Description of the S/KEY One-Time Password System bty Neil M. Haller and Philip R. Karn

Description of The S/KEY One-Time Password System

Neil M. Haller nmh@thumper.bellcore.com
Philip R. Karn karn@chicago.qualcomm.com

ABSTRACT

The S/KEY one-time password system provides authentication over networks
that are subject to eavesdropping/reply attacks. This system has several
advantages compared with other one-time or multi-use authentication
systems. The user’s secret password never crosses the network during
login, or when executing other commands requiring authentication such as
the UNIX passwd or su commands. No secret information is stored anywhere,
including the host being protected, and the underlying algorithm may be
(and it fact, is) public knowledge. The remote end of this system can run
on any locally available computer. The host end could be integrated into
any application requiring authentication.

Trademarks
———-
Athena and Kerberos of trademarks of MIT.
S/KEY is a trademark of Bellcore.
SPX and DEC are trademarks of Digital Equipment Company.
UNIX is a registered trademark of UNIX System Laboratories, Inc.

Attributes of the S/KEY One-Time Password System
————————————————

The S/KEY authentication system is a simple scheme that protects user
passwords against passive attacks. It is not as powerful or general in
scope as Kerberos or SDASS; nor does it protect against active attacks.
It can, however, be easily and quickly added to almost any UNIX system
without requiring any additional hardware and without requiring the
system to store information (such as plain text passwords) that would
be more sensitive than the encrypted passwords already stored. The
S/KEY system can be used with non programmable terminals or personal
computers (e.g., systems running DOS or Apple Macintoshes) with
conventional communications programs.

Some of the properties of the S/KEY system are:

o Eavesdropping protection

o Conceptually simple and easy to use

o Based on a memorized secret password; does not require a
special device although it can easily be adapted to do so.

o Can be automated for authentication from a trusted system.
(Can also be partially automated for fast operation.)

o No secret algorithms.

o No secrets stored on host.

Description of the S/KEY One-Time Password System
————————————————-

There are two sides to the operation of our one-time password system.
On the user (or client) side, the appropriate one-time password must
be generated. On the system (server) side, the one-time password must
be verified. One time passwords are generated and verified using a
one-way function based on MD4 [Rivest]. (Conversion to MD5 would be
trivial)

We have defined our one-way function to take 8 bytes of input and to
produce 8 bytes of output. This is done by running the 8 bytes of
input through MD4 and then “folding” pairs of bytes in the 16-byte MD4
output down to 8 bytes with exclusive-OR operations. This allows us to
apply the one-way function an arbitrary number of times.

Generation of One-Time Passwords

The sequence of one-time passwords is produced by applying the one-way
function multiple times. That is, the first one-way password is
produced by running the user’s secret password (s) through the one-way
function some specified number of times, (n). Assuming n=4,

p(1) = f(f(f(f(s))))

The next one-way password is generated by running the user’s password
through the one-way function only n-1 times.

p(2) = f(f(f(s)))

An eavesdropper who has monitored the use of the one-time password
p(i) will not be able to generate the next one in the sequence p(i+1)
because doing so would require inverting the one-way function. Without
knowing the secret key that was the starting point of the function
iterations, this can not be done.

Seeding the Password

A user might want to use the same secret password on several machines,
or might allow the iteration count to go to zero. An initial step
concatenates a seed with the arbitrary length secret password, crunches
the result with MD4, and folds the result to 64 bits. The result of
this process is then iterated n times.

System Verification of Passwords

The host computer first saves a copy of the one-time password it
receives, then it applies the one-way function to it. If the result
does not match the copy stored in the system’s password file, then the
request fails. If they match, then the user’s entry in the system
password file is updated with the copy of the one-time password that
was saved before the final execution (by the server) of the one-way
function. This updating advances the password sequence.

Because the number of one-way function iterations executed by the user
decreases by one each time, at some point the user must reinitialize the
system or be unable to log in again. This is done by executing a
special version of the passwd command to start a new sequence of
one-time passwords. This operation is essentially identical to a
normal authentication, except that the one-time password receive
over the network is not checked against the entry already in the
password file before it replaces it. In this way, the selection of a
new password can be done safely even in the presence of an eavesdropper.

Operation of S/KEY One-Time Password System
——————————————-

Overview

The S/KEY one-time password authentication system uses computation to
generate a finite sequence of single-use passwords from a single secret.
The security is entirely based on a single secret that is known only to
the user. Alternatively, part of or the entire secret can be stored in a
non-retrievable way, in the computing device.

Generation of S/KEY One-Time Passwords

As mentioned above, the one-time password sequence is derived from the
secret password using a computer. The required computation has been
executed on a variety of PC and UNIX class machines including notebook
and palm-tops. A vendor has estimated that credit card size devices
could be built for less than $30 in large quantities.

The program can also be stored on and executed from a standard floppy
disk. This would allow operation on a remote computer that could not be
entirely trusted not to contain a Trojan Horse that would attempt
to capture the secret password. It is sometimes useful to pre-compute
and print several one-time passwords. These could be carried on a trip
where public terminals or workstations were available, but no trusted
local computation was available.

Description of Operation

The following narrative describes the procedure for logging into a UNIX
system using the S/KEY one-time password system. To illustrate the
most complex case, we assume a hand-held PC compatible computer is used.

o The user, call her Sue, identifies herself to the system by login name.

o The system issues a challenge including the sequence number of the
one-time password expected and a “seed” that is unique to the system.
This “seed” allows Sue to securely use a single secret for several
machines. Here the seed is “unix3” and the sequence number is 54.

o Sue enters 54 and unix3 into her palm-top computer. She is prompted
for her secret password.

o Sue enters her secret password that may be of any length. The palm-top
computes the 54th one-time password and displays it.

o Sue enters the one-time password and is authenticated.

o Next time Sue wants access, she will be prompted for one-time
password sequence number 53.

Semi-Automated Operation

The complexity illustrated above is necessary only when using a terminal
that is not programmable by the user, or when using a non-trusted
terminal. We have built semi-automatic interfaces for clients using
communications software on popular personal computers. The following
example illustrates logging in using a trusted personal computer and a
popular terminal emulation program.

o Before starting the communication program, Sue runs the CTKEY
program that ties a TSR to a “hot-key” such as F10.

o Sue identifies herself by login name as above.

o The system issues the same challenge including the seed “unix3”
and the sequence number 54. The host system now expects an
s/key one-time password.

o Sue presses the hot-key and is then prompted for a secret password
by the TSR program on the local system.

o In response to Sue’s secret password, the 54th one-time password
is displayed at the position of the cursor.

o Sue presses “Insert” and the terminal emulator transmits the
one-time password completing the authentication.

If the personal computer were in a trusted location, an option of the
CTKEY program allows the secret password to be stored in a local file.

Form of Password

Internally the one-time password is a 64 bit number. Entering a 64 bit
number is not a pleasant task. The one-time password is therefore
converted to a sequence of six short words (1 to 4 letters). Each word
is chosen from a dictionary of 2048 words. The contents of this
dictionary is not a secret.

Source Screening

It is frequently desirable to allow internal access with a multi-use
password while requiring one-time passwords for external access.
A screening table provides this function. When this table is present,
login attