963-3460
04464 # SCRANTON PENNSYLVANIA LOW 717/348-0765
04466 # TEMPLE TEXAS LOW 817/773-0982
04467 # FREELAND MICHIGAN LOW 517/695-6751
04467 # MIDLAND/FREELAND MICHIGAN LOW 517/695-6751
04467 # SAGINAW/FREELAND MICHIGAN LOW 517/695-6751
04475 # SPRINGFIELD ILLINOIS MED 217/544-0312
04501 DETROIT MICHIGAN HIGH 313/962-2870
04504 # BURLINGAME/SO. S. CALIFORNIA LOW 415/588-3043
04504 # SAN MATEO/SOUTH S CALIFORNIA LOW 415/588-3043
04504 # SOUTH S.F. CALIFORNIA LOW 415/588-3043
04515 NEW YORK NEW YORK HIGH 212/943-4700
04516 NEW YORK NEW YORK HIGH 212/943-4700
04525 + COLUMBUS OHIO HIGH 614/224-0422
04530 CLEVELAND OHIO HIGH 216/241-0024
04542 # PLYMOUTH MICHIGAN MED 313/451-2400
04556 CONCORD/WALNUT C CALIFORNIA LOW 415/935-0370
04556 PACHECO/WALNUT CR CALIFORNIA LOW 415/935-0370
04556 PLEASNTHILL/WALNT CALIFORNIA LOW 415/935-0370
04556 WALNUT CREEK CALIFORNIA LOW 415/935-0370
04603 BELMONT/REDWOOD CALIFORNIA HIGH 415/366-1092
04603 PALO ALTO/REDWD CALIFORNIA HIGH 415/366-1092
04603 REDWOOD CITY CALIFORNIA HIGH 415/366-1092
04621 # JACKSON MISSISSIPPI LOW 601/355-9741
04650 INDEPENDENCE/MISS MISSOURI HIGH 913/384-1226
04650 KANSAS CITY/MISSI MISSOURI HIGH 913/384-1226
04650 KANSAS CITY/MISSI KANSAS HIGH 913/384-1226
04650 MISSION KANSAS HIGH 913/384-1226
04650 SHAWNEE/MISSION KANSAS HIGH 913/384-1226
04653 + MISSION KANSAS HIGH 913/384-0071
04653 + SHAWNEE/MISSION KANSAS HIGH 913/384-0071
04666 PITTSBURGH PENNSYLVANIA HIGH 412/642-6778
04667 # PITTSBURGH PENNSYLVANIA HIGH 412/642-2015
04671 # CLEVELAND OHIO HIGH 216/861-6709
04672 SYRACUSE NEW YORK MED 315/437-7111
04703 # BROOKFIELD WISCONSIN HIGH 414/785-0630
04703 # MILWAUKEE/BROOKF WISCONSIN HIGH 414/785-0630
04706 # BELLEVUE/SEATTLE WASHINGTON HIGH 206/281-7141
04706 # SEATTLE WASHINGTON HIGH 206/281-7141
04713 BOSTON MASSACHUSETTS HIGH 617/330-5107
04713 CAMBRIDGE/BOSTON MASSACHUSETTS HIGH 617/330-5107
04722 # REDDING CALIFORNIA LOW 916/241-4820
04751 # FARGO NORTH DAKOTA LOW 701/280-0210
04755 EL SEGUNDO CALIFORNIA MED 213/643-2907
04755 MAR VISTA/EL SEGU CALIFORNIA MED 213/643-2907
04755 MARINADELREY/EL S CALIFORNIA MED 213/643-2907
04755 SANTA MONICA/EL S CALIFORNIA MED 213/643-2907
04757 # WINDSOR ONTARIO CANL 519/977-7256
04764 BRIDGETON/HAZELWD MISSOURI HIGH 314/731-8002
04764 HAZELWOOD MISSOURI HIGH 314/731-8002
04764 ST. LOUIS/HAZELWO MISSOURI HIGH 314/731-8002
04765 # BRIDGETON/HAZELWO MISSOURI HIGH 314/731-8283
04765 # HAZELWOOD MISSOURI HIGH 314/731-8283
04765 # ST LOUIS/HAZELWOO MISSOURI HIGH 314/731-8283
04770 # OSHKOSH WISCONSIN LOW 414/235-7473
04771 # JACKSON TENNESSEE LOW 901/423-1244
05013 # RAPID CITY SOUTH DAKOTA LOW 605/341-4007
05017 # HELENA MONTANA LOW 406/443-0112
05021 # SIOUX CITY IOWA LOW 712/255-3834
05043 # JACKSONVILLE FLORIDA MED 904/721-8559
05044 # COLUMBIA MISSOURI LOW 314/874-2771
05046 # UPLAND CALIFORNIA LOW 714/985-1153
05063 # TRAVERSE CITY MICHIGAN LOW 616/947-0050
05100 # CINCINNATI OHIO HIGH 513/530-9021
05104 # BURLINGTON VERMONT LOW 802/864-5714
05147 # GULFPORT MISSISSIPPI LOW 601/868-2331
05151 # TWIN FALLS IDAHO LOW 208/734-0221
05206 WHITE PLAINS NEW YORK HIGH 914/328-7730
05211 # EATONTOWN/RED BAN NEW JERSEY LOW 201/758-0337
05211 # LONG BRANCH/RED B NEW JERSEY LOW 201/758-0337
05211 # RED BANK NEW JERSEY LOW 201/758-0337
05221 # FLORENCE ALABAMA LOW 205/760-0030
05241 INGLEWOOD/VERNON CALIFORNIA HIGH 213/587-0030
05241 LOS ANGELES/VERNO CALIFORNIA HIGH 213/587-0030
05241 VERNON CALIFORNIA HIGH 213/587-0030
05242 INGLEWOOD/VERNON CALIFORNIA HIGH 213/587-0030
05242 LOS ANGELES/VERNO CALIFORNIA HIGH 213/587-0030
05242 VERNON CALIFORNIA HIGH 213/587-0030
05253 # CLARKESVILLE TENNESSEE LOW 615/645-8877
05256 # DURHAM NEW HAMPSHIRE LOW 603/868-1502
05260 SPOKANE WASHINGTON MED 509/624-1549
05264 # ROCKY MOUNT NORTH CAROLINA LOW 919/937-4828
05275 # ALEXANDRIA LOUISIANA LOW 318/445-2694
05276 # LAKE CHARLES LOUISIANA LOW 318/494-1991
05277 # PHILADELPHIA PENNSYLVANIA HIGH 215/592-8750
05302 # VICKSBURG MISSISSIPPI LOW 601/638-1551
05304 # FORT PIERCE FLORIDA LOW 407/466-5661
05307 # PEORIA ILLINOIS LOW 309/637-5961
05325 # COLTON/RIVERSIDE CALIFORNIA MED 714/422-0222
05325 # RIVERSIDE CALIFORNIA MED 714/422-0222
05325 # SAN BERNADINO/RIV CALIFORNIA MED 714/422-0222
05341 # ALAMEDA/OAKLAND CALIFORNIA HIGH 415/633-1896
05341 # BERKELEY/OAKLAND CALIFORNIA HIGH 415/633-1896
05341 # HAYWARD/OAKLAND CALIFORNIA HIGH 415/633-1896
05341 # OAKLAND CALIFORNIA HIGH 415/633-1896
05350 # ANTIOCH CALIFORNIA LOW 415/754-8222
05362 # CONCORD/WALNUT CR CALIFORNIA MED 415/935-1507
05362 # PACHECO/WALNUT CR CALIFORNIA MED 415/935-1507
05362 # PLEASNTHILL/WALNT CALIFORNIA MED 415/935-1507
05362 # WALNUT CREEK CALIFORNIA MED 415/935-1507
05365 # WAUSAU WISCONSIN LOW 715/848-6171
05366 PONTIAC MICHIGAN LOW 313/338-8384
05373 # NEW YORK NEW YORK HIGH 212/809-9660
05415 # WICHITA FALLS TEXAS LOW 817/723-2386
05431 # OPELIKA ALABAMA LOW 205/742-9040
05437 # BLOOMINGTON ILLINOIS LOW 309/827-2748
05441 WICHITA KANSAS MED 316/681-0832
05443 # WICHITA KANSAS MED 316/681-2719
05456 # PATERSON NEW JERSEY MED 201/742-0752
05456 # RIDGEWOOD/PATERSO NEW JERSEY MED 201/742-0752
05456 # WAYNE/PATERSON NEW JERSEY MED 201/742-0752
05464 BROCKTON/RANDOLPH MASSACHUSETTS LOW 617/986-0500
05464 RANDOLPH MASSACHUSETTS LOW 617/986-0500
05500 # AURORA/DENVER COLORADO HIGH 303/832-3447
05500 # BOULDER/DENVER COLORADO HIGH 303/832-3447
05500 # DENVER COLORADO HIGH 303/832-3447
05502 # JEFFERSON CITY MISSOURI LOW 314/634-8296
05503 # MCALLEN TEXAS LOW 512/631-6101
05504 # COEUR D’ALENE IDAHO LOW 208/765-1465
05514 # LONGVIEW WASHINGTON LOW 206/423-9072
05520 # LOUISVILLE KENTUCKY MED 502/499-9825
05523 NASHVILLE TENNESSEE HIGH 615/885-3530
05524 # PAWTUCKET/PROVDEN RHODE ISLAND HIGH 401/274-7380
05524 # PROVIDENCE RHODE ISLAND HIGH 401/274-7380
05524 # WARWICK/PROVIDENC RHODE ISLAND HIGH 401/274-7380
05526 # ALTOONA PENNSYLVANIA LOW 814/943-5848
05531 OCALA FLORIDA LOW 904/351-0305
05537 # COATESVILLE PENNSYLVANIA LOW 215/383-0440
05537 # DOWNINGTON/COATSV PENNSYLVANIA LOW 215/383-0440
05544 BROOKFIELD WISCONSIN HIGH 414/796-1087
05550 # BREMERTON WASHINGTON LOW 206/377-2792
05551 # LAKE BLUFF ILLINOIS LOW 708/295-7075
05551 # LIBRTYVLE/LAKE BL ILLINOIS LOW 708/295-7075 05552 # LAKE BLUFF ILLINOIS LOW 708/295-7075
05552 # LIBRTYVLE/LAKE BL ILLINOIS LOW 708/295-7075
05553 # BALTIMORE MARYLAND HIGH 301/528-9296
05554 # BALTIMORE MARYLAND HIGH 301/528-9296
05603 # YUMA ARIZONA LOW 602/343-9000
05605 ROCKFORD ILLINOIS MED 815/654-1900
05626 GALVESTON TEXAS LOW 409/762-8053
05626 TEXAS CITY/GALVES TEXAS LOW 409/762-8053
05627 # ELIZABETH/NEWARK NEW JERSEY HIGH 201/824-3044
05627 # JERSEY CITY/NEWRK NEW JERSEY HIGH 201/824-3044
05627 # NEWARK NEW JERSEY HIGH 201/824-3044
05627 # UNION/NEWARK NEW JERSEY HIGH 210/824-3044
05646 # SAN DIEGO CALIFORNIA HIGH 619/296-8747
05650 # CENTEREACH/LK GRV NEW YORK MED 516/471-6080
05650 # LAKE GROVE NEW YORK MED 516/471-6080
05650 # RONKONKOMA/LK GRV NEW YORK MED 516/471-6080
05671 # AMES IOWA LOW 515/232-0157
05672 + INDIANAPOLIS INDIANA HIGH 317/687-0305
05710 # SIOUX FALLS SOUTH DAKOTA LOW 605/334-0085
05715 # BRIDGETON/HAZELWO MISSOURI HIGH 314/731-8283 05715 # HAZELWOOD MISSOURI HIGH 314/731-8283
05715 # ST LOUIS/HAZELWD MISSOURI HIGH 314/731-8283
05716 # MANHATTAN KANSAS LOW 913/776-9803
05717 BRIDGETON/HAZELWD MISSOURI HIGH 314/731-0703
05717 HAZELWOOD MISSOURI HIGH 314/731-0703
05717 ST. LOUIS/HAZELWD MISSOURI HIGH 314/731-0703
05733 GAINESVILLE FLORIDA LOW 904/335-0544
05734 # BRYAN TEXAS LOW 409/823-1090
05734 # CLG STATN/BRYAN TEXAS LOW 409/823-1090
05763 # PHOENIX ARIZONA HIGH 602/258-0554
05763 # PHOENIX ARIZONA HIGH 602/258-0554
05773 # TORONTO ONTARIO CANH 416/365-7630
05774 # LEXINGTON KENTUCKY MED 606/266-7063
06003 # TORONTO ONTARIO CANH 416/365-7630
06014 ROSEVILLE MICHIGAN LOW 313/774-1000
06022 # SANTA MARIA CALIFORNIA LOW 805/922-3308
06035 ENGLEWOOD CLIFFS NEW JERSEY MED 201/567-9841
06035 FAIR LAWN/ENGLWD NEW JERSEY MED 201/567-9841
06037 # ENGLEWOOD CLIFFS NEW JERSEY MED 201/567-8951
06046 # PULLMAN WASHINGTON LOW 509/332-3760
06056 SAIPAN SAIPAN INTL 671/234-1121
06056 SAIPAN GUAM INTL 670/234-1121
06105 CHARLOTTE NORTH CAROLINA HIGH 704/377-0521
06106 OMAHA NEBRASKA MED 402/393-0903
06130 # MACON/WARNER ROBI GEORGIA LOW 912/923-7590
06130 # WARNER ROBINS GEORGIA LOW 912/923-7590
06147 # VISALIA CALIFORNIA LOW 209/625-4891
06151 # CINCINNATI OHIO HIGH 513/530-9021
06221 # LARAMIE WYOMING LOW 307/742-9441
06225 + SAN ANTONIO TEXAS HIGH 512-225-3213
06242 # FREDERICK/MYERSVI MARYLAND LOW 301/293-9504
06242 # HAGERSTOWN/MYERSV MARYLAND LOW 301/293-9504
06242 # MYERSVILLE MARYLAND LOW 301/293-9504
06256 ALEXANDRIA/FAIRFA VIRGINIA HIGH 703/385-7587
06256 ARLINGTON/FAIRFAX VIRGINIA HIGH 703/385-7587
06256 BETHESDA MARYLAND HIGH 703/385-7587
06256 FAIRFAX VIRGINIA HIGH 703/385-7587
06256 WASHINGTON D.C. HIGH 703/385-7587
06301 + REDWOOD CITY CALIFORNIA LOW 415/367-0334
06305 # FAYETTEVILLE ARKANSAS LOW 501/442-0234
06321 # CHICAGO ILLINOIS HIGH 312/922-6571
06324 CHICAGO ILLINOIS HIGH 312/427-7579
06325 # CHICAGO ILLINOIS HIGH 312/922-6571
06341 # FAYETTEVILLE NORTH CAROLINA LOW 919/486-0103
06342 # UTICA NEW YORK LOW 315/797-7001
06343 SPARTANBURG SOUTH CAROLINA LOW 803/585-0016
06346 # PORT ST. LUCIE FLORIDA LOW 407/337-1992
06347 # NEW CITY NEW YORK LOW 914/634-0388
06350 # NEDERLAND TEXAS LOG 409/721-3400
06350 # PORT ARTHUR TEXAS LOW 409/721-3400
06376 # KISSIMMEE FLORIDA LOW 407/933-8425
06407 # CEDAR RAPIDS IOWA LOW 319/363-7514
06412 # ATHENS GEORGIA LOW 404/548-7006
06421 # LAWRENCE MASSACHUSETTS LOW 508/683-2680
06457 # ANAHEIM/NEWPRT BE CALIFORNIA HIGH 714/852-8141
06462 PERINTON/PITTSFRD NEW YORK HIGH 716/385-5817
06462 PITTSFORD NEW YORK HIGH 716/385-5817
06462 ROCHESTER/PITTSFO NEW YORK HIGH 716/385-5817
06464 # PERINTON/PITTSFOR NEW YORK HIGH 716/385-5710
06464 # PITTSFORD NEW YORK HIGH 716/385-5710
06464 # ROCHESTER/PITTSFO NEW YORK HIGH 716/385-5710
06472 PISCATAWAY NEW JERSEY HIGH 201/562-9700
06501 OKLAHOMA CITY OKLAHOMA HIGH 405/495-8201
06506 + OKLAHOMA CITY OKLAHOMA HIGH 405/787-0684
06507 # OKLAHOMA CITY OKLAHOMA HIGH 405/495-9201
06521 # WHITE PLAINS NEW YORK HIGH 914/761-9590
06522 PAWTUCKET/PROVDEN RHODE ISLAND HIGH 401/273-0200
06522 PROVIDENCE RHODE ISLAND HIGH 401/273-0200
06522 WARWICK/PROVIDENC RHODE ISLAND HIGH 401/273-0200
06525 # NEW ORLEANS LOUISIANA HIGH 504/525-2014
06532 NEW ORLEANS LOUISIANA HIGH 504/522-1370
06544 # PISCATAWAY NEW JERSEY HIGH 201/562-8550
06546 # GARY INDIANA LOW 219/885-0002
06546 # HAMMOND/GARY INDIANA LOW 219/885-0002
06546 # HIGHLAND/GARY INDIANA LOW 219/885-0002
06551 # BELLINGHAM WASHINGTON LOW 206/671-5990
06563 OLYMPIA WASHINGTON LOW 206/943-9050
06564 EVERETT WASHINGTON LOW 206/258-1018
06570 + PITTSBURGH PENNSYLVANIA LOW 412/642-2271
06574 MIAMI FLORIDA HIGH 305/599-2900
06575 # INGLEWOOD CALIFORNIA HIGH 213/587-7514
06575 # LOS ANGELES/VERNO CALIFORNIA HIGH 213/587-7514
06575 # VERNON CALIFORNIA HIGH 213/587-7514
06605 # LOS ALTOS/SAN JOS CALIFORNIA HIGH 408/432-8618
06605 # SAN JOSE CALIFORNIA HIGH 408/432-8618
06605 # SANTA CLARA/SAN J CALIFORNIA HIGH 408/432-8618
06605 # SUNNYVALE/SAN JOS CALIFORNIA HIGH 408/432-8618
06624 # NEW HAVEN/NO. HAV CONNECTICUT MED 203/787-4674
06626 LEXINGTON KENTUCKY MED 606/266-0019
06645 # CHAPEL HILL/DURHA NORTH CAROLINA MED 919/549-9025
06645 # DURHAM NORTH CAROLINA MED 919/549-9025
06651 AURORA/DENVER COLORADO HIGH 303/830-8530
06651 BOULDER/DENVER COLORADO HIGH 303/830-8530
06651 DENVER COLORADO HIGH 303/830-8530
06655 # AURORA/DENVER COLORADO HIGH 303/832-3447
06655 # BOULDER/DENVER COLORADO HIGH 303/832-3447
06655 # DENVER COLORADO HIGH 303/832-3447
06660 ELMIRA NEW YORK LOW 607/737-9065
06674 HOUSTON TEXAS HIGH 713/556-6700
06675 # STATE COLLEGE PENNSYLVANIA LOW 814/234-3853
06704 HOUSTON TEXAS HIGH 713/556-6700
06715 MIDLOTHIAN/RICHMO VIRGINIA MED 804/330-2465
06715 RICHMOND VIRGINIA MED 804/330-2465
06754 # KITCHENER ONTARIO CANL 519/742-7613
06762 # MARQUETTE MICHIGAN LOW 906/228-3780
06770 # FT. LAUDERDALE FLORIDA MED 305/467-1870 06770 # HOLLYWD/FT LDRDL FLORIDA MED 305/467-1870
06770 # PMPN BCH/FT LDRDL FLORIDA MED 305/467-1870
06771 # FT. SMITH ARKANSAS LOW 501/782-2486
06774 # TOPEKA KANSAS LOW 913/234-3070
07001 BOSTON MASSACHUSETTS HIGH 617/439-3400
07001 CAMBRIDGE/BOSTON MASSACHUSETTS HIGH 617/439-3400
07005 DETROIT MICHIGAN HIGH 313/964-1225
07024 # LONGVIEW TEXAS LOW 214/236-7475
07026 # CHARLOTTE NORTH CAROLINA HIGH 704/374-0803
07031 # ALBANY GEORGIA LOW 912/888-9282
07042 # NASHUA NEW HAMPSHIRE MED 603/882-0435
07042 # SALEM/NASHUA NEW HAMPSHIRE MED 603/882-0435
07043 # SARASOTA FLORIDA LOW 813/952-9000
07054 # NEW YORK NEW YORK HIGH 212/809-9660
07061 # NEW YORK NEW YORK HIGH 212/809-9660
07062 # NEW YORK NEW YORK HIGH 212/809-9660
07075 CINCINNATI OHIO HIGH 513/530-9019
07107 BARRE/MONTPELIER VERMONT LOW 802/229-4508
07107 MONTPELIER VERMONT LOW 802/229-4508
07117 # FREMONT CALIFORNIA MED 415/490-7366
07121 # OMAHA NEBRASKA MED 402/393-1305
07124 # BISMARK NORTH DAKOTA LOW 701/255-0869
07126 # ROLLA MISSOURI LOW 314/364-2084
07140 + CINCINNATI OHIO HIGH 513/489-1032
07144 # PORTLAND OREGON HIGH503/222-2151
07145 # PORTLAND OREGON HIGH 503/222-2151
07147 PORTLAND OREGON HIGH 503/222-0900
07150 # BOCA RATON/DELRAY FLORIDA LOW 407/272-7900
07150 # DELRAY FLORIDA LOW 407/272-7900
07154 # GREAT FALLS MONTANA LOW 406/727-9510
07176 SAN JUAN PUERTO RICO INTL 809/725-1882
07176 SAN JUAN PUERTO RICO INTL 809/725-4343
07200 # PUEBLO COLORADO LOW 719/543-9712
07205 LOS ALTOS/SAN JOS CALIFORNIA HIGH 408/432-3430
07205 SAN JOSE CALIFORNIA HIGH 408/432-3430
07205 SANTA CLARA/SAN J CALIFORNIA HIGH 408/432-3430
07205 SUNNYVALE/SAN JOS CALIFORNIA HIGH 408/432-3430
07210 FALL RIVER/SOMERS MASSACHUSETTS LOW 508/676-3087
07210 SOMERSET MASSACHUSETTS LOW 508/676-3087
07214 MIDDLETOWN RHODE ISLAND LOW 401/849-1660
07214 NEWPORT/MIDDLETWN RHODE ISLAND LOW 401/849-1660
07216 # MT. PENN PENNSYLVANIA LOW 215/779-9580
07216 # READING/MT. PENN PENNSYLVANIA LOW 215/779-9580
07217 # GREENSBURG PENNSYLVANIA LOW 412/836-4470
07217 # LATROBE/GREENSBUR PENNSYLVANIA LOW 412/836-4470
07220 BRIDGEPORT CONNECTICUT MED 203/579-1479
07220 STRATFORD/BRIDGEP CONNECTICUT MED 203/579-1479
07223 # DAYTON OHIO MED 513/898-0696
07226 OGDEN UTAH LOW 801/393-5280
07236 # WHITE PLAINS NEW YORK HIGH 914/761-9590
07241 # GREENVILLE NORTH CAROLINA LOW 919/758-0102
07242 # HIGH POINT NORTH CAROLINA LOW 919/883-6121
07243 # PARKERSBURG WEST VIRGINIA LOW 304/485-9470
07264 MIAMI FLORIDA HIGH 305/592-2357
07301 # ROME GEORGIA LOW 404/234-0102
07303 # DANVILLE ILLINOIS LOW 217/442-1452
07305 # KENOSHA WISCONSIN LOW 414/553-9044
07305 # RACINE/KENOSHA WISCONSIN LOW 414/553-9044
07306 # DAVENPORT/RKISLND IOWA MED 309/788-3713
07306 # ROCK ISLAND ILLINOIS MED 309/788-3713
07312 # AGANA HEIGHTS GUAM INTL 671/477-2222
07315 # ABERDEEN MARYLAND LOW 301/273-7100
07316 # WILMINGTON NORTH CAROLINA LOW 919/762-1865
07322 # GREELEY COLORADO LOW 303/352-0960
07331 LEVITTOWN PENNSYLVANIA LOW 215/943-3700
07332 PITTSFIELD MASSACHUSETTS LOW 413/499-0971
07333 # WARREN OHIO LOW 216/392-2542
07336 # ARDMORE OKLAHOMA LOW 405/226-1260
07340 GRAND FORKS NORTH DAKOTA LOW 701/746-0344
07364 # CORNING NEW YORK LOW 607/962-4481
07371 # HUNTINGTON WEST VIRGINIA LOW 304/523-8432
07372 # PETERSBURG VIRGINIA LOW 804/861-1788
07374 # TAUNTON MASSACHUSETTS LOW 508/824-6692
07375 # HANOVER NEW HAMPSHIRE LOW 603/643-4011
07377 # SAN FRANCISCO CALIFORNIA HIGH 415/543-0691
07404 # LONG BEACH CALIFORNIA MED 213/436-6033
07404 # NORWALK/LONG BEAC CALIFORNIA MED 213/436-6033
07404 # SAN PEDRO/LONG BE CALIFORNIA MED 213/436-6033
07413 + NEWARK NEW JERSEY LOW 201/824-4201
07417 SAN FRANCISCO CALIFORNIA HIGH 415/495-7220
07420 # SAN FRANCISCO CALIFORNIA HIGH 415/543-0691
07432 LYNDHURST/UNION C NEW JERSEY HIGH 201/864-8468
07432 UNION CITY NEW JERSEY HIGH 201/864-8468
07434 DAVIS CALIFORNIA LOW 916/758-3551
07434 WOODLAND/DAVIS CALIFORNIA LOW 916/758-3551
07447 # BUTTE MONTANA LOW 406/494-6682
07450 DALLAS TEXAS HIGH 214/637-3012
07454 # TERRE HAUTE INDIANA LOW 812/232-0112
07455 LAFAYETTE INDIANA LOW 317/423-4616
07456 # DUBUQUE IOWA LOW 319/582-3599
07457 # MINOT NORTH DAKOTA LOW 701/839-4210
07460 # BELOIT WISCONSIN LOW 608/362-4655
07460 # JANESVILLE/BELOIT WISCONSIN LOW 608/362-4655
07463 # HOT SPRINGS ARKANSAS LOW 501/623-3576
07464 JONESBORO ARKANSAS LOW 501/935-7957
07465 # CADILLAC MICHIGAN LOW 616/775-9242
07466 # MUSKEGON MICHIGAN LOW 616/739-3453
07467 # PORT HURON MICHIGAN LOW 313/982-0301
07471 # BOWLING GREEN KENTUCKY LOW 502/781-5711
07472 # MANSFIELD OHIO LOW 419/529-3303
07510 ST THOMAS US VIRGIN ISL INTL 809/774-7099
07510 ST THOMAS US VIRGIN ISL INTL 809/776-7084
07511 # DOVER DELAWARE LOW 302/678-9545
07522 # SAN ANGELO TEXAS LOW 915/658-4590
07525 BOSTON MASSACHUSETTS HIGH 617/439-3400
07525 CAMBRIDGE/BOSTON MASSACHUSETTS HIGH 617/439-3400
07533 INGLEWOOD/VERNON CALIFORNIA HIGH 213/588-8128
07533 LOS ANGELES/VERNO CALIFORNIA HIGH 213/588-8128
07533 VERNON CALIFORNIA HIGH 213/588-8128
07540 # CALGARY ALBERTA CANH 403/232-6653
07542 + SACRAMENTO CALIFORNIA LOW 916/442-0992
07571 # SALISBURY MARYLAND LOW 301/860-0480
07607 # GASTONIA NORTH CAROLINA LOW 704/867-2203
07610 LYNN MASSACHUSETTS LOW 617/593-4051
07625 # LOWELL MASSACHUSETTS LOW 508/452-5112
07631 # AUBURN WASHINGTON LOW 206/735-3975
07631 # ENUMCLAW/AUBURN WASHINGTON LOW 206/735-3975
07636 # SANTA FE NEW MEXICO LOW 505/471-0606
07646 # MONROE LOUISIANA LOW 318/388-8810
07650 # KOKOMO INDIANA LOW 317/453-7818
07651 # APPLETON WISCONSIN LOW 414/730-8029
07652 CORONA CALIFORNIA LOW 714/737-5510
07653 # POWAY CALIFORNIA LOW 619/679-0200
07655 # NORRISTOWN PENNSYLVANIA WATS 800/###-####
07656 # NORRISTOWN PENNSYLVANIA WATS 800/###-####
07664 # MADISON WISCONSIN LOW 608/221-0891
07675 DUNDAS ONTARIO CANH 416/628-5908
07675 HAMILTON/DUNDAS ONTARIO CANH 416/628-5908
07676 NEWPORT NEWS VIRGINIA MED 804/596-0898
07677 # FITCHBURG/LEOMINS MASSACHUSETTS LOW 508/537-6451
07677 # LEOMINSTER MASSACHUSETTS LOW 508/537-6451
07706 # MUNCIE INDIANA LOW 317/284-7821
07712 # VERO BEACH FLORIDA LOW 407/569-8207
07714 # MERIDIAN MISSISSIPPI LOW 601/482-4335
07717 # BAYTOWN TEXAS LOW 713/420-3389
07721 # FREEPORT ILLINOIS LOW 815/232-7111
07723 # DOTHAN ALABAMA LOW 205/794-7954
07725 # PANAMA CITY FLORIDA LOW 904/769-0709
07726 # LEAVENWORTH KANSAS LOW 913/651-8094
07730 # SALINA KANSAS LOW 913/825-4845
07731 CICERO/MAYWOOD ILLINOIS LOW 708/345-9100
07731 FOREST PARK/MAYWO ILLINOIS LOW 708/345-9100
07731 MAYWOOD ILLINOIS LOW 708/345-9100
07733 # MARION INDIANA LOW 317/662-1928
07735 ATTLEBORO MASSACHUSETTS LOW 508/226-6441
07736 WOONSOCKET RHODE ISLAND LOW 401/765-5994
07737 # LYNCHBURG VIRGINIA LOW 804/846-0213
07743 HOLYOKE/SPRINGFIE MASSACHUSETTS MED 413/787-0048
07743 SPRINGFIELD MASSACHUSETTS MED 413/787-0048
07747 WILLIAMSPORT PENNSYLVANIA LOW 717/323-0386
07776 MIDLAND TEXAS LOW 915/561-8401
07776 ODESSA/MIDLAND TEXAS LOW 915/561-8401
10021 # HOUSTON TEXAS HIGH 713/496-1332
10027 # KANNAPOLIS NORTH CAROLINA LOW 704/932-4131
10031 # BEDFORD MASSACHUSETTS LOW 617/271-0420
10031 # WOBURN/BEDFORD MASSACHUSETTS LOW 617/271-0420
10034 BALTIMORE MARYLAND HIGH 301/659-7460
10036 # MERCED CALIFORNIA LOW 209/383-7593
10044 # KNOXVILLE TENNESSEE MED 615/693-0498
10061 BUFFALO NEW YORK MED 716/893-1306
10071 YORK PENNSYLVANIA LOW 717/848-9850
10072 # FAIRFIELD CALIFORNIA LOW 707/426-5900
10100 # CORVALLIS OREGON LOW 503/757-6341
10103 ANN ARBOR MICHIGAN MED 313/973-0166
10105 # CAMDEN/PENNSAUKEN NEW JERSEY MED 609/665-5902
10105 # CHERRY HILL/PENNS NEW JERSEY MED 609/665-5902
10105 # PENNSAUKEN NEW JERSEY MED 609/665-5902
10113 # WESTPORT CONNECTICUT MED 203/454-2129
10115 # MIDLOTHIAN/RICHMO VIRGINIA MED 804/330-2673
10115 # RICHMOND VIRGINIA MED 804/330-2673
10122 OTTAWA ONTARIO CANH 613/563-2910
10122 OTTAWA ONTARIO CANH 613/563-2970
10130 # SACRAMENTO CALIFORNIA HIGH 916/447-7434
10133 ATLANTA/DORAVILLE GEORGIA HIGH 404/451-2208
10133 DORAVILLE GEORGIA HIGH 404/451-2208
10133 MARIETTA/DORAVILL GEORGIA HIGH 404/451-2208
10133 NORCROSS/DORAVILL GEORGIA HIGH 404/451-2208
10134 ATLANTA/DORAVILLE GEORGIA HIGH 404/451-2208
10134 DORAVILLE GEORGIA HIGH 404/451-2208
10134 MARIETTA/DORAVILL GEORGIA HIGH 404/451-2208
10134 NORCROSS/DORAVILL GEORGIA HIGH 404/451-2208
10153 + SOUTH BRUNSWICK NEW JERSEY HIGH 609/452-8388
10170 JOHNSTOWN PENNSYLVANIA LOW 814/539-5059
10171 JAMESTOWN NEW YORK LOW 716/488-0794
10172 # SOMERS CONNECTICUT LOW 203/763-3521
10203 # ATLANTA/DORAVILLE GEORGIA HIGH 404/451-3362
10203 # DORAVILLE GEORGIA HIGH 404/451-3362
10203 # MARIETTA/DORAVILL GEORGIA HIGH 404/451-3362
10203 # NORCROSS/DORAVILL GEORGIA HIGH 404/451-3362
10204 # ATLANTA/DORAVILLE GEORGIA HIGH 404/451-3362
10204 # ATLANTA/DORAVILLE GEORGIA HIGH 404/451-3362
10204 # MARIETTA/DORAVILL GEORGIA HIGH 404/451-3362
10204 # NORCROSS/DORAVILL GEORGIA MED 404/451-3362
10212 HAMILTON OHIO LOW 513/874-1744
10213 # OCALA FLORIDA LOW 904/732-3707
10221 # NAPLES FLORIDA LOW 813/434-8080
10233 # CLEVELAND OHIO HIGH 216/861-6709
10244 # ALHAMBRA CALIFORNIA MED 818/308-1994
10244 # ARCADIA/ALHAMBRA CALIFORNIA MED 818/308-1994
10244 # EL MONTE/ALHAMBRA CALIFORNIA MED 818/308-1994
10244 # PASADENA/ALHAMBRA CALIFORNIA MED 818/308-1994
10247 # BRADLEY ILLINOIS LOW 815/935-2352
10247 # KANKAKEE/BRADLEY ILLINOIS LOW 815/935-2352
10254 ATLANTA/DORAVILLE GEORGIA HIGH 404/451-1546
10254 DORAVILLE GEORGIA HIGH 404/451-1546
10254 MARIETTA/DORAVILL GEORGIA HIGH 404/451-1546
10254 NORCROSS/DORAVILL GEORGIA HIGH 404/451-1546
10255 # LAREDO TEXAS LOW 512/727-8308
10256 # HAMPTON VIRGINIA MED 804/727-0572
10261 # SHEBOYGAN WISCONSIN LOW 414/457-6128
10301 # ABILENE TEXAS LOW 915/676-0091
10305 # GADSDEN ALABAMA LOW 205/543-3550
10307 # ANN ARBOR MICHIGAN MED 313/973-7935
10320 # IOWA CITY IOWA LOW 319/354-3633 10325 # INGLEWOOD/VERNON CALIFORNIA HIGH 213/587-7514
10325 # LOS ANGELES/VRN CALIFORNIA HIGH 213/587-7514
10325 # VERNON CALIFORNIA HIGH 213/587-7514
10337 LOUISVILLE KENTUCKY MED 502/499-7110
10346 # NORFOLK VIRGINIA MED 804/857-0148
10346 # PORTSMOUTH/NRFLK VIRGINIA MED 804/857-0148
10346 # VA BCH/NRFLK VIRGINIA MED 804/857-0148
10363 # EL SEGUNDO CALIFORNIA MED 213/643-4228
10363 # MAR VISTA/EL SGND CALIFORNIA MED 213/643-4228
10363 # MARINADELREY/EL S CALIFORNIA MED 213/643-4228
10363 # SANTA MONICA/EL S CALIFORNIA MED 213/643-4228
10432 LANSING ILLINOIS LOW 708/474-1422
10436 # CONCORD/WLNT CRK CALIFORNIA MED `415/935-1507
10436 # PACHECO/WALNT CRK CALIFORNIA MED 415/935-1507
10436 # PLEASNTHILL/WALNT CALIFORNIA MED 415/935-1507
10436 # WALNUT CREEK CALIFORNIA MED 415/935-1507
10464 # QUEBEC CITY QUEBEC CANH 418/647-1116
10470 # ARLINGTON/FORT W TEXAS MED 817/332-9397
10470 # FORT WORTH TEXAS MED 817/332-9397
10471 JOLIET ILLINOIS LOW 815/727-2169
10472 WINDSOR NEW YORK LOW 914/561-9103
10474 # MONTEREY CALIFORNIA LOW 408/375-2644
10506 # JOHNSON CITY TENNESSEE LOW 615/928-9544
10510 # LAFAYETTE LOUISIANA LOW 318/234-8255
10515 # BOSTON MASSACHUSETTS HIGH 617/439-3531
10515 # CAMBRIDGE/BOSTON MASSACHUSETTS HIGH 617/439-3531
10516 # CHARLOTTESVILLE VIRGINIA LOW 804/977-5661
10520 # BOSTON MASSACHUSETTS HIGH 617/439-3531
10520 # cAMBRIDGE/BOSTON MASSACHUSETTS HIGH 617/439-3531
10521 # BOSTON MASSACHUSETTS HIGH 617/439-3531
10521 # CAMBRIDGE/BOSTON MASSACHUSETTS HIGH 617/439-3531
10542 # ALLEN/McKINNEY TEXAS LOW 214/542-2641
10542 # McKINNEY TEXAS LOW 214/542-2641
10543 AKRON OHIO MED 216/376-6227
10546 # AKRON OHIO MED 216/376-8330
10560 # ROCKVILLE MARYLAND LOW 301/869-2700
10561 SAN JOSE CALIFORNIA WATS 800/###-####
10561 SANTA CLARA/SAN CALIFORNIA WATS 800/###-####
10567 # CHAPEL HILL/DURHA NORTH CAROLINA MED 919/549-9025
10567 # DURHAM NORTH CAROLINA MED 919/549-9025
10570 BOZEMAN MONTANA LOW 406/585-9719
10573 MAUI HAWAII LOW 808/242-8411
10574 HILO HAWAII MED 808/935-5717
10601 # AUGUSTA MAINE LOW 207/622-3083
10602 # CAPE GIRARDEAU MISSOURI LOW 314/335-1518
10603 # ELYRIA OHIO LOW 216/324-7156
10604 # FLORENCE SOUTH CAROLINA LOW 803/664-0550
10605 # KINGSTON NEW YORK LOW 914/336-2790
10612 MONTREAL/ST. LAUR QUEBEC CANH 514/747-2996
10612 MONTREAL/ST. LAUR QUEBEC CANH 514/747-1370
10612 VILLE ST. LAURENT QUEBEC CANH 514/747-2996
10612 VILLE ST. LAURENT QUEBEC CANH 514/747-1370
10615 SECANE PENNSYLVANIA LOW 215/543-3045
10617 # E. ST. LOUIS ILLINOIS LOW 618/874-5702
10621 PRINCETON/SO. BRN NEW JERSEY HIGH 609/452-1018
10621 SOUTH BRUNSWICK NEW JERSEY HIGH 609/452-1018
10622 # SOUTH BRUNSWICK NEW JERSEY HIGH 609/452-9529
10622 # SOUTH BRUNSWICK NEW JERSEY HIGH 609/452-9529
10631 HONOLULU HAWAII MED 808/545-7610
10632 # HONOLULU HAWAII MED 808/528-5300
10673 # SPRINGFIELD MISSOURI LOW 417/881-6225
044
11013 # SPRINGFIELD/EUGEN OREGON LOW 503/343-0044
11014 # WACO TEXAS LOW 817/776-0880
11015 # KILLEEN TEXAS LOW 817/526-8118
11016 # SPOKANE WASHINGTON LOW 509/747-3011
11026 # SLIDELL LOUISIANA LOW 504/646-2900
11035 # CLEARWATER FLORIDA MED 813/441-1621
11035 # ST. PETERSBRG/CLR FLORIDA MED 813/441-1621
11052 # EUREKA CALIFORNIA LOW 707/445-3021
11052 # EUREKA CALIFORNIA LOW 707/445-9271
11053 PROVO UTAH LOW 801/373-2192
11063 # CUMBERLAND MARYLAND LOW 301/777-9320
11067 # AUBURN MAINE LOW 207/795-6013
11067 # LEWISTON/AUBURN MAINE LOW 207/795-6013
11120 # EL PASO TEXAS MED 915/533-1453
11121 # EL PASO TEXAS MED 915/533-1453
11123 # BUFFALO NEW YORK MED 716/893-1014
11130 # HOUSTON TEXAS HIGH 713/496-1332
11144 + GRAND RAPIDS MICHIGAN MED 616/458-9252
11150 # CHICAGO ILLINOIS WATS 800/###-####
11151 # CHICAGO ILLINOIS WATS 800/###-####
11152 # CHICAGO ILLINOIS WATS 800/###-####
11161 # WINSTON-SALEM NORTH CAROLINA MED 919/765-1221
11162 # CHARLESTON SOUTH CAROLINA LOW 803/553-0860
11207 # O’FALLON ILLINOIS LOW 618/632-3993
11231 # LANCASTER PENNSYLVANIA LOW 717/569-1081
11236 # LANSING MICHIGAN MED 517/484-5344
11237 # COLUMBIA SOUTH CAROLINA MED 803/252-7375
11240 # GREENVILLE SOUTH CAROLINA MED 803/233-5621
11241 # MOBILE ALABAMA MED 205/460-2515
11242 # LAKE ZURICH/PALAT ILLINOIS LOW 708/991-7171
11242 # PALATINE ILLINOIS LOW 708/991-7171
11251 # DENTON TEXAS LOW 817/565-0552
11252 # VANCOUVER WASHINGTON LOW 206/574-0427
11257 # LITTLE ROCK ARKANSAS MED 501/666-6886
11266 # FORT COLLINS COLORADO LOW 303/224-9819
11267 # AMARILLO TEXAS LOW 806/355-7088
11270 # SAN RAFAEL CALIFORNIA LOW 415/453-2087 11271 # CATHEDRAL CITY CALIFORNIA LOW 619/324-0920
11271 # PALM SPRNGS/CATH CALIFORNIA LOW 619/324-0920
11272 # MOORPARK CALIFORNIA LOW 805/523-0203
11273 # SAN CLEMENTE CALIFORNIA LOW 714/240-9424
11274 # MISHAWAKA/SOUTH B INDIANA MED 219/234-6410
11274 # SOUTH BEND INDIANA MED 219/234-6410
11275 # BRIDGEPORT CONNECTICUT MED 203/332-7256
11276 # SYRACUSE NEW YORK MED 315/433-1593
11300 # TOLEDO OHIO LOW 419/255-7705
11301 ALTOONA PENNSYLVANIA MED 814/946-8639
11301 # HARRISBURG/LEMOYN PENNSYLVANIA MED 717/975-9881
11301 # LEMOYNE PENNSYLVANIA MED 717/975-9881
11304 # NEWARK/WILMINGTON DELAWARE MED 302/652-2036
11304 # WILMINGTON DELAWARE MED 302/652-2036
11305 # LYNDHURST/UNION C NEW JERSEY HIGH 201/864-0995
11305 # UNION CITY NEW JERSEY HIGH 201/864-0995
11306 # HOLYOKE/SPRINGFIE MASSACHUSETTS MED 413/785-1762
11306 # SPRINGFIELD MASSACHUSETTS MED 413/785-1762
11307 # ROCKFORD ILLINOIS MED 815/633-2080
11313 LITTLE ROCK ARKANSAS MED 501/666-6024
11315 # OAKRIDGE TENNESSEE LOW 615/482-1466
11321 # NORTHPORT ALABAMA LOW 205/758-1116
11321 # TUSCALOOSA/NORTHP ALABAMA LOW 205/758-1116
11323 # OWENSBORO KENTUCKY LOW 502/685-0959
11356 # ASHEVILLE NORTH CAROLINA LOW 704/253-8945
11360 # BOULDER CITY NEVADA MED 702/294-0602
11360 # LAS VEGAS/BLDR CI NEVADA MED 702/294-0602
11362 # STAMFORD CONNECTICUT HIGH 203/327-2974
11371 SANTA BARBARA CALIFORNIA MED 805/564-2354
11372 # SANTA BARBARA CALIFORNIA MED 805/965-1612
11402 # MODESTO CALIFORNIA LOW 209/527-0150
11405 # MARLBOROUGH MASSACHUSETTS LOW 508/481-0026
11406 # AUGUSTA/MARTINEZ GEORGIA LOW 404/855-0442
11406 # MARTINEZ GEORGIA LOW 404/855-0442
11417 # PHILADELPHIA PENNSYLVANIA HIGH 215/592-8750
11422 RANDOLPH MASSACHUSETTS LOW 617/986-0500
11451 # BATTLE CREEK MICHIGAN LOW 616/964-9303
11452 # HARRISONBURG VIRGINIA LOW 703/433-6333 11453 # GROTON MASSACHUSETTS LOW 508/448-9361 11663 # ANNAPOLIS MARYLAND LOW 301-224-0520 11671 # ROCHESTER MINNESOTA LOW 507/282-0830 11702 # GEORGETOWN DELAWARE LOW 302/856-1788 11741 # DULUTH MINNESOTA LOW 218/722-0655
11743 # NORTHFIELD ILLINOIS LOW 708/501-4536
11752 # WEST BEND WISCONSIN LOW 414/334-1755
11754 # VICTORIA TEXAS LOW 512/576-9200

TYMNET ACCESS SORTED BY STATE WITHIN REGIONAL BELL OPERATING COMPANY

TYMNET has gateways into many of the Regional Bell Operating Company packet networks. For specifics on how to access these networks, please refer to the information listed at the end of each company section.

07771 RED BANK NEW JERSEY 300/2400 201/758-8000 DN
07771 TOMS RIVER NEW JERSEY 300/2400 201/286-3800 DN
PDN

DN BELL ATLANTIC – NETWORK NAME IS PUBLIC DATA NETWORK (PDN)

(CONNECT MESSAGE)
. _. _. _< _C _R _> _ (SYNCHRONIZES DATA SPEEDS)

WELCOME TO THE BPA/DST PDN

*. _T _ _< _C _R _> _ (TYMNET ADDRESS)

131069 (ADDRESS CONFIRMATION – TYMNET DNIC)
COM (CONFIRMATION OF CALL SET-UP)

-GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST # WITHIN DASHES)
—————————————————-
BELL SOUTH

LSK BELLSOUTH – NETWORK NAME IS PULSELINK

(CONNECT MESSAGE)

. _. _. _ _< _C _R _> _ (SYNCHRONIZES DATA SPEEDS)
(DOES NOT ECHO TO THE TERMINAL)
CONNECTED
PULSELINK

1 _3 _1 _0 _6 _ (TYMNET ADDRESS)
(DOES NOT ECHO TO THE TERMINAL)

PULSELINK: CALL CONNECTED TO 1 3106

-GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST # WITHIN DASHES)
—————————————————-
PACIFIC BELL

PS PACIFIC BELL – NETWORK NAME IS PUBLIC PACKET SWITCHING (PPS)

(CONNECT MESSAGE)

. _. _. _< _C _R _ (SYNCHRONIZES DATA SPEEDS)>
(DOES NOT ECHO TO THE TERMINAL)

ONLINE 1200
WELCOME TO PPS: 415-XXX-XXXX
1 _3 _1 _0 _6 _9 _ (TYMNET ADDRESS)
(DOES NOT ECHO UNTIL TYMNET RESPONDS)

-GWY 0XXXX- TYMNET: PLEASE LOG IN: (HOST # WITHIN DASHES)
———————————————————

SOUTHWESTERN BELL
RLK – SOUTHWESTERN BELL TELEPHONE- NETWORK NAME IS MICROLINK II(R)

(CONNECT MESSAGE)
(PLEASE TYPE YOUR TERMINAL IDENTIFIER)

A _ (YOUR TERMINAL IDENTIFIER)

WELCOME TO MICROLINK II
-XXXX:01-030-
PLEASE LOG IN:
.T < _C _R _> _ (USERNAME TO ACCESS TYMNET)

HOST: CALL CONNECTED

-GWY 0XXXX- TYMNET: PLEASE LOG IN:
——————————————————–
SOUTHERN NEW ENGLAND

ONNNET – SOUTHERN NEW ENGLAND TELEPHONE – NETWORK NAME IN CONNNET

(CONNECT MESSAGE)

H_ H_ <_ C_ R_> (SYNCHRONIZES DATA SPEEDS)
(DOES NOT ECHO TO THE TERMINAL)
CONNNET

._ T_ <_ C_ R_>_ (MUST BE CAPITAL LETTERS)

26-SEP-88 18:33 (DATA)
031069 (ADDRESS CONFIRMATION)
COM (CONFIRMATION OF CALL SET-UP)

-GWY OXXXX-TYMNET: PLEASE LOG IN:

——————————————————

BT TYMNET GLOBAL DATA NETWORK (GDN) SERVICES

INTERNATIONAL ACCESS LOCATIONS

The TYMNET Public Network is accessible from most countries throughout the world. In many cities within these countries TYMNET may be accessed with a local phone call. These countries are listed below for your convenience.
TYMNET can also be accessed from most other countries via TYMUSA or Telex. For more complete information about access to TYMNET from international locations, or about access to international locations from TYMNET, consult the Information System or your local BT Tymnet representative or call Customer Information Help Desk at 800/336-0149 or 703/442-0145.

INTERNATIONAL DIRECT DIAL-UP ACCESS

BT Tymnet, in its continuing effort to provide convenient data communications solutions for you, now offers direct dial-up access from international locations.
Users located in the countries listed can access TYMNET, directly, using terminals and/or PCs operating asynchronously.
International Service Requirements

Speed (bps): Modem Type:
300 CCITT V.21
300B Bell 103/113 compatible
1200 CCITT V.22
1200B Bell 212A compatible
2400 CCITT V.22 bis compatible
9600 CCITT V.32 compliant

Notes:
– Trispeed denotes 300B, 1200B, or 2400 capability
– Services fully compliant with BT Tymnet certified modems
– V.42 compatible/MNP Level 2 – 4
– Density classifications (CanH, CanL, 1, 2, 3, 4, 5, E1,
E2, Pacific, *) signify a rate structure different from standard domestic rates.
Please consult the Information System or your local BT Tymnet representative for details.

Access procedures for direct access are identical to domestic access procedures. Please consult the pamphlet “How to Use TYMNET” (Publications #C-001) for more details.
————————————————————

GLOBAL NETWORK SERVICES “GNS” COUNTRIES
Countries With Direct TYMNET Access

Country, Province Access
City Density Number Comments
————————————————————
AUSTRALIA
————————————————————
Melbourne Pacific (3)416-2146 300/1200/2400/mnp
Sydney Pacific (2)290-3400 300/1200/2400/mnp
For BT Tymnet’s Australian Support Center, call: 008-032064
————————————————————
BELGIUM
————————————————————
Brussels E1 (2)640-0215 300
E1 (2)647-1150 1200/2400
Mons E1 (65)36-0051 1200/2400

Note: When dialing inter-country to Belgium, all phone numbers are preceded by dialing (32).
————————————————————
DENMARK
————————————————————
Copenhagen E2 31-18-63-33 300/1200/2400/mnp

Note: When dialing inter-country to Copenhagen, the phone number is preceded by dialing (45).

————————————————————
FRANCE
————————————————————
Paris E1 (1) 46-02-57-50 300/1200/2400
E1 (1) 46-02-55-00 1200/2400/mnp
E1 (1) 47-71-91-33 1200
E1 (1) 46-02-70-03 300/1200/2400/mnp
Lyon E1 (7) 89-30-17-3 300/1200/2400/mnp

Note: When dialing inter-country to France, all phone numbers are preceded by dialing (33). For BT Tymnet’s support center in Paris call: 1-49-11-21-21

————————————————————
ITALY
————————————————————
Milan E2 (2) 26-41-24-50 1200/2400

Note: When dialing inter-country to Italy, the phone number is preceded by (39).
————————————————————
JAPAN (NIS)
————————————————————
Akita * (188) 655735 300B
Akita * (188) 655733 1200B
Akita * (188) 655734 1200B/2400
Atsugi * (462) 215331 300B
Atsugi * (462) 210404 1200B/2400
Fukui * (776) 343308 300B
Fukui * (776) 358840 1200B/2400
Fukuoka * (92) 474-7076 300B
Fukuoka * (92) 474-7196 1200B/2400
Hamamatsu * (534) 567355 300B
Hamanatsu * (534) 567231 1200B/2400
Hiroshima * (82) 241-6857 300B
Hiroshima * (82) 243-9270 1200B/2400
Kagoshima * (992) 228598 300B
Kagoshima * (992) 228954 1200B
Kagoshima * (992) 229154 1200B/2400
Kanazawa * (762) 242351 300B
Kanazawa * (762) 242341 1200B/2400
Kohbe * (78) 242-1097 300B
Kohbe * (78) 242-1115 1200B/2400
Kumamoto * (96) 355-5233 300B
Kumamoto * (96) 354-3065 1200B/2400
Kyoto * (75) 431-6205 300B
Kyoto * (75) 431-6203 1200B/2400
Matsuyama * (899) 322975 300B
Matsuyama * (899) 324207 1200B/2400
Mito * (292) 241675 300B
Mito * (292) 244213 1200B/2400
Morioka * (196) 548513 300B
Morioka * (196) 547315 1200B/2400
Nagagsaki * (958) 286088 300B
Nagagsaki * (958) 286077 1200B/2400
Nagoya * (52) 204-2275 300B
Nagoya * (52) 204-1466 1200B/2400
Naha * (988) 614002 300B
Naha * (988) 613414 1200B/2400
Niigata * (25) 241-5409 300B
Niigata * (25) 241-5410 1200B/2400
Okayama * (862) 326760 300B
Okayama * (862) 314993 1200B/2400
Osaka * (6) 271-9028 300B
Osaka * (6) 271-9029 1200B
Osaka * (6) 271-6876 1200B/2400
Sapporo * (11) 281-4343 300B
Sapporo * (11) 281-4421 1200B/2400
Sendai * (22) 231-5741 300B
Sendai * (22) 231-5355 1200B/2400
Shizuoka * (542) 843393 300B
Shizuoka * (542) 843398 1200B/2400
Takamatsu * (878) 230502 300B
Takamatsu * (878) 230501 1200B/2400
Tokyo * (3) 555-9525 300B
Tokyo * (3) 555-9526 1200B
Tokyo * (3) 555-9696 2400
Toyama * (764) 417578 300B
Toyama * (764) 417769 1200B/2400
Tuchiura * (298) 555082 300B
Tuchiura * (298) 556121 1200B/2400
Urawa * (488) 339341 1200B/2400
Yokohama * (45) 453-7757 300B
Yokohama * (45) 453-7637 1200B/2400
For NIS customer service in Japan 24 hours a day call: (3) 551-6220
Interdialing precede with dialing (81).
————————————————————
NETHERLANDS
————————————————————
Alkmaar E1 (72) 155190 300/1200/2400/mnp
Amsterdam E1 (20) 6610094 300/1200/1200-75
2400/9600/mnp
Eindhoven E1 (4902) 45530 300/1200/2400/mnp
The Hague E1 (70) 3814641 1200
E1 (70) 3475032 300/1200/2400/mnp
(70) 3818448 4800/9600/mnp
Rotterdam E1 (10)4532002 300/1200/1200-75
2400/9600mnp
Note: When dialing inter-country to the Netherlands, all phone numbers are preceded by dialing (31). For BT Tymnet’s support center in the Netherlands call: (70) 3820044
————————————————————
SWEDEN
————————————————————
Stockholm E2 (8) 29-4782 300/1200/2400/mnp

Note: When dialing inter-country to the Stockholm, the phone number is preceded by dialing (46). For BT Tymnet’s support center in Sweden call: (8) 98-8140
————————————————————
SWITZERLAND
————————————————————
Geneva E1 (22) 782-9329 300/1200/2400
Zurich E1 (1) 730-9673 1200/2400

Note: When dialing inter-country to Switzerland, all phone
numbers are preceded by dialing (41). For BT Tymnet’s support center in Switzerland call: (22) 782-5040
————————————————————
UNITED KINGDOM
————————————————————
Belfast E1 (232) 234467
Birmingham E1 (21) 632 6636
Bristol E1 (272) 255392
Cambridge E1 (223) 845860
Edinburgh E1 (31) 313 2172
Leeds E1 (532) 341838
London E1 (81) 566 7260
London E1 (71) 489 8571

Note: The preceeding United Kingdom access numbers are scheduled to be available early August 1990. Please consult GNS customer support at 703/442-0145 or BT Tymnet’s support center in London at (582) 482 592 for more information.
Note: When dialing inter-country to the United Kingdom, all
phone numbers are preceded by dialing (44). The above access numbers will support 300-2400 V22 bis and MNP 4.
————————————————————
GERMANY
————————————————————
Cologne E1 (221)210196 300/1200/2400
Frankfurt E1 (69)666-8131 1200
E1 (69)668011 300
E1 (69)666-4021 300/1200
Munich E1 (89)350-7682 300/1200/2400
Note: When dialing inter-country to West Germany, all phone
numbers are preceded by dialing (49). For BT Tymnet’s
support center in West Germany call: (21) 159-6314

TYMUSA
Quick, easy access from around the world; a universal, simple and familiar log-on procedure (see below).
All communication charges are billed to the host in the USA by BT Tymnet.
TYMUSA is offered on BT Tymnet in country nodes, PTT’s nodes using TYMNET technology (via a `T2′ Gateway) and PTT’s nodes using non-TYMNET technology (via a X.75 Gateway).
On dial-access location using non-TYMNET technology, the service is referred to as TYMLINK. Log-on may vary to that of TYMUSA; however, all other features are the same. Variations in log-on are highlighted.
TYMUSA is offered in all BT Tymnet GNS countries at charge rate Band 1.

TYMUSA ACCESS COUNTRIES
COUNTRY
Access
City Band Number Comments
————————————————————
ANTIGUA
————————————————————
All Cities 3 809/462-0210 300B/1200B

Note: When dialing inter-country to Antigua, the phone number is preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
ARGENTINA
————————————————————
Buenos Aires 2 (1) 40-01-91 300
2 (1) 40-01-92 300
2 (1) 40-01-93 300
2 (1) 40-01-94 300
2 (1) 40-01-95 300
2 (1) 40-01-96 300
2 (1) 40-01-97 300
2 (1) 40-01-98 300
2 (1) 40-01-99 300

Note: When dialing inter-country to Argentina, all phone numbers are preceded by dialing (54).

COUNTRY
Access
City Band Number Comments
————————————————————
AUSTRIA
————————————————————
Vienna 2 (222) 50124 300
Vienna 2 (222) 50143 1200/2400
Outside Vienna 2 229015 1200/2400
2 229016 300/1200
2 229017 1200/2400

Note : Log-on “…” (cr) then TYMUSA log-on procedure. For additional log-on information please refer to BT Tymnet’s on-line information service.
Note: When dialing inter-country to Argentina, all phone numbers are preceded by dialing (43).
————————————————————
BAHAMAS
————————————————————
All Cities 3 809/323-7799 300B/1200B/2400

Note: When dialing inter-country to the Bahamas, the phone number is preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
BAHRAIN
————————————————————
All Cities 3 242525 300
3 245361 1200
Note: When dialing inter-country to Bahrain, all phone numbers are preceded by dialing (973).
————————————————————
BARBADOS
————————————————————
All Cities 3 809/426-7760 300B/1200B
Note: When dialing inter-country to Barbardos, the phone number is preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
BERMUDA
————————————————————
All Cities 2 809/292-4327 300B/1200B
Note: When dialing inter-country to Bermuda, the phone number is preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
CAYMAN ISLANDS
————————————————————
All Cities 3 809/949-7100 300B/1200B

Note: When dialing inter-country to the Cayman Islands, the phone number is preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
DOMINICAN REPUBLIC
————————————————————
All Cities 3 809/685-6155 300B/1200B

Note: Use domestic log-on procedure.
Note: When dialing inter-country to the Dominican Republic, the phone number is preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
GUAM
————————————————————
Agana Heights * 477-2222 300/1200

Note: When dialing inter-country to Guam, the phone number is preceded by dialing (671).

————————————————————
GUATEMALA
————————————————————
Guatemala City 2 (2) 345-599 300B
2 (2) 345-999 1200B

Note: When dialing inter-country to Guatemala, all phone numbers are preceded by dialing (502).
————————————————————
HONDURAS
————————————————————
All Cities 2 320-544 300B/1200B

Note: When dialing inter-country to Honduras, the phone number is preceded by dialing (504).
————————————————————
HONG KONG
————————————————————
Hong Kong 2 865-7414 300B/1200B/2400
Note: Use domestic log-on procedure.
Note: When dialing inter-country to Hong Kong, the phone number is preceded by dialing (852).
————————————————————
ISRAEL
————————————————————
Afula 3 (6) 596658 300B/1200B/2400
Ashdod 3 (8) 542999 300B/1200B/2400
Bezeq 3 (57) 36029 300B/1200B/2400
Eilat 3 (59) 75147 300B/1200B/2400
Hadera 3 (6) 332409 300B/1200B/2400
Haifa 3 (4) 525421 300B/1200B/2400
3 (4) 673235 300B/1200B/2400
3 (4) 674203 300B/1200B/2400
3 (4) 674230 300B/1200B/2400
Herzeliya 3 (52) 545251 300B/1200B/2400
Jerusalem 3 (2) 242675 300B/1200B/2400
3 (2) 246363 300B/1200B/2400
3 (2) 248551 300B/1200B/2400
3 (2) 814396 300B/1200B/2400
Nahariya 3 (4) 825393 300B/1200B/2400
Netanya 3 (53) 348588 300B/1200B/2400
Rechovot 3 (8) 469799 300B/1200B/2400
Tel Aviv 3 (3) 203435 300B/1200B/2400
3 (3) 546-3837 300B/1200B/2400
3 (3) 751-2504 300B/1200B/2400
3 (3) 751-3799 300B/1200B/2400
3 (3) 752-0110 300B/1200B/2400
Tiberias 3 (6) 790274 300B/1200B/2400
Tzfat 3 (6) 973282 300B/1200B/2400

Note: For log-on information please refer to BT Tymnet’s on-line information service.
Note: When dialing inter-country to Israel, all phone numbers are preceded by dialing (972).
————————————————————
JAMAICA
————————————————————
All Cities 2 809/924-9915 300B/1200B

Note: When dialing inter-country to Jamaica, the phone number is preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
KOREA
————————————————————
Seoul 3 (2) 792-1455 1200

Note: Use domestic log-on procedure.
Note: When dialing inter-country to Korea, all phone numbers are preceded by dialing (82).

————————————————————
NETHERLANDS ANTILLES
————————————————————
Curacao 3 (9) 239251 300/1200
Curacao/St. Maarten 3 (Local Only) 0251 300/1200
Note: When dialing inter-country to Netherland Antilles, the phone numbers is preceded by dialing (599).
Note: The Curacao/St. Maarten access location is a local access location only. This location can not be used for inter-city or inter-country access.
————————————————————
PANAMA
————————————————————
All Cities 3 639-055 300B/1200B
3 636-727 2400

Note: When dialing inter-country to Panama, all phone numbers are preceded by dialing (507).
————————————————————
PERU
————————————————————
Lima 4 (14) 240-478 1200

Note: When dialing inter-country to Peru, all phone numbers are preceded by dialing (51).
————————————————————
PUERTO RICO
————————————————————
Mayaquez/Ponce * 809/462-4213 300B/1200B
San Juan * 809/725-1882 300B/1200B
* 809/725-4343 300B/1200B
* 809/725-3501 300/1200
* 809/725-4702 300/1200
* 809/724-6070 2400
————————————————————
PHILIPPINES
————————————————————
Manila 2 (2) 819-1011 300
2 (2) 819-1009 300
2 (2) 819-1550 300
2 (2) 815-1553 300B/1200B
2 (2) 815-1555 300B/1200B
2 (2) 817-1791 300B/1200B
2 (2) 817-1581 300B/1200B
2 (2) 817-1796 300B/1200B
2 (2) 817-8811 300
2 (2) 521-7901 300

Note: When dialing inter-country to the Philippines, all phone numbers are preceded by dialing (63).
————————————————————
SAUDI ARABIA
————————————————————
Riyadh 5 (1) 4658803 1200
5 (1) 4631038 2400
Jeddah 5 (2) 6690708 1200
5 (2) 6691377 2400
Alkobar 5 (3) 8981025 1200

Note: For log-on information please refer to BT Tymnet’s on-line information service.
Note: When dialing inter-country to Saudi Arabia, all phone
numbers are preceded by dialing (966).
————————————————————
TRINIDAD & TOBAGO
————————————————————
All Cities 2 809/627-0854 300/1200
2 809/627-0855 300/1200

Note: When dialing inter-country to Trinidad and Tobago, all phone numbers are preceded by dialing (1). (If in USA/Canada, use above only.)
————————————————————
UNITED KINGDOM (British Telecom PSS)
————————————————————
Aberdeen 1 (224) 210701
Belfast 1 (232) 331284
Birmingham 1 (21) 633-3474
Bristol 1 (272) 211545
Cambridge 1 (223) 460127
Cardiff 1 (222) 344184
Chelmsford 1 (245) 491323
Edinburgh 1 (31) 313-2137
Exeter 1 (392) 421565
Glasgow 1 (41) 204-1722
Hastings 1 (424) 722788
Ipswich 1 (473) 210212
Kings Lynn 1 (553) 691090
Leamington 1 (926) 451419
Leeds 1 (532) 440024
Liverpool 1 (51) 255-0230
London 1 (71) 490-2200
Luton 1 (582) 481818
Manchester 1 (61) 834-5533
Newcastle 1 (91) 261-6858
Northhampton 1 (604) 33395
Nottingham 1 (602) 506005
Oxford 1 (865) 798949
Plymouth 1 (752) 603302
Reading 1 (734) 500722
Southampton 1 (703) 634530

Note: When dialing inter-country to the United Kingdom, all phone number are preceded by dialing (44). The above access
numbers will support 300/1200/2400 bps.
The above numbers support
————————————————————
VIRGIN ISLANDS (U.S.)
————————————————————
St. Thomas 3 809/774-7099 300B
3 809/776-7084 1200B
————————————————————
TYMUSA Access Procedures
The following log-on procedures pertain to the countries listed on the previous pages:
First, dial up the access number provided for the specific country from the preceeding list.
When you have established a network connection you will receive the following network prompt:
Please log in:

After the prompt, type the following:
Please log in: TYMUSA

This will establish the link to TYMNET. You will then receive another prompt from TYMNET at which time you should enter your username as in the example below:
Please log in: YOURUSERNAME
COUNTRIES WITH ACCESS TO AND FROM TYMNET
————————————-
Brazil, Chile,China, Costa Rica, Curacao,
Finland , French Antilles,French Guiana ,
Gabon, Gambia, Hungary, Iceland ,Indonesia,
Iraq ,Ivory Coast, Liechtenstein,
Malaysia, Mexico, New Caledonia,New Zealand,
Norway, Portugal, Qatar,South Africa,
Thailand ,Turkey , United Arab Emirates,
USSR, Zimbabwe.
——————————————————-
GALAXY INFORMATION NETWORK
Albuquerque, New Mexico
Contact: Customer Service 1 (505) 881-6988 (Voice)
1 (505) 881-6964 (Data)
——————————————————–
STARLINK
Albuquerque, New Mexico

Contact: Customer Service 1 (505) 881-6988 (Voice)
1 (505) 881-6964 (Data)
————————————————————

PC-Pursuit OutDials Originally Compiled By Ixom
+-New Jersey——————-+ +-Wisconsin——————–+
| 03110 201 00 001 1200 Baud | | 03110 414 00 020 300 Baud |
| 03110 201 00 022 2400 Baud | | 03110 414 00 021 1200 Baud |
| 03110 201 00 301 1200 Baud | | 03110 414 00 120 ???? Baud |
+-District of Columbia———+ +-California——————-+
| 03110 202 00 115 300 Baud | | 03110 415 00 005 2400 Baud |
| 03110 202 00 116 1200 Baud | | 03110 415 00 011 1200 Baud |
| 03110 202 00 117 2400 Baud | | 03110 415 00 023 ???? Baud |
+-Connecticut——————+ | 03110 415 00 108 300 Baud |
| 03110 203 00 105 2400 Baud | | 03110 415 00 109 1200 Baud |
| 03110 203 00 120 1200 Baud | | 03110 415 00 215 300 Baud |
| 03110 203 00 121 300 Baud | | 03110 415 00 216 1200 Baud |
+-Washington——————-+ | 03110 415 00 217 2400 Baud |
| 03110 206 00 205 300 Baud | | 03110 415 00 224 2400 Baud |
| 03110 206 00 206 1200 Baud | +-Oregon———————–+
| 03110 206 00 208 2400 Baud | | 03110 503 00 020 300 Baud |
+-New York———————+ | 03110 503 00 021 1200 Baud |
| 03110 212 00 028 2400 Baud | +-Arizona———————-+
| 03110 212 00 315 1200 Baud | | 03110 602 00 022 300 Baud |
+-California——————-+ | 03110 602 00 023 1200 Baud |
| 03110 213 00 023 ???? Baud | | 03110 602 00 026 2400 Baud |
| 03110 213 00 103 1200 Baud | +-Minnesota——————–+
| 03110 213 00 412 1200 Baud | | 03110 612 00 022 2400 Baud |
| 03110 213 00 413 2400 Baud | | 03110 612 00 120 300 Baud |
+-Texas————————+ | 03110 612 00 121 1200 Baud |
| 03110 214 00 022 ???? Baud | +-Massachussetts—————+
| 03110 214 00 117 300 Baud | | 03110 617 00 026 ???? Baud |
| 03110 214 00 118 1200 Baud | | 03110 617 00 311 300 Baud |
+-Pennsylvania—————–+ | 03110 617 00 313 1200 Baud |
| 03110 215 00 005 300 Baud | +-Texas————————+
| 03110 215 00 022 2400 Baud | | 03110 713 00 024 2400 Baud |
| 03110 215 00 112 1200 Baud | | 03110 713 00 113 300 Baud |
+-Ohio————————-+ | 03110 713 00 114 1200 Baud |
| 03110 216 00 020 300 Baud | +-California——————-+
| 03110 216 00 021 1200 Baud | | 03110 714 00 004 2400 Baud |
| 03110 216 00 120 2400 Baud | | 03110 714 00 023 300 Baud |
+-Colorado———————+ | 03110 714 00 024 1200 Baud |
| 03110 303 00 021 1200 Baud | | 03110 714 00 102 2400 Baud |
| 03110 303 00 114 300 Baud | | 03110 714 00 119 300 Baud |
| 03110 303 00 115 2400 Baud | | 03110 714 00 121 1200 Baud |
+-Florida———————-+ | 03110 714 00 210 300 Baud |
| 03110 305 00 120 300 Baud | | 03110 714 00 213 1200 Baud |
| 03110 305 00 121 1200 Baud | +-Utah————————-+
| 03110 305 00 122 2400 Baud | | 03110 801 00 012 2400 Baud |
+-Illinois———————+ | 03110 801 00 020 300 Baud |
| 03110 312 00 024 2400 Baud | | 03110 801 00 021 1200 Baud |
| 03110 312 00 410 300 Baud | +-Florida———————-+
| 03110 312 00 411 1200 Baud | | 03110 813 00 020 300 Baud |
+-Michigan———————+ | 03110 813 00 021 1200 Baud |
| 03110 313 00 024 2400 Baud | | 03110 813 00 124 2400 Baud |
| 03110 313 00 214 300 Baud | +-Missouri———————+
| 03110 313 00 216 1200 Baud | | 03110 816 00 104 300 Baud |
+-Missouri———————+ | 03110 816 00 113 1200 Baud |
| 03110 314 00 005 2400 Baud | +-California——————-+
| 03110 314 00 020 1200 Baud | | 03110 818 00 021 1200 Baud |
+-Alabama———————-+ +-California——————-+
| 03110 404 00 022 2400 Baud | | 03110 916 00 007 2400 Baud |
| 03110 404 00 113 300 Baud | | 03110 916 00 011 300 Baud |
| 03110 404 00 114 1200 Baud | | 03110 916 00 012 1200 Baud |
+-California——————-+ +-North Carolina—————+
| 03110 408 00 021 2400 Baud | | 03110 919 00 020 300 Baud |
| 03110 408 00 110 300 Baud | | 03110 919 00 021 1200 Baud |
| 03110 408 00 111 1200 Baud | | 03110 919 00 124 2400 Baud |
+——————————+ +——————————+

Other telenet outdials
311020600017, 311020600019, 311020600021, 311021200316,
311031400421, 311071400124, 311081600221

+-TymNet OutDials Sorted By Area Code–+——————————-Page 1-+
|NPA ST OUTDIAL CITY |NPA ST OUTDIAL CITY |
+————————————–+————————————–+
|201 NJ 03106 00 6319 Englewood Cliffs |507 MN 03106 00 1059 Rochester |
|201 NJ 03106 00 7618 Newark |508 MA 03106 00 1014 Groton |
|201 NJ 03106 00 2312 Paterson |508 MA 03106 00 1067 Leomister |
|201 NJ 03106 00 3319 Pascataway |508 MA 03106 00 531 Lowell |
|201 NJ 03106 00 6334 Red Bank |508 MA 03106 00 4001 Manchester |
|201 NJ 03106 00 4378 Union City |508 MA 03106 00 432 Marlborough |
|203 CT 03106 00 9128 Bloomfield |508 MA 03106 00 3520 Taunton |
|203 CT 03106 00 6472 Bridgeport |508 MA 03106 00 3456 Worcester |
|203 CT 03106 00 9128 Hartford |509 WA 03106 00 5298 Pullman |
|203 CT 03106 00 9126 New Haven |509 WA 03106 00 2116 Richland |
|203 CT 03106 00 7955 New London |509 WA 03106 00 8931 Yakima |
|203 CT 03106 00 9126 North Haven |512 TX 03106 00 1306 Austin |
|203 CT 03106 00 8071 Somers |512 TX 03106 00 424 Corpus Christi |
|203 CT 03106 00 9129 Stamford |512 TX 03106 00 2565 Lubbock |
|203 CT 03106 00 7962 Westport| |512 TX 03106 00 9169 San Antonio |
|205 AL 03106 00 4101 Birmingham |512 TX 03106 00 1099 Texarkana |
|205 AL 03106 00 5641 Florence |513 OH 03106 00 1785 Cincinnata |
|205 AL 03106 00 8287 Gadsden |513 OH 03106 00 9511 Dayton |
|205 AL 03106 00 1258 Huntsville |516 NY 03106 00 582 Centereach |
|205 AL 03106 00 8829 Mobile |516 NY 03106 00 9193 Hempstead |
|205 AL 03106 00 3245 Montgomery |516 NY 03106 00 582 Lake Grove |
|205 AL 03106 00 2439 Northport |516 NY 03106 00 8811 Melville |
|205 AL 03106 00 1751 Opelika |517 MI 03106 00 4766 Freeland |
|205 AL 03106 00 2439 Tuscaloosa |517 MI 03106 00 9992 Lansing |
|206 WA 03106 00 1827 Auburn |517 MI 03106 00 4766 Midland |
|206 WA 03106 00 9170 Bellevue |518 NY 03106 00 9198 Albany |
|206 WA 03106 00 2745 Bellingham |601 MS 03106 00 1953 Gulfport |
|206 WA 03106 00 773 Bremerton |601 MS 03106 00 1164 Hattiesburg |
|206 WA 03106 00 2944 Longview |601 MS 03106 00 6301 Jackson |
|206 WA 03106 00 6113 Port Angeles |601 MS 03106 00 8598 Pascagoula |
|206 WA 03106 00 9170 Seattle |601 MS 03106 00 9901 Tupelo |
|206 WA 03106 00 159 Spokane |601 MS 03106 00 4405 Vicksburg |
|206 WA 03106 00 906 Tacoma |602 AZ 03106 00 6112 Flagstaff |
|206 WA 03106 00 5447 Vancouver |602 AZ 03106 00 9532 Mesa |
|207 ME 03106 00 4217 Portland |602 AZ 03106 00 9532 Phoenix |
|208 ID 03106 00 200 Boise |602 AZ 03106 00 4751 Tucson |
|208 ID 03106 00 1023 Ceour D’Alene |602 AZ 03106 00 3530 Yuma |
|208 ID 03106 00 3660 Idaho Falls |603 NH 03106 00 4027 Manchester |
|208 ID 03106 00 5151 Twin Falls |603 NH 03106 00 1347 Nashua |
|209 CA 03106 00 3996 Fresno |603 NH 03106 00 1696 North Hampton |
|209 CA 03106 00 8629 Merced |603 NH 03106 00 1554 Peterborough |
|209 CA 03106 00 2120 Modesto |603 NH 03106 00 6651 Portsmouth |
|209 CA 03106 00 3598 Visalia |606 KY 03106 00 9987 Lexington |
|212 NY 03106 00 1059 New York |607 NY 03106 00 5312 Binghampton |
|213 CA 03106 00 9203 El Segundo |608 WI 03106 00 5314 Beloit |
|213 CA 03106 00 3173 Inglewood |608 WI 03106 00 4200 Madison |
|213 CA 03106 00 9205 Long Beach |609 NJ 03106 00 5425 Atlantic City |
|214 TX 03106 00 2948 Dallas |609 NJ 03106 00 8693 Camden |
|214 TX 03106 00 8254 McKinney |609 NJ 03106 00 8693 Pennsauken |
|214 TX 03106 00 6248 Sherman |609 NJ 03106 00 8920 Princeton |
|214 TX 03106 00 8871 Texarkana |609 NJ 03106 00 8920 South Brunswick |
|215 PA 03106 00 3432 Bethlehem |609 NJ 03106 00 730 Trenton |
|215 PA 03106 00 7057 Coatesville |609 NJ 03106 00 3847 Vineland |
|215 PA 03106 00 508 Norristown |612 MN 03106 00 3494 Minneapolis |
|215 PA 03106 00 9581 Philadelphia |612 MN 03106 00 3494 St. Paul |
|216 OH 03106 00 8740 Akron |612 MN 03106 00 8335 St. Cloud |
|216 OH 03106 00 8160 Canton |614 OH 03106 00 9347 Columbus |
|216 OH 03106 00 4222 Cleveland |615 TN 03106 00 2937 Chattanooga| |
|216 OH 03106 00 8859 Elyria |615 TN 03106 00 5720 Clarkesville |
|216 OH 03106 00 3180 Warren |615 TN 03106 00 9985 Knoxville |
|216 OH 03106 00 4909 Youngstown |615 TN 03106 00 9141 Nashville |
+————————————–+————————————–+

+-TymNet OutDials Sorted By Area Code–+——————————-Page 2-+
|NPA ST OUTDIAL CITY |NPA ST OUTDIAL CITY |
+————————————–+————————————–+
|217 IL 03106 00 1119 Danville |615 TN 03106 00 9683 Oakridge |
|217 IL 03106 00 8900 Decatur |615 TN 03106 00 9114 Sevierville |
|217 IL 03106 00 5403 Springfield |616 MI 03106 00 1014 Battle Creek |
|217 IL 03106 00 9753 Urbana |616 MI 03106 00 4231 Benton Harbor |
|218 MN 03106 00 1093 Duluth |616 MI 03106 00 4017 Grand Rapids |
|219 IN 03106 00 2444 Elkhart |616 MI 03106 00 3195 Kalamazoo |
|219 IN 03106 00 3423 Ft.Wayne |616 MI 03106 00 4357 Muskegon |
|219 IN 03106 00 2705 Gary |617 MA 03106 00 7044 Bedford |
|219 IN 03106 00 5129 South Bend |617 MA 03106 00 8796 Boston |
|301 MD 03106 00 1058 Annapolis |617 MA 03106 00 8796 Cambridge |
|301 MD 03106 00 4600 Baltimore |617 MA 03106 00 1067 Kingston |
|301 MD 03106 00 999 Cumberland |618 IL 03106 00 8910 East St. Louis |
|301 MD 03106 00 1083 Myersville |618 IL 03106 00 3001 O’Fallon |
|301 MD 03106 00 552 Rockville |619 CA 03106 00 7859 Cathredal City |
|301 MD 03106 00 1020 Salisbury |619 CA 03106 00 7859 Palm Springs |
|302 DE 03106 00 7789 Dover |619 CA 03106 00 5416 Poway |
|302 DE 03106 00 1080 Georgetown |619 CA 03106 00 9183 San Diego |
|302 DE 03106 00 1784 Newark |619 CA 03106 00 4304 Vista |
|302 DE 03106 00 1784 Willmington |702 NV 03106 00 342 Boulder City |
|303 CO 03106 00 2584 Aurora |702 NV 03106 00 2140 Carson City |
|303 CO 03106 00 2584 Boulder |702 NV 03106 00 342 Las Vegas |
|303 CO 03106 00 2584 Denver |702 NV 03106 00 2140 Reno |
|303 CO 03106 00 8737 Fort Collins |703 VA 03106 00 2262 Alexandria |
|303 CO 03106 00 6115 Grand Junction |703 VA 03106 00 2262 Arlington |
|303 CO 03106 00 7743 Greeley |703 VA 03106 00 2262 Fairfax |
|304 WV 03106 00 3431 Charleston |703 VA 03106 00 1014 Harrisonburg |
|304 WV 03106 00 1430 Huntington |703 VA 03106 00 4026 Roanoke |
|305 FL 03106 00 7123 Fort Lauderdale |704 NC 03106 00 0271 Asheville |
|305 FL 03106 00 7096 Longwood |704 NC 03106 00 6793 Charlotte |
|305 FL 03106 00 6582 Miami |704 NC 03106 00 7821 Kannapolis |
|305 FL 03106 00 7096 Orlando |707 CA 03106 00 4952 Fairfield |
|308 NE 03106 00 6997 Grand Island |707 CA 03106 00 1911 Moorpark |
|309 IL 03106 00 1149 Bloomington |707 CA 03106 00 4111 Santa Rosa |
|309 IL 03106 00 3614 Peoria| |707 CA 03106 00 3830 Vallejo |
|309 IL 03106 00 5296 Rock Isl|and |708 IL 03106 00 1094 Northfield |
|312 IL 03106 00 8257 Chicago |708 IL 03106 00 7005 Palatine |
|312 IL 03106 00 8944 Glen Ellyn |713 TX 03106 00 7758 Baytown |
|312 IL 03106 00 780 Lake Bluff |713 TX 03106 00 4562 Houston |
|313 MI 03106 00 209 Ann Arbor |714 CA 03106 00 9184 Anaheim |
|313 MI 03106 00 894 Burton |714 CA 03106 00 6294 Colton |
|313 MI 03106 00 8794 Detroit |714 CA 03106 00 4309 Diamond Bar |
|313 MI 03106 00 894 Flint |714 CA 03106 00 9184 Newport Beach |
|313 MI 03106 00 4847 Plymouth |714 CA 03106 00 6294 Riverside |
|313 MI 03106 00 4620 Port Huron |714 CA 03106 00 4447 San Clemente |
|313 MI 03106 00 3948 Southfield |714 CA 03106 00 5970 Upland |
|314 MO 03106 00 8978 Bridgeton |716 NY 03106 00 9194 Buffalo |
|314 MO 03106 00 6017 Columbia |716 NY 03106 00 6019 Pittsford |
|314 MO 03106 00 6182 Rolla |716 NY 03106 00 6019 Rochester |
|314 MO 03106 00 8978 St. Louis |717 PA 03106 00 7853 Lancaster |
|315 NY 03106 00 4710 Syracuse |717 PA 03106 00 1707 Lemoyne |
|315 NY 03106 00 1101 Utica |717 PA 03106 00 1572 Scranton |
|316 KS 03106 00 8013 Wichita |717 PA 03106 00 7941 Wilkes-Barre |
|317 IN 03106 00 9349 Indianapolis |719 CO 03106 00 2660 Denver |
|317 IN 03106 00 2646 Kokomo |801 UT 03106 00 801 Salt Lake City |
|317 IN 03106 00 4632 Marion |803 SC 03106 00 9907 Charleston |
|317 IN 03106 00 5032 Muncie |803 SC 03106 00 9993 Columbia |
|318 LA 03106 00 8525 Lafayette |803 SC 03106 00 9074 Greenville |
|318 LA 03106 00 4233 Lake Charles |803 SC 03106 00 9912 Myrtle Beach |
|401 RI 03106 00 9130 Providence |804 VA 03106 00 8215 Hampton |
|402 NE 03106 00 9856 Lincoln |804 VA 03106 00 2839 Lynchburg |
|402 NE 03106 00 2521 Omaha |804 VA 03106 00 7339 Midlothian |
+————————————–+————————————–+

+-TymNet OutDials Sorted By Area Code–+——————————-Page 3-+
|NPA ST OUTDIAL CITY |NPA ST OUTDIAL CITY |
+————————————–+————————————–+
|404 GA 03106 00 4829 Athens |804 VA 03106 00 8459 Newport News |
|404 GA 03106 00 8795 Atlanta |804 VA 03106 00 6986 Norfolk |
|404 GA 03106 00 4752 Columbus |804 VA 03106 00 1931 Petersburg |
|404 GA 03106 00 8795 Doraville |804 VA 03106 00 6986 Portsmouth |
|404 GA 03106 00 8795 Marietta |804 VA 03106 00 413 Richmond |
|404 GA 03106 00 0433 Martinez |804 VA 03106 00 4557 Williamsburg |
|404 GA 03106 00 8795 Norcross |805 CA 03106 00 3664 Bakersfield |
|404 GA 03106 00 1386 Rome |805 CA 03106 00 5991 Lancaster |
|405 OK 03106 00 1081 Enid |805 CA 03106 00 6116 Los Alamos |
|405 OK 03106 00 9165 Oklahoma City |805 CA 03106 00 5134 Moorpark |
|406 MT 03106 00 3740 Great Falls |805 CA 03106 00 4112 Port Hueneme |
|406 MT 03106 00 3504 Billings |805 CA 03106 00 2979 San Luis Obispo |
|407 FL 03106 00 5656 Boca Raton |805 CA 03106 00 6295 Santa Barbera |
|407 FL 03106 00 3720 Cocoa |805 CA 03106 00 6116 Santa Maria |
|407 FL 03106 00 5656 Delray Beach |806 TX 03106 00 8736 Amarillo |
|407 FL 03106 00 4701 Fort Pierce |806 TX 03106 00 4435 Lubbock |
|407 FL 03106 00 9900 Kissimmee |812 IN 03106 00 9323 Bloomington |
|407 FL 03106 00 9902 Port St. Lucie |812 IN 03106 00 3426 Evansville |
|407 FL 03106 00 9902 Stuart |813 FL 03106 00 4637 Clearwater |
|407 FL 03106 00 6181 Vero Beach |813 FL 03106 00 9453 Fort Meyers |
|407 FL 03106 00 3326 West Palm Beach |813 FL 03106 00 116 Naples |
|408 CA 03106 00 5379 Monterey |813 FL 03106 00 5518 Tampa |
|408 CA 03106 00 3655 Salinas |814 PA 03106 00 3338 Erie |
|408 CA 03106 00 6450 San Jose |814 PA 03106 00 3765 State College |
|408 CA 03106 00 3182 Santa Cruz |815 IL 03106 00 4144 Bradley |
|409 TX 03106 00 4497 Bryan |815 IL 03106 00 2514 Freeport |
|412 PA 03106 00 4153 Greensburg |815 IL 03106 00 6048 Rockford |
|412 PA 03106 00 7851 New Castle |817 TX 03106 00 9337 Arlington |
|412 PA 03106 00 7408 Pittsburgh |817 TX 03106 00 5990 Denton |
|413 MA 03106 00 3948 Springfield |817 TX 03106 00 9337 Fort Worth |
|414 WI 03106 00 8868 Appleton |817 TX 03106 00 9861 Killeen |
|414 WI 03106 00 9167 Brookfield |817 TX 03106 00 4687 Temple |
|414 WI 03106 00 3421 Green Bay |817 TX 03106 00 9859 Waco |
|414 WI 03106 00 9167 Milwaukee |817 TX 03106 00 6862 Wichita Falls |
|414 WI 03106 00 5966 Oskosh |818 CA 03106 00 9204 Alhambra |
|415 CA 03106 00 7399 Fremont |818 CA 03106 00 2841 Burbank |
|415 CA 03106 00 8963 Oakland |818 CA 03106 00 9204 Pasadena |
|415 CA 03106 00 9202 Pleasanton |818 CA 03106 00 9206 Sherman Oaks |
|415 CA 03106 00 9182 Redwood City |901 TN 03106 00 3175 Jackson |
|415 CA 03106 00 9533 San Francisco |901 TN 03106 00 1551 Memphis |
|415 CA 03106 00 8094 San Rafael |904 FL 03106 00 5797 Jacksonville |
|415 CA 03106 00 3486 So. San Francisco|904 FL 03106 00 7220 Ocala |
|415 CA 03106 00 9202 Walnut Creek |904 FL 03106 00 1069 Ormond Beach |
|417 MO 03106 00 1928 Joplin |904 FL 03106 00 3193 Pensacola |
|419 OH 03106 00 6022 Mansfield |904 FL 03106 00 3192 Tallahassee |
|419 OH 03106 00 1190 Toledo |913 KS 03106 00 8615 Mission |
|501 AK 03106 00 7374 Fayetteville |913 KS 03106 00 3416 Salina |
|501 AK 03106 00 1297 Fort Smith |913 KS 03106 00 1672 Topeka |
|501 AK 03106 00 2725 Hot Springs |914 NY 03106 00 8861 Kingston |
|501 AK 03106 00 1069 Little Rock |914 NY 03106 00 1061 New City |
|502 KY 03106 00 3718 Frankfort |914 NY 03106 00 8571 White Plains |
|502 KY 03106 00 8678 Louisville |915 TX 03106 00 6980 Abilene |
|503 OR 03106 00 8603 Corvallis |915 TX 03106 00 210 El Paso |
|503 OR 03106 00 9857 Eugene |915 TX 03106 00 2326 Midland |
|503 OR 03106 00 9164 Portland |916 CA 03106 00 7801 Chico |
|503 OR 03106 00 3174 Salem |916 CA 03106 00 9179 Sacramento |
|504 LA 03106 00 6999 Baton Rouge |918 OK 03106 00 6605 Tulsa |
|504 LA 03106 00 9694 New Orleans |919 NC 03106 00 9986 Durham |
|504 LA 03106 00 1040 Slidell |919 NC 03106 00 1100 Fayetteville |
|505 NM 03106 00 661 Albuquerque |919 NC 03106 00 2964 Greensboro |
|505 NM 03106 00 6630 Las Cruces |919 NC 03106 00 9324 Rocky Mount |
|505 NM 03106 00 4604 Santa Fe |919 NC 03106 00 8739 Winston Salem |
+————————————–+————————————–+

Instructions for TymNet OutDials:
For example, if you wish to connect with the outdial port in Norfolk, Virginia
you would enter Username:6896;password. The following information would then
be displayed:

TYMNET ASYNC OUTDIAL 6986 (804) 857 NORFOLK , VA

>

At the “>” prompt, you may type “help” and receive the following screen:

>help
Set [Half] [Rxon] [Xon] [Even|Space] [Crdelay]
Half – sets half-duplex communications. Default is full-duplex.
Xon – sets flow control for data you send. Default is no xon.
Rxon – sets flow control for data you receive. Default is no rxon.
Even – sets even parity for data sent. Default is no parity.
Space – sets space parity for data sent. Default is no parity.
Crdelay – set printer carriage return delay. Default is no delay.
Bps [300|1200|2400]
Sets one of the baud rates indicated above. Default is 2400 bps.
Dial [Tone] [Pulse] {phone number}
Dials the requested phone number. Parameters are:
Tone – activates touch-tone dialing. Default is tone.
Pulse – activates pulse dialing.
Optional commas – provide a one second pause. Default is no pause.
Retry – Redials last phone number.
Logout – Exits Outdial.
Help or ? – Prints this screen.

NOTES: * Dialed number need not be preceded by “9”.
* In some locations, long-distance numbers must be preceded by “1”.

If, at this point, you wish to connect with a BBS whose phone number is,
for example, 555-1212, you would enter at the “>” prompt, the string
“d 5551212”. This causes the outdial modem to dial the number and connect
you at 2400 bps. If the host BBS only has 1200 bps modems, you would need
to first enter “bps 1200” at the “>” prompt. This sets the outdial modem
to call the host at 1200 bps rather than 2400 bsp.

If the BBS is busy you will usually receive a “BUSY” indicator, at which
point you can type “r” to redial the number or “logout” to disconnect and
return to the “please log in” prompt. At the “please log in” prompt, you
may simply disconnect.

What does the connect string mean?

TYMNET ASYNC OUTDIAL 6986 (804) 857 NORFOLK , VA

: : :
Outdial Port # Area Code Local exchange

TymNet permits you to make long distance calls from the outdial port.
You can determine if a BBS can be reached with a local call from an outdial
port by calling the operator in the destination city and asking if it is a
local call from the exchange. For example: Virginia Beach exchange 495 is
a local call from Norfolk exchange 857. If the BBS is outside the local
dialing area, you can still reach it by putting a “1” in front of the
number at the “>” prompt. Example: “d 15551212”. ALL LONG DISTANCE TOLL
CHARGES WILL BE CHARGED TO YOU!

ERROR MESSAGES AND PROBABLE CAUSES

The following are common error messages and some causes:

HOST OUT OF PORTS
All available outdial modems at the outdial city are in use.

BUSY
The host BBS’s phone lines are all busy.

CALL FAILED FOR UNKNOWN REASON
Usually indicates that a voice answered the phone call. Call the number by
voice to determine if it is still a viable number.

Can also be caused by low quality modem on the BBS or the BBS only
operating at 1200 bps. Try the “bps 1200” cure mentioned above.

Can also mean the BBS has all lines in use and the modem did not detect the busy signal.

MODEM TIMED ITSELF OUT – CALL CUSTOMER SERVICE
Modem malfunction or all BBS lines are busy. Please report this to TYMNET at 800-336-0149 immediately.

SUGGESTIONS

There are some methods you can use to improve the TymNet service from your end. The two most common complaints and the easiest to cure are file transfer speedups and interactive response speedups.

To improve file transfers:

Enter a control-V before typing in your TymNet username. Example: “STA000000;password”. This means hold down your control key and tap the “V” key before entering your Username. This opens up the band width and improves transfer time.

To improve interactive response time:

Enter a control-I before your TymNet username. Example:
” STA000000;password”. Enter this the same way as the example above and the response time through the network will be faster. Perfect for chatting or e-mail, etc.

Members calling a 2400 Baud BBS using a 1200 Baud modem can improve file transfers and reduce error messages by putting control-X control-R before the Username when logging on to the network. This enables X-on, X-off flow control and prevents the BBS from sending data to you faster than you can accept it. Never use Control-X, Control-R together with
Control-V. It will really make a mess of things.

FILE TRANSFERS

Almost all BBS software requires that you transfer files at 8 data bits, No parity and 1 stop bit. If you are having trouble with file transfers this will usually be the problem. If you cannot access the network from your local number at 8-N-1 and must log on at 7-E-1, have your software switch to 8-N-1 after you have entered the “>d #######” command and before the BBS connects. Some BBS software doesn’t care what settings you use until you try to transfer a file. To prevent wasting valuable network time, it’s
best to assume that you need 8-N-1 and change to that setting prior to attempting a transfer. Please be sure that if you have striped your high bits, you now turn them back on before transfers!

————————————————————

Datapac Outdials Accessable from Tymnet:
Dialing instructions are available at the site.

————————————————————
3020 6920 0902 ( 300 baud)(204, Manitoba,Winnipeg)
3020 6920 0901 (1200 baud)
3020 7210 0900 ( 300 baud)(306, Saskatchewan,Regina)
3020 7210 0901 (1200 baud)
3020 7110 0900 ( 300 baud)(306, Saskatchewan, Saskatoon)
3020 7110 0901 (1200 baud)
3020 6330 0900 ( 300 baud)(403, Alberta, Calgary)
3020 6630 0901 (1200 baud)
3020 5870 0900 ( 300 baud)(403, Alberta, Edmonton)
3020 5870 0901 (1200 baud)
3020 9160 0901 ( 300 baud) (416, Ontario, Toronto)
3020 9160 0902 (1200 baud)
3020 3850 0900 ( 300 baud) (416, Ontario, Hamilton)
3020 3850 0901 (1200 baud)
3020 7460 0900 ( 300 baud) (506, Brunswick, Saint john)
3020 7460 0901 (1200 baud)
3020 8270 0902 ( 300 baud) (514, Quebec, Montreal)
3020 8270 0903 (1200 baud)
3020 3560 0900 ( 300 baud) (519, Ontatio, London)
3020 3560 0901 (1200 baud)
3020 2950 0900 ( 300 baud) (519, Ontario, Windsor)
3020 2950 0901 (1200 baud)
3020 3340 0900 ( 300 baud) (519, Ontario,Kitchener)
3020 3340 0901 (1200 baud)
3020 6710 0900 ( 300 baud) (604, British Col, Vancouver)
3020 6710 0901 (1200 baud)
3020 8570 0901 ( 300 baud) (613, Quebec, Ottawa)
3020 8570 0902 (1200 baud)
3020 3850 0900 ( 300 baud) (613, Ontatio,Hamilton)
3020 3850 0901 (1200 baud)
3020 7810 0900 ( 300 baud) (709, Brunswick, St. John’s)
3020 7810 0901 (1200 baud)
3020 7610 1900 ( 300 baud) (902, Nova Scotia, Halifax)
3020 7610 1901 (1200 baud)
3020 3850 0900 ( 300 baud) (416, Ontario,Hamilton)
3020 3850 0901 (1200 baud)
3020 9190 0900 ( 300 baud) (???, ???????, Clarkson)
3020 9190 0901 (1200 baud)

Country and system DNIC codes, compiled by Digital-demon.
Note that many countries have multiple systems and so even multiple DNIC codes for the supposedly same system. The Network names may not be the correct ones, but they are the ones listed throughout the systems. I have come upon multiple names for the same systems in some cases and have decided on using one of the two or more. I apologize if this creates any confusion.

COUNTRY NETWORK DNIC
——- ——- —-
ANDORA ANDORPAC 2945
ANTIGUA AGANET 3443
ARGENTINA ARPAC 7220
ARPAC 7222
AUSTRIA DATEX-P 2322
DATEX-P TTX 2323
RA 2329
AUSTRALIA AUSTPAC 5052
OTC DATA ACCESS 5053
AUSTPAC 5054
BAHAMAS BATELCO 3640
BAHRAIN BAHNET 4263
BARBADOS IDAS 3423
BELGIUM DCS 2062
DCS 2068
DCS 2069
BERMUDA BERMUDANET 3503
BRAZIL INTERDATA 7240
RENPAC 7241
RENPAC 7248
RENPAC 7249
CAMEROON CAMPAC 6242
CANADA DATAPAC 3020
GLOBEDAT 3025
INFOGRAM 3028
INFOSWITCH 3029
CAYMAN ISLANDS IDAS 3463
CHAD CHAD 6222
CHANNEL IS PSS 2342
CHILE ENTEL 7302
CHILE-PAC 7303
VTRNET 7305
ENTEL 7300
CHINA PTELCOM 4600
COLOMBIA COLDAPAQ 7322
COSTA RICA RACSAPAC 7120
RACSAPAC 7122
RACSAPAC 7128
RACSAPAC 7129
CURACAU UDTS 3400
CYPRUS CYTAPAC 2802
CYTAPAC 2807
CYTAPAC 2808
CYTAPAC 2809
DENMARK DATAPAK 2382
DATAPAK 2383
DJIBOUTI STIPAC 6382
DOMINICAN REP. UDTS-I 3701
EGYPT ARENTO 6020
FINLAND DATAPAK 2441
DATAPAK 2442
DIGIPAK 2443
FRANCE TRANSPAC 2080
NTI 2081
TRANSPAC 2089
TRANSPAC 9330
TRANSPAC 9331
TRANSPAC 9332
TRANSPAC 9333
TRANSPAC 9334
TRANSPAC 9335
TRANSPAC 9336
TRANSPAC 9337
TRANSPAC 9338
TRANSPAC 9339
FR ANTILLIES TRANSPAC 2080
FR GUIANA TRANSPAC 2080
DOMPAC 7420
FR POLYNESIA TOMPAC 5470
GABON GABONPAC 6282
GERMANY F.R. DATEX-P 2624
DATEX-C 2627
GREECE HELPAK 2022
HELLASPAC 2023
GREENLAND KANUPAX 2901
GUADELOUPE DOMPAC 3400
GUAM LSDS-RCA 5350
PACNET 5351
GUATEMALA GUATEL 7040
GUATEL 7043
HONDURAS HONDUTEL 7080
HONDUTEL 7082
HONDUTEL 7089
HONG KONG INTELPAK 4542
DATAPAK 4545
INET HK 4546
HUNGARY DATEX-P 2160
DATEX-P 2161
ICELAND ICEPAK 2740
INDIA GPSS 4042
INDONESIA SKDP 5101
IRELAND EIRPAC 2721
EIRPAC 2724
ISRAEL ISRANET 4251
ITALY DARDO 2222
ITAPAC 2227
IVORY COAST SYTRANPAC 6122
JAMAICA JAMINTEL 3380
JAPAN GLOBALNET 4400
DDX 4401
NIS-NET 4406
VENUS-P 4408
VENUS-P 9955
VENUS-C 4409
KOREA REP DACOM-NET 4501
DNS 4503
KUWAIT BAHNET 4263
LEBANON SODETEL 4155
LUXEMBOURG LUXPAC 2704
LUXPAC 2709
MACAU MACAUPAC 4550
MALAYSIA MAYPAC 5021
MARTININQUE DOMPAC 3400
MAURITIUS MAURIDATA 6170
MEXICO TELEPAC 3340
MOROCCO MOROCCO 6040
NETHERLANDS DATANET-1 2040
DATANET-1 2041
DABAS 2044
DATANET-1 2049
N. MARIANAS PACNET 5351
NEW CALEDONIA TOMPAC 5460
NEW ZEALAND PACNET 5301
NIGER NIGERPAC 6142
NORWAY DATAPAC TTX 2421
DATAPAK 2422
DATAPAC 2423
PANAMA INTELPAQ 7141
INTELPAQ 7142
PERU DICOTEL 7160
PHILIPPINES CAPWIRE 5150
CAPWIRE 5151
PGC 5152
GMCR 5154
ETPI 5156
PORTUGAL TELEPAC 2680
SABD 2682
PUERTO RICO UDTS 3300
UDTS 3301
QATAR DOHPAC 4271
REUNION (FR) TRANSPAC 2080
DOMPAC 6470
RWANDA RWANDA 6352
SAN MARINO X-NET 2922
SAUDI ARABIA ALWASEED 4201
SENEGAL SENPAC 6081
SINGAPORE TELEPAC 5252
TELEPAC 5258
ITELPAK 4542
SOUTH AFRICA SAPONET 6550
SAPONET 6551
SAPONET 6559
SOUTH KOREA DACOM-NET 4501
SPAIN TIDA 2141
IBERPAC 2145
SWEDEN DATAPAK TTX 2401
DATAPAK-1 2402
DATAPAK-2 2403
TELEPAK 2405
SWITZERLAND TELEPAC 2284
TELEPAC 2289
TAIWAN PACNET 4872
PACNET 4873
UDAS 4877
THAILAND THAIPAC 5200
IDAR 5201
TOGOLESE REP. TOGOPAC 6152
TORTOLA IDAS 3483
TRINIDAD DATANETT 3745
TEXTET 3740
TUNISIA RED25 6050
TURKEY TURPAC 2862
TURPAC 2863
TURKS&CAICOS IDAS 3763
U ARAB EMIRATES EMDAN 4241
EMDAN 4243
TEDAS 4310
URUGUAY URUPAC 7482
URUPAC 7489
USSR IASNET 2502
U.S. VIRGIN I UDTS 3320
U. KINGDOM IPSS-BTI 2341
PSS-BT 2342
MERCURY 2350
MERCURY 2351
HULL 2352
USA AUTONET 3126
COMPUSERVE 3132
FTCC 3124
ITT/UDTS 3103/310
MARKET 3136
RCA/LSDS 3113
TELENET 3110/312
TRT-DTAPAK 3119
TYMNET 3106
UNINET 3125
WUI-DBS 3104
WUTCO 3101
YUGOSLAVIA YUGOPAC 2201
ZIMBABWE ZIMNET 6482

—————————————-
ALTERNATIVE DATA
NUA: 234222400127
—————————————-
THE PAKR
NUA:234222400127
—————————————
BRIGHTON POLYTECHNIC
NUA: 234270500115
—————————————-
BRITISH LIBRARY
NUA:2342227900102 (Blaise-Line)
310600128800 (Blaise-Link)
————————————–
THE BRITISH LIBRARY
NUA: 234293765265
—————————————-
BRITISH MARITIME TECHNOLOGY (LIMITED)
Davy Bank Industrial Estate
Wallsend Research Station,
NUA: 234263200106
—————————————-
CABLE AND WIRELESS EASYLINK LTD
Mercury House
NUA: 234218400120
—————————————-
CAMBRIDGE UNIVERSITY COMPUTING SERVICE
NUA: 234222339399
—————————————-
CITY OF BIRMINGHAM POLYTECHNIC
NUA: 234221200114
—————————————-
CODUS LIMITED
NUA: 234274200103
—————————————-
COMNET GLOBAL COMMUNICATIONS LTD
NUA:234213401278
234213401277
—————————————
COMPU-MARK (UK) LTD
PSS NUA: 23421230024700
—————————————
COUNTING HOUSE COMPUTER SYSTEMS (1984) LTD
NUA: 2342284001440
—————————————-
DATABASE SYSTEMS (GB) LTD
NUA: 234258200103
—————————————
DATASOLVE LTD
NUA: 234213300124
—————————————-
DATEMA LIMITED
NUA: 234227200147
—————————————
DIALOG
NUA:23421230012011 (Dialnet)
23421230012013 (Dialmail)
3106900803 (Tymnet)
3106900061 (Tymnet)
3110415000200 (Telenet)
3110415000480 (Telenet)
3110213001700 (Telenet)
3110213002360 (Telenet)
312541500007 (Uninet)
312541500008 (Uninet)
3125415000027 (Uninet)
—————————————–
DILLON COMPUTING LIMITED
NUA: 234227230231
—————————————-
DRI EUROPE LTD
NUA:234219201105
3106900788
3106900218
—————————————-
DUN AND BRADSTREET
NUA: 234289500108
—————————————-
DYNATECH
NUA: 234270712221
—————————————-
EDINBURGH REGIONAL
NUA: 234231354354
—————————————
THE ELECTRONIC MAIL COMPANY LTD
NUA: 23428440010500
23428440010501
23428440010502
23428440010503
23428440010504
—————————————-
ENGINEERING INFORMATION COMPANY LTD
NUA 23421338012200
—————————————
ESSEX UNIVERSITY
NUA: 234220641141
————————————–
EXIS LIMITED
NUA: 234232500124
————————————–
FINSBURY DATA SERVICES LTD
NUA: 234219200101
————————————–,
NUA: 234274900101
————————————–
GSI (UK) LTD
NUA: 234227600139
————————————–
HATFIELD POLYTECHNIC
NUA: 234270712217
————————————–
HIGH LEVEL HARDWARE LIMITED
NUA: 23422350010999
————————————–
HUDDERSFIELD POLYTECHNIC
NUA: 234227400101
————————————–
INTERSCAN COMMUNICATIONS SYSTEMS LTD
NUA: 234275300124
————————————-
IRS DIALTECH
NUA: 234219201156
————————————-
ISTEL LIMITED
NUA: 234252724241
————————————-
KENT UNIVERSITY
NUA: 234222715151
————————————
KODA ONLINE
NUA: 234262200114 KODA
228468114080 EKOL (SWITZERLAND)
————————————
KOREAN BITNET
NUA: 4501201010100
—————————————
KOREAN PC-SERVE
NUA: 4501981
4501982
—————————————
LOCKHEED CORPORATION (INTERNATIONAL) S.A.
NUA: 234212300120
————————————–
LONGMAN CARTERMILL LIMITED
NUA: 234233400101
—————————————
MEAD DATA CENTRAL INTERNATIONAL
NUA: 234219200171
—————————————
MEJ ELECTRONICS LTD
NUA: 234275300131
————————————–
NEWCASTLE-UPON-TYNE UNIVERSITY
NUA: 234263259159
————————————–
NIXDORF COMPUTER
NUA: 234274200127
————————————-
OCLC EUROPE
NUA: 234221200145
————————————-
ONE TO ONE
NUA: 234212301281
————————————-
P&O EUROPEAN FERRIES
NUA: 234230415150
————————————-
PERGAMON ORBIT INFOLINE LTD
NUA:234284400162
3106009211 (Tymnet)
311070300141 (Telenet)
————————————-
PLESSEY CONTROLS LIMITED
NUA: 234219201002
————————————
PRAXIS SYSTEMS PLC
NUA: 234222500101
————————————-
SALFORD UNIVERSITY
NUA: 23426164321090
————————————-
SCICON LIMITED
NUA: 234290840111
————————————-
NUA: 234250600119
————————————
NUA: 234219200203
————————————-
SIA COMPUTER SERVICES
NUA: 234219200394
————————————-
THE SOFTWARE FORGE
NUA: 234273400156
————————————-
Bath University
NUA: 234222530303
————————————
THE STOCK EXCHANGE
NUA: 23421920010300
———————————–
STRATHCLYDE UNIVERSITY
NUA: 23424126010604
————————————
TELEFILE COMPUTER PRODUCTS LTD
NUA: 23427531732700
————————————
NUA: 23421230021001
————————————
T T INTERNATIONAL
NUA: 234218800168
————————————
UNI-NET
NUA: 655011101207 LOGIN: UNINET
PASS:NEW
————————————–
UNIVERSITY COLLEGE LONDON
NUA: 234219200300
————————————
UNIVERSITY OF WALES INSTITUTE OF SCIENCE & TECHNOLOGY
NUA: 234222236236
—————————————-
WEATHERBYS
NUA: 23426040010500
—————————————
WILTEK (UK) LTD
NUA: 234213300104
—————————————
WOLVERHAMPTON POLYTECHNIC
NUA: 234290200107
—————————————
BIX-LIKE SYSTEM
NUA: 45890010006
login: guest
—————————————
Prestel
NUA: 23411002002017
ID: 4444444444
pass:4444
A23411002002018
—————————————
MEP
NUA: 22846911003
login: cia0543
password: guest
—————————————
EMPAL BBS
NUA: 12210613300
————————————–
OAG
NUA: 311031200159
————————————–
PRIME
NUA: 302031400124
—————————————
QUICK BROWN FOX
NUA: 228462100990
—————————————
GENIE
NUA: 3136900
—————————————
CALVACOM (in french)
NUA: 208075111
login: NOUVEAU or NEW
—————————————
BAHAMIN TELEPHONENUA: 302079100900
—————————————-
MINITEL
NUA: 208075040390
—————————————-
TCICS
NUA: 44013612065
<3 returns>
login: guest or login: postcard
—————————————
CIS
NUA: 311020200202
3106*DCIS02
————————————–
HEBREW UNIVERSITY
NUA: 452120000113
—————————————-
CHAT SYSTEM
NUA: 2624521090832
—————————————

Well I think that is enough for the first installment of packet networks. For those of you confused on the use of any part of this text please contact me, Digital-demon, at THE MATRIX BBS 1-908-905-6691 or 1-201-905-6691.

Remember, the information presented within this text is for information purposes only, this author will NOT be held responsible for an actions by anyone other than himself. I hope it was as informational to you as it was to me when I was compiling this text.

Greets to my friends and allies in this dangerous world: Tal Meta, Midnite Raider, CyberSage, Rat Fink, Sir Hairy Legg/Leech, Cool One, Pulsar-Nova, Kludge, D_Flatline, and everyone else on QSD that has helped me in this endevor.

By the way, anyone interested in finding tons of information on packet entworks should check out the subs devoted to them on BIX and some of the larger networks, they were very informative.

“Death Rules the World, Let the DEVIL beware, and let GOD weep.” _-Tensen Darquist

<*********************************************************>
< >
< >
< This Phile on >
< >
< Packet Networks >
< >
< Brought to you by >
< >
< Digital-demon >
< (C) DEC 29,1990 >
< >
< >
<*********************************************************>
[7] Tfiles: (1-8,?,Q) :

HACKING 101 – By Johnny Rotten – Course #1 – Hacking, Telenet, Life

HACKING 101 - By Johnny Rotten  - Course #1 - Hacking, Telenet, Life
---------------------------------------------------------------------

Since I have always felt that Baton Rouge was at a loss for *GOOD* hackers,
I have taken it upon myself to educate the masses on this rather elusive of
subjects.

This course will cover a straight jaunt into Telenet, how to get there, what
to do, where to go, and what to do once your in.

The very first thing that you will need to do is to get NUAA from the Sprawl.
This rather nifty utility scans Telenet for valuable, connectable "addresses".
These addresses are a numeric code which is broken down as such:
                508266 - typical Telenet address
                ^^^
                This is basically an area code...
                The 266 part can also go up as high as 9999 (or above)
                That's the unique part of the address

Alright, scan a known area code...you will almost certainly get a large number
of connections, and using NUAA, it doesn't take very long (an hour or so to
scan over 800 possible connections...indeed not very long).

NUAA will produce a logfile, and another file of NUAs (network user addresss,
get the connection?).  Check this NUA file.  All of those addresses are valid
connects.  And, it also gives the first line of text that came across on this
system.

This is where you will begin.  Look through this list for anything that says
Unix.  Once you find a NUA that goes to a Unix, your work shall begin.

The first thing to try and do when trying to access a Unix is to try "default"
accounts.  These are accounts that are built into an initial Unix installation.
However, these accounts are usually changed.  IF they were always changed, then
we would never get in anywhere.

The list of defaults for a Unix that I am aware of are:
        informix, sync, uucp, golden, anonymous, user, login, demo

These accounts usually have the same password as their username.  I.e. account
"informix" will have it's password as "informix".

Dr. Hacker and the Bladerunner have additional information concerning defaults,
and I am sure that they will comment.

What to do when you have gotten into the system
-----------------------------------------------

Watch the logon screen for the last login date.  If it was a day ago, or a
few hours ago, or even a week ago, IMMEDIATELY hang up.  These accounts are
better left for the local pro (Dr. Hacker) or the semi-pros (myself and
Bladerunner).  However, if the last logon date was more than a week ago, or
even a year ago, IMMEDIATELY hang up.

Why?  Well, unused accounts are just as dangerous as used accounts.  You should
call here and alert us to the system that you have found (in E-MAIL, not in the
public forums).  The only way that your further education in this matter can be
attained is if you remain undetected, and the process to determine that is more
complicated than I care to go into.  But once you have determined that you can
get in, let us know.

So, that's the first part of this lesson.  Once you have completed this much of
it, then let me know, and I will go on to the next part, which is - "What kind
of fun things are there here to do".

Any questions...??

JR

Downloaded From P-80 International Information Systems 304-744-2253

The Neophyte’s Guide to hacking (1993 Edition) by Deicide

------------------------------------------------------------------------------         
         %%%%%%%%%%%%%%%%%%%%%%%%%%%%-%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
         %                                                        %
         %            THE NEOPHYTE'S GUIDE TO HACKING             %
         %            ===============================             %
         %                      1993 Edition                      %
         %                 Completed on 08/28/93                  %
         %           Modification 1.1 Done on 10/10/93            %
         %           Modification 1.2 Done on 10/23/93            %
         %                          by                            %
         %%                >>>>>  Deicide  <<<<<                 %%
         %%%                                                    %%%
         %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

     <   The author of this file grants permission to reproduce and   >
     <   redistribute this file in any way the reader sees fit,       >
     <   including the inclusion of this file in newsletters of any   >
     <   media, provided the file is kept whole and complete,         >
     <   without any modifications, deletions or ommissions.          >
     <   (c) 1993, Deicide                                            >

TABLE OF CONTENTS
=================

1. INTRODUCTION

2. ETHICS/SAFETY

3. WHERE TO START

4. PACKET-SWITCHED NETWORKS
    A. Intro to PSNs
    B. How packet-switching works
    C. The Internet
        1. Introduction
        2. Getting access
        3. FTP
    D. X.25 Networks
        1. NUAs
        2. PADs & NUIs
        3. CUGs
        4. SprintNet
        5. BT Tymnet
        6. Datapac
        7. DNIC List

5. SYSTEM PENETRATION
    A. Unix
    B. VMS
    C. MPE (HP3000 mainframes)
    D. VM/CMS
    E. Primos
    F. TOPS 10/20
    G. IRIS
    H. NOS
    I. DECServer
    J. GS/1
    K. XMUX
    L. Starmaster/PACX
    M. Access 2590
    N. PICK
    O. AOS/VS
    P. RSTS
    Q. WindowsNT
    R. Novell Netware
    S. System75/85
    T. AS400
    U. TSO

6. BRUTE FORCE
    A. Passwords
    B. Usernames
    C. Services

7. SOCIAL ENGINEERING

8. TRASHING

9. ACRONYMS

10. CONCLUSION
    A. Last words
    B. Recommended Reading
    C. BBSes
    D. References
    E. And finally..
    F. Disclaimer

INTRODUCTION:
============
------------

    Over four years ago the final version of the LOD/H's Novice's Guide to 
Hacking was created and distributed, and during the years since it has served 
as a much needed source of knowledge for the many hackers just beginning to
explore the wonders of system penetration and exploration.
    The guide was much needed by the throng of newbies who hadn't the 
slightest clue what a VAX was, but were eager to learn the arcane art of 
hacking. Many of today's greats and moderates alike relied the guide as a 
valuable reference during their tentative(or not) steps into the nets.
    However, time has taken it's toll on the silicon networks and the guide is
now a tad out of date. The basic manufacturer defaults are now usually secured
, and more operating systems have come on the scene to take a large chunk of 
the OS percentile. In over four years not one good attempt at a sequel has
been made, for reasons unbeknownst to me.
    So, I decided to take it upon myself to create my own guide to hacking..
the "Neophyte's Guide to Hacking" (hey..no laughing!) in the hopes that it 
might help others in furthering their explorations of the nets.
    This guide is modelled after the original, mainly due to the fact that the
original *was* good. New sections have been added, and old sections expanded
upon. However, this is in no means just an update, it is an entirely new guide
as you'll see by the difference in size. This guide turned out to be over 4 
times the size of The Mentor's guide. 
    Also, this guide is NOT an actual "sequel" to the original; it is not 
LOD/H sponsored or authorized or whatever, mainly because the LOD/H is now 
extinct. 
    One last thing.. this guide is in no way complete. There are many OS's I 
did not include, the main reasons being their rarity or my non-expertise with
them. All the major OS's are covered, but in future releases I wish to include
Wang, MVS, CICS, SimVTAM, Qinter, IMS, VOS, and many more. If you 
feel you could help, contact me by Internet email or on a board or net(if you
can find me). Same thing applies for further expansion of current topics and
operating systems, please contact me.
    Ok, a rather long intro, but fuck it.. enjoy as you wish..
        Deicide - deicide@west.darkside.com

ETHICS/SAFETY:
=============
-------------

    One of the most integral parts of a hacker's mindset is his set of ethics.
And ethics frequently go hand in hand with safety, which is obviously the most
critical part of the process of hacking and the system exploration, if you  
plan to spend your life outside of the gaol.
    A hacker's ethics are generally somewhat different from that of an average
joe. An average joe would be taught that it is bad to break laws, even though
most do anyways. I am encouraging you to break laws, but in the quest for 
knowledge. In my mind, if hacking is done with the right intentions it is not
all that criminal. The media likes to make us out to be psychotic sociopaths
bent on causing armageddon with our PCs. Not likely. I could probably turn the
tables on the fearmongering media by showing that the average joe who cheats
on his taxes is harming the system more than a curious interloper, but I 
refrain.. let them wallow..
    The one thing a hacker must never do is maliciously hack(also known 
as crash, trash, etc..) a system. Deleting and modifying files unnecessary is 
BAD. It serves no purpose but to send the sysadmins on a warhunt for your head
, and to take away your account. Lame. Don't do it.
    Anyways, if you don't understand all of these, just do your best to follow
them, and take my word for it. You'll understand the reasoning behind these
guidelines later.

I.    Don't ever maliciously hack a system. Do not delete or modify files
      unnecessarily, or intentionally slow down or crash a system.
      The lone exception to this rule is the modification of system logs and
      audit trails to hide your tracks. 

II.   Don't give your name or real phone number to ANYONE, it doesn't matter
      who they are. Some of the most famous phreaks have turned narcs because
      they've been busted, and they will turn you in if you give them a 
      chance. It's been said that one out of every three hackers is a fed, and
      while this is an exaggeration, use this as a rule and you should do 
      fine. Meet them on a loop, alliance, bbs, chat system, whatever, just
      don't give out your voice number.

III.  Stay away from government computers. You will find out very fast that
      attempting to hack a MilTac installation is next to impossible, and will
      get you arrested before you can say "oh shit". Big Brother has infinite
      resources to draw on, and has all the time it needs to hunt you down. 
      They will spend literally years tracking you down. As tempting as it may 
      be, don't rush into it, you'll regret it in the end. 

IV.   Don't use codes from your own home, ever! Period. This is the most 
      incredibly lame thing i've seen throughout my life in the 'underground'; 
      incredible abuse of codes, which has been the downfall of so many people. 
      Most PBX/950/800s have ANI, and using them will eventually get you 
      busted, without question. And calling cards are an even worse idea.
      Codes are a form of pseudo-phreaking which have nothing to do with the
      exploration of the telephone networks, which is what phreaking is about.
      If you are too lazy to field phreak or be inventive, then forget about 
      phreaking.

V.    Don't incriminate others, no matter how bad you hate them. Turning in 
      people over a dispute is a terrible way to solve things; kick their ass,
      shut off their phones/power/water, whatever, just don't bust them. 
      It will come back to you in the end..

VI.   Watch what you post. Don't post accounts or codes over open nets as a   
      rule. They will die within days, and you will lose your new treasure.
      And the posting of credit card numbers is indeed a criminal offense 
      under a law passed in the Reagan years.

VII.  Don't card items. This is actually a worse idea than using codes, the
      chances of getting busted are very high. 

VIII. If for some reason you have to use codes, use your own, and nothing 
      else. Never use a code you see on a board, because chances are it has
      been abused beyond belief and it is already being monitored. 

IX.   Feel free to ask questions, but keep them within reason. People won't
      always be willing to hand out rare accounts, and if this is the case 
      don't be surprised. Keep the questions technical as a rule. Try and 
      learn as much as you can from pure hands on experience

X.    And finally, be somewhat paranoid. Use PGP to encrypt your files, keep
      your notes/printouts stored secretly, whatever you can do to prolong 
      your stay in the h/p world.

XI.   If you get busted, don't tell the authorities ANYTHING. Refuse to speak
      to them without a lawyer present.

XII.  If police arrive at your residence to serve a search warrant, look it
      over carefully, it is your right. Know what they can and can't do, and
      if they can't do something, make sure they don't.

XIII. If at all possible, try not to hack off your own phoneline. Splice your 
      neighbour's line, call from a Fortress Fone, phreak off a junction box,
      whatever..  if you hack long enough, chances are one day you'll be
      traced or ANI'd. 
      Don't believe you are entirely safe on packet-switched networks either,
      it takes a while but if you scan/hack off your local access point they
      will put a trace on it.

XIV.  Make the tracking of yourself as difficult as possible for others. 
      Bounce the call off several outdials, or try to go through at least two 
      different telco companies when making a call to a dialup.
      When on a packet-switched network or a local or wide area network, 
      try and bounce the call off various pads or through other networks 
      before you reach your destination. The more bounces, the more red tape
      for the investigator and the easier it is for you to make a clean 
      getaway. 
      Try not to stay on any system for *too* long, and alternate your calling
      times and dates. 

XV.   Do not keep written notes! Keep all information on computer, encrypted 
      with PGP or another military-standard encryption program. 
      Written notes will only serve to incriminate you in a court of law.
      If you write something down originally, shred the paper.. itty bitty
      pieces is best, or even better, burn it! Feds DO trash, just like us, 
      and throwing out your notes complete will land in their hands, and 
      they'll use it against you. 

XVI.  Finally, the day/night calling controversy. Some folks think it is a
      better idea to call during the day(or whenever the user would normally
      use his account) as to not arouse the sysadmin's suspicion of abnormal
      calling times, while others think it is better to call when nobody is
      around. 
      This is a tough one, as there is no real answer. If the sysadmin keeps
      logs(and reads over them) he will definetly think it strange that a
      secretary calls in at 3 am.. he will probably then look closer and find
      it even stranger that the secretary then grabbed the password file and
      proceeded to set him/herself up with a root shell.
      On the other hand, if you call during the time the user would normally
      call, the real owner of the account may very well log in to see his 
      name already there, or even worse be denied access because his account
      is already in use.
      In the end, it is down to your opinion.
      And remember, when you make a decision stick to it; remember the time
      zone changes.

WHERE TO START
==============
--------------

    Probably the hardest period in hacking is that of when you are first 
starting. Finding and penetrating your first system is a major step, and can
be approached in many ways. The common ways to find a system to hack are;

    - UNIVERSITIES    : Universities commonly have hundreds of users, many of 
                        which aren't too computer literate, which makes 
                        hacking a relatively simple chore. And security is 
                        often poor, so if you don't abuse the system too much 
                        your stay could be a long one. 
                        On the other hand, for a nominal fee you can usually
                        pick up a cheap *legitimate* (now there's a concept)
                        account. Or you could enroll in the university for
                        a few credits, and just go until the accounts are 
                        handed out. Unfortunely, if you are caught hacking
                        off your own account it won't be hard to trace it
                        back to you. If you get a legimate account at first,
                        you might be best to hack a student's account for your
                        other-system hacking.
                        The other fun part about universities is often they 
                        will provide access to a number of nets, usually 
                        including the Internet. 
                        Occasionally you'll have access to a PSN as well.

    - CARRIER SCANNING: Carrier scanning in your LATA(Local Access Transport
                        Area), commonly known as wardialing, was popularized 
                        in the movie War Games.
                        Unfortunely, there are a few problems inherent in 
                        finding systems this way; you are limited to the 
                        systems in your area, so if you have a small town you
                        may find very little of interest, and secondly, 
                        ANI is a problem within your own LATA, and tracing is
                        simple, making security risks high. If you are going
                        to hack a system within your own lata, bounce it at
                        least once.
                        There are many programs, such as ToneLoc and CodeThief
                        (ToneLoc being superior to all in my humble opinion), 
                        which will automate this process.                

    - PACKET-SWITCHED : This is my favorite by far, as hacking on PSNs is how 
      NETWORKS          I learned nearly all I know. I've explored PSNs  
                        world-wide, and never ran out of systems to hack.
                        No matter what PSN you try you will find many 
                        different, hackable systems. I will go more indepth 
                        on PSNs in the next section.

PACKET-SWITCHED NETWORKS
========================
------------------------    

Intro to PSNs    
=============

    First off, PSNs are also known as PSDNs, PSDCNs, PSSs and VANs to name
a few. Look up the acronyms in the handy acronym reference chart<g>. 
    The X.25 PSNs you will hear about the most are; Sprintnet(formerly 
Telenet), BT Tymnet(the largest), and Datapac(Canada's largest).
    All these networks have advantages and disadvantages, but i'll say this;
if you are in the United States, start with Sprintnet. If you are in Canada,
Datapac is for you. 
    The reason PSNs are so popular for hackers are many. There are literally
thousands of systems on PSNs all around the world, all of which(if you have 
the right facilities) are free of charge for you to reach. And because of the
immense size of public PSNs, it is a rare thing to ever get caught for 
scanning. Tracing is also a complicated matter, especially with a small
amount of effort on your part to avoid a trace.

How packet-switching works
==========================

    The following explanation applies for the most part to all forms of
packet-switching, but is specifically about PSNs operating on the X series of 
protocols, such as Datapac & SprintNet, as opposed to the Internet which 
operates on TCP/IP. It is the same principle in essense, however.
    Packet-Switched Networks are kinda complicated, but I'll attempt to 
simplify the technology enough to make it easy to understand.
    You, the user, connect to the local public access port for your PSN, 
reachable via a phone dialup. You match communications parameters with the
network host and you are ready to go.
    From there, all the data you send across the network is first bundled into 
packets, usually of 128 or 256 bytes. These packets are assembled using 
Packet Assembly/Disassembly, performed by the public access port, also known 
as a public PAD(Packet Assembler/Disassembler), or a DCE(Data Communicating 
Equipment or Data Circuit-Terminating Equipment).
    The packets are sent along the network to their destination by means of 
the various X protocols, standardly X.25 with help from X.28, X.29 & X.3 
within your home network, and internationally using X.75/X.121. The X protocol 
series are the accepted CCITT standards. 
    The host system(DTE: Data Terminal Equipment, also a PAD) which you are 
calling then receives the packet and disassembles the packet using Packet 
Assembly/Disassembly once again into data the system understands. 
    The DTE then assembles it's data in response to your packet, and sends it 
back over the network to your PAD in packet form, which disassembles the 
packet into readable data for you, the user.
    And that is the simplified version! 

The Internet
============

Introduction
------------

    Contrary to popular belief, the Internet is a packet-switched network;
just not an X.25 packet-switched network. The Internet operates on the TCP/IP
protocols(as a rule), which is why it is sometimes disregarded as a
packet-switched network. In fact, the Internet's predecessor, the ARPAnet, 
was the first large-scale experiment in packet-switching technology. What was
then Telenet came later. 
    The confusion comes from peoples ignorance of the principles of 
packet-switching, which is simply a type of network, explained in technical
detail earlier. It doesn't matter what protocols the network may use, if 
packet-switching is in use it is obviously a packet-switched network.
    Ok, now you may have noticed that the Internet has a rather small section,
which is true. The reasons are many. This is a hacking guide, not an Internet
tutorial, so I didn't include the IRC or Archie or whatever. And the main
reason is I spent about 100% more time on X.25 nets than I did the Internet.
    Nonetheless, I decided to include the essential aspects of the Internet.
You should be able to take it from there.
    The following section is derived mostly from personal experience, but
the Gatsby's Internet file helped out somewhat, specifically in the classes
of IP addresses.

Getting Access
--------------

    Getting access is somewhere between easy and very difficult, depending
where you live and how good(or lucky!) a hacker you are.
    First of all, if you are going to hack on the Internet then you must be
on a system that has full Internet access, not just mail. That cuts Compuserve
and Prodigy out of the picture.
    Most universities and some high schools have Internet access, see what  
you can do to get yourself an account, legitimatly or not.
    Some BBSes offer full Internet access for a fairly reasonable price, and
that would be a good choice.
    If you are in an area with a FreeNet, then you get full Internet access..    
for free! Check around with local hackers or PD boards to inquire where the
nearest FreeNet is.
    Some businesses provide Internet access, for a price. Check with local
netters to see what local options there are.
    And lastly, you can try and hack your way on. When you hack a system, 
check and see if they are on the net. Usually this is accomplished by doing
a test call using telnet.. explained later.

FTP
---

    FTP is the acronym for File Transfer Protocol, and it is the primary means
of transporting remote files onto your own system(actually, usually the 
system which you are calling the Internet through).
    I will only provide a brief overview, as FTP is fairly easy to use, has
help files online and comprehensive documentation offline at your local h/p
BBS.
    First off, FTP can be initialized by typing 'ftp' at any system which 
has it. Most do, even if they don't have the Internet online. That a
frustrating lesson more than a few novices has learned.. if you hack into a 
system that has FTP or telnet on line, it does not necessarily(and usually
doesn't) have Internet access. Some SunOS's will have two sets of ftp and
telnet utilities. The standard ftp and telnet commands can be used for local
network connects, but not Internet. Another set of commands, itelnet, iftp
and ifinger (and occasionally iwhois) is used for the Internet. 
    When you enter the FTP utility, you'll usually find yourself at a 'ftp>'
prompt, and typing 'help' should bring up a small set of help files. The 
commands available, along with the help files, vary from system to system.
    Procedure is then defined by what type of system you are on, as again, 
it varies. But what you usually do next is open a connection to the system you
want to get a file off of. Type 'open' followed by the host name or IP 
address of the system you wish to connect to.. explained later.
    Next, you will usually find yourself at a sort of login prompt. If you
have a username on that system, then type it in. If not, try 'anonymous'. 
Anonymous is a great little guest account that is now being built in to some
OS's. Conscientious sysadmins may disable it, for obvious reasons. If however,
it is not, you will be asked for a password. Type anything, it doesn't matter
really. Type a few d's if you want, it really doesn't matter(as a rule don't
sit on your keyboard though.. it may not like it.. type something boring).
    Next you simply use the 'get' command to get the file you want. Usually
it is a good idea to not put the files in a directory that they will be 
noticed.. the sysadmin will suspect something is up if he runs into a few 
files that he supposedly copied into his own directory. Which brings us to
the next segment.. give your files benign names, especially if they are 
something like /etc/passwd files or issues of Phrack.
    A note about FTPing /etc/passwds. It rarely works. Oh yes, you will get
an /etc/passwd file, but rarely on the Internet will it be the real 
/etc/passwd. Check the size of the file first.. if it is 300 bytes or less,
then it will likely be a substitute. Telnet will, however, get the real
/etc/passwd on most occasions.
    Now quit the FTP utility and peruse your new files.. be sure to remove 
them when done.

Telnet
------

    While FTP has no real parallel in X.25 networks, you could equate telnet
to a private PAD. Telnet lets you connect to and operate on Internet systems
over the Internet as if you were connected locally.
    Telnet is initialized by typing 'telnet' at your shell. The operative
command is, again, 'open'. Again, type 'open' followed by the domain name
or the IP address. When connected, you will be at a login prompt of some 
kind(usually..). Enter a username if you have one, and if not you can either
attempt to hack one or see if the system accepts the 'anonymous' guest user,
explained in the FTP section.
    If all goes well, you should have a remote connection of some kind, and
what follows depends on the system you are connected to, just like in any
other network.

Domain Names and IP Addresses - Intro
-------------------------------------

    For those of you unfamiliar with those terms I will give a small, 
condensed explanation of what the two are.
    One or the other is needed for connecting to a remote system, either by
FTP or Telnet. The IP address could be equated to the X.25 net's Network User
Address. The Domain name is a mnemonic name, used for convience more than
anything, as it is generally easier to remember.
    If you wish to scan for systems on the Internet it is usually much easier
to scan by IP address, as you won't know the mnemonic for most systems.
    IP addresses are 4 digit-combinations separated by dots. Address examples
are 192.88.144.3(EFF) and 18.72.2.1(MIT).
    Addresses fall into three classes;
       Class A  -  0 to 127
       Class B  -  128 to 191
       Class C  -  192 to 223
    The earliest Internet systems are all in Class A, but it is more common
to find class B or C systems. Moreover, a lot of systems are placed 
specifically in the 128 or 192 address prefix, as opposed to 184 or 201 or
whatever. Scanning an IP address set can be accomplished in many fashions. 
One of which would be to pick a prefix, add two random one to two digit 
numbers, and scan the last portion. ie: take 192.15.43 and scan the last
digit from 0 to 255. 
    Unfortunely, the last portion (or last two portions in the case of Class 
C) are ports, meaning you may come up completely blank or you might hit the 
jack pot. 
    Experiment to your own liking, after a while you will fall into a 
comfortable groove.
    You can also connect to specific systems using the domain name, if you
know or can guess the domain name. To guess a domain name you will need to
know the company or organization's name, and the type of organization it is.
This is possible because host names must follow the Domain Name System, which
makes guessing a lot easier. Once you have both, you can usually take a few 
educated guesses at the domain name. Some are easier than others.
    First of all, you will need to understand the principle of top-level
domains. The top level is at the end of a domain name; in the case of eff.org,
the top-level is 'org'. In the case of mit.edu, the top-level is 'edu'.
    Top levels fall into a few categories;
        com - commercial institutions
        org - non-profit organizations
        edu - educational facilities   
        net - networks
        gov - government systems (non military)
        mil - non-classified military
    Along with various country codes. The country codes are two letters used
for international calls; the US's is 'US', Brazil's is 'BR'.
    Determine which top-level the system falls under, and then make a few
guesses. Examples are;
        compuserve.com  
        xerox.com
        mit.edu
        eff.org
    For further reading, I suggest picking up a few of the printed Internet
guides currently on the market, as well as the Gatsby's file on the Internet,
printed in Phrack 33.

X.25 Networks
=============

    From here on in the PSN section of this file is dedicated to X.25 
networks. I use the acronym PSN interchangably with X.25 networks, so don't
get PSN confused with all the other types of PSN networks. From here on in,
it is all X.25.

Network User Addresses
----------------------

    NUAs(Network User Addresses) are the PSNs equivalent of a phone number.
They are what you need to connect to systems on PSNs around the world, and 
thanks to the DNIC(Data Network Identifier Code), there are no two the same.
    The format for entering NUAs is different from PSN to PSN. For example, 
on Datapac you must include 0's, but on Sprintnet 0's are not necessary.  
Tymnet uses 6 digits NUAs rather than the standard 8.
But the standard NUA format is this;

        PDDDDXXXXXXXXSS,MMMMMMMMMM

Where; P is the pre-DNIC digit
       D is the DNIC
       X is the NUA 
       S is the LCN(Logical Channel Number, subaddressing) 
       M is the Mnemonic

Various segments may be omitted depending on your PSN and where you are 
calling. 
The P is commonly a 0, but is a 1 on Datapac. It is not usually even counted
as part of the NUA, but must be included(usage varying) when making calls 
to another PSN other than your own. Within your own PSN it is not necessary
to include the pre DNIC digit.
The D is the DNIC also known as the DCC(Data Country Code). The DNIC is the 
4 digit country code, which insures that each NUA worldwide is unique. The 
DNIC is only used in calling international NUAs. If you are in Datapac(DNIC 
3020) you do not have to include the DNIC for Datapac when making calls to 
NUAs within Datapac, but if you are in another PSN you must include the DNIC
for calls to Datapac.
The X symbolizes the actual NUA, which along with the optional S
(subaddressing) must always be included. You can simplify the NUA even greater 
using this format; 

       PPPXXXXX

Where P is the prefix of the NUA, and the X's are the suffix. The prefix 
corresponds to an Area Code in most cases in that the NUAs within that prefix
are in a certain part of the country the PSN serves. In the case of Sprintnet,
the prefix corresponds directly with the Area Code(ie: all NUAs in the 914
prefix on Sprintnet are in New York, and all phone numbers in the 914 Area
Code are in New York).
Subaddressing, S on the diagram, is a somewhat complicated thing to explain.
Subaddressing is used when desired by the owner of the DTE, and is used to 
connect to specified system on the same NUA. You may find more than one system
on the same NUA, and these can be reached using subaddresses.
ie:
           NUA                SYSTEM
        PPPXXXXXSS
        ==========      ===================
  Ex.1  12300456             Unix
  Ex.2  123004561            VMS
  Ex.3  1230045699           HP3000

In this example, the normal NUA is 12300456(assuming DNIC and pre-DNIC digit
are not used). This NUA takes you to a Unix system. But when the LCN(Logical
Channel Number, subaddress) of 1 is used, you are taken to a VMS. And the 
subaddress of 99 takes you to a HP3000. The systems on 12300456 are all owned 
by the same person/company, who wished to have one NUA only, but by using 
subaddresses he can give access to multiple systems on a lone NUA.
Subaddresses are also used occasionally as extra security. If you hit a system
that gives you an error message such as 'REMOTE PROCEDURE ERROR' or 'REMOTE
DIRECTIVE', you will either need a subaddress or a mnemonic. You may choose to
go through the entire possible subaddresses, 1 to 99, or if you are just 
scanning i would suggest these: 1,2,50,51,91,98,99
Mnemonics, M, are another tricky one to explain. They are not documented by
the PSNs, I discovered them on my own. Mnemonics are also used to select 
systems on a single NUA as a kind of port selector, but they are more commonly 
used as a kind of external password, which prevents you from even seeing the 
system in question.
The same error messages as in LCNs occur for mnemonics, but again, even if you
can reach a system with a standard NUA, there is a possibly a system only 
reachable by mnemonic exists. Here is a list of commonly used mnemonics;
    SYSTEM CONSOLE PAD DIAL MODEM X25 X28 X29 SYS HOST

Bypassing Reverse Charging Systems: Private PADs and NUIs
---------------------------------------------------------

    Occasionally on PSNs you will run into systems which give you the 
error message 'COLLECT CALL REFUSED'. This denotes a reverse-charging system.
When you make a call to a system on a PSN, the call is automatically collect.
But a lot of sysadmins do not want to pay for your connect charges, and if all
of their users have NUIs or private PADs, it is a good idea for them to make 
their system reverse-charging, which saves them money, but also acts as yet
another security barrier from casual snoopers.
    But again, this can be avoided by using a private PAD or a NUI.
Before we go into the details of these, remember that a private PAD is a 
different thing than your public access port PAD. A private PAD is a PAD which
automatically assumes all connect charges. So, the reverse charging systems 
will let you past the reverse charging, as you agree to accept the charges.
    NUI's(Network User Identifiers) work the same way. You can think of a NUI
as .. say a Calling Card. The Calling Card is billed for all the charges made
on it, regardless of who made them; the owner gets the bill. The NUI works the
same way. NUIs are used legitimatly by users willing to accept the connect 
charges. But, as hackers are known to do, these NUIs get stolen and used to 
call all NUAs all around the world, and the legitimate owner gets the bill.
But unlike CCs, you will usually get away with using a NUI.
    However, as you can guess, private PADs and NUIs are fairly hard to come 
by. If somebody manages to get ahold of one, they usually won't be willing to
share it. So, it comes down to you; you probably will have to find your own.
    PADs are only found by scanning on PSNs, and by hacking onto systems on
PSNs. There are programs on Unix and Primos systems,for example, that serve as
a private PAD. And there are some private PADs that are set up solely for the
purpose of being a private PAD. But, these are almost always passworded, so it
is up to you to get in.
    NUIs are somewhat the same thing. NUIs are different from PSN to PSN, some
will tell you if a NUI is wrong, letting you guess one, but others will not. 
And of course, you still have to guess the password. I've heard stories of 
people carding NUIs, but i'm not sure i quite believe it, and the safety of 
such a practice is questionable.

Closed User Groups
------------------

    One of the most effective security measures i've ever seen is the CUG
(Closed User Group). The CUG is what generates the 'CALL BLOCKED' message when 
scanning on PSNs. A CUG will only accept calls into the DTE from specified 
DCE NUAs. Meaning, if your NUA has not been entered into the list of 
acceptable NUAs, you won't be allowed to even see the system. However, CUGs 
aren't for everybody. If you have a system with many users that all call in
from different points, CUGs are unusable. And a good thing for us. I've never
heard of anyone finding a way past a CUG. I've got a few theories but..

Sprintnet
---------

    Now i'll go a bit more into the major US and Canadian PSNs, starting with
the most popular in the States, Sprintnet
    To find a public indial port for Sprintnet you may possibly be able to 
find it in your telefone book(look under Sprintnet) or by Directory Assistance.
If not, try Sprintnet Customer Service at 1-800-336-0437. This also will  
probably only function between 8:30 and 5:00 EST, maybe a bit different.
    Also, for a data number for in-dial look ups try 1-800-424-9494 at
communication parameters 7/E/1(or 8/N/1 also i believe). Type <CR> twice
or @D for 2400bps and press enter so Sprintnet can match your communications
parameters. It will display a short herald then a TERMINAL= prompt.
At the TERMINAL= prompt type VT100 for VT100 terminal emulation, if you are
using a personal computer i think D1 works, or just <CR> for dumb terminal. 
Then type "c mail", at the username prompt type "phones", and for password 
type "phones" again. It is menu driven from there on. 
    Now that you have your Sprintnet public dial port number, call it up like 
you would a BBS, then when it connnects type the two <CR>s for 300/1200bps 
or the @D for 2400bps, then it will display its herald, something like: 

        SPRINTNET(or in some cases TELENET)
        123 11A  (where 123 is your area code & Sprintnet's address prefix
                  and 11A is the port you are using)
        TERMINAL=(type what you did previously eg:VT100,D1,<ENTER>)

then when Sprintnet displays the @ prompt you know you are connected to
a Sprintnet public PAD and you are ready to enter NUAs. 
    As i mentioned before, Sprintnet NUA prefixes correspond directly with
Area Codes, so to scan Sprintnet simply take an AC and suffix it with the 
remaining digits, usually in sequence. Since Sprintnet ignores 0's, NUAs
can be as small as 4 digits. When scanning, go from lowest to highest, 
stopping as soon as it seems NUAs have run dry(take it a hundred NUAs further
to be sure..best to take it right to 2000, maybe higher if you have time).

BT Tymnet
---------

    BT Tymnet is owned by British Telecom, and is the biggest PSN by far, but
it does have some extra security.
    For finding Tymnet dial-ins the procedure is much the same, look in the 
phone book under Tymnet or BT Tymnet, or phone directory assistance and ask 
for BT Tymnet Public Dial Port numbers, or you can call Tymnet customer 
Service at 1-800-336-0149. Generally try between 8:30 and 5:00 EST. I don't 
have the Tymnet data number for finding in-dials, but once you are on Tymnet 
type INFORMATION for a complete list of in-dials as well as other things.
    Once you have your in-dial number set your communication parameters at 
either 8/N/1 or 7/E/1 then dial the number just like you would a BBS. At 
connect you will see a string of garbage characters or nothing at all. 
Press <CR> so Tymnet can match your communication parameters. You will then 
see the Tymnet herald which will look something like this:
        -2373-001-
        please type your terminal identifier
    If it wants a terminal identifier press A(if you want, you can press A 
instead of <CR> at connect so it can match your communication parameters and 
get your terminal identifer all at once).
    After this initial part you will see the prompt:
        please log in:
This shows Tymnet is ready for you to enter NUAs. A great deal of the NUAs on
Tymnet are in plain mnemonic format however. To reach these, just enter the
mnemonic you wish, nothing else(ie: CPU or SYSTEM). To enter digital NUAs you
need a NUI though. Tymnet will let you know when a NUI is wrong. Just keep
guessing NUIs and passwords until you find one. BUT, keep in mind, one of the
biggest security features Tymnet has is this: it will kick you off after three 
incorrect attempts at anything. Thus, you'll have to call again and again, and
if you are in a digital switching system such as ESS it is not a good idea to
call anywhere an excessive amount of time. So keep it in moderation if you 
choose to try Tymnet.

Datapac
-------

    I am the most fond of Datapac, because I grew up on it. Nearly all the
hacking i've done to this day was on Datapac or the international PSNs i've 
been able to reach through private PADs i've found on Datapac.    
    To connect to the Datapac network from Canada you will need to dial into 
your local Datapac node, which is accessible in most cities via your local 
Datapac dial-in number.  
    There are quite a few ways to find your local Datapac dial-in. It will  
usually be in your telephone book under "DATAPAC PUBLIC DIAL PORT". If 
not, you could try directory assistance for the same name. Alternatively,
there are a couple phone #'s for finding your dial port(these are also 
customer assistance):

 1-800-267-6574  (Within Canada)
 1-613-781-6798

    Also, these numbers function only from 8:30 to 5:00 EST(Eastern Standard 
Time).Also, the Datapac Information Service(DIS) at NUA 92100086 has a 
complete list of all public dial-ins. 
    I think you can use both communication parameter settings work, but 8/N/1
(8 data bits, No parity, 1 stop bit) is used most frequently, so set it 
initially at that. Some NUA's on Datapac use 7/E/1, change to it if needed 
after you are connected to a Datapac dial-in.
    Ok,if you have your Datapac 3000 Public Indial number, you've set your
communication parameters at 8/N/1, then you are now set to go. Dial your
indial just like a BBS(duh..) and once connnected:
You will have a blank screen;
Type 3 periods and press RETURN  (this is to tell Dpac to initialize itself)
The Datapac herald will flash up stating:
DATAPAC : XXXX XXXX (your in-dial's NUA)
You are now ready to enter commands to Datapac.

Example: 
(YOU ENTER)          atdt 16046627732
(YOU ENTER)          ...
(DATAPAC RESPONDS)   DATAPAC : 6710 1071

Now you are all set to enter the NUA for your destination.
NUAs on Datapac must be 8 to 10 digits(not including mnemonics). 
8 is standard, but 9 or 10 is possible depending on usage of subaddressing.
NUA prefixes on Datapac are handed out in blocks, meaning they do not 
correspond to Area Codes, but by looking at the surrounding prefixes, you can
tell where a prefix is located. When scanning on Datapac, keep in mind most of
the valid NUAs are found in the low numbers, so to sample a prefix go from
(example) 12300001 to 12300200. It is a good idea, however, to scan the prefix
right up until 2000, the choice is yours.

DNIC List
---------

    Here is a list of the previous PSN's DNICs, and most of the other DNICs 
for PSNs world wide. This was taken from the DIS, with a number of my own 
additions that were omitted(the DIS did not include other Canadian or 
American PSNs). The extras DNICs came from my own experience and various 
BBS lists.

COUNTRY               NETWORK          DNIC       DIRECTION
-------               -------          ----       ---------

ANDORRA               ANDORPAC         2945       BI-DIR
ANTIGUA               AGANET           3443       INCOMING
ARGENTINA             ARPAC            7220       BI-DIR
                      ARPAC            7222       BI-DIR
AUSTRIA               DATEX-P          2322       BI-DIR
                      DATEX-P TTX      2323       BI-DIR
                      RA               2329       BI-DIR
AUSTRALIA             AUSTPAC          5052       BI-DIR
                      OTC DATA ACCESS  5053       BI-DIR
AZORES                TELEPAC          2680       BI-DIR
BAHAMAS               BATELCO          3640       BI-DIR
BAHRAIN               BAHNET           4263       BI-DIR
BARBADOS              IDAS             3423       BI-DIR
BELGIUM               DCS              2062       BI-DIR
                      DCS              2068       BI-DIR
                      DCS              2069       BI-DIR
BELIZE                BTLDATAPAC       7020       BI-DIR
BERMUDA               BERMUDANET       3503       BI-DIR
BRAZIL                INTERDATA        7240       BI-DIR
                      RENPAC           7241       BI-DIR
                      RENPAC           7248       INCOMING
                      RENPAC           7249       INCOMING
BULGARIA              BULPAC           2841       BI-DIR
BURKINA FASO          BURKIPAC         6132       BI-DIR
CAMEROON              CAMPAC           6242       BI-DIR
CANADA                DATAPAC          3020       BI-DIR
                      GLOBEDAT         3025       BI-DIR
                      CNCP PACKET NET  3028       BI-DIR
                      CNCP INFO SWITCH 3029       BI-DIR
CAYMAN ISLANDS        IDAS             3463       BI-DIR
CHAD                  CHADPAC          6222       BI-DIR
CHILE                 ENTEL            7302       BI-DIR
                      CHILE-PAC        7303       INCOMING
                      VTRNET           7305       BI-DIR
                      ENTEL            7300       INCOMING
CHINA                 PTELCOM          4600       BI-DIR
COLOMBIA              COLDAPAQ         7322       BI-DIR
COSTA RICA            RACSAPAC         7120       BI-DIR
                      RACSAPAC         7122       BI-DIR
                      RACSAPAC         7128       BI-DIR
                      RACSAPAC         7129       BI-DIR
CUBA                  CUBA             2329       BI-DIR
CURACAO               DATANET-1        3621       BI-DIR
CYPRUS                CYTAPAC          2802       BI-DIR
                      CYTAPAC          2807       BI-DIR
                      CYTAPAC          2808       BI-DIR
                      CYTAPAC          2809       BI-DIR
DENMARK               DATAPAK          2382       BI-DIR
                      DATAPAK          2383       BI-DIR
DJIBOUTI              STIPAC           6382       BI-DIR
DOMINICAN REP.        UDTS-I           3701       INCOMING
EGYPT                 ARENTO           6020       BI-DIR
ESTONIA               ESTPAC           2506       BI-DIR
FIJI                  FIJIPAC          5420       BI-DIR
FINLAND               DATAPAK          2441       BI-DIR
                      DATAPAK          2442       BI-DIR
                      DIGIPAK          2443       BI-DIR
FRANCE                TRANSPAC         2080       BI-DIR
                      NTI              2081       BI-DIR
                      TRANSPAC         2089       BI-DIR
                      TRANSPAC         9330       INCOMING
                      TRANSPAC         9331       INCOMING
                      TRANSPAC         9332       INCOMING
                      TRANSPAC         9333       INCOMING
                      TRANSPAC         9334       INCOMING
                      TRANSPAC         9335       INCOMING
                      TRANSPAC         9336       INCOMING
                      TRANSPAC         9337       INCOMING
                      TRANSPAC         9338       INCOMING
                      TRANSPAC         9339       INCOMING
FR ANTILLIES          TRANSPAC         2080       BI-DIR
FR GUIANA             TRANSPAC         2080       BI-DIR
FR POLYNESIA          TOMPAC           5470       BI-DIR
GABON                 GABONPAC         6282       BI-DIR
GERMANY F.R.          DATEX-P          2624       BI-DIR
                      DATEX-C          2627       BI-DIR
GREECE                HELPAK           2022       BI-DIR
                      HELLASPAC        2023       BI-DIR
GREENLAND             KANUPAX          2901       BI-DIR
GUAM                  LSDS-RCA         5350       BI-DIR
                      PACNET           5351       BI-DIR
GUATEMALA             GUATEL           7040       INCOMING
                      GUATEL           7043       INCOMING
HONDURAS              HONDUTEL         7080       INCOMING
                      HONDUTEL         7082       BI-DIR
                      HONDUTEL         7089       BI-DIR
HONG KONG             INTELPAK         4542       BI-DIR
                      DATAPAK          4545       BI-DIR
                      INET HK          4546       BI-DIR
HUNGARY               DATEX-P          2160       BI-DIR
                      DATEX-P          2161       BI-DIR
ICELAND               ICEPAK           2740       BI-DIR
INDIA                 GPSS             4042       BI-DIR
                      RABMN            4041       BI-DIR
                      I-NET            4043       BI-DIR
INDONESIA             SKDP             5101       BI-DIR
IRELAND               EIRPAC           2721       BI-DIR
                      EIRPAC           2724       BI-DIR
ISRAEL                ISRANET          4251       BI-DIR
ITALY                 DARDO            2222       BI-DIR
                      ITAPAC           2227       BI-DIR
IVORY COAST           SYTRANPAC        6122       BI-DIR
JAMAICA               JAMINTEL         3380       INCOMING
JAPAN                 GLOBALNET        4400       BI-DIR
                      DDX              4401       BI-DIR
                      NIS-NET          4406       BI-DIR
                      VENUS-P          4408       BI-DIR
                      VENUS-P          9955       INCOMIMG
                      VENUS-C          4409       BI-DIR
                      NI+CI            4410       BI-DIR
KENYA                 KENPAC           6390       BI-DIR
KOREA REP             HINET-P          4500       BI-DIR
                      DACOM-NET        4501       BI-DIR
                      DNS              4503       BI-DIR
KUWAIT                BAHNET           4263       BI-DIR
LEBANON               SODETEL          4155       BI-DIR
LIECHTENSTEIN         TELEPAC          2284       BI-DIR
                      TELEPAC          2289       BI-DIR
LUXEMBOURG            LUXPAC           2704       BI-DIR
                      LUXPAC           2709       BI-DIR
MACAU                 MACAUPAC         4550       BI-DIR
MADAGASCAR            INFOPAC          6460       BI-DIR
MADEIRA               TELEPAC          2680       BI-DIR
MALAYSIA              MAYPAC           5021       BI-DIR
MAURITIUS             MAURIDATA        6170       BI-DIR
MEXICO                TELEPAC          3340       BI-DIR
MOROCCO               MOROCCO          6040       BI-DIR
MOZAMBIQUE            COMPAC           6435       BI-DIR
NETHERLANDS           DATANET-1        2040       BI-DIR
                      DATANET-1        2041       BI-DIR
                      DABAS            2044       BI-DIR
                      DATANET-1        2049       BI-DIR
N. MARIANAS           PACNET           5351       BI-DIR
NEW CALEDONIA         TOMPAC           5460       BI-DIR
NEW ZEALAND           PACNET           5301       BI-DIR
NIGER                 NIGERPAC         6142       BI-DIR
NORWAY                DATAPAC TTX      2421       BI-DIR
                      DATAPAK          2422       BI-DIR
                      DATAPAC          2423       BI-DIR
PAKISTAN              PSDS             4100       BI-DIR
PANAMA                INTELPAQ         7141       BI-DIR
                      INTELPAQ         7142       BI-DIR
PAPUA-NEW GUINEA      PANGPAC          5053       BI-DIR
PARAGUAY              ANTELPAC         7447       BI-DIR
PERU                  DICOTEL          7160       BI-DIR
PHILIPPINES           CAPWIRE          5150       INCOMING
                      CAPWIRE          5151       BI-DIR
                      PGC              5152       BI-DIR
                      GLOBENET         5154       BI-DIR
                      ETPI             5156       BI-DIR
POLAND                POLAK            2601       BI-DIR
PORTUGAL              TELEPAC          2680       BI-DIR
                      SABD             2682       BI-DIR
PUERTO RICO           UDTS             3300       BI-DIR
                      UDTS             3301       BI-DIR
QATAR                 DOHPAC           4271       BI-DIR
REUNION (FR)          TRANSPAC         2080       BI-DIR
RWANDA                RWANDA           6352       BI-DIR
SAN MARINO            X-NET            2922       BI-DIR
SAUDI ARABIA          ALWASEED         4201       BI-DIR
SENEGAL               SENPAC           6081       BI-DIR
SEYCHELLES            INFOLINK         6331       BI-DIR
SINGAPORE             TELEPAC          5252       BI-DIR
                      TELEPAC          5258       BI-DIR
SOLOMON ISLANDS       DATANET          5400       BI-DIR
SOUTH AFRICA          SAPONET          6550       BI-DIR
                      SAPONET          6551       BI-DIR
                      SAPONET          6559       BI-DIR
SPAIN                 TIDA             2141       BI-DIR
                      IBERPAC          2145       BI-DIR
SRI-LANKA             DATANET          4132       BI-DIR
SWEDEN                DATAPAK TTX      2401       BI-DIR
                      DATAPAK-2        2403       BI-DIR
                      DATAPAK-2        2407       BI-DIR
SWITZERLAND           TELEPAC          2284       BI-DIR
                      TELEPAC          2285       BI-DIR
                      TELEPAC          2289       BI-DIR
TAIWAN                PACNET           4872       BI-DIR
                      PACNET           4873       BI-DIR
                      UDAS             4877       BI-DIR
TCHECOSLOVAKA         DATEX-P          2301       BI-DIR
THAILAND              THAIPAC          5200       BI-DIR
                      IDAR             5201       BI-DIR
TONGA                 DATAPAK          5390       BI-DIR
TOGOLESE REP.         TOGOPAC          6152       BI-DIR
TORTOLA               IDAS             3483       INCOMING
TRINIDAD              DATANETT         3745       BI-DIR
                      TEXTET           3740       BI-DIR
TUNISIA               RED25            6050       BI-DIR
TURKEY                TURPAC           2862       BI-DIR
                      TURPAC           2863       BI-DIR
TURKS&CAICOS          IDAS             3763       INCOMING
U ARAB EMIRATES       EMDAN            4241       BI-DIR
                      EMDAN            4243       BI-DIR
                      TEDAS            4310       INCOMING
URUGUAY               URUPAC           7482       BI-DIR
                      URUPAC           7489       BI-DIR
USSR                  IASNET           2502       BI-DIR
U.S.A.                WESTERN UNION    3101       BI-DIR
                      MCI              3102       BI-DIR
                      ITT/UDTS         3103       BI-DIR
                      WUI              3104       BI-DIR
                      BT-TYMNET        3106       BI-DIR
                      SPRINTNET        3110       BI-DIR
                      RCA              3113       BI-DIR
                      WESTERN UNION    3114       BI-DIR
                      DATAPAK          3119       BI-DIR
                      PSTS             3124       BI-DIR 
                      UNINET           3125       BI-DIR
                      ADP AUTONET      3126       BI-DIR
                      COMPUSERVE       3132       BI-DIR 
                      AT&T ACCUNET     3134       BI-DIR
                      FEDEX            3138       BI-DIR
                      NET EXPRESS      3139       BI-DIR
                      SNET             3140       BI-DIR
                      BELL SOUTH       3142       BI-DIR
                      BELL SOUTH       3143       BI-DIR
                      NYNEX            3144       BI-DIR
                      PACIFIC BELL     3145       BI-DIR
                      SWEST BELL       3146       BI-DIR
                      U.S. WEST        3147       BI-DIR
                      CENTEL           3148       BI-DIR 
                      FEDEX            3150       BI-DIR 
U.S. VIRGIN I         UDTS             3320       BI-DIR
U. KINGDOM            IPSS-BTI         2341       BI-DIR
                      PSS-BT           2342       BI-DIR
                      GNS-BT           2343       BI-DIR
                      MERCURY          2350       BI-DIR
                      MERCURY          2351       BI-DIR
                      HULL             2352       BI-DIR
VANUATU               VIAPAC           5410       BI-DIR
VENEZUELA             VENEXPAQ         7342       BI-DIR
YUGOSLAVIA            YUGOPAC          2201       BI-DIR
ZIMBABWE              ZIMNET           6484       BI-DIR

SYSTEM PENETRATION
==================
------------------

    Ok, now that you've hopefully found some systems, you are going to need to
know how to identify and, with any luck, get in these newfound delights. 
    What follows is a list of as many common systems as i could find. The 
accounts listed along with it are not, per say, 'defaults'. There are very
few actual defaults. These are 'common accounts', in that it is likely that 
many of these will be present. So, try them all, you might get lucky.
    The list of common accounts will never be complete, but mine is fairly
close. I've hacked into an incredible amount of systems, and because of this
I've been able to gather a fairly extensive list of common accounts.
    Where I left the password space blank, just try the username(and anything
else you want), as there are no common passwords other than the username 
itself.
    And also, in the password space I never included the username as a 
password, as it is a given in every case that you will try it.
    And remember, passwords given are just guidelines, try what you want.

UNIX-            Unix is one of the most widespread Operating Systems in the
                 world; if you scan a PSN, chances are you'll find a number of
                 Unixes, doesn't matter where in the world the PSN resides.
                 The default login prompt for a unix system is 'login', and
                 while that cannot be changed, additional characters might
                 be added to preface 'login', such as 'rsflogin:'. Hit <CR> a
                 few times and it should disappear.
                 Because UNIX is a non-proprietary software, there are many
                 variants of it, such as Xenix, SCO, SunOS, BSD, etc.., but
                 the OS stays pretty much the same.
                 As a rule, usernames are in lowercase only, as are passwords,
                 but Unix is case sensitive so you might want to experiment if
                 you aren't getting any luck.
                 You are generally allowed 4 attempts at a login/password, but
                 this can be increased or decreased at the sysadmins whim.
                 Unfortunely, UNIX does not let you know when the username
                 you have entered is incorrect.
                 UNIX informs the user of when the last bad login attempt was
                 made, but nothing more. However, the sysadmin can keep logs 
                 and audit trails if he so wishes, so watch out.
                 When inside a UNIX, type 'cat /etc/passwd'. This will give 
                 you the list of usernames, and the encrypted passwords.
                 The command 'who' gives a list of users online.
                 'Learn' and 'man' bring up help facilities.
                 Once inside, you will standardly receive the prompt $ or % 
                 for regular users, or # for superusers.
                 The root account is the superuser, and thus the password 
                 could be anything, and is probably well protected. I left 
                 this blank, it is up to you. There won't be any common 
                 passwords for root.

                 COMMON ACCOUNTS:

                 Username          Password
                 --------          --------
                 root              
                 daemon 
                 adm               admin, sysadm, sysadmin, operator, manager
                 uucp 
                 bin
                 sys
                 123               lotus, lotus123
                 adduser
                 admin             adm,sysadm,sysadmin,operator,manager
                 anon              anonymous
                 anonuucp          anon, uucp, nuucp
                 anonymous         anon
                 asg               device devadmin 
                 audit 
                 auth 
                 backappl
                 backup            save, tar 
                 batch
                 bbx
                 blast
                 bupsched
                 cbm
                 cbmtest
                 checkfsys
                 control
                 cron 
                 csr               support, custsup 
                 dbcat             database, catalog 
                 default           user, guest  
                 demo              tour, guest
                 dev
                 devel
                 devshp
                 diag              sysdiag, sysdiags, diags, test 
                 diags             diag, sysdiag, sysdiags
                 dialup
                 dos
                 fax
                 field             fld, service, support, test 
                 filepro
                 finger
                 fms
                 friend            guest, visitor 
                 games
                 general
                 gp
                 gsa 
                 guest             visitor, demo, friend, tour
                 help
                 host
                 hpdb 
                 info
                 informix          database
                 ingres            database
                 inquiry 
                 install
                 journal 
                 journals 
                 kcml
                 learn
                 lib               library, syslib 
                 link
                 listen 
                 lp                print spooler lpadmin
                 lpadmin           lp, adm, admin 
                 lpd
                 ls
                 mail 
                 maint             sysmaint, service
                 makefsys
                 man
                 manager           mgr, man, sysmgr, sysman, operator
                 mdf
                 menu
                 mountfsys
                 ncrm              ncr
                 net               network 
                 netinst           inst, install, net, network
                 netman            net, man, manager, mgr, netmgr, network
                 netmgr            net, man, manager, mgr, netmgr, network
                 network           net 
                 newconv
                 news 
                 nobody            anon 
                 nuucp             anon 
                 oasys             oa  
                 odt               opendesktop
                 online
                 openmail          mail
                 oper              operator,manager,adm,admin,sysadmin,mgr  
                 operator          sysop, oper, manager 
                 opp
                 oracle            database
                 oraclev5          oracle, database
                 oradev            oracle
                 pcs
                 pcsloc
                 pctest
                 postmaster        mail
                 powerdown         shutdown 
                 priv              private
                 prod
                 pub               public
                 public            pub
                 reboot
                 remote
                 report 
                 rha
                 rje                 
                 rsm
                 rsmadm            rsm, adm, admin
                 rusr
                 sales
                 sas
                 save              backup
                 savep
                 service           field, support
                 setup
                 shutdown 
                 smtp              mail 
                 softwork
                 space 
                 startup 
                 su
                 sundiag           sysdiag, diag, diags, sysdiags
                 suoper            su, oper, operator
                 super             supervisor, manager, operator
                 support           field, service
                 sync
                 sysadm            adm, admin, operator, manager
                 sysdiag           diag, diags, sysdiags
                 sysinfo           info
                 sysmaint          maint, service 
                 sysman            manager,mgr,man,admin,operator,sysadmin
                 sysmgr            manager,mgr,man,admin,operator,sysadmin
                 system            sys, unix, shell, syslib, lib, operator
                 systest           test, tester, testuser, user 
                 test              tester, testuser, systest, user   
                 tester            test, user, testuser  
                 testuser          test, tester, user, systest
                 tftp
                 tour              demo, guest, user, visitor
                 transfer
                 tty
                 tutor
                 tutorial 
                 umountfsys 
                 unix 
                 unixmail          mail, unix
                 user              guest, demo
                 userp             user
                 usr               user   
                 usrlimit
                 utest
                 uucpadm           adm, admin, uucp
                 uuadm             uucp, adm
                 uuadmin           uucp, admin
                 uuhost            uucp, host
                 uulog             uucp, log
                 uunx              uucp
                 uupick            uucp, pick
                 uustat            uucp, stat
                 uuto              uucp, to
                 uux               uucp
                 va 
                 vashell 
                 vax
                 visitor           guest, friend, demo, tour
                 vlsi
                 vmsys             vm, face 
                 vsifax
                 who 
                 wp
                 wp51
                 x25               pad
                 x25test           test
                 x400 

VMS-             DEC's Virtual Memory System commonly runs on VAX computers. 
                 It is another very widespread system, with many users world 
                 wide.
                 VMS will have a 'Username:' prompt, and to be sure just type
                 in a ',' for a username. A VMS will throw back an error 
                 message on special delimeters.
                 You will standardly get 3 and only three login attempts, and
                 VMS is not kind enough to let you know when you have entered
                 an incorrect username.
                 Once inside you will find yourself at a $ prompt.

                 COMMON ACCOUNTS:

                 Username            Password
                 --------            --------
                 backup
                 batch
                 dcl
                 dec
                 decmail             mail
                 decnet
                 default             default, user
                 dialup
                 demo                guest
                 dsmmanager          dsm, manager
                 dsmuser             dsm, user
                 field               field, service, support, test, digital
                 games
                 guest               visitor, demo
                 help
                 helpdesk
                 help_desk           helpdesk
                 host
                 info 
                 ingres              database
                 interactive
                 link
                 local
                 mail 
                 mailer              mail
                 mbmanager           mb, manager, mgr, man
                 mbwatch             watch, mb
                 mpdbadmin           mpdb, admin
                 netcon              net, network
                 netmgr              net, manager, mgr, operator
                 netpriv             network, private, priv, net
                 netserver
                 network             net
                 newingres           ingres
                 news
                 operations          operations
                 operator            oper, manager, mgr, admin, 
                 opervax             operator, vax
                 ops
                 oracle
                 pcsdba
                 pfmuser             pfm, user
                 postmaster          mail
                 priv                private         
                 remote
                 report
                 rje                 remote, job, entry
                 student
                 suggest             suggest
                 sys
                 sysmaint            sysmaint, maint, service, digital
                 system              manager,operator,sys,syslib
                 systest             uetp,test
                 systest_clig        systest, test
                 tapelib
                 teledemo            demo
                 test                testuser, tester
                 uetp
                 user                test, guest, demo
                 userp               user
                 vax
                 vms
                 visitor             guest, demo
                 wpusers

HP3000-          HP3000 mainframes run the MPE series of operating systems, 
                 such as MPE, V, ix, X, and XL. 
                 The default login prompt is ':', but this can be prefaced 
                 with characters(ie: 'mentor:') and in some cases the ':' may 
                 be taken completely away (ie: 'mentor'). To check for a 
                 HP3000, hit a <CR>, you will get an error message such as this;
                 EXPECTED HELLO, :JOB, :DATA, OR (CMD) AS LOGON.  (CIERR 1402) 
                 To login type 'hello', followed by the login information, 
                 which is in this format:   USER.ACCOUNT,GROUP.
                 The group is optional, but may be needed in some cases, and
                 can give you different file sets and the sort.
                 A great thing about HP3000's is they tell you exactly what
                 is incorrect about the login name you've supplied them, 
                 be it the account is valid but the username is wrong, or the
                 other way around. 
                 But unfortunely, if the system operators choose, they may
                 password ALL of the login name segments; username, account
                 and group.
                 The internal prompt for MPE's is, again, :.
                 'Help' will give you help when inside a HP3000. 
                 When entering accounts, i'd suggest not to use a group at
                 first. If you receive the error message 'not in home group',
                 then try the group PUB, then if even that fails, move on to
                 the common group list.
                 I didn't list passwords along with the accounts, as it would
                 be a bit of an awkward format, because of MPE's awkward
                 format. The only manufacturer default passwords I am aware 
                 of are 'hponly', for mgr.telesup, 'lotus', for mgr.sys, and
                 'hpword' for field.support.
                 Just remember to try the various parts of the account as a 
                 password, and anything else along those lines.
                 If you need a password for the following user.accounts & 
                 groups, try the various parts of the name plus any
                 combinations of it or names with obvious links to it(ie: 
                 field=service).

                 COMMON ACCOUNTS:

                 Username.Account    
                 ----------------    
                 mgr.3000devs
                 mgr.acct
                 mgr.backup
                 manager.blast
                 manager.blast1
                 mgr.ccc
                 spool.ccc
                 mgr.cnas
                 manager.cognos
                 mgr.cognos 
                 operator.cognos
                 mgr.common
                 mgr.company
                 mgr.conv
                 mgr.corp
                 mgr.cslxl
                 mgr.demo
                 operator.disc
                 mgr.easy
                 mgr.easydev
                 mgr.extend
                 mgr.hpdesk
                 mgr.hplanmgr
                 field.hpncs
                 mgr.hpncs
                 advmail.hpoffice
                 deskmon.hpoffice
                 mail.hpoffice 
                 mailman.hpoffice
                 mailroom.hpoffice
                 mailtrck.hpoffice
                 manager.hpoffice
                 mgr.hpoffice
                 openmail.hpoffice
                 pcuser.hpoffice
                 spoolman.hpoffice
                 x400fer.hpoffice
                 x400xfer.hpoffice
                 wp.hpoffice
                 mgr.hponly
                 mgr.hpoptmgt
                 field.hpp187 
                 mgr.hpp187
                 mgr.hpp189
                 mgr.hpp196
                 mgr.hppl85
                 mgr.hppl87
                 mgr.hppl89
                 mgr.hppl96
                 mgr.hpskts
                 mgr.hpspool
                 mgr.hpword
                 mgr.hpx11
                 dpcont.hq
                 mgr.hq
                 mgr.indhpe
                 mgr.infosys
                 mgr.intx3 
                 manager.itf3000
                 mail.mail
                 mgr.netbase
                 mgr.netware
                 operator.netware
                 mgr.orbit
                 mgr.prod
                 mgr.rego
                 mgr.remacct
                 mgr.rje
                 manager.security
                 mgr.security
                 mgr.sldemo
                 mgr.snads
                 mgr.softrep
                 mgr.speedwre
                 mgr.spool
                 manager.starbase
                 field.support
                 mgr.support
                 operator.support
                 exploit.sys
                 manager.sys
                 mgr.sys
                 operator.sys         
                 pcuser.sys
                 rsbcmon.sys
                 operator.syslib
                 sysrpt.syslib
                 mgr.sysmgr
                 operator.system
                 mgr.tech
                 mgr.techxl  
                 mgr.telamon
                 field.hpword
                 mgr.opt
                 manager.tch 
                 field.telesup
                 mgr.telesup
                 sys.telesup
                 mgr.tellx
                 monitor.tellx
                 mgr.utility
                 mgr.vecsl
                 manager.vesoft
                 mgr.vesoft
                 mgr.word 
                 field.xlserver
                 mgr.xlserver
                 mgr.xpress

                 COMMON GROUPS:

                 admin
                 advmail 
                 ask
                 brwexec
                 brwonlne
                 brwspec
                 bspadmin
                 bspdata
                 bspinstx
                 bsptools
                 catbin1  
                 catbin2
                 catlib
                 classes
                 config
                 console 
                 convert
                 creator 
                 curator 
                 currarc
                 current
                 dat
                 data
                 database 
                 delivery
                 deskmon
                 devices
                 diadb
                 diag
                 diafile 
                 diaipc 
                 doc
                 docxl
                 document  
                 dsg
                 easy
                 ems
                 emskit
                 etdaemon
                 example
                 examples
                 ezchart 
                 galpics
                 graphics
                 hold
                 hpaccss
                 hpadvlk
                 hpadvml
                 hpdesk
                 hpdraw
                 hpecm
                 hpemm
                 hpenv
                 hpgal 
                 hphpbkp
                 hplibry
                 hplist
                 hplt123
                 hpmail
                 hpmap 
                 hpmenu
                 hpprofs 
                 hpsw
                 hptelex
                 ibmpam 
                 idl
                 idlc
                 idpxl
                 include
                 infoxl
                 instx 
                 internal
                 itpxl
                 job
                 lib  
                 libipc 
                 library
                 mailconf
                 maildb
                 mailhelp
                 mailjob
                 maillib 
                 mailserv 
                 mailstat
                 mailtell 
                 mailxeq
                 mediamgr
                 memo
                 memory
                 mgr
                 mmgrdata
                 mmgrxfer
                 mmordata
                 mmorxfer 
                 monitor
                 mpexl
                 ndfiles
                 ndports
                 net
                 network
                 nwoconf 
                 office
                 oldmail
                 oper
                 operator
                 out
                 pascalc
                 patchxl
                 pcbkp
                 ppcdict 
                 ppcsave 
                 ppcutil  
                 prntmate 
                 prog
                 prvxl
                 pub
                 pubxl
                 qedit
                 ref
                 request
                 restore
                 sample
                 sbase
                 sfiles
                 signal
                 sleeper
                 snax25
                 sql 
                 sruntime 
                 subfile
                 suprvisr
                 sx
                 sys
                 sysmgr
                 sysvol
                 tdpdata 
                 telex
                 telexjob
                 text
                 tfm
                 ti 
                 tools
                 transmit
                 user
                 users
                 validate
                 viewlib
                 visicalc
                 wp
                 wp3
                 x400data
                 x400db
                 x400fer 
                 x400file
                 xspool 

VM/CMS-          The VM/CMS Operating System is found on IBM mainframes, and
                 while there are quite a few out there, they are commonly left
                 alone by hackers who prefer Unix or VMS. 
                 VM/CMS systems are commonly found gated off Sim3278 VTAMs and 
                 ISM systems as well.
                 The login prompt for CMS is '.', but additional information
                 might be given before the prompt, such as;
                      Virtual Machine/System Product
                      !
                      .
                 or;
                      VM/370
                      !
                      .
                 and frequently over to the side;
                      LOGON userid                   
                      DIAL userid                    
                      MSG userid message              
                      LOGOFF
                 but they all represent a VM/CMS system. 
                 To logon, type 'logon' followed by the username, which is 
                 usually 1 to 8 characters in length. 
                 To be sure it is a CMS, type 'logon' followed by some random
                 garbage. If it is a VM/CMS, it will reply;
                       Userid not in CP directory
                 This is one of the great things about CMS, it tells you if 
                 the login ID you entered is incorrect, thus making the 
                 finding of valid ones fairly easy.
                 One thing to watch out for.. if you attempt brute forcing 
                 some systems will simply shut the account or even the login 
                 facility for some time. If that is the case, find out the 
                 limit and stay just underneath it.. drop carrier or clear the
                 circuit if necessary, but if you continually shut down the 
                 login facilities you will raise a few eyebrows before you 
                 even make it inside.
                 Once inside, typing 'help' will get you a moderate online
                 manual.

                 COMMON ACCOUNTS

                 Username         Password
                 --------         --------
                 $aloc$
                 admin            operator, manager, adm, sysadmin, sysadm
                 alertvm          alert
                 ap2svp
                 apl2pp
                 autolog1         autolog
                 autolog2         autolog
                 batch 
                 batch1           batch
                 batch2           batch
                 botinstl
                 ccc
                 cms
                 cmsbatch         cms, batch, batch1
                 cmsuser          cms, user
                 cpms
                 cpnuc
                 cprm
                 cspuser          user, csp
                 cview
                 datamove
                 demo1            demo
                 demo2            demo
                 direct 
                 dirmaint         dirmaint1
                 diskcnt
                 entty
                 erep
                 formplus
                 fsfadmin         fsf, adm, sysadmin, sysadm, admin, fsfadm
                 fsftask1
                 fsftask2
                 gcs
                 gcsrecon
                 idms 
                 idmsse
                 iips
                 infm-mgr         infm, man, manager, mgr
                 inoutmgr         mgr, manager
                 ipfappl
                 ipfserv
                 ispvm
                 ivpm1
                 ivpm2
                 maildel
                 mailman          
                 maint            service
                 moeserv
                 netview          network, view, net, monitor
                 oltsep
                 op1
                 opbackup         backup
                 operatns         op, operator, manager, admin
                 operator         op, operatns, manager, admin
                 opserver
                 pdm470  
                 pdmremi
                 peng
                 presdbm          dbm
                 procal
                 prodbm           prod
                 promail
                 psfmaint         maint
                 pssnews          news
                 pvm
                 router
                 rscs
                 rscsv2
                 savsys
                 sfcm1            sfcm
                 sfcntrl
                 sim3278
                 smart
                 sna
                 sqldba           database
                 sqluser          user, sql
                 syncrony
                 sysadmin         admin, adm, sysadm, manager, operator
                 sysckp
                 sysdump1         sysdump
                 syserr
                 syswrm
                 tdisk            disk, temp
                 temp
                 tsafvm
                 vastest          test
                 vm3812  
                 vmarch
                 vmasmon
                 vmassys
                 vmbackup         backup
                 vmbsysad
                 vmmap            map
                 vmtape           tape
                 vmtest           test, testuser
                 vmtlibr
                 vmutil           util, utils
                 vseipo
                 vsemaint         maint
                 vseman
                 vsm
                 vtam
                 vtamuser         user, vtam
                 x400x25

PRIMOS-          Run on the Prime company's mainframes, the Primos Operating 
                 System is in fairly wide use, and is commonly found on 
                 Packet-Switched Networks worldwide.
                 Upon connect you will get a header somewhat like 
                      PRIMENET 23.3.0 INTENG  
                 This informs you that it is indeed a Primos computer, the
                 version number, and the system identifier the owner picked,
                 which is usually the company name or the city the Primos is
                 located in. If you find a Primos on a network, you will 
                 receive the Primenet header, but if it is outside of a 
                 network, the header may be different(ie:Primecon).
                 Hit a number of <CR>'s, and Primos will throw you the login
                 prompt 'ER!'. 
                 At this point, type 'login' followed by your
                 username. 
                 If hitting <CR>'s did not provoke an 'ER!', then type 'login'
                 followed by your username.
                 If you are blessed and you find some stone age company 
                 running 18.0.0 or below, you are guaranteed access.
                 Just find a username and there will be no password prompt. 
                 If for some reason passwording exists, a a few control-C's 
                 should drop you in.
                 Unfortunely, Primos almost always allows one and one attempt
                 only at a username/password combination before it kicks you
                 off, and Primos will not tell you if the ID you've entered is
                 invalid.
                 Once you are inside, you will find yourself at the prompt
                 'OK'.
                 'help' brings up a so-so online help guide.

                 COMMON ACCOUNTS

                 Username           Password
                 --------           --------
                 backup
                 backup_terminal
                 batch_service
                 batch             
                 bootrun
                 cmdnc0
                 demo  
                 diag
                 dos      
                 dsmsr              dsm
                 dsm_logger         dsm
                 fam                
                 games
                 guest
                 guest1             guest
                 lib
                 libraries
                 login_server
                 mail 
                 mailer
                 netlink            net, primenet 
                 netman             manager, man, mgr, netmgr
                 network_mgt        netmgt
                 network_server     server
                 prime              primos, system
                 primenet           net, netlink  
                 primos             prime, system    
                 primos_cs          primos, prime, system
                 regist
                 rje                 
                 spool
                 spoolbin           spool
                 syscol
                 sysovl
                 system             prime, primos, sys1, operator
                 system_debug
                 system_manager
                 tcpip_manager
                 tele
                 test
                 timer_progress
                 tools

TOPS-10/20-      An older and somewhat rare operating system, TOPS-10 ran on                
                 the DEC-10/20 machines. You can usually recognize a TOPS-10 by 
                 its' prompt, a lone period '.', while a TOPS-20 will have a 
                 '@' in its place. Most systems allow you to enter the commands 
                 'SYSTAT' or 'FINGER' from the login prompt, before logging in. 
                 This command will let you see the users online, a valuable aide 
                 in hacking.
                 To login, type 'login xxx,yyy', where the x and y's are 
                 digits. 
                 TOPS-10 does let you know when your username is incorrect.

                 COMMON ACCOUNTS

                 User ID Code       Password
                 ------------       --------
                 1,2                OPERATOR, MANAGER, ADMIN, SYSLIB, LIB
                 2,7                MAINT, MAINTAIN, SYSMAINT
                 5,30               GAMES

IRIS-            Unfortunely, i have no experience with IRIS whatsoever. To
                 this day i haven't even seen one. So with regret i must 
                 present old material, the following info comes entirely from
                 the LOD/H Technical Journal #3. Hopefully it will still be
                 applicable.
                 The IRIS Operating System used to run soley on PDP systems,
                 but now runs on many various machines. 
                 IRIS will commonly present itself with a herald such as;
                    "Welcome to IRIS R9.1.4 timesharing"
                 And then an "ACCOUNT ID?" prompt.
                 IRIS is kind enough to tell you when you enter an incorrect
                 ID, it won't kick you off after too many attempts, and no
                 logs are kept. And strangely enough, passwords are not used!
                 So if you can find yourself an IRIS OS, try the following
                 defaults and you should drop in..

                 COMMON ACCOUNTS

                 Username
                 --------
                 accounting
                 boss
                 demo
                 manager
                 noname
                 pdp8
                 pdp11
                 software
                 tcl

NOS-             The NOS(Network Operating System) is found on Cyber 
                 mainframes made by CDC(the Control Data Corporation).
                 Cyber machines are commonly run by institutions such as
                 universities and atomic research facilities. 
                 Cybers will usually give a herald of some sort, such as
                    Sheridan Park Cyber 180-830 Computer System
                                or
                    Sacremento Cyber 180-830 CSUS NOS Software System
                 The first login prompt will be 'FAMILY:', just hit <CR>.
                 The next prompt is 'USER NAME:'. This is more difficult,
                 usually 7 characters. The password is even worse, 
                 commonly 7 random letters. Sound bad? It is. Brute forcing
                 an account is next to impossible.
                 I've never seen these defaults work, but they are better than
                 nothing. I got them out of the LOD/H Novice's Guide to 
                 Hacking, written by the Mentor. There are no known passwords
                 for these usernames.

                 COMMON ACCOUNTS

                 Username
                 --------
                 $SYSTEM
                 SYSTEMV

DECSERVER-       The Decserver, is as the name implies, a server made by the
                 Digital Equipment Corporation, the same company that makes
                 the VAX machines. 
                 It is possible the owner of the server put a password on it,
                 if this is the case you will hit a # prompt. If the server
                 has PADs or outdials on it, you can bet this is the case. 
                 You don't need a username, just the password. You will 
                 commonly get 3 tries, but it can be modified.
                 The default password is 'access', but other good things to 
                 try are ; server, dec, network, net, system (and whatever 
                 else goes along with that).
                 If you get past the #, or there isn't one, you will hit the
                 prompt 'Enter Username>'. What you put really doesn't matter,
                 it is just an identifier. Put something normal sounding, and
                 not your hacker alias. It is actually interesting to look at 
                 the users online at a Decserver, as commonly there will be a few users
                 with the username C or CCC or the like, usually meaning 
                 they are probably a fellow hacker.
                 Also, at the Enter Username> prompt you are able to ask for
                 help with the 'help' command, which spews out fairly lengthly
                 logon help file.
                 If all went well you should end up at a 'Local>' prompt.
                 Decservers have a fairly nice set of help files, simply type
                 'help' and read all you want.
                 It is a good idea to do a 'show users' when you first logon,
                 and next do a 'show services' and 'show nodes'. The services
                 are computers hooked up to the Decserver, which you can 
                 access. For obvious reasons you will often find many VAX/VMS
                 systems on Decservers, but pretty much anything can be found
                 Look for services titled Dial, Modem, PAD, X25, 
                 Network, or anthing like that. Try pretty much everything
                 you see. Remember to try the usernames you see when you do
                 a 'show users' as users for the systems online.
                 Also, you will sometimes find your Decserver has Internet
                 (Telnet, SLIP or FTP) access, make sure you make full use of 
                 this.
                 To connect to the services you see, use 'c XXXX', where the
                 X's represent the service name.
                 Once inside, the manufacturer's default for privs is 'system'
                 and it is rarely changed. 
                 The maintenance password changes from version to version.
                 With the Decserver 200 & 500 it is 0000000000000000 (16 0's),
                 but with 300 it is simply 0.

GS/1-            GS/1's are another server type system, but they are less      
                 common than the Decservers. The default prompt is 'GS/1>', 
                 but this can be changed to the sysadmins liking.
                 To check for a GS/1, do a 'sh d', which will print out some
                 statistics.
                 To find what systems are available from the server, type 
                 'sh n' or a 'sh c', and a 'sh m' for the system macros.

XMUX-            The XMUX is a multiplexing system that provides remote 
                 access, made by Gandalf Technologies, Inc., Gandalf of Canada 
                 Ltd. in Canada. As far as I can tell, the XMUX is used only on 
                 Packet-Switched Networks, Datapac in particular but with usage
                 on PSNs world wide.   
                 The XMUX is not usually thought of as a stand alone system,
                 but as a supportive system for multi-user networked systems,
                 having a bit to do with system monitoring, channel control, 
                 and some of the features of multiplexing.
                 Thus, you'll commonly find a XMUX on a mnemonic or a 
                 subaddress of another system, although you will find them
                 alone on their own NUA frequently as well.
                 To find the systems on a subaddress or a mnemonic, your best
                 bet is to go with mnemonics, as the LOGGER mnemonic cannot be
                 removed, while subaddressing is optional. 
                 You won't always want to check every single system, so i'll
                 give a guideline of where to check;
                 (REMINDER: this is only for systems on PSNs, and may not
                  apply to your PSN)   

                    - PACX/         : The PACX/Starmaster is also made by 
                      Starmaster      Gandalf, and the two are tightly 
                      Systems         interwoven. If mnemonics don't work, be
                                      sure to try LCNs, as the CONSOLE on a
                                      PACX/Starmaster is an entirely different
                                      thing, and frequently using the mnemonic
                                      CONSOLE will bring you to the PACX 
                                      console, not the XMUX console.
                    - BBS Systems   : BBS Systems on PSNs frequently need some
                                      help, and XMUXs are fairly commonly
                                      found with them.
                    - Other misc.   : Many of the other operating systems, 
                      systems         such as Unix, AOS/VS, Pick and HP3000
                                      have the occasional XMUX along with it.
                    - Networked     : A good portion of networked systems have
                      systems         XMUXs. 

                 If a system does have a XMUX also, you can reach it almost
                 always by the mnemonic CONSOLE, and if not, the node name of
                 the XMUX. If that doesn't work, try LCNs up to and including
                 15.
                 Occasionally the console of the XMUX will be unpassworded, in
                 which case you will drop straight into the console. The XMUX
                 console is self-explanatory and menued, so i will leave you
                 to explore it.
                 However, in all likeliness you will find yourself at the 
                 password prompt, 'Password >'. This can not be modified, but
                 a one-line herald may be put above it.
                 To check for a XMUX, simply hit <CR>. It will tell you that
                 the password was invalid, and it must be 1 to 8 alphanumeric
                 characters.
                 As you can see, you do not need a username for the remote 
                 console of a XMUX. UIDs are used, but internally within the
                 workstation.
                 As it says, the password format is 1 to 8 alphanumeric 
                 characters. There is no default password, the console is left
                 unprotected unless the owner decides to password it.
                 However, there are common passwords. They are;
                    console, gandalf, xmux, system, password, sys, mux xmux1
                 I'll repeat them in the common passwords again later.
                 But these will not always work, as it is up to the owner to
                 pick the password(although they do like those). 
                 Your next best bet is to find out the node name of the XMUX
                 (XMUXs are polling systems as well, usually hooked up somehow
                 to one of the regional hubs).
                 To do this, you must understand the parts of the XMUX. 
                 The XMUX has 4 default parts; the CONSOLE, the FOX, the 
                 LOGGER, and the MACHINE.
                 I'll try and define the usage of them a bit more;
                 CONSOLE- the main remote part of the XMUX, which performs all
                          the maintenance functions and system maintenance.
                          the actual system.
                          reachable usually on the LCN(subaddress) of 0 or 
                          4/5, and the default mnemonic CONSOLE, which can be
                          changed.
                 FOX    - a test system, which runs through never ending lines
                          of the alphabet and digits 0-9.
                          reachable on the LCN of 1, mnemonic FOX.
                 LOGGER - a device which displays log information, usually
                          one or two lines, including the node name.
                          reachable on the LCN of 2, mnemonic LOGGER.
                 MACHINE- a system which i do not yet understand fully. 
                          performs some interesting functions.
                          the prompt is '#'.
                          type 'S' and you will(always) receive a short/long
                          (depending on how much the system is used) system
                          status report, containing among other things the 
                          system node name.
                          if active, typing 'L' will bring up a more complete
                          system log. This is VERY useful. It contains the
                          NUAs of the systems which called the XMUX, and it
                          contains the UIDs if used. 
                 As you can see, the XMUX is rather complicated upon 
                 first look, but it is actually fairly simple. The easiest
                 way to grab the node name is to call the LOGGER. 
                 The logger MUST be present, always. It is a non-removable
                 default. The LCN may be removed, but the mnemonic must stay.
                 I explained mnemonics earlier, but i'll refresh your memory.
                 To use the mnemonic, simply type the NUA, followed by a comma
                 and then the mnemonic, ie;
                                12300456,LOGGER
                 The very first thing in the data string you see is the node
                 name. If it is a blank space, you have run across a rarity,
                 a XMUX without a node name. 
                 The node name is THE most popular thing other than the other
                 common passwords.
                 Try combinations of it, and combinations of it along with
                 the words XMUX and MUX.
                 And of course, if a herald is used, use whatever you can find
                 in the herald.
                 But again, if it is a company, they love to use the company
                 name or acronym as a password, and that acronym or name will
                 often be the node name.
                 Ok, have fun..

                 COMMON ACCOUNTS

                 Console Passwords
                 -----------------
                 CONSOLE
                 XMUX
                 GANDALF
                 SYSTEM
                 PASSWORD
                 MUX
                 XMUX1
                 SYS
                 (node name)

                 One other thing. I did not include the profile or remote 
                 profile names, or the UIDs, as they are as far as i know 
                 inapplicable from remote.  
                 And a final comment. XMUXs are powerful and potentially
                 extremely harmful to a network. DO NOT DELETE ANYTHING. The
                 only submenus you will have reason to access are 'DEFINE' and
                 'DISPLAY'. Don't boot people off channels or add console
                 passwording or remove profiles..you will end up with your ass
                 in jail. Taking down a network is less than funny to the 
                 people that run it. Explore, don't harm. 

STARMASTER-      The Starmaster/PACX 2000 is still a somewhat mysterious 
/PACX            system, but i have now explored all the security barriers as
                 well as the network and the internal functions, so i feel 
                 this is fairly complete.
                 The Starmaster/PACX system is a networking/server system made
                 by, again, Gandalf Technologies Inc., Gandalf of Canada Ltd.,
                 in Canada, and is also known informally (and some what 
                 incorrectly) as the 'Gandalf Access Server.' The Access is
                 similar, but different, as described later.
                 It is a fairly popular system on Datapac, and has some usage
                 in other regions of the world. Again, it is used mainly 
                 on Packet-Switched Networks, although, thanks to the dialing
                 directory of a Sam24V outdial on a Starmaster, I have  
                 discovered that Starmasters do indeed have dialin access.
                 The first possible security barrier is the dialin password,
                 which is rarely used, but you should know about.
                 The prompt is usually ;
                    DIALIN PASSWORD?
                 But can be changed, although it should remain similar.
                 Dialin passwords are 1 to 8 characters, and are usually
                 one of the following defaults;
                    GANDALF SERVER PACX NET NETWORK STARMAST DIALIN PASSWORD 
                    ACCESS 
                 If the Starmaster has a XMUX resident(explained in previous
                 system definition; XMUXs), find out the node name and try it.
                 The next possible security barrier is that the sysadmin 
                 desires the users to enter a username/password before 
                 entering the server.
                 You will find yourself at a prompt such as;
                    USERNAME?
                 This is the most common prompt.       
                 Usernames are 1 to 8 characters, and the Starmaster will let
                 you know if it is wrong or not with an error message such as;
                    INCORRECT USERNAME
                         or
                    INVALID RESPONSE
                 This, like the username prompt, can be changed, but it will
                 usually be in all-caps.
                 You are allowed between 1 and 10 attempts at either a valid
                 username or a valid password, depending on the owners 
                 preference.
                 This means(if it is set to ten tries) you can enter 9 invalid
                 usernames, and on the tenth enter a valid username, then have
                 10 attempts at a valid password.
                 The defaults for this(which i will list later also) prompt
                 are;    TEST, TESTUSER, TESTER, GANDALF, SYSTEM, GUEST
                         USER, HP, CONSOLE, and finally OPERATOR.
                 Also, first names will work usually.
                 The next prompt you will face, or the first one if usernames
                 are not implemented, is the server prompt. This is the main
                 user prompt for a Starmaster, all major user commands are 
                 used from here.
                 But as you can guess, commands aren't used really, it is 
                 service names you desire.
                 Sometimes you will get a list upon entering the server, but
                 other times you will just hit the server prompt, which 
                 usually looks something like;
                      SERVICE?
                         or
                       CLASS?
                         or even
                       service?
                         or
                       class?
                         or
                       service
                 Or whatever the sysadmin feels like. 'SERVICE?' is the 
                 default, and the most common.
                 Keep in mind that the services CAN be passworded, but 
                 rarely are. In the case of passwording, use your imagination.
                 Another thing; from the PACX console, where the services are
                 defined, there is an option which decides whether the service
                 is allowed for remote users. If this is set to NO, then you 
                 are out of luck, you have to be in the workstation to use the
                 command. This is common for the CONSOLE and the MAIL, and 
                 occasionally modems and PADs. You will get an error message 
                 something like 'SERVICE NOT ALLOWED'.
                 I will give a more complete list of common services, but
                 I will list the defaults and the major ones now.

                 PAD, X25, X28-   Will commonly take you to a Gandalf PAD,
                 (or name of      for which the default prompt is '*'.
                 your PSN)        'HELP' will bring up a list of commands.
                 MAIL         -   A non-removable default, but i've never 
                                  seen it with the remote access flag in the
                                  ON position.
                 CONNECT      -   Another non-removable default which i have
                                  never seen with the remote access flag in 
                                  the on position.
                 MODEM, DIAL  -   And variations therof. The common outdial
                                  is the Gandalf made Sam24V, which comes with
                                  a great set of help files.
                 CONSOLE      -   The motherlode. The system controller,
                                  maintenance computer, test machine, and
                                  all of that. DON'T confuse the PACX console
                                  with the XMUX console, they are two very 
                                  different things.
                                  The console should be protected by the 
                                  sysadmin with his/her life, as every faction
                                  of the Starmaster is controlled from within
                                  the Console. 
                                  The CONSOLE is a non-removable service from
                                  the server, BUT remote access can be removed
                                  thus cutting off our means of getting to it.
                                  Try it first, if it works the screen will
                                  scroll down a number of lines and give this
                                  herald/prompt;
                            GANDALF TECHNOLOGIES INCORPORATED, COPYRIGHT 1990
                            OPERATOR NAME? 
                                  This is not changable, it will remain the
                                  same except for possibly the copyright date.
                                  There can be 8 operators at the most, and
                                  they will have 1 to 8 characters in their
                                  name and password. And again, the PACX will
                                  tell you if your operator name is incorrect.
                                  You will be allowed 1 to 10 attempts at the
                                  login name and then it resets to 0 for the
                                  password attempt when you've found an 
                                  operator name, but same limit.
                                  The same defaults for the usernames work
                                  here, if you are lucky, with the exception
                                  of HP. I'll list them again at the end.
                                  Once you get in, it is all menued and 
                                  explanatory. DON'T FUCK THINGS UP. By that 
                                  I mean deleting or modifying. Look. There 
                                  is MUCH to see. The PACX console is 
                                  incredibly powerful, and you will have much 
                                  more fun exploring it.
                                  Besides, once you are in the console, the 
                                  game is over. You have control over all the
                                  services, users, and all security barriers.
                                  If you get a high level console account,
                                  you are the God of the PACX, no joke.

                 COMMON ACCOUNTS

                 Usernames        Passwords
                 ---------        ---------
                 CONSOLE          CONSOLE, PACX, GANDALF, OPERATOR, SYSTEM
                 GAND             GAND
                 GANDALF          GANDALF, SYSTEM, PACX, STARMAST, SYS
                 GUEST            GUEST, VISITOR, USER
                 HP               HP
                 OPERATOR         OPERATOR, SYSTEM, SYSLIB, LIB, GANDALF
                 SYSTEM           SYSTEM, SYS, OPERATOR, PACX, SYS, GANDALF
                 TEST             TEST, TESTUSER, USER, TESTER
                 TESTUSER         TEST, TESTUSER, USER, TESTER
                 TESTER           TEST, TESTUSER, USER, TESTER
                 USER             USER, GUEST, TEST, VISITOR, GANDALF
                 (i've never seen an account such as MAINT, but i would guess
                  one exists, along with standard system defaults. Try 
                  anything outside these lines)

                 Services
                 --------
                 1 (if it works; higher)
                 A (through Z)
                 10 (if it works; higher in sequence of tens) 
                 BBS
                 CLUSTER
                 CONNECT
                 CONSOLE
                 DATABASE
                 DATAPAC
                 DEC
                 DIAL
                 DIALOUT
                 FILES
                 FTP
                 GATEWAY
                 GEAC
                 HELP
                 HP
                 INTERNET
                 LIB
                 LIBRARY
                 LOOP
                 MAIL
                 MENU
                 MODEM
                 MUX
                 NET
                 NETWORK
                 OUT
                 OUTDIAL
                 PACX12
                 PACX24
                 PACX96
                 PAD
                 PRIME
                 PRIMOS
                 PROD
                 SALES
                 SERVER
                 SUN
                 SUNOS
                 SYS
                 SYSTEM
                 TELNET
                 TYMNET
                 UNIX
                 VAX
                 VMS
                 X25
                 X28
                 XCON
                 XGATE
                 XMUX

                 And anything else you can think of.
                 First names are also fairly common.

                 Operator Name     Password
                 -------------     --------
                 TEST             TEST, TESTUSER, USER, TESTER
                 TESTUSER         TEST, TESTUSER, USER, TESTER
                 TESTER           TEST, TESTUSER, USER, TESTER
                 GANDALF          GANDALF, SYSTEM, PACX, CONSOLE, SYS
                 GUEST            GUEST, VISITOR, USER
                 SYSTEM           SYSTEM, SYS, OPERATOR, PACX, SYS, GANDALF
                                  CONSOLE
                 USER             USER, GUEST, TEST, VISITOR, GANDALF
                 OPERATOR         OPERATOR, SYSTEM, CONSOLE, GANDALF
                 CONSOLE          CONSOLE, PACX, GANDALF, OPERATOR, SYSTEM
                 SYS              SYS, SYSTEM, GANDALF, PACX, CONSOLE

                 And again, try first names and ANYTHING you can think of.
                 Getting into the console should be your main objective.

ACCESS2590-      The Access2590 is another Gandalf creation. While it is a
                 server system, it is different in some respects to a PACX.
                 The Starmaster generally only connects computers on a local
                 or wide area network(they do connect to X.25 & IP addresses,
                 but they *usually* don't), while the Access 2590 connects
                 to local & wide area network services, X.25 address, and IP
                 addresses with suprising versatility. The PACX is, however,
                 in much wider distribution.
                 It will usually have an initial herald screen, often letting
                 you know that it is indeed an Access server made by Gandalf. 
                 If the operator wishes he can include a menu of services 
                 with their respective descriptions in this provided space.
                 Then you will find yourself at a prompt, the default being
                 "Access 2590 >". I haven't seen any sort of initial 
                 protection before you hit that prompt, but i'm betting it
                 does exist, and it probably goes along the lines of the PACX.
                 Follow the trend I set with the PACX and you should do fine.
                 Anyways, the one thing I like so much more about the Access
                 2590 compared to the Starmaster is the command "show symbols"
                 . That was one of the big problems from a hacking point of
                 view with the PACX; it doesn't have a command available to
                 show you the services. If you get console access on the PACX 
                 you can get a listing of services that way, but you simply
                 cannot hack a console account everytime, and besides that
                 often the owner will have turned the remote console access
                 flag off.
                 If the operator wanted to give you help with services he had 
                 to take the initiative himself and design a herald screen or 
                 implement a help service, and few do. But the "show symbols" 
                 on an Access will give you a listing of all the available 
                 "symbols", which is Gandalf's term for services. Connect to 
                 them with "c xxx" where "xxx" is of course the service.
                 And yes, to you eager folks who have tasted the PACX 
                 console's power, the Access does have a console. Type "c 
                 console" to get to it. 
                 Follow the PACX's guidelines, and you'll do fine.

PICK-            The PICK system was created by Dick Pick(no joke), and is
                 a fairly widespread system, there are a few of them out there
                 on the major PSNs. I really dislike PICK, but for those of 
                 you wishing to try it yourself, it is a fairly easy hack.
                 A normal PICK login prompt looks somewhat like;
                      07 JUN 1993 04:00:21 Logon please:
                 Additional data can be entered in that line, and a header
                 may be used above that. However, PICKs are usually 
                 recognizable by that logon prompt which will normally 
                 contain the date and time, as well as the 'Logon please:'.
                 If you aren't sure, enter the username 'SYSPROG', in ALL CAPS
                 , as PICK is case sensitive and SYSPROG will be in capitals.
                 SYSPROG is the superuser(or as PICK calls it the 'Ultimate
                 User') and is similar to root on a Unix; it must be present.
                 PICK lets you know when you've entered an invalid Username,
                 which is helpful when finding valid accounts.
                 Experiment with the upper and lower case if you wish, but
                 upper case is the norm.
                 The people who make PICK like to think of PICK as more a
                 DBMS than an OS, and it is often sold just as that. Because
                 of that, you may find it on Unix, MPE, and Primos based
                 systems among others.
                 One last note, internal passwording is possible on the PICK,
                 so don't be too suprised if you think you've found an 
                 unpassworded system only to be hit by a password before the
                 internal prompt.

                 COMMON ACCOUNTS

                 Usernames          Passwords
                 ---------          ---------
                 1
                 ACC
                 ACCT
                 ACCTNAME
                 ACCUMATH 
                 ACCUPLOT
                 ACCUPLOT-DEMO      ACCUPLOT, DEMO
                 ARCHIVE
                 AUDITOR
                 AUDITORS
                 BACKUP
                 BATCH
                 BLOCK-CONVERT 
                 BLOCK-PRINT
                 COLDSTART
                 COMBINATION
                 COMM
                 COMTEST
                 CPA 
                 CPA.DOC            CPA, DOC
                 CPA.PROD           CPA, PROD
                 CTRL.GROUP         CTRL, CONTROL
                 DEMO 
                 DA
                 DCG
                 DEV
                 DM                 DATA, MANAGER, MAN, MGR, DATAMGR, DATAMAN
                 DOS
                 ERRMSG 
                 EXCEPTIONAL
                 EXECUTE-CONTROL
                 EXPRESS.BATCH      EXPRESS, BATCH
                 FILE-SAVE          FILESAVE, SAVE
                 FILE-TRANSFER
                 FINANCE 
                 FLUSHER
                 FMS
                 FMS.PROD           FMS, PROD
                 GAMES 
                 GAMES.DOS          GAMES
                 GENERAL
                 INSTANT
                 INSTANT.DOS        INSTANT
                 JOB 
                 KILL
                 LEARN
                 LEARN.DLR          LEARN, DLR, LEARNDLR
                 LOGON
                 LOTUS
                 LOTUS.DOS          LOTUS
                 MAIL.BOX           MAIL 
                 MINDER
                 MODEM-SECURITY
                 MOTD.DATA          MOTD
                 NETCOM
                 NET.OFF
                 NETOFF
                 NETUSER 
                 NETWORK
                 NEWAC
                 NOLOG
                 OLD.USER
                 ON-LINE-DIAGS      DIAGS 
                 PERFECT-BKGRND
                 POINTER-FILE
                 PRICE.DOS          PRICE
                 PRICES.DOS         PRICES
                 PROCLIB            PROC, LIBRARY, LIB
                 PROD
                 PROMCOR
                 PROMIS-ARCHIVE     PROMIS, ARCHIVE
                 PROMIS-BKGRND      PROMIS, BKGRND
                 PROMO
                 PWP 
                 QA                 QUALITY, CONTROL
                 SCC.SYSPROG        SCC, SYSPROG
                 SCREENLIB
                 SECURITY
                 SET.PLF            SET, PLF, PLFSET
                 SL
                 SPSYM
                 STUDENT
                 SUPPORT
                 SYM.DOS            SYM
                 SYS
                 SYS.DOC            SYS
                 SYSLIB             SYSTEM, LIBRARY, SYS, LIB
                 SYSPROG            SYSTEM, PROGRAM, SYS, PROG, OPERATOR, DM
                 SYSPROG-PL         SYSPROG, PL
                 SYSTEM-ERRORS
                 TCL
                 TEMP
                 TEMP-SYSPROG       TEMP, SYSPROG
                 TEST
                 TEST-BKGRND        TEST
                 TRAINING
                 TRY.DOS            TRY
                 ULTICALC
                 ULTILINK
                 ULTIMATION 
                 UNIMAX
                 WORDS
                 WP
                 WP.DOS             WP
                 WP42.DOS           WP, WP42
                 WP50.DOS           WP, WP50
                 WP51               WP, WP51
                 WP51.DOS           WP, WP51
                 XES

AOS/VS-          AOS/VS is made by Data General Corporation(DGC), and is in
                 my opinion the worst operating system i've seen yet.
                 But, in the quest of knowledge, and to broaden your computer
                 horizons, i suggest that you try to hack even this system, 
                 for what it's worth.
                 The AOS/VS will usually readily identify itself with a 
                 banner such as;
                 (yes, i'm overstepping my margin, i apologize)

       **** AOS/VS Rev 7.62.00.00 / Press NEW-LINE to begin logging on ****

       AOS/VS 7.62.00.00 / EXEC-32 7.62.00.00  11-Jun-93  0:27:31      @VCON1

                Username: 

                The username prompt looks deceivingly like a VMS, but it is
                not, and you can be sure by entering garbage for the username
                and password. The AOS/VS will reply;
                      Invalid username - password pair
                AOS/VS will not let you know when you've entered an incorrect
                username.
                And a standard system will let you have 5 tries at a username/
                password combination, but after that it gives this annoying
                message;
                    Too many attempts, console locking for 10 seconds
                Having the system lock for 10 seconds does really nothing to 
                the hacker, except slow brute forcing down a small bit(10 
                seconds).
                Anyways, once inside 'HELP' will give you a set of help files
                which i didn't enjoy too much, and 'WHO' will list the users
                online.

                COMMON ACCOUNTS

                Username        Password
                --------        --------
                guest
                op              operator, op
                sysmgt          sys, mgt, system, man, mgr, manager
                test
                user

RSTS-           Probably the oldest OS that is still out there is RSTS. RSTS
                was a very common OS a decade or so ago, but is now nearing
                extinction. However, there are still a few out there on PSNs,
                and thus you might want to attempt to hack in.
                The RSTS will usually identify itself like;
                    RSTS V9.7-08    93.06.10    02:36   
                    User: 
                Before attempting to hack, try the SYSTAT command. It is 
                likely it will be disabled, but it is worth a try.
                RSTS will tell you if the ID you've entered is incorrect with
                the error message;
                    ?Invalid entry - try again
                The UIDs are in the format xxx,yyy , where x and y are digits.
                Just guess at UIDs until you hit one with a password.
                Also, the IDs will generally not go above 255 in both the x 
                and y spots(ie: 255,255 is generally the highest ID).

                COMMON ACCOUNTS

                User ID    Password
                -------    --------
                1,2        SYSLIB

WNT-            I really don't know much about Windows NT, mostly having to
                do with the fact that it was just released a little while ago
                and I have not seen it in action to this date. I don't know
                at what time in the future it will become widespread, but for
                you future hackers I did a little research and came up with 
                the two manufacturer defaults; administrator and guest. Both
                come unpassworded.. administrator is the equivalent to root
                on a Unix, and guest is just as you'd expect .. a low level
                guest account. Interestingly enough, in the manuals I saw WNT
                sysadmins were encouraged to keep the guest account...
                unpassworded at that! Highly amusing.. let's see how long that
                lasts! Anyways..
                Oh yeah.. case sensitive, too.. I'm pretty sure it is 
                lowercase, but it is possible that the first letter is 
                capitalized. Remember that when attempting to brute force new
                accounts. Oh, and keep in mind possible accounts such as 
                "test" and "field" and the such.

                COMMON ACCOUNTS

                Username
                --------

                administrator
                guest

NETWARE-        Novell Netware is the most common PC LAN software and is a 
                popular among high-schools. The internal (and external for
                that matter) security is poor.

                COMMON ACCOUNTS

                Username        Password 
                --------        --------
                admin           operator, supervisor, sysadm
                backup
                guest           visitor, user
                netware
                novell          netware
                public
                remote
                server
                staff
                supervisor      admin, operator, sysadm, supervis, manager
                system1
                tape            backup
                test            testuser
                user
                visitor         guest

Sys75/85-       AT&T's System75/85 have made a big splash in recent months
                despite their being around for years previous.. mostly due
                to codez kids discovering the PBX functions. 
                Anyways, the hype has pretty much died down so it is probably
                safe to post the defaults. If you don't like my doing this, 
                suck yourself. Anyone with access to this file probably has
                them by now anyways. And if not, all the better. Free 
                information has always been one of our primary goals, and I
                don't intend to change that for some insecure pseudo-hackers.

                COMMON ACCOUNTS

                Username    Password
                --------    --------
                browse      looker
                craft       crftpw, craftpw
                cust        custpw
                field       support
                inads       indspw, inadspw
                init        initpw
                rcust       rcustpw

AS400-          Another OS that was only really in use before my time, AS-400
                is IBM made. I pulled this from the old UPT messages, thanks
                to anybody who contributed.
                It should in fact identify itself as an AS-400 at login time.
                I'm unsure of the case-sensativity of the characters.. i'll
                enter them as lowercase, but if unsuccessful use caps.

                COMMON ACCOUNTS

                Username    
                --------    
                qsecofr     
                qsysopr
                quser
                sedacm
                sysopr
                user

TSO-            An IBM product, TSO can be found stand alone, but is commonly
                found off an ISM.
                Upon connect you should see a login prompt that looks like:
                    IKJ56700A   ENTER USERID-
                Or something close.
                It will tell you if the username entered is incorrect:
                    IKJ5642OI   USERID xxx NOT AUTHORIZED TO USE TSO
                    IKJ56429A   REENTER-
                Occasionally some of the accounts will have the STC attribute
                and can not be used for remote login.

                COMMON ACCOUNTS

                Username    Password
                --------    --------
                admin       adm, sysadm, op 
                guest       
                init
                maint
                systest     test
                test1       test
                tso

BRUTE FORCE
===========
-----------

Passwords
=========

    Occasionally you will find yourself in a position where you wish to 
penetrate a system, but defaults are taken off and social engineering is not
possible. 
    The dedicated hacker then begins the tedious process of trying password
after password, hoping to crowbar his way into the system. Thus the term 
'Brute Force' was born, aptly describing this process.
    Brute force is the absolute ugliest way of obtaining an account, but is
is often effective. It is ugly for a number of reasons, having to do with the
fact that you will have to call the system hundreds of times if the account is
not easily brute forced.
    However, first i will explain a modified form of brute force; intelligent
brute force. In this process, the hacker tries the users first name, as that
is the most common password of all, and a database of 20-100 common passwords.
    The difference between this and the normal brute forcing is you cut your
time down considerably, but your chances of getting in go down as well. 
    Normal brute forcing is rarely done nowadays; the greats of yesterday 
would spend 6 hours at a sitting trying passwords, but people nowadays seem to
think 5 minutes is sufficient. Ugh. 
    If standard brute forcing is done, it is accomplished with automation, 
usually. Meaning the hacker will set up a program or a script file to spew out 
dictionary passwords for him, then go to the movies or whatever. Obviously, 
any way you do it, standard brute forcing is fairly dangerous. A sysadmin is 
more likely to notice you trying a username/password 2000 times than 50. If
you choose to do automated brute forcing, it might be a good idea to set up
a hacked system to do it for you, such as a procured Unix. I would not, 
however, suggest wasting the powers of a Cray on such a menial task as brute
force. You can only go as fast as the host system will let you. The danger 
in this is obvious, you will have to be connected to the remote system for
a long time, leaving you wide open for a trace. It is up to you.
    And, of course, brute forcing requires a username. If you don't have a 
username, you are probably out of luck.
    One thing you should definetly do is make a list of first names, and make
it fairly complete. Buy/steal a baby names book or look inside your phone 
book and copy down the more commmon names on to a piece of paper or into a 
file. Other than first names, husband/wife, boyfriend/girlfriend and 
childs names are the most common passwords.
    Ok, here are the basics to intelligent brute force hacking;
        1. try the users first name
        2. try your list of first names, male and female
        2. try the users first name, with a lone digit(1 to 9) after the 
           username
        3. try the users first name, with a lone digit(1 to 9) after the
           username
        4. try the users first name, with a letter appended to the end(A to Z)
        5. try anything related to the system you are on. If you are on a 
           VAX running VMS on the Datapac PSN, try VAX, VMS, Datapac, X25, etc
        6. try anything related to the company/service the system is owned by.
           if the user is on a system owned by the Pepsi Cola company, try
           Pepsi, Cola, Pepsico, etc. 
        7. finally, try passwords from your list of common passwords. your 
           list of common passwords should not be above 200 words.
           The most popular passwords are;
                password secret money sex smoke beer x25 system 
                hello cpu aaa abc fuck shit 
           Add on popular passwords to that as you see fit.
           Remember; most passwords are picked spontaneously, on whatever 
           enters the users mind at that time(you know the feeling, i bet).
           Attempt to get into the users mind and environment, to think what
           he would think. If you can't do that, just try whatever comes to 
           your mind, you'll get the hang of it.

Brute Forcing User Names
========================

    A different form of brute force is that when you need a username to 
hack passwords from. In order to guess a valid username, you must be on a 
system that informs you when your username is invalid; thus VMS and Unix are
out of the question.
    There are two types of usernames(by my definition); user and system.
    The user usernames are the standard user's usernames. Examples would be 
John, Smith, JMS, JSmith, and JohnS.
    The system usernames are special usernames used by the system operators 
to perform various functions, such as maintenance and testing. Since these 
usernames are not owned by actual people(usually), they are given a name which
corresponds to their function.
    Guessing either type is usually fairly easy.
    User usernames are standardly in one of 2 formats; first name or last name
the more common format being first name. Less common formats are initials, 
first initial/last name, and first name/last initial. Occasionally the 
username formats will have nothing to do with names at all, and will instead
be 6 or 8 digit numbers. Have fun.
    The users of a system will almost always have the same format as
each other. When you guess one, guessing more shouldn't be too hard. 
    For first names, again consult the list you made from the baby names book.
    For last names, construct a list of the most common last names, ideally
out of the phone book, but if you are too lazy your mind will do fine. SMITH
and JONES are the most common non-foreign names.
    For initials, use common sense. Guess at 3 letter combinations, and use
sensible formats. Meaning don't use XYZ as a rule, go for JMS, PSJ, etc, to
follow along with common first names and last names.
    If you are getting no luck whatsoever, try switching your case(ie: from
all lower case to all upper case), the system might be case sensitive.
    Usually guessing system names shouldn't be necessary; I gave a default
list for all the major systems. But if you run across a system not listed, you
will want to discover defaults of your own. Use common sense, follow along 
with the name of the new OS and utilities that would fit with that name. 
Attempt to find out the username restrictions for that system, if usernames
have to be 6 characters long, try only 6 character user names.
And finally, here is a list of common defaults(they are capitalized for
convienience, but as a rule use lower case);
        OPERATOR SYSOP OP OPER MANAGER SYSMAN SYSMGR MGR MAN ADMIN
        SYSADMIN ADM SYSADM BOSS MAIL SYSTEM SYS SYS1 MAINT SYSMAINT
        TEST TESTER TESTUSER USER USR REMOTE PUB PUBLIC GUEST VISITOR
        STUDENT DEMO TOUR NEWS HELP MGT SYSMGT SYSPROG PROD SALES
        MARKET LIB LIBRARY FILES FILEMAN NET NETWORK NETMAN NETMGR
        RJE DOS GAMES INFO SETUP STARTUP CONTROL CONFIG DIAG SYSDIAG
        STAT SYSDIAGS DIAGS BATCH SUPRVISR SYSLIB MONITOR UTILITY
        UTILS OFFICE CORP SUPPORT SERVICE FIELD CUST SECURITY WORD
        DATABASE BACKUP FRIEND DEFAULT FINANCE ACCOUNT HOST ANON
        SYSTEST FAX INIT INADS SETUP

Brute Forcing Services
======================

    There is also the time when you are on a server system, and you need 
places to go. You will surely be told if the service you've entered is 
incorrect, so just try things that come to mind, and the following list;
(the server may be case sensitive..use upper or lower case as you wish)
(NOTE: Try digits(1 +) and letters(A-Z) also)
        SERVER NETWORK NET LINK LAN WAN MAN CONNECT LOG LOGIN HELP DIAL 
        OUT OUTDIAL DIALOUT MODEM MODEMOUT INTERNET TELNET PAD X25 X28 FTP 
        SYSTEM SYS SYS1 SYSTEM1 UNIX VAX VMS HP CONSOLE INFO CMDS LIST 
        SERVICES SERVICE SERVICE1 COMP COMPUTER CPU CHANNEL CHANNEL1 CH1 
        CH01 GO DO ? LOG ID USERS SHOW WHO PORT1 PORT NODE1 NODE LINK1 
        DISPLAY CONFIG CONTROL DIAGS SYSDIAGS DIAG SYSDIAG HELLO EMAIL 
        MAIL SET DEFINE PARAMS PRINT PHONE PHONES SESSION SESSION1 BEGIN 
        INIT CUST SERVICE SUPPORT BUSINESS ACCT ACCOUNT FINANCE SALES 
        BUFFER QUEUE STAT STATS SYSINFO SYSTAT FTP ACCESS DISK LIB SYSLIB
        LIBRARY FILES BBS LOOP TEST SEARCH MACRO CALL COMMANDS TYPE FIND
        ASK QUERY JOIN ATTACH JOB REMOTE COM1 COM CALLER LOGGER MACHINE
        BULLITEN CLUSTER RUN HELLO PAYROLL DEC 

SOCIAL ENGINEERING
==================
------------------

    While I am in no way going to go indepth on SE(social engineering) at this
point, i will explain the premise of SE to those new to it.
    Social engineering can be defined any number of ways, but my definition
goes along the lines of; "Misrepresentation of oneself in a verbal manner to
another person in order to obtain knowledge that is otherwise unattainable." 
Which in itself is a nice way of putting "manipulation, lying and general 
bullshitting".
    Social engineering is almost always done over the phone. 
    I'll give an example. The hacker needs information, such as an account, 
which he cannot get by simple hacking. He calls up the company that owns the
system he wishes to penetrate, and tells them he is Joe Blow of the Computer
Fixing Company, and he is supposed to fix their computers, or test them 
remotely. But gosh, somebody screwed up and he doesn't have an account. Could
the nice lady give him one so he can do his job and make everybody happy?
    See the idea? Misrepresentation of the truth; pretending to be someone you
aren't.
    If you are skeptical, you shouldn't be. SE is tried and true, due to the
fact that any company's biggest security leak is their employees. A company
can design a system with 20 passwords, but if an uncaring employee unwittingly
supplies a hacker with all of these passwords, the game is over.
    You *must* have the voice for it. If you sound like a 12 year old, you
aren't going to get shit. If you can't help it, there are telephone-voice 
changers(which any SE practicer should have anyways) that will do it for you.
    If the person wishes to contact higher authority(who will probably suspect
somethings up), get mad. Don't go into a rage, but do get angry. Explain that
you have a job to do, and be persuasive. 
    I won't go more into SE, there are tons of text files out there on it 
already. Just remember to keep calm, have a back up plan, and it is a good 
idea to have the script on paper, and practice it a bit before hand. If you 
sound natural and authorative, you will get whatever you want.
    And practice makes perfect.

TRASHING
========
--------

    Trashing is another thing i will not go too indepth on, but i will provide
a very quick overview.
    Trashing is the name given to the process of stealing a companies trash,
then rooting through it and saving the valuable information.
    Trashing is practiced most often on the various RBOCs, but if you are 
attempting to hack a system local to you, it might be a good idea to go 
trashing for a few weeks, you might find a printout or a scrap of paper with
a dialup or username and password written on it.

ACRONYMS
========
--------

    This is a basic list of H/P acronyms I've compiled from various sources.. 
it should be big enough to serve as an easy reference without being incredibly
cumbersome

ABSBH:    Average Busy Season Busy Hour
AC:       Area code
ACC:      Automatic Communications Control
ACC:      Asynchronous Communications Center
ACD:      Automatic Call Distributor
ACE:      Automatic Calling Equipment
ACF:      Advanced Communications Functions
ACN:      Area Code + Number
ADPCM:    Adaptive Differential Pulse Code Modulation
AIS:      Automatic Intercept System
ALFE:     Analog Line Front End
ALRU:     Automatic Line Record Update
AM:       Account Manager
AM:       Access Module
AM:       Amplitude Modulation
AMA:      Automatic Message Accounting
AMSAT:    American Satellite
AN:       Associated Number
ANI:      Automatic Number Identification
ANXUR:    Analyzer for Networks with Extended Routing
AOSS:     Auxiliary Operator Services System
AP:       Attached Processor
ARC:      Automatic Response Control
ARP:      Address Resolution Protocol
ARPA:     Advanced Reasearch Projects Agency
ARS:      Automatic Response System
ARSB:     Automated Repair Service Bureau
AT:       Access Tandem
ATB:      All Trunks Busy
ATH:      Abbreviated Trouble History
ATM:      Automated Teller Machine
ATM:      Asynchronous Transfer Mode
AT&T:     American Telegraph and Telephone Company
AVD:      Alternate Voice Data
BCD:      Binary Coded Decimal
BCUG:     Bilateral CUG
BELLCORE: Bell Communications Research
BGP:      Border Gateway Protocol
BHC:      Busy Hour Calls
BLV:      Busy Line Verification
BOC:      Bell Operating Company
BOR:      Basic Output Report
BOS:      Business Office Supervisor
BSC:      Binary Synchronous Module
BSCM:     Bisynchronous Communications Module
BSOC:     Bell Systems Operating Company
CA:       Cable
CADV:     Combined Alternate Data/Voice
CAMA:     Centralized Automatic Message Accounting
CATLAS    Centralized Automatic Trouble Locating & Analysis System
CAU:      Controlled Access Unit
CAVD:     Combined Alternated Voice/Data
CBC       Cipher Block Chaining
CBS:      Cross Bar Switching
CBX:      Computerized Branch Exchange
CBX:      Computerized Business Exchange
CC:       Calling Card
CC:       Common Control
CC:       Central Control
CC:       Country Code
CCC:      Central Control Complex
CCC:      Clear Channel Capability
CCC:      Central Control Computer  
CCIS:     Common Channel Interoffice Signalling
CCITT:    International Telephone and Telegraph Consultative Committee
CCM:      Customer Control Management
CCNC:     Common Channel Network Controller
CCNC:     Computer Communications Network Center
CCS:      Common Channel Signalling
CCSA:     Common Control Switching Arrangement
CCSA:     Common Central Switching Arrangement
CCSS:     Common Channel Signalling System
CCT:      Central Control Terminal
CCTAC:    Computer Communications Trouble Analysis Center
CDA:      Call Data Accumulator
CDA:      Crash Dump Analyzer
CDA:      Coin Detection and Announcement
CDAR:     Customer Dialed Account Recording
CDC:      Control Data Corporation
CDI:      Circle Digit Identification
CDO:      Community Dial Office
CDPR:     Customer Dial Pulse Receiver
CDR:      Call Dial Recording
CDS:      Cicuit Design System
CEF:      Cable Entrance Facility 
CERT:     Computer Emergency Response Team
CF:       Coin First
CGN:      Concentrator Group Number
CI:       Cluster Interconnect 
CIC:      Carrier Identification Codes
CICS:     Customer Information Control System
CID:      Caller ID
CII:      Call Identity Index
CIS:      Customer Intercept Service
CISC:     Complex Instruction Set Computing
CLASS:    Custom Local Area Signalling Service
CLASS:    Centralized Local Area Selective Signalling
CLDN:     Calling Line Directory Number
CLEI:     Common Language Equipment Identification
CLI:      Calling Line Identification
CLID:     Calling Line Identification
CLLI:     Common Language Location Indentifier
CLNP:     Connectionless Network Protocol
CMAC:     Centralized Maintenance and Administration Center
CMC:      Construction Maintenance Center
CMDF:     Combined Main Distributing Frame
CMDS:     Centralized Message Data System
CMIP:     Common Management Information Protocol
CMS:      Call Management System
CMS:      Conversational Monitoring System
CMS:      Circuit Maintenance System
CMS:      Communications Management Subsystem
CN/A:     Customer Name/Address
CNA:      Communications Network Application
CNAB:     Customer Name Address Bureau
CNCC:     Customer Network Control Center
CNI:      Common Network Interface
CNS:      Complimentary Network Service
CO:       Central Office
COC:      Central Office Code
COCOT:    Customer Owned Coin Operated Telephone
CODCF:    Central Office Data Connecting Facility
COE:      Central Office Equipment
COEES:    Central Office Equipmet Engineering System
COER:     Centarl Office Equipment Reports
COLT:     Central Office Line Tester
COMSAT:   Communications Satellite
COMSEC:   Communications Security
COMSTAR:  Common System for Technical Analysis & Reporting
CONS:     Connection-Oriented Network Service
CONTAC:   Central Office Network Access
COS:      Class of Service
COSMIC:   Common Systems Main Inter-Connection
COR:      Class Of Restriction
COSMOS:   Computerized System For Mainframe Operations
COT       Central Office Terminal
CP:       Control Program
CPBXI:    Computer Private Branch Exchange Interface
CPC:      Circuit Provisioning Center
CPD:      Central Pulse Distributor
CPMP:     Carrier Performance Measurement Plan
CRAS:     Cable Repair Administrative System
CRC:      Customer Record Center
CRC:      Customer Return Center
CREG:     Concentrated Range Extension & Gain
CRG:      Central Resource Group
CRIS:     Customer Record Information System
CRS:      Centralized Results System
CRSAB:    Centralized Repair Service Answering Bureau
CRT:      Cathode Ray Tube
CRTC:     Canadian Radio-Television and Telecommunications Commission
CSA:      Carrier Servicing Area
CSAR:     Centralized System for Analysis and Reporting
CSC:      Cell Site Controller
CSC:      Customer Support Center
CSDC:     Circuit Switch Digital Capability
CSP:      Coin Sent Paid
CSMA/CD:  Carrier Sense Multiple Access/Collission Detection
CSR:      Customer Service Records
CSS:      Computer Special Systems
CSS:      Computer Sub-System
CSU:      Channel Service Unit
CT:       Current Transformer
CTC:      Channel Termination Charge
CTC:      Central Test Center
CTM:      Contac Trunk Module
CTMS:     Carrier Transmission Measuring System
CTO:      Call Transfer Outside
CTSS:     Compatible Time Sharing System
CTSS:     Cray Time Sharing System
CTTN:     Cable Trunk Ticket Number
CTTY:     Console TeleType
CU:       Control Unit
CU:       Customer Unit
CUG:      Closed User Group
CWC:      City-Wide Centrex
DA:       Directory Assistance
DACC:     Directort Assistance Call Completion
DAA:      Digital Access Arrangements
DACS:     Digital Access and Cross-connect System
DACS:     Directory Assistance Charging System
DAIS:     Distributed Automatic Intercept System
DAL:      Dedicated Access Line
DAO:      Directory Assistance Operator
DAP:      Data Access Protocol 
DARC:     Division Alarm Recording Center
DARPA:    Department of Defense Advanced Research Projects Agency
DARU:     Distributed Automatic Response Unit
DAS:      Device Access Software
DAS:      Directory Assistance System
DAS:      Distributor And Scanner
DAS:      Dual Attachment Station
DASD:     Direct Access Storage Device
DBA:      Data Base Administrator
DBA:      Digital Business Architecture
DBAC:     Data Base Administration Center
DBAS:     Data Base Administration System
DBC:      Digital Business Center
DBM:      Database Manager
DBMS:     Data Base Management System
DBS:      Duplex Bus Selector
DCA:      Defense Communications Agency
DCC:      Data Country Code
DCC:      Data Collection Computer
DCE:      Data Circuit-Terminating Equipment
DCE:      Data Communicating Equipment
DCL:      Digital Computer Language
DCLU:     Digital Carrier Line Unit
DCM:      Digital Carrier Module
DCMS:     Distributed Call Measurement System
DCMU:     Digital Concentrator Measurement Unit
DCO-CS:   Digital Central Office-Carrier Switch
DCP:      Duplex Central Processor
DCS:      Digital Cross-Connect System
DCSS:     Discontiguous Shared Segments
DCSS:     Digital Customized Support Services
DCT:      Digital Carrier Trunk
DDCMP:    Digital Data Communications Message Protocol
DDD:      Direct Distance Dialing
DDN:      Defense Data Network
DDR:      Datapac Design Request
DDS:      Digital Data Service
DDS:      Digital Data System
DDS:      Dataphone Digital Service
DEC:      Digital Equipment Corporation
DES:      Data Encryption Standard
DF:       Distributing Frame
DGC:      Data General Corporation
DH:       Distant Host
DID:      Direct Inward Dialing
DIMA:     Data Information Management Architecture
DINS:     Digital Information Network Service
DIS:      Datapac Information Service
DISA:     Direct Inward System Access
DLC:      Digital Loop Carrier
DLS:      Dial Line Service
DM:       Demultiplexer
DMA:      Direct Memory Access
DN:       Directory Numbers
DNA:      Datapac Network Address
DNA:      Digital Named Accounts
DNA:      Digital Network Architecture
DNIC:     Data Network Identifier Code
DNR:      Dialed Number Recorder
DNS:      Domain Name Service
DNS:      Domain Name System
DOCS:     Display Operator Console System
DOD:      Department Of Defense
DOM:      District Operations Manager
DPSA:     Datapac Serving Areas
DPTX:     Distributed Processing Terminal Executive
DSC:      Data Stream Compatibility
DSI:      Data Subscriber Interface
DSL:      Digital Subscriber Line
DSN:      Digital Services Network
DSU:      Data Service Unit
DSU:      Digital Service Unit
DSX:      Digital Signal Cross-Connect
DTC:      Digital Trunk Controller
DTE:      Data Terminal Equipment
DTF:      Dial Tone First
DTG:      Direct Trunk Group
DTI:      Digital Trunk Interface
DTIF:     Digital Tabular Interchange Format
DTMF:     Dual Tone Multi-Frequency
DTN:      Digital Telephone Network
DTST:     Dial Tone Speed Test
DVM:      Data Voice Multiplexor
EAEO:     Equal Access End Office
EA-MF:    Equal Access-Multi Frequency
EBDI:     Electronic Business Data Interchange
EC:       Exchange Carrier
ECC:      Enter Cable Change
EDC:      Engineering Data Center
EDI:      Electronic Data Interchange
EE:        End to End Signaling
EEDP:     Expanded Electronic Tandem Switching Dialing Plan
EGP:      Exterior Gateway Protocol
EIES:     Electronic Information Exchange System
EIU:      Extended Interface Unit
EKTS:     Electonic Key Telephone Service
ELDS:     Exchange Line Data Service
EMA:      Enterprise Management Architecture
EO:       End Office
EOTT:     End Office Toll Trunking
EREP:     Environmental Recording Editing and Printing
ESA:      Emergency Stand Alone
ESB:      Emergency Service Bureau
ESN:      Electronic Serial Number
ESP:      Enhanced Service Providers
ESS:      Electronic Switching System
ESVN:     Executive Secure Voice Network
ETS:      Electronic Tandem Switching
EWS:      Early Warning System
FAC:      Feature Access Code
FAM:      File Access Manager
FCC:      Federal Communications Commission
FCO:      Field Change Order                     
FDDI:     Fiber Distributed Data Interface
FDM:      Frequency Division Multiplexing
FDP:      Field Development Program
FEP:      Front-End Processor
FEV:      Far End Voice
FIFO:     First In First Out
FIPS:     Federal Information Procedure Standard
FM:       Frequency Modulation
FMAP:     Field Manufacturing Automated Process
FMIC:     Field Manufacturing Information Center
FOA:      First Office Application
FOIMS:    Field Office Information Management System
FPB:      Fast Packet Bus
FRL:      Facilities Restriction Level
FRS:      Flexible Route Selection
FRU:      Field Replaceable Unit
FS:       Field Service
FSK:      Frequency Shift Keying
FT:       Field Test
FTG:      Final Trunk Group
FTP:      File Transfer Protocol
FTPD:     File Transfer Protocol Daemon
FX:       Foreign Exchange
GAB:      Group Access Bridging
GCS:      Group Control System
GECOS:    General Electric Comprehensive Operating System
GGP:      Gateway-to-Gateway Protocol
GOD:      Global Out Dial
GPS:      Global Positioning System
GRINDER:  Graphical Interactive Network Designer
GSA:      General Services Administration
GSB:      General Systems Business
GTE:      General Telephone
HCDS:     High Capacity Digital Service
HDLC:     High Level Data Link Control
HLI:      High-speed LAN Interconnect
HDSC:     High-density Signal Carrier
HPO:      High Performance Option
HUTG:     High Usage Trunk Group
HZ:       Hertz
IBM:      International Business Machines
IBN:      Integrated Business Network
IC:       Intercity Carrier
IC:       InterLATA Carrier
IC:       Interexchange Carrier
ICAN:     Individual Circuit Analysis Plan
ICH:      International Call Handling
ICM:      Integrated Call Management
ICMP:     Internet Control Message Protocol
ICN:      Interconnecting Network
ICPOT:    Interexchange Carrier-Point of Termination
ICUG:     International Closed User Group
ICVT:     Incoming Verification Trunk
IDA:      Integrated Digital Access
IDCI:     Interim Defined Central Office Interface
IDDD:     International Direct Distance Dialing
IDLC:     Integrated Digital Loop Carrier
IDN:      Integrated Digital Networks
IEC:      Interexchange Carrier
IMP:      Internet Message Processor
IMS:      Information Management Systems
IMS:      Integrated Management Systems
IMTS:     Improved Mobile Telephone Service
INAP:     Intelligent Network Access Point
INS:      Information Network System
INTT:     Incoming No Test Trunks
INWATS:   Inward Wide Area Telecommunications Service
IOC:      Interoffice Channel
IOC:      Input/Output Controller
IOCC:     International Overseas Completion Center
IP:       Intermediate Point
IP:       Internet Protocol
IPCF:     Inter-Program Communication Facility
IPCH:     Initial Paging Channel
IPCS:     Interactive Problem Control System
IPL:      Initial Program Load
IPLI:     Internet Private Line Interface
IPLS:     InterLATA Private Line Services
IPSS:     International Packet-Switched Service
IRC:      Internet Relay Chat
IRC:      International Record Carrier
ISC:      Inter-Nation Switching Center
ISDN:     Integrated Services Digital Network
ISIS:     Investigative Support Information System
ISO:      International Standards Organization
ISSN:     Integrated Special Services Network
ISU:      Integrated Service Unit
ISWS:     Internal Software Services
ITDM:     Intelligent Time Division Multiplexer
ITI:      Interactive Terminal Interface
ITS:      Interactive Terminal Support
ITS:      Incompatible Time-Sharing System
ITT:      International Telephone and Telegraph
IVP:      Installation Verification Program
IX:       Interactive Executive
IXC:      Interexchange Carrier
JCL:      Job Control Language
JES:      Job Entry System
KP:       Key Pulse
LAC:      Loop Assignment Office
LADS:     Local Area Data Service
LADT:     Local Area Data Transport
LAM:      Lobe Access Module
LAN:      Local Area Network
LAP:      Link Access Protocol
LAPB:     Link Access Protocol Balanced
LAPS:     Link Access Procedure
LASS:     Local Area Signalling Service
LASS:     Local Area Switching Service
LAST:     Local Area System Transport
LAT:      Local Area Transport
LATA:     Local Access Transport Area
LAVC:     Local Area VAX Cluster
LBS:      Load Balance System
LCDN:     Last Call Directory Number
LCM:      Line Concentrating Module
LCN:      Logical Channel 
LD:       Long Distance
LDEV:     Logical Device
LDM:      Limited Distance Modem
LDS:      Local Digital Switch
LEBC:     Low End Business Center
LEC:      Local Exchange Carrier
LEN:      Low End Networks
LENCL:    Line Equipment Number Class
LGC:      Line Group Controller
LH:       Local Host
LIFO:     Last In First Out
LIP:      Large Internet Protocol
LLC:      Logical Link Control
LM:       Line Module
LMOS:     Loop Maintenance and Operations System
LSI:      Large Scale Integration
LTC:      Line Trunk Controller
LU:       Local Use
LVM:      Line Verification Module
MAC:      Media Access Control
MAC:      Message Authentication
MAN:      Metropolitan Area Network
MAP:      Maintenance and Administration Position
MAP:      Manufacturing Automation Protocol
MAT:      Multi-Access Trunk
MAU:      Multistation Access Unit
MBU:      Manufacturing Business Unit
MCA:      Micro Channel Architecture
MCI:      Microwave Communications, Inc.
MCP:      Master Control Program
MCT:      Manufacturing Cycle Time
MCU:      Multi Chip Unit
MDR:      Message Detail Record
MDS:      Message Design Systems                                              
MDU:      Marker Decoder Unit
MF:       Multi-Frequency
MFD:      Main Distributing Frame
MFR:      Mult-Frequency Receivers
MFT:      Metallic Facility Terminal
MHZ:      Mega-Hertz
MIB:      Management Information Base
MIC:      Management Information Center
MIF:      Master Item File
MIS:      Management Information Systems
MJU:      MultiPoint Junction Unit
MLHG:     Multiline Hunt Group
MLT:      Mechanized Loop Testing
MNS:      Message Network Basis
MOP:      Maintenance Operation Protocol
MP:       Multi-Processor  
MPL:      Multischedule Private Line
MPPD:     Multi-Purpose Peripheral Device
MRAA:     Meter Reading Access Arrangement
MSCP:     Mass Storage Control Protocol
MSI:      Medium Scale Integration
MTBF:     Mean Time Between Failure
MTS:      Message Telecommunication Service
MTS:      Message Telephone Service
MTS:      Message Transport Service
MTS:      Mobile Telephone Service
MTSO:     Mobile Telecommunications Switching Office
MTU:      Maintenence Termination Unit
MUX:      Multiplexer
MVS:      Multiple Virutal Storage
MWI:      Message Waiting Indicator
NAM:      Number Assignment Module
NAS:      Network Application Support
NC:       Network Channel
NCCF:     Network Communications Control Facility
NCI:      Network Channel Interface
NCIC:     National Crime Information Computer
NCP:      Network Control Program
NCS:      Network Computing System
NCTE:     Network Channel Terminating Equipment
NDA:      Network Delivery Access
NDC:      Network Data Collection
NDIS:     Network Device Interface Specification
NDNC:     National Data Network Centre
NDS:      Network Data System
NDU:      Network Device Utility
NEBS:     Network Equipment Building System
NECA:     National Exchange Carriers Association
NFS:      Network File Sharing
NFS:      Network File System
NFT:      Network File Transfer
NI:       Network Interconnect
NI:       Network Interface
NIC:      Network Information Center
NIC:      Network Interface Card
NJE:      Network Job Entry
NLM:      Netware Loadable Modules
NLM:      Network Loadable Modules
NM:       Network Module
NMR:      Normal Mode Rejection
NOS:      Network Operating System 
NPA:      Numbering Plan Area
NPA:      Network Performance Analyzer
NSF:      National Science Foundation
NSP:      Network Services Protocol
NTE:      Network Terminal Equipment
NUA:      Network User Address
NUI:      Network User Identifier
OC:       Operator Centralization
OCC:      Other Common Carrier
OD:       Out Dial
ODA:      Office Document Architecture
ODDB:     Office Dependent Data Base
ODI:      Open Data Interface
OGT:      Out-Going Trunk
OGVT:     Out-Going Verification Trunk
OIS:      Office Information Systems
OLTP:     On-Line Transaction Processing
ONI:      Operator Number Identification
OPCR:     Operator Actions Program
OPM:      Outside Plant Module
OPM:      Outage Performance Monitoring
OR:       Originating Register
OS:       Operating System
OSI:      Open Systems Interconnection
OSL:      Open System Location
OSS:      Operator Services System
OST:      Originating Station Treatment
OTC:      Operating Telephone Company
OTR:      Operational Trouble Report
OUTWATS:  Outward Wide Area Telecommunications Service
PABX:     Private Automated Branch Exchange
PACT:     Prefix Access Code Translator
PAD:      Packet Assembler/Disassembler
PADSX:    Partially Automated Digital Signal Cross-Connect
PAM:      Pulse Amplitude Modulation
PAX:      Private Automatic Exchange
PBU:      Product Business Unit
PBX:      Private Branch Exchange
PC:       Primary Center
PCM:      Pulse Code Modulation
PCP:      PC Pursuit
PFM:      Pulse Frequency Modulation
PGA:      Pin Grid Array
PIN:      Personal Identification Number
PLA:      Programmable Logic Array
PLD:      Programmable Logic Device
PLS:      Programmable Logic Sequencer
PM:       Phase Modulation
PM:       Peripheral Module
PMAC:     Peripheral Module Access Controller
PMR:      Poor Mans Routing
PNC:      Primenet Node Controller
POC:      Point of Contact
POF:      Programmable Operator Facility
POP:      Point of Presence
POS:      Point Of Sale
POT:      Point of Termination
POTS:     Plain Old Telephone Service
PPN:      Project Program Number
PPP:      Point to Point Protocol
PPS:      Public Packet Switching
PPSN:     Public Packet Switched Network
PSAP:     Public Safety Answering Point 
PSDC:     Public Switched Digital Capability
PSDCN:    Packet-Switched Data Communication Network 
PSDN:     Packet-Switched Data Network
PSDS:     Public Switched Digital Service
PSN:      Packet-Switched Network
PSS:      Packet-Switched Service
PSW:      Program Status Word
PTE:      Packet Transport Equipment
PTS:      Position and Trunk Scanner 
PTT:      Postal Telephone & Telegraph
PVC:      Permanent Virtual Call
PVN:      Private Virtual Network
PWC:      Primary Wiring Center
QPSK:     Quadrature Phase-Shift Keying
RACF:     Resource Access Control Facility
RAO:      Revenue Accounting Office
RARP:     Reverse Address Resolution Protocol
RBG:      Realtime Business Group
RBOC:     Regional Bell Operating Company
RC:       Rate Center
RC:       Regional Center
RDB:      Relational Database
RDSN:     Region Digital Switched Network
RDT:      Restricted Data Transmissions
RDT:      Remote Digital Terminal
REP:      Reperatory Dialing
REXX:     Restructured Extended Executer Language
RFC:      Request For Comments
RIP:      Routing Information Protocol
RIS:      Remote Installation Service
RISC:     Reduced Instruction Set Computer
RISD:     Reference Information Systems Development
RJE:      Remote Job Entry
RLCM:     Remote Line Concentrating Module
RNOC:     Regional Network Operations Center
ROTL:     Remote Office Test Line
RPC:      Remote Procedure Call
RPE:      Remote Peripheral Equipment
RSA:      Reference System Architecture
RSB:      Repair Service Bureau
RSC:      Remote Switching Center
RSCS:     Remote Spooling Communications Subsystem
RSS:      Remote Switching System
RSU:      Remote Switching Unit
RTA:      Remote Trunk Arrangement
RTG:      Routing Generator
R/W:      Read/Write
RX:       Remote Exchange
SA:       Storage Array
SABB:     Storage Array Building Block
SAM:      Secure Access Multiport
SARTS:    Switched Access Remote Test System
SAS:      Switched Access Services
SAS:      Single Attachment System
SBB:      System Building Block
SABM:     Set Asynchronous Balanced Mode
SAC:      Special Area Code
SBS:      Satellite Business Systems
SC:       Sectional Center
SCC:      Specialized Common Carrier
SCC:      Switching Control Center
SCCP:     Signaling Connection Control Part
SCCS:     Switching Control Center System
SCF:      Selective Call Forwarding
SCF:      Supervision Control Frequency
SCM:      Station Class Mark
SCM:      Subscriber Carrier Module
SCP:      Signal Conversion Point
SCP:      System Control Program
SCP:      Service Control Point
SCR:      Selective Call Rejection
SDLC:     Synchronous Data Link Control
SF:       Single-Frequency
SFE:      Secure Front End
SIDH:     System Identification Home
SIT:      Special Information Tones
SLIC:     Subscriber Line Interface Card
SLIM:     Subscriber Line Interface Module
SLIP:     Serial Line Internet Protocol
SLS:      Storage Library System
SLU:      Serial Line Unit
SM:       System Manager
SMDI:     Storage Module Disk Interconnect
SMDR:     Station Manager Detail Recording
SMI:      System Management Interrupt
SMP:      Symmetrical Multi-Processing
SMS:      Self-Maintenance Services
SMS:      Station Management System
SMTP:     Simple Mail Transfer Protocol
SNA:      Systems Network Architecture
SNMP:     Simple Network Management Protocol
SONDS:    Small Office Network Data System
SOST:     Special Operator Service Treatment
SP:       Service Processor
SPC:      Stored Program Control
SPCS:     Stored Program Control System
SPCSS:    Stored Program Control Switching System
SPM:      Software Performance Montior
SQL/DS:   Structured Query Language/Data System
SRC:      System Resource Center
SS:       Signaling System
SSAS:     Station Signaling and Announcement System 
SSCP:     Systems Service Control Point
SSCP:     Subsystem Services Control Point
SSP:      Switching Service Points
SSS:      Strowger Switching System
ST:       Start
STC:      Service Termination Charge
STD:      Subscriber Trunk Dialing
STP:      Signal Transfer Point
STS:      Synchronous Transport Signal
SVC:      Switched Virtual Call
SWG:      Sub Working Group
SxS:      Step-by-Step Switching
T-1:      Terrestrial Digital Service
TAC:      Trunk Access Code
TAC:      Terminal Access Circuit
TAC:      Terminal Access Center
TAS:      Telephone Answering Service
TASI:     Time Assignment Speech Interpolation
TBU:      Terminals Business Unit
TC:       Toll Center
TCAP:     Transaction Capabilities ApplicationPart
TCC:      Technical Consulting Center
TCC:      Telecommunications Control Computer
TCF:      Transparent Connect Facility
TCM:      Time Compression Multiplexing
TCP:      Transmission Control Protocol
TDAS:     Traffic Data Administration System
TDCC:     Transport Data Coordinating Committee
TDM:      Time Division Multiplexer
TDMS:     Terminal Data Management System
TDS:      Terrestrial Digital Service
TH:       Trouble History
TIDE:     Traffic Information Distributor & Editor
TIS:      Technical Information Systems
TLB:      TransLAN Bridge
TM:       Trunk Module
TMSCP:    Tape Mass Storage Control Protocol
TNDS:     Total Network Data System
TNPS:     Traffic Network Planning Center
TO:       Toll Office
TOP:      Technical Office Protocol  
TOPS:     Traffic Operator Position System
TP:       Transport Protocol
TP:       Toll Point
TP:       Transaction Processing
TPC:      Transaction Processiong Performance Council
TREAT:    Trouble Report Evaluation and Analysis Tool
TRIB:     Throughput Rate in Information Bits
TRT:      Tropical Radio and Telephone
TSB:      Time Shared Basic Environment
TSG:      Timing Signal Generator
TSN:      Terminal Switching Network
TSO:      Time Sharing Option
TSPS:     Traffice Service Position System
TTL:      Transistor-to-Transistor Logic
TTS:      Trunk Time Switch
TWX:      Type Writer Exchange
UA:       Unnumbered Acknowledgement
UAE:      Unrecoverable Application Error
UART:     Universal Asynchronous Receiver Transmitter
UCS:      Uniform Communication Standard
UDC:      Universal Digital Channel
UDP:      User Datagram Protocol
UDVM:     Universal Data Voice Multiplexer
UID:      User Identifier
UPC:      Utility Port Conditioner
USC:      Usage Surcharge
USDN:     United States Digital Network
USTS:     United States Transmission Systems
UUCP:     Unix to Unix Copy Program
VAN:      Value Added Networks
VAX:      Virtual Address Extention
VCPI:     Virtual Control Program Interface
VDU:      Visual Display Unit
VF:       Voice Frequency
VFU:      Vertical Forms Unit
VFY:      Verify
VIA:      Vax Information Architecture
VLM:      Virtual Loadable Module
VLSI:     Very Large Scale Integration
VMB:      Voice Mail Box
VMCF:     Virtual Machine Communications Facility
VMS:      Virtual Memory System
VMS:      Voice Mail System
VM/SP:    Virtual Machine/System Product
VPA:      VAX Performance Advisor
VPS:      Voice Processing System
VSAM:     Virtual Storage Access Method
VSE:      Virtual Storage Extended
VTAM:     Virtual Telecommunications Access Method
VTOC:     Volume Table Of Contents
VUIT:     Visual User Interface Tool
VUP:      Vax Unit of Processsing
WAN:      Wide Area Network
WATS:     Wide Area Telecommunications System
WATS:     Wide Area Telephone Service
WC:       Wiring Center
WCPC:     Wire Center Planning Center
WDCS:     Wideband Digital Cross-Connect System
WDM:      Wavelength Division MultiPlexing
WES:      Western Electronics Switching
WUI:      Western Union International
XB:       Crossbar Switching 
XBAR:     Crossbar Switching
XBT:      Crossbar Tandem
XNS       Xerox Network Systems
XSV       Transfer Cost System Value
XTC       Extended Test Controller

CONCLUSION
==========
----------

Last words
==========

    Well, i sincerely hope that this file was of some use to you, and i would
encourage you to distribute it as far as you can. If you enjoyed it, hated it,
have suggestions, or whatever, feel free to email me at my Internet address(my
only permanent one for now) or at a BBS, if you can find me.
    Have phun...

        - Deicide -

Recommended Reading
===================
Neuromancer, Mona Lisa Overdrive, Count Zero and all the rest, by William
Gibson
The Hacker Crackdown, by Bruce Sterling
Cyberpunk, by Katie Hafner and John Markoff 
The Cuckoo's Egg, by Cliff Stoll
2600: The best h/p printed zine. $21 in American funds, U.S. & Canada.
      2600 Subscription Dept., P.O. Box 752, Middle Island NY 11953-0752
      Office: 516-751-2600   Fax: 516-751-2608
The issues of CUD, cDc, & Phrack electronic newsletters, and the LOD/H TJs, 
all of which can be found on the Internet and any good h/p oriented BBS. 

BBSes
=====

    Although most boards have a lifespan equivalent to that of a fruitfly,
I finally have a list which is somewhat stable.. getting on them is your 
problem.. just be yourself and be willing to learn. 
        - Unphamiliar Territories
        - Demon Roach Underground
        - Temple of the Screaming Electron
        - Burn This Flag
        - Dark Side of the Moon
        and Phrozen Realm if it returns..

References
==========

    All the material used in this publication is original unless specifically
stated otherwise.
    However, i'd like to thank Phrack and the LOD/H for their textfiles
which gave me a valuable push in the right direction..
    And of course all the great h/p folks who have helped me along the way..

And finally          
===========
Thanks to the EFF, for their continued support of all of the world's rights
in this technological era.
Thanks to all the folks running the FreeNets who continue to support the 
right to free access to information in this world of cynicism.
Thanks to cDc, for not selling out after all these years...
Musical inspirations: Primus, Rage Against the Machine, Jimi Hendrix, Led
Zeppelin, Dead Kennedys, White Zombie, the Beastie Boys, etc, etc.

"Yes I know my enemies. They're the teachers who taught me to fight me. 
 Compromise, conformity, assimilation, submission, ignorance, hypocrisy,
 brutality, the elite"
 - /Know Your Enemy/ (c) Rage Against the Machine

          - Deicide - 
    deicide@west.darkside.com

DISCLAIMER
==========
This file was provided for informational purposes only. 
The author assumes no responsibilities for any individual's actions after
reading this file.

Force Files Volume #8 (August 6, 1987)

                                      
F O R C E   F I L E S     Volume #8
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From The Depths Of  - THE REALM -, By:  ----====} THE FORCE {====----  08/06/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

NETCFG                                               (Obsolete command)
NETLINK                                  PRIMENET remote login facility
NSED                                          Invokes non-shared editor
NUMBER                            Numbers statements in a BASIC program
OAS                                    Invokes Office Automation System
OA_ADMIN                            Invokes OAS administrator functions
OA_TERM                                      Downloads PT65 Workstation
OFFICE_AUTOMATION                   (Office Automation System commands)
OPEN                                       Opens file on specified unit
OPRPRI                                               (Operator command)
ORIGIN                                      Returns to origin directory
OWLDSC                      Makes Owl terminal emulate 3277, under DPTX
PASCAL                                          Invokes PASCAL compiler
PASSWD                               Sets password on current directory
PHANTOM                Starts phantom execution of CPL or COMINPUT file
PHYRST                          Restores partition from physical backup
PHYSAV                                     Physical disk-to-tape backup
PL1G                                             Invokes PL1/G compiler
PM                                 Prints RVEC and register information
PMA                                       Invokes Prime Macro Assembler
POWER                  Invokes the POWERPLUS Data Management Subsystem
PRERR                                           Displays ERRVEC message
PRIME/SNA                               (Prime-IBM Interconnect System)
PRIMENET                                    Prime's networking software
PRIMEWAY        (Prime's transaction management and development system)
PRIMIX                                       Invokes PRIMIX environment
PRIMOS                                               (Operator command)
PRINT_NETLOG                                    Network logfile utility
PRINT_SCS         Prints a file containing SCS data streams (PRIME/SNA)
PRINT_SYSLOG                                     System logfile utility
PRISAM           (Prime's Recoverable Indexed Sequential Access Method)
PRMPC                         Prints file on parallel interface printer
PROP                         Displays information about system printers
PROTEC                                (Earlier form of PROTECT command)
PROTECT            Sets protection rights on file in password directory
PRSER                           Prints file on serial interface printer
PRTDSC                                  Controls DPTX printer emulation
PRVER                                    Prints file on printer_plotter
PSD                                       Loads Prime Symbolic Debugger
PSD20                                     Loads Prime SymbolicDebugger
PST100DSC                                   (Replaced by PTDSC command)
PT45DSC                    Makes PT45 terminal emulate 3277, under DPTX
PT46DSC                    Makes PT46 terminal emulate 3277, under DPTX
PTDSC          Makes PST 100 or PT200 terminal emulate 3277, under DPTX
PTELE                                    Accesses OAS Telephone Inquiry
RDY                                       Sets system and error prompts
RELEASE_LEVEL                           Discards unwanted stack history
REMOTE                                               (Obsolete command)
REMOVE_EPF                        Removes EPF from user's address space
REMOVE_PRIORITY_ACCESS                               (Operator command)
REMOVE_REMOTE_ID                    Removes user id from remote ID list
REN                                                Reenters a subsystem
REPLY                                                (Operator command)
RESTOR                                       Restores runfile to memory
RESTORE_RBF                             Activates an inactive ROAM file
RESUME                                                 Executes program
REV20               Lists releases of software valid for Rev. 20 PRIMOS
REVERT_PASSWORD        Reverts an ACL directory to a password directory
RJE                                                  (Remote Job Entry)
RJOP                                          Controls RJA workstations
RJQ                Queues an RJE file for transmission to a remote site
ROSAU                                 ROAM System Administrator Utility
RPG                                             Invokes RPG II compiler
RSTERM                         Empties terminal input or output buffers
RUNOFF                                                   Text formatter
RWLOCK                      Sets read-write lock on a file or directory
SAVE                                              Saves runfile to disk
SAVE_RBF                                   Archives a ROAM file to disk
SCHDEC                                            The Schema Decompiler
SCHED                                                 The Schema Editor
SCHEMA                                         The DBMS Schema Compiler
SEG                              Loading and execution command (V-mode)
SETIME                                               (Operator command)
SETMOD                                               (Operator command)
SET_ACCESS                       Sets protection on a file or directory
SET_DELETE                             Sets the delete switch on a file
SET_PRIORITY_ACCESS                                  (Operator command)
SET_QUOTA                                     Sets quota on a directory
SET_RBF                              Sets the attributes of a ROAM file
SET_SEARCH_RULES       Initializes user-specific entrypoint search list
SET_VAR                                 Sets value of a global variable
SHARE                                                (Operator command)
SHUTDN                                               (Operator command)
SIZE                    Displays size of files, segdirs, ufds, and ACLs
SLIST                                Displays file contents at terminal
SNADSC                      Provides terminal emulation under PRIME/SNA
SNA_3270                                   (PRIME/SNA Operator command)
SNA_3270_CONFIG                       (PRIME/SNA Administrator command)
SNA_PRINT                                  (PRIME/SNA Operator command)
SNA_SERVER                                 (PRIME/SNA Operator command)
SNAVSERVER_CONFIG                     (PRIME/SNA Administrator command)
SORT                                            Sorts one or more files
SPOOL                          Prints file on system printer or plotter
SPSS                                               Invokes SPSS product
SPY    Displays MIDASPLUS system statistics and configuration variables
START                                          Starts program in memory
STARTUP                                              (Operator command)
START_NET                                 Starts PRIMENET on local node
STATUS                                   Displays user or system status
STOP_NET                                Disables PRIMENET on local node
SVCSW                            Sets switch to handle SVC instructions
TCF                  Accesses remote IBM host from DPTX-configured 3277
TERM                                  Modifies terminal characteristics
TERMCAP                        (Terminal capability database for EMACS)
TIME                                      Displays time-used statistics
TP                                                     Invokes PRIMEWAY
TPLINK                                     Invokes PRIMEWAY via network
TRANSLATORS                                       (Prime's Translators)
TRANSPORT        Writes disk files to tape for transfer to another site
TRANSPORT_RELEASE                Releases TRANSPORT tape for future use
TRANSPORT_RESTORE             Restore TRANSPORT files from tape to disk
TREEWALKING                                          Inclusive pathname
TYPE                                    Prints line of text at terminal
UNASSIGN                                  Unassigns a peripheral device
UPCASE                                  Converts lowercase to uppercase
USAGE                                    Prints system usage statistics
USERS                        Prints number of currently logged-in users
USRASR                                               (Operator command)
VISTA                       DBMS/QUERY Query Language and Report Writer
VPSD                                      Loads Prime Symbolic Debugger
VPSD16                                    Loads Prime Symbolic Debugger
VRPG                                    Invokes V-mode RPG II compiler
VRTSSW                                      Sets virtual sense switches
WILDCARDS                               (Automatic filename generators)
WP_ADMIN                                 (Replaced by OA_ADMIN command)

-------------------------------------------------------------------------------

MORE DETAILED EXPLANATION ON SELECTED COMMANDS
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

BATCH                                        Displays Batch information
~~~~~

    BATCH {-DISPLAY}
          {-STATUS}

-DISPLAY, -DP
    Provides information on jobs being processed by the Batch subsystem.
    Information includes the number of jobs waiting, deferred, and held
    in each queue, and the user id, job id, user number, and queue for
    each currently executing job.

-STATUS, -ST
    Provides a one-line summary of the status of all batch jobs.

Other options to the BATCH command can be used only by the System
Administrator or operator to control the processing of users' jobs.

To submit, manage, and monitor batch jobs, use the JOB command.

For more information, see the Operator's Guide to the Batch Subsystem
and the Operator's Guide to System Commands.

LON                                Controls Phantom Logout Notification
~~~

    LON  [-ON]
         [-OFF]

LON -ON, the default, switches on phantom logout notification so
that PRIMOS notifies the initiator of a phantom process when the
phantom is logged out.

LON -OFF defers logout notification messages.  PRIMOS then stores
these in a buffer until you issue a LON -ON command.  Accumulated
phantom logout messages are then displayed at your terminal.

For further information, see the PRIMOS Commands Reference Guide.

ADD_REMOTE_ID                        Sets up user id for remote systems
~~~~~~~~~~~~~

Abbreviation:  ARID

   ADD_REMOTE_ID user-id [password] -ON nodename [-PROJECT project-id]
                         [-PROMPT]

    user-id             =  id user wishes his phantoms to use on
                           the specified remote system

    password            =  password for that id

    -PROMPT             =  requests that ARID prompt the user for
               (           his or her password, rather than requiring
                           the password to be entered on the command
                           line.  When ARID prompts for the password,
                           the password is not echoed.

    -ON nodename        =  specifies name of system on which id is
                           is to be used

    -PROJECT project-id =  project with which user is to be
                           affiliated on the remote system

Within a Primenet network, some or all sites may have been configured
to require validation of users attempting remote file access. The
ADD_REMOTE_ID command allows a user to set up an identity to be
validated for such access.  This identity, "user-id", must already
exist at the remote site "nodename" before the ADD_REMOTE_ID command
is used.  Remote IDs may be established for up to 16 remote sites.
The ID established by this command persists until the user logs out,
until the user deletes it with the REMOVE_REMOTE_ID command,
or until the user gives a new ADD_REMOTE_ID command with the same
nodename.

For further information, see the PRIMOS Commands Reference Guide
or the PRIMENET Guide.

-------------------------------------------------------------------------------

PRIMOS OPERATOR'S TRICKS
~~~~~~~~~~~~~~~~~~~~~~~~~

When hackers establish themselves in a system, a warfare between them and the
operators breaks out.  They have a number of tricks they can use. On MINERVA
DIALCOM SYSTEM 08, accounts had a habbit of dying rather suddenly if the
command OFF was used to log of the system.  If however a person used the LOG
command which does the same function, they no longer died by themselves.
Could have been a coincidence, but it has happened so many times to me, that
there must be something in it.
When we use the NETLINK facility, the OPS discovered that there is a pattern
to the systems we use.  For example outdials and chat systems like ALTOS who
everyone called.  All they did was monitor the users with Watchdog and kill
the account that happened to connect to one of the suspect NUA's. The solution
to this problem is to send a few hundered messages to regular users to come
for a chat to one of the systems.   As soon as they start killing real users
accounts, they'll sure think twice.  An easier way is to simply put different
Pads between you and the host as a bridge. This can be another dialcom,
primenet etc.
By far the dirtiest and the most low down thing they do, is sit there and watch
you hack into the system, with great amusement. Then some time later as soon
as you get in, you get a FORCED OF FROM PRIMOS message and the account goes
dead.  Meanwhile you see your imediate future collapse before your blood shot
eyes.   Well, not to worry.  Either use a bit of social engineering since they
will expect the real user to call to get the account re-ativated, or make sure
that watching you hack is not enjoyable. By what I mean is set up a sprinting
program, which you can have running 24 hours a day.  Get it to try a password
and then just sit there for a minute, trying the next five and so on.  It makes
things lot harder for them to pick up your scent and if they do catch on, they
can't afford to wais the time so the kick you off and you haven't lost much.
If you have an autodial modem, and you wish to hack minerva for example, then
you have nothing to worry about.  Just hang up after lets say 10 attempts and
re-dial the number. You will placed onto a different MIDAS port and the ops
have virtually no chance in hell of telling you from the real users.

THE LATEST HACKER WEAPON
~~~~~~~~~~~~~~~~~~~~~~~~

This is a beauty which I came across only weeks ago. What can be easier than
having the system change the password back to its original after the operator
or the user has change it?    This is another bit of info I can't describe in
this file, but I'll tell you the principle, so if you are familiar with primos
in a little way, you can set it all up.
All you have to do is get the system to change the password to the original,
once it was killed. The new password will be replaced by the old so that you
can get back on. Once back on, you will find a file with the very password the
operator used to kill the account.  Reset it to this password and all is well
once more and no one will be the wiser.  You can't leave new files in the UFD,
since that would be a giveaway. Any output data can be stored in another
directory or just attached to the ends of existing files.

OUTDIAL SYSTEMS
~~~~~~~~~~~~~~~
I haven't heard of a public outdial provided by austpac for austpac users, but
there is no reason why there shouldn't be one somewhere out there.
A lot of overseas networks provide this service.
An OUTDIAL is a modem connected to the PACKET SWITCHING NETWORK,
which allowes the network users to call computers outside the network, on the
PTSN.  It only seems free to use, but infact the NUI subsribers pay for its
use in the form of online charges for connect time.  That's more or less why a
lot of outdials tend to go dead if used by overseas users rather frequently.
For calling up Bulletin boards anywhere in the world, a decent outdial is a
must.   Here is one which I found two days ago, but which unfortunatelly
may have passed away by the time you get to this file.  This outdial has bee
around for a while now, but only recently they got around to updating the
software and hardware. In other words, it works now.

ok, try this:   NUA:  03106005566    to login, type OUTDIAL

A while back I wrote a rather large file on OUTDIAL systems, but as I was
looking through it recently, I was amazed how I managed to put so much
garbage into a file of such size.  I guess there are still some interesting
points there, but there are so many different outdials now, its not very
accurate.

CANADIAN OUTDIALS
~~~~~~~~~~~~~~~~~

The Canadians are a very starnge race of people.  That is reflected in the
type of outdials one finds on DATAPAC. There is between two to ten outdials
in each area, and each one serves a particular area and baud rate.  It's a
rather starange system, but it works if your computer is in Canada. Calling
international like to the USA, one encounters a few problems. It is believed
that the outdials service only the local area, but I have managed to connect
to a few US systems. The next assortment of NUA's you are about to see is a
never before published list of Canadian outdials. Most of them are not
present in any publication which lists outdials, so there might be some
capable of international connections.  I have never tried a majority of them,
so I can't tell you which do what and to who.

302035600110
302035600111
302035600112
302035600113
302035600114
302035600115
302035600116
302035600900
302035600901
302058700015
302058700016
302058700017
302058700018
302058700900                 These I have obtained from the few sprints I
302058700901                 did on DATAPAC.  To get a futher list, with
302063300431                 just two outdials for each area, connect to
302063300432                 TNET on DATAPAC. the NUA is 302092100086 I think.
302063300433
302063300434
302063300900
302063300901
302067100692
302067100693
302067100695
302067100900
302067100901
302069200900
302069200901
302071100584
302071100585
302071100586
302071100900
302071100901
302072100776
302072100777
302072100778
302072100779
302072100900
302072100901
302091600281
302091600282
302091600283
302091600284
302091600315
302091600316
302091600317
302091600318
302091600319
302091600901
302091600902

S Y S T E M     I D E N T I F I C A T I O N
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
When you encounter a system, you need to know what you are up against, if you
are going to hack in.   This will help you identify the manufacturer and type
of system:

HP-3000    -  Quite easy to identify, by the typical ":" prompt.  also gives
              errors such as  (cierr 1402) and often says:
              Expected Hello, Job, Project ID - (cierr 1402) or something
              simmilar

VAX        -  Quite straight forward. The typical vax responces are:

              Username:
              Password:
              User Authorization Failure!

              You get 3 attempts at a password/username pair.

UNIX       -  This one can be tricky but most systems come up with:

              login:         or     systemname login:
              password:             password:

              You can get anything from 1 to infity attempts before the system
              disconnects.

TOPS - 20     They usually say TOPS - 20 Monitor when encountered.  They have
              a typical '@' prompt and have various help commands before login.

HONEYWELL     Most of them would have this responce:

              $$ Device Type Identifier:

IBM VM/370    These will give you a responce such as:

              Username not in cpl directory!  when you try to login under a
              non existent username. the often have a prompt such as '.' or '!'

PRIMOS        Most system running Primos, ie PRIMENETS, with the exception of
              Dialcoms will give you this prompt.  'OK,'  or 'ER!'

DIALCOMS      They have a habbit of stating which System the are, ie
              BT-GOLD Gold System 81. They give the '>' prompt and a typical
              responce would be.

              Please login
              >
              Illegal Login!
              Please Login
              >

DG AOS/VS     These systems can be mistaken with VAX's since they do have a
              prompt simmilar to a vax, however the often say something like

              R05F07D55A Enter new line to login:

              Then it comes up with statistics and either VCONx or CONx on the
              right line of the line.

CYBER         Usually comes up with the NOS SOFTWARE SYSTEM>

These are the major ones I guess.  I'll have a complete rundown on all the
systems in use in the future, with a lot more detail on each.

I N F O R M A T I O N    O N   N E T W O R K S
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you ever need any sort of information on any particular system, NUA etc in
any country, the best way is to go directly to the source.  The following is a
list of addresses where you may inquire and will most probably get the help
you need.

|////////////////////////////////////////////////////////////////////////|
|||            USEFUL CONTACTS FOR INFORMATION ON PSS NETWORKS         |||
|||                                                     25/12/86       |||
||| Brought to you by:  ----====} THE FORCE {====----                  |||
|||                                                thanx to HOSTESS    |||
|||  From the depths of  - THE REALM -                                 |||
|////////////////////////////////////////////////////////////////////////|

AUSTRALIA
---------

AUSTPAC NETWORK

   DNS MARKETING(AUSTPAC)
   COMMERCIAL SERVICES DEPARTMENT
   8TH FLOOR 518 LITTLE BOURKE STREET
   MELBOURNE
   VICTORIA 3000
   AUSTRALIA
   TEL: 010 61 3 606 7772
   TELEX: DASERV AA35683

MIDAS NETWORK

         MR GARY DONALD
         PRODUCT MANAGER DATA SERVICE
         OVERSEAS TELECOMMIUNICATIONS COMMISSION
         BOX 700 GPO SYDNEY 2001
         AUSTRALIA
      TEL: 010 61 2 230 5000
      TELEX: OTCOM AA20591

AUSTRIA
-------

RADIO AUSTRIA NETWORK

        MR G KMET
        CUSTOMER SUPPORT
        RADIO AUSTRIA AG
        RENGASSE 14
        A-1010 VIENNA
        AUSTRIA
     TEL: 010 43 222 637524 OR 637568
     TELEX:114731 RA A

BAHAMAS - DBS
-------------

MR ANTHONY WEECH
SALES/MARKETING MANAGER
BAHAMAS TELECOMMUNICATIONS CORPN
PO BOX N3048
NASSAU.  BAHAMAS
TEL:010 1809  323 4911
TELEX: 20135

BAHRAIN - BAHNET
----------------

MR ALI HUSSAIN OR MR ALI ALOAMI
COMMERCIAL INTERNATIONAL
BAHRAIN TELECOMMUNICATIONS COMPANY (BTC)
PO BOX 14
MANAMA
BAHRAIN
TEL: 010 973 248 312
TELEX: 8790 BTCCOM BN

BARBADOS
--------
         KEITH B LEWIS
         CABLE AND WIRELESS (W INDIES) LTD
         PO BOX 614
         BRIDGETOWN
         BARBADOS, WEST INDIES
      TEL: 010 1 809 42 75200 EXT 211
      TELEX: 2262 ADMINBAR WB

BELGIUM DCS
-----------

      MR J CLAERBOUDT
      R.T.T.
      DATA TRANSMISSION DEPARTMENT
      BOULEVARD DE L'IMPERATRICE 17-19
      B-1000 BRUSSELS, BELGIUM
   TEL:010 32 2 213 3636
   TELEX:29280 CDDATA 6

BERMUDA
-------

       H. ELTON RICHARDSON
       COMMERCIAL OFFICER
       CABLE AND WIRELESS PLC
       20 CHURCH STREET
       PO BOX 151
       HAMILTON 5, BERMUDA
    TEL: O1O 1 809 295 4777
    TELEX: 3321 CWCOM BA

BRAZIL
------

     MR ARNE SAMPAIO FREINSILBER
     HEAD OF SPECIAL SERVICES SECTION
     EMBRATEL
     AV. MARECHAL FLORIANO, 99 - 12 ANDAR
     20080 - RIO DE JANEIRO - RJ.
     BRAZIL
 TEL:010 55 21 216 8328
 TELEX: 2121810 EBTL BR

CANADA
------

DATAPAC NETWORK

         MR W J ENNS
         DATAPAC INTERNATIONAL PRODUCT MANAGER
         160 ELGIN STREET
         ROOM 1890
         OTTAWA, ONTARIO  KIG 3J4
     TEL: 010 1 613 567 7571
     TELEX: 610 562 1922

GLOBEDAT NETWORK

        GEORGE ORSAL
        MARKETING DEPT 17TH FLOOR
        680 OUEST RUE SHERBROOKE
        MONTREAL, QUEBEC H35 2S4
     TEL: 010 1 514 281 7981
     TELEX: 05-25690

INFOSWITCH NETWORK

        MR R D MARK
        PRODUCT MANAGER
        SWITCHED DATA SERVICE MARKETING
        C.N.C.P.
        SUIT 1803, WEST TOWER
        3300 BLOOR STREET WEST
        TORONTO, ONTARIO M8X 2WP
     TEL: 010 1 416 232 6150
     TELEX: 065 24462 CNCP MKTG ONT

CHANNEL ISLANDS
---------------

     GUERNSEY: MIKE ALLISETTE
               TECHNICAL MARKETING
               GUERNSEY TELECOMS
               PO BOX 3
               ST PETER PORT
               GUERNSEY
               CHANNEL ISLANDS
               TEL:0481 711221
               TELEX:4191515    TEL BD G
               FAX (GP 2 & 3) 0481 24640

     JERSEY:   JON RUMFITT
               JERSEY TELECOMS
               SALES OFFICE
               MINDEN PLACE
               ST HELIER
               JERSEY
               CHANNEL ISLANDS
               TEL:0534 71811
               TELEX:4192083
FAX NUMBER 0534 75846(GROUPS 2 & 3)

COTE D IVOIRE
-------------

  CUSTOMER CONTACT:
     DIRECTEUR GENERAL D'INTELCI
     01 BP 1838
     ABIDJAN 01
     COTE D'IVOIRE
  TEL: 010 225 32 49 85
  TELEX: 23790

DENMARK
-------

  CUSTOMER CONTACTS:
    HENRIK SVENDSEN OR MRS ANITA BLIKDAL
     POSTS AND TELEGRAPHS MARKETING DEPT.
     ROEDOVREVEJ 241
     DK-2610 ROEDOVRE
     DENMARK
  TEL:010 45 1 415 055
  TELEX: 27460 TELEKH DK

EGYPT - EGCOM
--------------

       MR ZEIN EL DIN IBRAHIM
       GENERAL MANAGER
       INTERNATIONAL COMMERCIAL RELATIONS
       NATIONAL TELECOMMUNICATIONS ORGANISATION
       RAMSES STREET
       CAIRO, EGYPT
  TEL: 010 20 2 774 777
  TELEX: 92100 RADMSR UN

FINLAND
-------

       MR TAUNO STJERNBERG
       GENERAL DIRECTORATE OF POSTS AND TELECOMMUNICATIONS
       TELECOMMUNICATIONS DEPARTMENT, INTERNATIONAL SECTION
       P.O. BOX 526
       00101 HELSINKI
       FINLAND
    TEL:010 358 0 704 2373
    TELEX:123434 TEINT SF
    TELEGRAPHIC ADDRESS: INTELCOM HELSINKI

FRANCE
------

     CUSTOMER CONTACT:
       LEASED CIRCUIT ACCESS
        DIRECTION COMMERCIALE
        TRANSPAC
        28EME ETAGE
        TOUR MAINE MONTPARNASSE
        33 AVENUE DU MAINE
        75755 PARIS CEDEX 15
     TEL:010 33 1 4538 5211
     TELEX:260676

       DIAL-UP ACCESS
        M GIRERD OR M CHEVALIER
        INTELCOMFRANCE
        NTI DEPARTMENT
        TOUR FRANKLIN
        CEDEX 11
        F92081 PARIS LA DEFENSE
     TEL:010 33 1 4762 7960 OR 4762 7961
     TELEX:CPTI 610586F - CPTI 610329F

FRENCH ANTILLES
----------------

        GUADELOUPE
          L'AGENCE COMMERCIALE DES TELECOMMUNICATIONS
          (ACTEL) DE POINTE DE PITRE
          TOUR CECID PLAN DE LA RENOVATION
          BP 392
          97162 POINTE A PITRE CEDEX
        TEL:GUADELOUPE 810491 (via international operator)
        TELEX: 019092 GL

        MARTINIQUE
          L'AGENCE COMMERCIALE DES TELECOMMUNICATIONS
          (ACTEL) DE FORT DE FRANCE
          41 RUE GABRIEL PERI
          BP 697
          97200 FORT DE FRANCE CEDEX
        TEL:MARTINIQUE 714695 (via the international operator)
        TELEX:019590 MR

FRENCH GUIANA
-------------

     SERVICE COMMERCIALE DE LA D.T.R.E.
     21 RUE DE LA BANQUE
     75084 PARIS CEDEX 02
  TEL:010 33 1 233 5122
  TELEX: 210775

FRENCH POLYNESIA
----------------

     SERVICE COMMMERCIALE DE LA D.T.R.E.
     21 RUE DE LA BANQUE
     75084 PARIS CEDEX 02
  TEL:010 33 1 233 5122
  TELEX: 210775

GABON
-----

      MR J  J MASSIMA-LANDJI
      TELECOMMUNICATIONS INTERNATIONALES GABONAISES
      BOITE POSTALE 2261
      LIBREVILLE
      GABON
      TEL: 010 241 74910
      TELEX:5200

FEDERAL REPUBLIC OF GERMANY
---------------------------

        DEUTSCHE BUNDESPOST
        FERNMELDETECHNISCHES ZENTRALAMT
        REFERAT KUNDENBERATUNG FUER DATELDIENSTE
        POSTFACH 5000
        D-6100 DARMSTADT
        FEDERAL REPUBLIC OF GERMANY
     TEL: 010 49 6151 83 4641
     TELEX: 419511 FTZ D
     TELETEX: 2627-6151946=FTL Datl

GREECE
-------

     MR U KOKKOTAS
     HELLENIC TELECOMMUNICATION ORGANISATION
     1 VERANZEROU STREET
     ATHENIA 124
     GREECE
  TEL:010 30 1 364 2099
  TELEX:219797 OTE GR

GUATEMALA
---------

  LIC PLACIDO CASTELLANOS
  SUB GERENTE
  EMPR GUATEMALTECA DE TELECOMUNICACIONES
  EDIFICIO TORRE GUATEL
  AVENINDA LAS CASTELLANA
  GUATEMALA CITY
  GUATEMALA
TEL:010 502 23698
TELEX: 5169

HONDURAS
---------

     JOSE DEL CARMEN MARCIA
     AMILCAR FLORES
     DEPT DE TELEX PLANTEL MIRAFLORES
     BOULEVAR CENTROAMERICA
     TEGUCIGALPA
     D.C. HONDURAS
  TEL:0101 504 32 7483
  TELEX: 1220

HONG KONG
---------

DATAPAK NETWORK

     MR VICTOR FUNG
     DATAPAK SALES DEPARTMENT
     HONG KONG TELEPHONE CO LTD
     GPO BOX 479
     HONG KONG
  TEL: 010 852 5 287170 (VOICE)
       010 852 5 8932322 (FACSIMILE)
  TELEX:83338

INTELPAK NETWORK

         MR Y S WU
         MANAGER SALES, DATA SERVICES
         TEXT SERVICES DIVISION
         GPO BOX 597
         NEW MERCURY HOUSE
         22 FENWICK STREET
         WANCHAI, HONG KONG
      TEL:   010 852 5 2831628
      TELEX: 83000 CWCOMHX
      FAX: 010 852 123 48248

INDONESIA
----------

     MR TJAHJONO SOERJODIBROTO
     GENERAL MANAGER MARKETING
     PT.INDOSAT,  WISMA ANTARA(10TH FLOOR)
     JL. MERDEKA SELATAN 17
     JAKARTA 10110
     INDONESIA
  TEL:010 62 21 348 109
  TELEX: 44383 or 46134 INDSAT IA

IRISH REPUBLIC - EIRE
---------------------

        JOE TROY
        DATA SERVICES SECTION
        TELECOM EIREANN
        6-8 COLLEGE GREEN
        DUBLIN 2
     TEL:000 1 778222 EXT 500
     TELEX:92389 DATA EI

ISRAEL
------
        DAVID HYMAN
        DEPUTY DIRECTOR
        MINISTRY OF COMMUNICATIONS
        TELEPHONE SERVICE ADMINISTRATION
        MITZBE BUILDING
        1 HASORREG STREET
        JERUSALEM 91999, ISRAEL
     TEL: 010 972 2 695354
     TELEX: 25269 DIRTL IL

ITALY
-----

ITALCABLE NETWOTK

MR A MERUSI
MARKETING DEPT
VIA CALABRIA 46-48
I - 00187 ROME
TEL: 010 39 6 477 0425
TELEX:  611146
FAX: 010 39 6 679 9858 (GROUP 2 & 3)

ITAPAC NETWORK

MR ANDREA MACCHIONI
MINISTERO PTT (ITAPAC)
DIREZIONE CENTRALE SERVIZI
VIALE EUROPE 160
I-00100 ROME
TEL: 010 39 6 54601 EXT 4969
TELEX: 610070 GENTEL I

JAPAN
------

    CUSTOMER CONTACT:
       MR KUNIO OCHIAI
       MR KOICHI TANAGI
       MR YUKIHIRO OTAKE
       2ND MARKETING DIVISION
       COMMERCIAL DEPARTMENT
       KOKUSAI DENSHIN DENWA CO LTD (KDD)
       MARUNOCHI MITSUI BUILDING 1F
       2-2 MARUNOUCHI 2-CHOME
       CHIYODA-YU, TOKYO 100  JAPAN
    TEL:  010 81 3 240 8449
    TELEX: 24700 KDDSALES

LUXEMBOURG
-----------

     MR R WENNMACHER
     ADMINISTRATION DES P & T
     5  RUE DE HOLLERICH
     2999 LUXEMBOURG
  TEL:010 352 4991 722
  TELEX: 3410 PTDT LU

MALAYSIA
---------

  MR SAMDULDIN YUSOFF
  TELECOMMUNICATION DEPARTMENT
  EXTERNAL SERVICES DIVISION
  12TH FLOOR, BANGUNAN BUKOTA
  JALAN PANTAI BARU 50672
  KUALA LUMPUR, MALAYSIA
  TEL: 010 60 3 200222
  TELEX: 30287

NETHERLANDS
-----------

DATANET 1 AND DABAS NETWORKS

     JOLANDA RENS
     PTT HEADQUARTERS
     DIRECTORATE COMMERCIAL AFFAIRS TELECOMMUNICATIONS
     DCT-DATA
     PO BOX 30,000
     2500 GA THE HAGUE
     NETHERLANDS
  TEL:010 31 70 758611
  TELEX: 31111 DCT-DATA

END
END

Force Files Volume #5 (August 6, 1987)

                                      
F O R C E   F I L E S    Volume #5
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From The Depths Of  - THE REALM -, By:  ----====} THE FORCE {====----  08/06/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

UNIX
----

Unix systems have got a lot and I mean a lot of defaults. The major ones are:

who/who,   uucp/uucp,   daemon/daemon,   tty/tty,   test/test,   bin/bin
adm/adm,   nuucp/nuucp, learn/learn,     sys/sys,   root/root,   uuhost/uuhost
games/games,  root/system,   trouble/trouble

There are others, which you will have to find in the UNIX Scan which is about
to follow.

Another very good use of unix machines is an outdial facility that most of them
are equipped with.  Just type in 'man cu' once in, for more information.
Again there a lot of files on UNIX machines so I won't go into any great detail
of it's workings.  (well to tell the truth, I am not all that hot when it
                    comes to technical info on this system)

The following is a root library taken from a UNIX V, containing all the
recognised defaults, commands etc.  Brought to you By: BOBO

$ ls /*
/oldunix
/tccalendar.dbf
/tccalendar.mem
/console
/dbase_1
/dgmon
/filledt
/go
/informix_3
/mbox
/moveprofile
/multiplan_1
/secret.file
/send
/tmpfile
/tty21
/unix
/write

/bck:

/bin: appt ar as basename caldr cat cc chgrp chmod chown cmp conv convert cp
cpio cprs crypt date dd df diff dirname dis du dump echo ed env expr false file
find grep kill ld line list ln login lorder ls mail make mesg mkdir mv newgrp
nice nm nohup od passwd pdp11 pr ps pwd red rm rmail rmdir rsh sed sh size
sleep sort strip stty su sum sync tail tee time touch true tty u370 u3b u3b2
u3b5 uname vax wc who write

/boot: hdelog idisk iuart kernel mem ports ptc pts stubs sxt tty

/dev: sa boot console contty diskette dsk hdelog idsk00 idsk01 idsk02 idsk03
idsk04 idsk05 idsk06 idsk07 idsk08 idsk09 idsk0a idsk0b idsk0c idsk0d idsk0e
idsk0f idsk10 idsk11 idsk12 idsk13 idsk14 idsk15 idsk16 idsk17 idsk18 idsk19
idsk1a idsk1b idsk1c idsk1d idsk1e idsk1f ifdsk00 ifdsk01 ifdsk02 ifdsk03
ifdsk04 ifdsk05 ifdsk06 ifdsk07 install kmem mainstore mem null ptc00 ptc01
ptc02 ptc03 ptc04 ptc05 ptc06 ptc07 ptc08 ptc09 ptc10 ptc11 ptc12 ptc13 ptc14
ptc15 rsa rdiskette rdsk ridsk00 ridsk01 ridsk02 ridsk03 ridsk04 ridsk05
ridsk06 ridsk07 ridsk08 ridsk09 ridsk0a ridsk0b ridsk0c ridsk0d ridsk0e ridsk0f
ridsk10 ridsk11 ridsk12 ridsk13 ridsk14 ridsk15 ridsk16 ridsk17 ridsk18 ridsk19
ridsk1a ridsk1b ridsk1c ridsk1d ridsk1e ridsk1f rifdsk00 rifdsk01 rifdsk02
rifdsk03 rifdsk04 rifdsk05 rifdsk06 rifdsk07 rinstall rsave save swap sxt
sxt000 sxt001 sxt002 sxt003 sxt004 sxt005 sxt006 sxt007 sxt010 sxt011 sxt012
sxt013 sxt014 sxt015 sxt016 sxt017 sxt020 sxt021 sxt022 sxt023 sxt024 sxt025
sxt026 sxt027 sxt030 sxt031 sxt032 sxt033 sxt034 sxt035 sxt036 sxt037 sxt040
sxt041 sxt042 sxt043 sxt044 sxt045 sxt046 sxt047 sxt050 sxt051 sxt052 sxt053
sxt054 sxt055 sxt056 sxt057 syscon systty ttp00 ttp01 ttp02 ttp03 ttp04 ttp05
ttp06 ttp07 ttp08 ttp09 ttp10 ttp11 ttp12 ttp13 ttp14 ttp15 tty tty11 tty12
tty13 tty14 tty15 tty21 tty22 tty23 tty24 tty25

/dgn: ports sbd x.ports x.sbd edt_data

/etc: timezone bcheckrc brc bzapunix cgetty checkall checklist chroot ckauto
clri coredirs crash cron dcopy devnm dfsck disketteparm drvinstall dummy.sf
edittbl errdump ff fmtflop fmthard fsck fsck1b fsdb fsdb1b fsstat fstab fuser
getmajor getty gettydefs group grpck hdeadd hdefix hdelogger helpadm init
inittab inittab.old install ioctl.syscon junk killall labelit ldsysdump led
link log magic master.d mkboot mkfs mknod mkunix mnttab motd mount mountall
mvdir ncheck newboot old.stdprofile opasswd passwd passwd.bak passwd.old
pciconfig pcidaemon.eth pciout.232 pciout.eth pciptys pciserver.232
pciserver.eth ports prepcigettydef prepciinittab profile prtconf prtvtoc
ps_data pump pwck rc.d rc0 rc2 save.d savecpio setclk setmnt shutdown
shutdown.d stdprofile sysdef system telinit termcap tm uadmin umount umountall
unlink utmp volcopy vtoc wall whodo wtmp

/instal:
/instal unreadable

/install:
/install unreadable

/lib: cm4defs comp cpp crt0.o fcrt0.o fmcrt0.o lboot libpw.a libc.a libld.a
libm.a libp mboot mcrt0.o nmawk optim pump

/lost+found:

/mnt:

/root:

/save:

/tmp:

/usr: 123 3bnet adm admin ahp ajk alj bht bin bjc bjm bjz bkl bkm bls cbb cdev
cep chh cjw cle clh cma coldwel1 coldwel2 coldwel3 coldwell cta ctc dcp dda
demo dgh dgm dll dlp dpr dsd dsh egs ehb ejf elx enl extra gcg gello gkm guest
haverkam hcc hfs hjc include irv jaw jbg jci jee jeh jev jhd jja jkp jmr jpf
jpn jth jty jwb kla lbin lbo lib lit llg lls lost+found lrb lrk ltc mail man
mdk mgr mjp mku mlt mmg msl nab news njb options pam pci pgb phb phm plm
preserve psd pub ret rfl rlm rlv rns rnv rsb russ rwm sap sas shg sla smb smk
spool src ssb sup tll tm tmp twp unify von vov[dn wes whn wit wpt
a.out a.out.pdp aardvark ac acc acct acctcms acctcom acctcon acctcon1 acctcon2
acctdisk acctdusg acctmerg accton acctprc acctprc1 acctsh acctwtmp ad adb
addbib adduser admin adventure aliases aliens altblk analyz apropos ar ar.pdp
arcv arff arithmetic arp ar.pdp as as.pdp asa ascii asktime assign asy at atq
atrm autoconf awk back backgammon badsect banner bas basename bc bcd bdiff bfs
biff binmail bj bk boggle boot bugflier bs cal calendar canfield cat catman cb
cc cd cdc cflow chargefee chase checkcw checkers checklist checkmm checknr
chess chfn chgrp ching chmem chmod chown chparm chroot chsh ckpacct clear clri
cmp col colcrt comb comm compact comsat config connect cons convert copy core
cp cpio cpp cprs craps crash cref cribbage cron crypt csh csplit css ct ctags
cu cut cw cwcheck cxref dab144 date dbx dc dcheck dd deassign del delta deroff
devinfo devnm df dh diction diff diff3 diffmk dir dircmp dirname dis disable
disk dispart disktab display dmc dmesg dmf dn doctor dodisk doscat doscp dosdel
dosdir dosis dosmkdir doswrite cpd dpr drtest drum dtype du dump dumpdir
dumppfs dz e ebcdic ec echo ed edquota efl egrep en enable env environ eqn
eqnchar eqncheck errfile error ex expand explain expr eyacc f77 factor false
fastboot fcntl fd fed ffill fget fgrep file filehdr filesystems fill find
finger fish fixascii fl fmt fold format fortran fortune fp fpr freq fs fsck
fsdb fsend fspec fsplit fstab ftpd fwtmp gcat gcore gcosmail gdev ged get
getopt gets gettable getty gettydefs gettytab ghose gps graph graphics greek
grep group groups grpcheck grpcheck gutil halt haltsys hangman gd hd hdr head
help hex hier history hk hold hostid hostname hosts hp hpio ht htable hy hyphen
icheck id ifconfig ik il imp implog implogd indent ined inet init initab inode
install intro iostat ip ipcrm ipcs issue istat join jotto just kasb keyboard kg
kgmon kill killall kmem l last lastcomm lastlogin lc ld ld.pdp ldfcn learn
leave lex li life line linenum link lint lisp liszt ln lo lock login logname
look lookbib lorder lp lpc lpd lpq lpr lprm lpstat ls ls7 lxref m4 machid mail
mailaddr make makedev makekey man manroff mant master master.dec master.u3b
maze me mem memuse mesg mille mkdir mkfs mklost+found mknod mkproto mkstr
mkuser mm mmcheck mmt mnttab mnacct monop moo more mosd mount mptx ms msgs mt
mtab mtio mv mvdir ncheck neqn net netstat netutil newaliases newfile newform
newfs newgrp news nl nm nm.pdp nohup nroff nroff7 nscstat nsctorje null nulladm
number nusend od pac pack pagesize panic param passd paste pc pcat pcl pdx
phones pi pix plot pmerge pnch ports portstatus pr prctmp prdaily prep
primetime print printcaps printevn prmail prof profile proto protocols prs
prtacct ps pstat pti ptx pty pup put put7 pwadmin pwck pwcheck pwd px pxp pxref
qconfig qdaemon quiz quot quota quotacheck quotaon rain random ranlib ratfor rc
rcp rcvhex rdump readfile reboot refer refrom regcmp regexp reloc remote remsh
renice repquota reset restor mrrestore rev reversi rexecd rjestat rlogin
relogind rm rmail rmdel rmdir rmhist rmt rmuser robots roff roffbib rogue route
routed rpl rrstore rsh rshd rstat runacct ruptime rwho rwhod rx rxformat sa
sact sadp sag sar sash savcore scat scc sccsdiff sccsfile scnhdr script sdb
sddate sdiff se sed see send sendbug sendmail services setmnt setnode settime
sh shutacct shutdown size size.pdp skulker sky sleep snake sno soelim sorry
sort sortbib spell spline split splp ssp stab stackuse stat sticky stlogin
strings strip strip.pdp stuct ststat stty style su subset sum sum7 sumdir
swapon symorder syms sync sysadmin syslog system tab tabs tail take take7 talk
tar tbl tc tcp tee telnet telnetd term termcap test tftpd time timex tip tm toc
touch tp tplot trek trman troff troff7 trouble trpt true ts tset tsort ttt tty
ttys ttytype tu tunefs turnacct twinkle types typo uda udp ul umask umount un
uname unget uniq units unlink unmount unpack untab up update updater uptime ut
utmp users uu uuclean uucp uuencode uulog uuname uupick uusend uusnap uustat
uusub uuto uux va va vc versions vfont vfontinfo vgrind vgrindefs vi vip vipq
vmstat vp vpr vsh vtroff vv vwidth w wait wall wc what whatis whereis which who
whoami whodo worm worms write wtmp wtmpfix wump xargs xref xsend xstr yacc yes
zork

Now just you try and go throught all that hehehe..

PRIMENETS, DIALCOM - PRIMOS
----------------------------

This is where the fun is and these are my favourite systems, as you are about
to find out.

PRIMOS DEFAULTS
~~~~~~~~~~~~~~~

Both Primenets, Dialcoms, and other systems running Primos, have got default
accounts.  They are not unique to all the systems, but rather to different
versions of Primos. The most common ones include.

TEST/TEST,  TEST/PRIME,  GAMES/GAMES,  DEMO/DEMO,  SYSTEM/SYSTEM,
HELP/HELP   NETMAN,      DUMMY.

PRIMOS SUBDIRECTORIES
~~~~~~~~~~~~~~~~~~~~~

Primos has a large number of subdirectories, where system files are kept along
with other various information.   A lot of them are password protected, but
directories without protection can also be of great use.

To access a directory, from the primos prompt: (The prompt can be specified
for each individual systems, but most common ones are '>' for Dialcoms,
'Ok and ER!' for Primenetes.

 The following are but a few directories common to most Primos systems:

CATINF  - usually has no password protection. It's a master directory for
          information and help files. ie Typing INFO NAME will usually go
          to the directory and look up file NAME.  This is found on Dialcom
          systems. Primenets have the same directory, but often called
          INFO or HELP.

CATLIB  - This is a goodie.  This one contains the system files for commands
          etc.  With access to it, you can basically modify the routines to
          suit your needs.  Naturally it's protected.

SYSOVL  - This one again has usually no protection and I believe it contains
          the various codes for languages, ie PASCAL, FORTRAN etc as well as
          error codes.  It does contain a few interesting system files.

SAD     - A system directory.  I have only got into this one once on a
          primenet, but I never had enough time on it to find out what it
          was about gggrrr.

LOGIN   - Another protected directory, but I guess the name says it all.

WATCHDOG- This special directory is set up on most systems for security and
          diagnostic purposes. It allowes a user to monitor the systems which
          includes the actions of people etc.  Again, it's well protected.

There can be virtually hundereds directories, which don't actually belong to
to specific UFD's and they are worth investigating. Again use logical names
for each system.

The NETLINK facility found on Systems running PRIMOS, makes them very usefull.
Other systems may also have simmilar gateways, but the availibility of multiple
circuits is paradise.  There are several versions of NETLINK, but there are
sufficient help files on most systems to work out what's going on.

So far, a Primos system is the best I have found  for Sprinting NUA's,  if it
has a slack security.
The following is a sprinter which will run internally from primos.

-------------------------------------------------------------------------------

This program runs internaly on virtually all systems running the Primos OS.
ie DIALCOM SYSTEMS, PRIMENETS etc.    The Idea has been based on the original
concept by THUNDERBIRD 1, but with a few alterations and updates, to make the
process faster and safer.   The Success rate is about 99% and can use multiple
circuits (with a lower success rate).

THE BASIC PROGRAM
~~~~~~~~~~~~~~~~~

Ok, lets say you are in a primos system, here is what u do:

>BASIC   (Takes you into basic version something or other)

         (once in, you'll get the '*' Prompt and just type the following)

* 5   DEFINE FILE #1 = "SOURCE"
* 8   WRITE #1,"COMO -N"
* 9   WRITE #1,"COMO DATA"
* 10  WRITE #1,"NETLINK"
* 15  FOR X = 100000 TO 100999
* 20  WRITE #1,"C :0311030";X;" -FCTY"
* 25  A=A+1
* 30  IF A = x GOTO 100
* 35  B=B+1
* 40  IF B = 200 GOTO 200
* 55  NEXT X
* 60  WRITE #1,"D ALL"
* 65  WRITE #1,"Q"
* 70  WRITE #1,"COMO -E"
* 75  WRITE #1,"COMO -T"
* 80  END
* 100 WRITE #1,"D ALL"
* 105 A=0
* 110 GOTO 55
* 200 WRITE #1,"D ALL"
* 205 WRITE #1,"Q"
* 210 WRITE #1,"NETLINK"
* 215 B=0
* 220 GOTO 55

           IF THE VERSION OF BASIC DOES NOT SUPPORT FILE MANIPULATION,
           YOU WILL HAVE TO REPLACE ALL  'WRITE #1,' STATEMENTS WITH A
           PRINT STATEMENT, AND RUN IT MANUALLY. ie:

               - from primos:   COMO -N
                                COMO SOURCE
                                BASIC
                                LOAD PROGRAM
                                RUN
                                Q
                                COMO -E
                                COMO -T
                                ED CODE

           you then edit the code file and remove all the junk at the end and
           at the beginning of the file which had been saved as well.

That's basically the program.  Now for the explanation:

5   - Defines filename 'SOURCE' which is the source code for the sprinter.

8   - Stops all text sent by the Prime system from being sent to the video
      output, thus the computer can execute anything at it's maximum speed,
      without being slowed down with 1200/1200 baud.  setting COMO -N causes
      the sprinter to run at the computers maximum speed which I think is
      in excess of 9600 baud, since the storage speed still restricts the
      NETLINK execution which should be at around 56000 baud. (I could be
      wrong on this one.. I am assuming it, since a lot of networks run at
      56000 with only some at 9600 baud. Take your pick.  Since nothing is
      going to the video display, it means if you are connecting to lets say
      MINERVA via MIDAS, both MIDAS and MINERVA operators at the consoles,
      can't see what you are doing.  This doesn't mean that it's safe, but
      quite the opposite. If any user either online or at the console is in the
      Watchdog utility,  you will stick out like a sore thumb.

9   - Opens an output file, to which all the data from netlink is stored in.
      Since nothing is being displayed on the video displays, all the
      results are sent to the filename DATA which u later edit and retrieve
      the results of the sprint.

10  - Activates the NETLINK gateway.

15  - A loop to set the required sprint Range.

20  - Writes all NUA's in the required range into the source file.

25  - Sets Counter for A, which determines number of circuits to be used.

30  - Determines after how many circuits to disconnect.  I recomend you use
      at least 5 for the best accuracy. (Warrning: if x is set to a larger
      number, particularly at prime time, it will jam the system). If you
      wish to use multiple circuits at the one time, ie sprinting virtually
      10 or more NUA's at the one time, just set the value of x to around 10.
      I'll explain later on, how to run all at the one time, although you will
      loose accuracy.

35  - Sets Counter for B, which will give you the indication of progress.

40  - Will give indication of progress every 200 NUA's. Primos will display
      a message to your terminal although all I/O goes to the drives. It's
      a handy way of determining the progress.

55  - Completes the loop for X.

60  - Writes a D ALL at the end of the SOURCE file, to disconnect any
      connected circuits.

65  - Writes 'Q' to exit out of NETLINK

70  - Sends COMO -E to primos, which closes the DATA file.

75  - Sends COMO -T to primos, which cancels the COMO -N command.

80  - The END of program

100,110  A routine, to disconnect all circuits after a particular number
         of circuits is in use.

200,220  A routine to display an error message per every 200 NUA's sprinted,
         which will give you indication of progress. It disconncts all
         Circuits, quits NETLINK and RE-enters NETLINK.  Upon re-entry, a
         warning message is displayed.  It also clears the system if it gets
         jamed from all that connecting.

---------------------------------------------------------------------------
To start up the Sprinter you do the following:

* SAVE PROGRAM     (rem: You might like to use the program again, so you can
                         save it)
* QUIT             (rem: Exit to primos)

>DO SOURCE         (rem: Execute line by line what is in the SOURCE file)

Now all that remains is to send  '@' <RETURN>  at regular intervals, since once
connected the primos can't disconnect itself. sending the @ is the tricky bit.
IT will determine the best accuracy and speed.  On a area such as TYMNET 310600
where there are a lot of NUA's it is better to send the @ at about 10 second
intervals. On the less populated areas, it's better to extend the time.  If you
send the @ <RETURN> at less than 10 second intervals, you will almost double
the speed, but half the accuracy.

PHANTOMS
--------

Primos has a similar system to the BATCH on VAX's etc. That is, it will execute
a program and run it, without the user having to be online. In primos, they
call it a PHANTOM. You can run the Sprinter as a phantom, thus you can have the
above program going for a few weeks and then login to collect your resulrs.
This one you will have to figure out for yourselves though. I don't think this
info should be freely available to all.

USING MULTIPLE CIRCUITS
~~~~~~~~~~~~~~~~~~~~~~~
There are basically two ways in which you can run a number of programs at the
one time. The first one, is to set value for x in the A counter to the maximum
the system will give you.  ie 10-20 depending on the number of users on the
system. Basically all you do, is send the @ <RETURN> about every 2 seconds,
and this is what happens. Netlink is instructed to connect to lets say:

@ C :0311030100341 -FCTY

Now before it has the chance to establish the connection, the @ <RETURN>
returns back to NETLINK.  and another command is sent from Primos, this time:

@ C :0311030100342 -FCTY

Now you have 2 circuits connected, since the @ RETURN alone doesn't disconnect
a circuit, but exits.   You do that one after another, and after no time, you
have 10 circuits working at the one time.  (this is usefull for areas where
the responce from remote host takes a long time)  After all the NUA's are
packed, you simply send a D ALL command which disconnects all circuits.
Those which came up with an error, will have allready disconnected, so only
the ones which give DISCONNECTED message have been connected. (if u can
follow that).  There are a few major problems.  This method runs very very fast
,but, if a system is BUSY, you miss it.  Also, you will get a false message for
the last NUA's before the D ALL command, which haven't had enough time to
connect.  Only way to prevent that, is to stick a few WAIT commands before the
D ALL command.  (just modify the basic program).   I personally don't like
using this method. The next one is a lot better, more dangerous, far more
accurate and doesn't tie you down while sprinting.
This is what you do:

When you login to minerva for example, go to Netlink straight away. From it,
just connect back to the Primos system you are in by typing the NUA.  ie from
Minerva type @ C :200000 -FCTY  to connect to itself. Now login again, under
the same account.  Now you set up your sprinter and let it go.  When
everything is running, you press @ <RETURN> which this time will bring you
back to the netlink you were in originally, while the sprinter is running in
the backround on circuit #1.  Ok, now you connect to the same system as before,
on circuit #2 and repeat the whole process, this time with a few changes:
In line #9 instead of  9 WRITE #1,"COMO DATA", simply type:
9  WRITE #1,"COMO DATA2"  if you continue on circuit #3 next time change the
file name to DATA3 etc, thus the individual programs will not overwrite
each other.  Also change line #5 in a simmilar fashion from SOURCE to SOURCE2,
SOURCE3 etc. The last thing to change is the way you activate the Sprinter.
Second or third time round, you can't type >DO SOURCE, because it would
destroy the previous source file.  Thus the first time you type:

>DO SOURCE     second time around type:
>DO2 SOURCE2   third:
>DO3 SOURCE3   etc

To Disconnect a particular connection in a loop just use the escape character
'@'.  Use '@@' to disconnect from the second leaving the first connected, '@@@'
from the third etc.

Lets say you did it 3 times and you are back in NETLINK. The sprinter is
running on circuits #1, #2, and #3  ( I wouldn't recomend more than 3, but
if there are no operators on duty, you can do as many as you like. The beauty
of this method is that you still have Circuit #4, #5 etc, to do what ever you
want to.  ie hack into systems, call your favourite BBS in the States etc.
The only problem we have is disconnecting, since as I said before, Primos
can't disconnect automatically with this program and pressing @ <RETURN>
will be picked up by the first netlink system you are going through. Well,
it's quite simple. every minute or so, since you are having fun on circuit #4,
connect to each of the circuits 1,2 and 3 by typing @ CONT 1 or CONT 2 etc.
when connected type  <ESC> @ <RETURN>  this will send the command on to the
system bypasing the initial netlink.  if that doesn't work, since I found on
some systems it don't, type  <ESC> <CTRL-P> <RETURN>  it should basically do
the same job.

EDITING THE RESULTS
~~~~~~~~~~~~~~~~~~~

After your sprints are finished, you are stuck with a very very large file
'DATA' with all the results and the prospect of d/loading it is not a very
pleasing one.  Well, simply do this:

>ED DATA     (go to Text Editor and load file DATA)

C/Conn/Conn/*      (will display all the NUA's which connected)
C/Bus/Bus/*        (will display all the NUA's which were busy)

If you were using multiple circuits, you must type:

C/Dis/Dis/*        (it will give u a list of all the disconnected circuits
                    which is the only way u can detect connections)

GENERAL HINTS
~~~~~~~~~~~~~

DO NOT GO CRAZY WITH THIS PROGRAM.....If you attempt something like 10000
NUA's at the one time. THe DATA file will get very very large and you may
end up giving the system a pain in the I/O.  Generally keep it down to
about 1000 or max 2000 at a time.  Believe me I know!! I tried doing the
TYMNET area in one go, and I brought the entire system down for 3 HRS, so
don't do it.  Another rather important note. Delete all trace of any files
after you have finished.  ie delete the program itself, the SOURCE file,
DATA file and the C_DO file, which is created on the execution of the DO SOURCE
command.

MOST IMPORTANT...BEFORE YOU START, CHECK THE DIRECTORY. IF THE USER HAS A
FILE CALLED    C_DO  ALREADY PRESENT, RENAME IT TO SOMETHING ELSE AND CHANGE
IT BACK TO C_DO AFTER YOU HAVE FINISHED AND DELETED ALL YOUR FILES.
To rename a file type:  >REN C_DO,NAME

If you know more about Primos, you can stick the program and all your files
into some neglected directory and subdirectory, which can be accessed from
any ID and just leave them there, to save you the effort on your next session.

Well, now you have the basic Idea of the COMO and DO command and some working
knowledge of the Basic prime use.   The possibilities are endless.  You can
modify the program to give you the user directory or hack passwords into
password protected subdirectories. One other thing, If you are not sure what
you are doing, or are on your last account, it's simply not worth the trouble.

-------------------------------------------------------------------------------

PRIMOS TROJANS
--------------

There are a number of ways to set up a few trojans inside Primos systems.
Last time I had a trojan running on minerva, It got around 100 accounts, but
I made a few mistakes, which I paid for dearly. Hopefully, you will not make
the same mistakes. FOR GODS SAKE, DON'T ALL RACE TO MINERVA AND SET UP WHAT
I AM ABOUT TO DESCRIBE, USE THIS ONLY ON OTHER PRIME SYSTEMS YOU HACK IN THE
FUTURE.  ie DIALCOMS, PRIMENETS etc, Since there is a limit with how much you
can get away with, in the one system.

The first place to start has a lot to do with SOCIAL ENGINEERING. You must
put yourself into the shoes of your victim. The trojan must be convincing
enough, for him not to suspect anything and for you to get his password without
him realising it.  It's also a good idea if the System Operators don't catch
on too quickly, and you should know how to combat the measures they are going
to take to fix it all up. There are far more sophisticated methods than what
I'm about to propose, but I am assuming that you only have a very low access
account to work with.

First of all, you will need an unused account. By that I mean a user who forgot
about his ID and doesn't use it, for if he was to use it in the middle of your
trojan, that would be it. A person who hasn't been on his account for a few
years will do great, and there are some of those around. If not, you can use
what are called GHOST Accounts. This are simply ID's that a system manager
has assigned to users in his UFD Directory when the users don't really
exist.  To find them, just try to attach to the next ID in the series, catalog
it's directory and if there are no files, or time/date labels are very old,
just change the password and claim the ID. Always try to aim for the 001
account, because they are just more convincing.   Next thing you will need,
is an account with Authority within the system, ie of a person who helps out
new users, or someone with the company that owns the system. Example of this
would be a OTCxxx Account on MINERVA, or BTGxxx on BT GOLD.  If you have
access to such an account, they are great, but they are not really neccassary.
Now that you have that you can start.

1 - Write a Program in Primos BASIC, to simulate the system login. It has to
    be an exac replica if it is to work proply.  When the user tries to login,
    it will save everything in a file.

2 - It would be too much work trying to actually set up something for the user
    to actually use, so at the login, just say that the system is not
    available. Ie down for updates and it will be up in a a few days. Simple
    as that.

3 - To automatically execute the basic program at login, we must create a file
    called C_ID which should just contain the following.

                 TY FILENAME   if you want the user to receive some additional
                               instructions before logging into the fake
                               system entry
                 BASIC
                 LOAD NEWS     where News is the name of the fake basic prog.
                 RUN

    Since all but the first are echoed to the screen, you can work them into
    some sort of an introduction, which aparently describes an alternate
    system option. ie:

            - Text from TY FILENAME  (the command not echoed)
            - Rest of the commands from C_ID file
            - More text from basic program.
            - Login.

    If you are fortunate to have a version of basic which is interactive
    with primos, well, you are laughing.

3 - The major problem, is getting the user to login under the ID where the
    trojan is waiting. For this, use your imagination.  Look at the system,
    the type of users it has and look at what it lacks. Then create it.
    The trick is to get it accross to the victim in a convincing way.

4 - Well what do you know, we have an unprotected Directory called CATINF
    which are unknown to virtually all regular users so, we are going to
    a create a new subdirectory called BUSINESS.  In the Subdirectory we place
    a file describing the new free business information Dbase and all about how
    to access it. We call the file NEWS.

5 - Next stage is to make sure that if there is a user directory, the victim
    does not decide to look into it, and see whether it's on the level.
    We locate the directory files.  It will probably be found in CATINF, with
    in some subdirectory. We should be familiar with the DIALCOM directory
    setup, so just edit the relavant files using the editor, and replace it.

6 - The last step is to inform the user and convince him, that it will be to
    his advantage to type INFO BUSINESS NEWS, which will re-call the file,
    which if worded nicelly, will compell our dear victim to login to the
    Trojan and see what he can get out of it.  You can do this by simply
    sending mail to the person. This is where the ID with authority comes in.
    If on Minerva for example a user receives the message from an OTC account,
    there will be little doubt in his mind as to the authentity, however people
    are quite stupid in a lot of ways, so if you just send it from any ole ID,
    ie, even the one with the trojan in it, it should also be effective.

To Login to the account, without you yourself being stuck in the works, just
plan ahead in the basic program, or there are other means hehe. (Again this
bit of info is not for public circulation, but if you read the files carefully
and with a bit of skill you'll figure it out.)

When I ran a trojan on minerva this is what I did.

Minerva had a habbit of running incredibly slow at prime time. This wasted a
lot of time and thus a lot of the user's money in on-line charges.  Well, I
came up with the idea of a pseudo system, which will speed up the execution
time of the system.  I wrote the fake login as a simple basic program and set
everything up on a unused ID.  I installed a file in catinf, describing the
features of the system etc, so that they would get all the info when they typed
>INFO ACCESS PSEUDO
I was lucky enough to have an OTC account.  Mr Curtis was Curtious enough hehe
to use his name as the password.
I promoted Mr Curtis to a Pseudo System Administrator and I sent a brief letter
to the victims telling them about it and to type >INFO ACCESS PSEUDO.    They
all thought they would save big bucks and came like flies to the honey. I just
logged in every few minutes and picked up their passwords.
Unfortunatelly I made some mistakes, so this is what you should watch out for:

- Choose your victims with care, the new users make the best targets.
- Don't go crazy and set up few thousand people at the one time. Just don't
  over do it.
- When the trojan is discovered, they can either do the following:
      1> Nothing since a scandal would effect business and just increase
         security to watch out for hackers.
      2> Leave the trojan going and have your arse when you call to pick up
         the passowrds, which they will probably change anyway.
      3> Send mail to all the users, informing them to change their passwords
         if they used the business system.
      4> Initiate a compulsory password change for all users
      5> Send a notice displayed at login to change the password if one used
         the trojan.

END
END

Force Files Volume #1 (December 3, 1987)

F O R C E   F I L E S     Volume #1
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From The Depths Of  - THE REALM -, By:  ----====} THE FORCE {====---- 12/03/87
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

FOREWARD
--------

Welcome To the FORCE FILES From the Depths of The Realm. What is THE REALM you
may ask?  Well, just one of the boards I have sysoped, this one was (OR IS,
WHO KNOWS) an International BBS with an interesting collection of people.
Anyway,  I am about to retire for a while from the world of hacking and the
following is a basic summary of well over five years of work. (Well, perhaps I
won't retire, just evolve into the next stage hehehe). I hope this will make it
easier for the people to come and I hope they will add their acquired knowldge.
First of all I would like to thank:

THUNDERBIRD 1                    THE WIZARD                       THE TRADER

And all those who from the begining battled the security of the first
analogue computers and passed on their knowldge.

The files are broken up into several volumes, covering the following:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                          M      E      N      U
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Force File #1           - PUBLIC DATA NETWORKS
                        - AUSTPAC 5052
                        - MIDAS 5053
                        - SOME TECHNICAL JUNK ON NETWORKS
                        - AUSTPAC TUTORIAL BY SYSTEM CRUNCHER
                        - NUA STRUCTURES
                        - INTERNATIONAL DNICS

Force File #2           - US AREA CODES
                        - TYMNET NUA SPRINTS
                        - TELENET NUA SPRINTS

Force File #3           - TELENET NUA SPRINTS CONTINUED
                        - DATAPAC NUA SPRINTS

Force File #4           - ITT/UDTS NUA SPRINTS
                        - DIALNET NUA SPRINT
                        - PSS NUA SPRINTS
                        - DATEX-P NUA SPRINTS
                        - TELEPAK NUA SPRINT
                        - TRANSPAK NUA SPRINT
                        - AUSTPAC NUAS
                        - LOCATING PTSN NUMBERS
                        - OBTAINING PASSWORDS / INFOLTRATING SYSTEMS
                        - DEFAULT PASSWORDS
                        - VAX SYSTEMS

Force File #5           - UNIX SYSTEMS
                        - PRIMENET, DIALCOM - PRIMOS
                        - PRIMOS DEFAULTS
                        - PRIMOS SUBDIRECTORIES
                        - PRIMOS NUA SPRINTER
                        - PRIMOS PHANTOM
                        - PRIMOS TROJANS

Force File #6           - DIALCOM PRIMOS COMMANDS

Force File #7           - DIALCOM PRIMOS COMMANDS CONTINUED
                        - PRIMENET PRIMOS COMMANDS

Force File #8           - PRIMENET PRIMOS COMMANDS CONTINUED
                        - SELECTED PRIMOS COMMANDS
                        - PRIMOS OPERATOR'S TRICKS
                        - LATEST HACKER'S WEAPON
                        - OUTDIAL SYSTEMS
                        - CANADIAN DATAPAC OUTDIALS
                        - SYSTEM IDENTIFICATION
                        - INFO ON NETWORKS

Force File #9           - INFO ON NETWORKS CONTINUED
                        - PHREAKING

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

P U B L I C    D A T A    N E T W O R K S
=========================================

Once upon a time, the old OZ phreakes used their tones on New Zealands lines,
to phreak around the world, but with the increasing prices of overseas
telecomunications the PUBLIC DATA NETWORKS or PACKET SWITCHING NETWORKS have
been one of the most usefulls tools at the hackers disposal.  Australia has
two major networks. AUSTPAC operated by telecom and very slack, and not so
slack MIDAS, run by the OTC.

A U S T P A C    5052
======================

Communicationg via Austpac or Midas for that matter can be a very costly hobby,
unless one has NUI or Network User Identification, which lives on someone
elses bank accoount. (Think of it as helping the Australian Economy if you
have any guilt feelings).  The Austpac NUI's a virtually impossible to
hack using any sprinting or scaning procedure. (If you don't believe me,
have a go at it, if you have fifty or so years to dedicate to it), but they
do happen to leak out from time to time. a Typical austpac NUI has the
following format:

                     BHPLIBJ9ADF3

where the first six digits are the user supplied id code, ie BHPLIB in this
case the NUI used to belong to the BHP LIBRARY. The last six digits are the
telecom supplied part for security. One important thing to note is that when
a NUI dies, only the last six digits are changed.  Don't take my word for it
since I haven't been able to verify this personally, but it makes sense and
the rumours are there.

Once you get the familiar AUSTPAC responce when you call up the system,
you have a number of options.

  1> - You connect to a system which will take collect calls, in which case,
       you don't need a nui. The format is just
             ?<NUA>      where NUA stands for Network User Address
       ie    ?222321000
       The NUA's a usually 9 characters long, but they can have two trailing
       digits to identify the specific system requested to the host.
       ie    ?222321000   will give one system
             ?22232100001 will give a different system at the same site
                          if appropriate.

   2> - If you have a NUI, you can then connect to virtually thousands of
        systems all over the world. You can connect directly to any network
        which Austpac will support. If a network is not supported like in the
        case of DIALNET, you must find an alternate route. For example to
        excess DIALNET, you need to go via a DIALCOM system or any other
        system which has a contract to carry data between the network and
        itself.   (I'll explain more about it later on) to connect to a
        system in the USA for example the format would be
                     ?N<NUI>-<NUA>
              ie     ?NBHPLIBJ9ADF3-0311041500101
        The 'N' tells austpac that a NUI is to follow and to take the
        necassary measures.

Austpac, like most other networks not only have a numerical address for each
host system, but has an equivalent alphabetical code, to simplify the task
of memorising the system addresses. For example:   ?236620000
                will do exactly the same job as:   ?.memo
In both cases you will be connected to TELECOM's TELEMEMO  a mail system
developed by the BELL LABORATORIES I believe, but quite useless when
compared to the more sophisticated ITT DIALCOM's network, of which MINERVA
is but one. (Refer to the DIALCOM NETWORK later on)

Host systems on AUSTPAC can be accessed not only via the AUSTPAC PAD,
(Packet Assembly, Dissasembly), but through otther networks internationally.
The international Code or DNIC for AUSTPAC is 5052 so to connect to TELEMEMO
from lets say BERMUDANET, one would type the NUA with the 5052 prefix
in front of it.  Almost all networks also require a ZERO to be put infront
of the DNIC and NUA to indicate an international connection.

M I D A S   5053
----------------
Midas is fundementally very simmilar to AUSTPAC, but there are many very
significant differences. First of all the NUI's are only six digits long.
This still gives a very large number of possibilities, however sprinting
NUI's now becomes slightly closer to reality.
There isn't a great deal which is different about Midas, but it has the
advantage of connecting directly with another networks PAD. ie by
connecting to the DNIC on networks where it is possible you will be
connected to the actuall PORT or PAD of the foreign network. With Austpac
this is possible only with TYMNET 03106, and few smaller US networks like
COMPUSERVE etc.
MIDAS unike Austpac at least has the decency to give a prompt '*' and the
format for connections is simmilar.  Example:
                                             *N<NUI>-<NUA>
                                      ie:    *NH7SVCO-03106001572

SOME TECHNICAL JUNK ON NETWORKS
--------------------------------

I will not go into any great detail on how the packet switching networks
works, but it's worth noting that it's a very clumsy system to use all
because it's cost effitient.  The Network PORT receives data from your
terminal at your speed be it 300, 1200, etc, or 9600 if you are fortunate
enough to have a dedicated connection. The Network receives the data and
compiles it into a small packet of data. It put's an address tag on it and
sends it off. It's bounced by few satellites etc and the system at the other
end does the rest. It reads the address tag and delivers it to one of it's
local systems at the speed at which it can be digested. As you can imagine,
this can get very slow and clumsy over long distances and the only reason
that it's done is they can neatly fit few thousand users on the one trunk,
whizing individual packets back and forth. About 50% of networks transmit
packets at 9600 baud the rest have operating speeds of over 15000 baud.

SYSTEM CRUNCHER has done a great job in his Austpac Tutorial, and me being
as lazy as I am, cant be bothered typing the info out again, so here
is an extract from the file dealing with Error codes and Profiles.
They can be used in reference to most other networks ie MIDAS since it is
a more or less universal standard.

AUSTPAC TUTORIAL BY:  SYSTEM CRUNCHER
===============================================================================

                         AUSTPAC PAD PROFILES

     A  profile is a snapshot of all of the current values of PAD
     parameters.  A  profile is set for each  C-DTE.  A  standard
     profile  is  is  a given pre-defined set  of  PAD  parameter
     values which may correspond to a specific terminal or family
     of   terminals   to   an   application  or   a   family   of
     applications.There are 13 standard profiles.

     PAR                        PROFILE NUMBER
     REF   0    1    2    3    4    5    6    7    8    9    10    11    12
     ------------------------------------------------------------------------
     1     1    0    0    1    1    1    1    1    1    1    1     0     1
     2     1    0    0    0    0    0    1    1    1    0    1     0     0
     3     126  0    0    2    2    126  126  2    2    126  2     0     126
     4     0    20   10   80   40   200  0    0    0    3    0     3     0
     5     1    0    1    0    0    1    1    1    1    0    1     0     1
     6     1    0    0    1    1    1    1    1    1    1    1     0     1
     7     2    2    21   21   21   21   21   8    21   1    21    21    2
     8     0    0    0    0    0    0    0    0    0    0    0     0     0
     9     0    0    0    0    4    7    0    4    7    0    4     0     0
     10    0    0    0    0    0    0    0    0    72   0    0     0     0
     11             Cannot be set: Not pre-defined in any profile
     12    1    0    1    0    0    1    1    1    1    0    1     0     1
     13    0    0    0    0    0    0    0    0    1    0    0     0     0
     14    0    0    0    0    0    0    0    0    7    0    4     0     0
     15    0    0    0    0    0    0    0    0    0    0    1     0     0
     16    8    8    8    8    8    8    8    8    8    8    8     8     8
     17    24   24   24   24   24   24   24   24   24   24   24    24    24
     18    42   42   42   42   42   42   42   42   42   39   10    42    42
     ------------------------------------------------------------------------
     PARAMETER VALUES IN EACH STANDARD PROFILE

     PROFILE EXPLANATIONS

  0 :  Simple  profile defined in CCITT Rec X.28; echo by PAD; NO
       padding  after <CR> or <LF>;  NO idle  timer  delay.  PSTN
       customers  operating  at  up to 300 BPS or  1200  BPS  are
       usually assigned this profile.

  1 :  Transparent  profile  defined in CCITT Rec X.28;  suitible
       for low speed computer port (LSCP)

  2 :  Profile suitible for LSCP.Note that this is the only  LSCP
       profile which incorporates flow control by the PAD.
       (Parameter 5 = 1)

  3 :  Profile  recommended for C-DTE  communicating with another
       C-DTE  or with an LSCP.  There is an idle timer  delay  to
       allow  data  to  be sent from an  auxiliary  device.  This
       profile  is  also  suitible for  certain  terminals  which
       transmit in blocks.

  4 :  Same  as profile 3 except  for a shorter idle timer  delay
       and four padding characters after <CR>.

  5 :  Classic keyboard-printer terminal used for local printing.

  6 :  Same as  simple profile  (0) except for the procedures  on
       BREAK.

  7 :  The  only  data forwarding conditions here  are  <CR>  and
       BREAK;therefore   with   this  profile   complete   packet
       sequences  can represent logical entities  manipulated  by
       the application.

  8 :  Profile with  only <CR> as  data forwarding  character,  7
       padding  characters after <CR> to C-DTE,  and line folding
       by the PAD after 72 character line.

  9 :  Profile which is  used for  access by  videotex  terminals
       (1200/75 BPS)

       Note  : Profile 9  has been changed  from that  previously
               published  and  is now only accessible to  1200/75
               BPS users.

  10:  Profile  which  utilizes "Editing  during  data  transfer"
       (Parameter  15  = 1) and employs <LF> as  a  line  display
       character (Parameter 18 = 10)

  11:  This  profile  could be used  instead of profile 2 for  an
       LSCP  without  flow  control by the  PAD  when  a  shorter
       transmission delay is required.

  12:  Same  as profile 0  except for parameter 2,  for terminals
       not needing echo by the PAD.

  Format to set PAD :
  SET <PAD#>:<VALUE><CR>

  PAD COMMANDS AND INDICATIONS

  ==============================================================
  | PAD COMMAND     |     FUNCTION      |      INDICATION SENT |
  |   FORMAT        |                   |         IN REPLY     |
  ==============================================================
       STAT          To request info    | FREE or ENGADGED
                     about a virtual    |
                     call with the      |
                     C-DTE              |
  --------------------------------------------------------------
       CLR           Clear a virtual    | CLR CONF or CLR ERR
                     Call               | (In the case of local
                                        | procedure error)
  --------------------------------------------------------------
       PAR?          To read parameter  | PAR <List of parameter
                     values of specified| references with their
                     eg: PAR? 1,5,8     | current values or INV>
                                        | Eg: PAR1:001,5 5:001,
                                        | 8:000
  --------------------------------------------------------------
       SET?          To set and read    | PAR <List of parameter
                     specific parameters| references with their
                     Eg: SET?3:0, 5:1   | current (new) values
                                        | or INV>
                                        | Eg: PAR3:0, 5:1
  --------------------------------------------------------------

  OTHER PAD COMMANDS

  PAD COMMAND            EXAMPLE             FUNCTION
  ==============================================================
  PROFnn                 PROF10         | To assign all the PAD
                                        | parameters the values
                                        | in specified profile
  --------------------------------------------------------------
  RESET                  RESET          | To reset the virtual
  INT                    INT            | call. To transmit an
                                        | interrupt packet to
                                        | the correspndent.
  --------------------------------------------------------------
  SET<n:n>               SET 2:0        | To set or change
                                        | parameter values
                                        | parameters desired
  --------------------------------------------------------------
  ?<AUSTPAC number>      ?238221000     | Call request-Set up a
                                        | call
  --------------------------------------------------------------

  PAD INDICATIONS ASSOCIATED WITH INCOMING EVENTS

  ==============================================================
  INDICATION FORMAT                | EXPLANATION
  ==============================================================
  RESET cause                      | Reset of call/circuit
  --------------------------------------------------------------
  COM                              | Call connected
  --------------------------------------------------------------
  COM                              | There is an incoming call
                                   | Applies to receiving C-DTE
  --------------------------------------------------------------
  CLR cause                        | Call/circuit cleared
  --------------------------------------------------------------
  AUSTPAC                          | Identifier
  --------------------------------------------------------------
  ERROR                            | Error in PAD command
  --------------------------------------------------------------

  AUSTPAC MESSAGES - BRIEF

          CODE      | CAUSE
  ==============================================================
  CLR OCC           | NUMBER BUSY
  CLR INV           | INVALID REQUEST FACILITY
  CLR RNA           | REVERSE CHARGING ACCEPTANCE NOT SUBSCRIBED
  CLR NC            | NO CIRCUITS
  CLR DER           | OUT OF ORDER
  CLR NA            | ACCESS BARRED
  CLR NP            | NO PORT
  CLR RPE           | REMOTE PROCEDURE ERROR
  CLR ERR           | LOCAL PROCEDURE ERROR
  CLR DTE           | DTE ORIGINATED
  CLR ID            | INCOMPATIBLE DESTINATION
  CLR CONF          | CLEAR CONFIRMATION
  CLR PAD           | PAD ORIGINATED CLEARED
  RESET PAD         | PAD ORIGINATED RESET
  RESET NC          | NO CIRCUITS
  RESET 01          | OUT OF ORDER
  RESET RPE         | REMOTE PROCEDURE ERROR
  RESET ERR         | LOCAL PROCEDURE ERROR
  ==============================================================

  AUSTPAC MESSAGES - EXPLANATION

  CLR OCC  :   The called  party is  engadged in other calls  and
               unable to accept the incoming call

  CLR INV  :   Invalid  facility requested  by calling  DTE.  Eg:
               Invalid NUI.

  CLR RNA  :   The called party does not accept reverse charging.

  CLR NC   :   A temporary network fault of network congestion

  RESET NC :   As above

  CLR DER  :   Called party is out of order (System down etc.)

  RESET DER:   As above

  CLR NA   :   The calling DTE os not permitted to obtain the
               connection to the called DTE (Eg: CUG)

  CLR NP   :   The address specified is outside the numbering
               plan or is unassigned.

  CLR RPE  :   A procedure error has been detected at the remote
               DTE network interface

  RESET RPE:   As above

  CLR ERR  :   A procedure error caused by the local DTE is
               detected by the PAD (Eg: Incorrect format)
  RESET ERR:   Same as with CLR ERR

  CLR DTE  :   Remote DTE has cleared or reset the call

  RESET DTE:   As above

  CLR ID   :   The call is not compatible with the remote
               destination.

  CLR CONF :   Response of PAD to valid clearing by the C-DTE

  CLR PAD  :   The PAD has cleared the call at the invitation of
               the correspondent.

  RESET PAD:   The PAD has reset the call (Eg: Loss of input
               characters)
  --------------------------------------------------------------
  Note: These codes will be followed by a 3 digit code. These are
  diagnostic codes which are used by Telecom maintenance staff.

  MISC. AUSTPAC NOTES

  PAD recall character : Ctrl 'P'
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

N U A    S T R U C T U R E S
-----------------------------

There are 2 basic NUA formats.   There is the logical structure and the
stupid one.  There are few exceptions like AUSTPAC NUA's which are just
plain crazy.

The best example to demonstrate would be two NUA's one on TYMNET, other on
TELENET both of which access the same system:

TELENET           0311030100341
if you can brake up the NUA into it's components this is what you obtain:

0                  3110                301             00         341
Specifies          DNIC Address        Area Code       nothing    Host
International      for TELENET                         much       Address
Connection

It's important to note that from the TELENET PAD, the NUA would become
C 301 341, so since you are likely to come accross a US made NUA listing
of Telenet, to convert the NUA's into a more conventional form, just add
the 03110 prefix and enough zeroes in between the area code and Address
to give a total of 8 digits. (trailing digits not included)

TYMNET             0310600157241
Again brake up the NUA into its components.

0                  3106                00              1572        41
Specifies          DNIC Address        Area, no        Host        Trailing
International      for TYMNET          particular      Address     Digits
Connection                             pattern                     to be used
                                                                   by local
                                                                   host.
The major ares on TYMNET are 00, 07 and 90.  There are a lot of others but
they don't have significantly large numbers of NUA's and most of them need
two trailing digits which are often somewhere between 01-99. There could
be some sort of logical format to TYMNET, but as yet, I haven't discovered it.

Thus basically the two formats emerge.

0311030100341xx and
03106001572xx   where xx are the trailing digits to provide host with more
                specific info if required.

The NUA's can be up to 15 digits in most cases and the corresponding phone area
code is used in the NUA, with exception of TYMNET, ITAPAC and few others.

America likes to be different from the rest of the world, as demonstrated by
BELL Standards, so they naturally insist on having a slighly different format
to their NUA's. Us PADS do no not have the zero prefix, so just remember to
leave it out. (Now don't ask me why, just do it.)

There are few other exceptions to the universal NUA formats and australia
has one of them. AUSTPAC NUA's are reasonably unique in that the have a
general format of their own. They may look like random assortments of numbers
at first, but there is a definate pattern.(Thank God for that)
Most NUA on AUSTPAC are in the follwing series ie:

224122000, 224123000, 224220000, 224221000 etc
Basically the last digits reain more or less in their low values. ie most
NUA's will be in the series  224122000 - 224122020 for example, with very few
having the end value greater than twenty. Again, there may be two trailing
digits.
The final exception I have found is in the case of DIALNET which is a very
small network not even worth bothering about, unless you want to access
DIALCOM SYSTEMS in countries with no Public Data network of their own.
Their NUA's are of the form 9000xx and are accessibly through primecon
systems only. (perhaps there are other routes but as yet I haven't found them)

INTERNATIONAL DNICS
-------------------

The following is a table of all the current networks I have been able to
track down, some of the blanks are yet to be filled in.
Unfortunatelly not all are serviced by either MIDAS or AUSTPAC, so you may
need to route your connections very carefully if you want to play with a
system in SAUDI ARABIA and in other exotic places.

COUNTRY          NETWORK       DNIC     COUNTRY           NETWORK       DNIC
----------------------------------------------------------------------------
ARGENTINA        INTERDATA     7220     AUSTRALIA        MIDAS          5053
AUSTRALIA        AUSTPAC       5052     AUSTRIA          RADIO AUSTRIA  2329
AUSTRIA          DATEX-P       2322     BAHAMAS          IDAS           3406
BAHRAIN          BAHNET        4263     BARBADOS         IDAS           3423
BELGIUM          DCS           2062     BELGIUM            -            2068
BELGIUM            -           2069     BERMUDA          BERMUDANET     3503
BRAZIL           INTERDATA     7240     CANADA           GLOBEDAT       3025
CANADA           INFOSWITCH    3029     CANADA           DATAPAC        3020
CAYMAN ISLANDS     -           3463     CHILE            INTERDATA      7300
COLUMBIA         DAPAQ-INTER.  3107     COTE D IVOIRE    SYTRANPAC      6122
DENMARK          DATAPAK       2382     EGYPT            ARENTO          -
FINLAND          FINPAK        2442     FRANCE           TRANSPAC       2080
FRANCE           NTI           2081     FRENCH ANTILLES  DOMPAC         3400
FRENCH  GUIANA   DOMPAC        7420     FRENCH POLYNESIA TOMPAC         5470
GABON            GABONPAC      6282     GERMANY(FED REP) DATEX-P        2624
GERMANY(FED REP) DATEX-P INT   2624     GREECE           HELPAC         2022
GUATEMALA        GUATEL          -      HONDURAS           -             -
HONG KONG        DATAPAK       4545     HONG KONG        IDAS           4542
ICELAND          ICEPAC        2740     INDONESIA        SKDP           5101
IRISH REP        EIRPAC        2724     ISRAEL           ISRANET        4251
ITALY            ITALCABLE     2227     ITALY            ITAPAC         2222
JAPAN            VENUS-P       4408     JAPAN            DDX-P          4401
LUXEMBOURG       LUXPAC        2704     LUXENBOUTG       LUXPAC-PSTN    2709
MALAYSIA         MAYPAC        5021     MEXICO           TELEPAC        3340
NETHERLANDS      DATANET 1     2041     NETHERLANDS      DABAS          2044
NETHERLANDS      DATANET 1     2049     NEW ZEALAND      PACNET         5301
NORWAY           DATAPAK       2422     OMAN               -             -
PANAMA           INTELPAQ        -      PHILIPPINES      GMCR           5150
PHILIPPINES      PHILCOM         -      PORTUGAL         TELEPAC        2680
PORTUGAL         SABD          2682     PUERTO RICO      UDTC           3301
REUNION          DOMPAC        6470     SINGAPORE        TELEPAC        5252
SOUTH AFRICA     SAPONET       6550     SOUTH KOREA      DACOM-NET      4501
SPAIN            TIDA          2141     SPAIN            IBERPAC        2145
SWEDEN           DATAPAK       2402     SWEDEN           TELEPAK        2405
SWITZERLAND      TELEPAC       2284     SWITZERLAND      RADIO SUISSE   2289
TAIWAN           UDAS          4877     TAIWAN           PACNET         4872
THAILAND         IDARC         5200     TRINIDAD         DATANET-1      3740
TRINIDAD         TEXDAT        3745     UN.ARAB EMIRTS.  TEDAS           -
UK               PSS           2342     UK               IPSS           2341
USA              ACCUNET       3134     USA              ALASKANET      3135
USA              AUTONET       3126     USA              COMPUSERVE     3132
USA              DATA TRNSPORT 3102     USA              FTCC           3124
USA              MARKNET       3136     USA              MCII-IMPACS    3104
USA              RCA-LSDS      3113     USA              ITT-UDTS       3103
USA              TELENET     3110/3125  USA              TRT-DATAPAK    3119
USA              TYMNET        3106     USA              WUTCO          3101

END
END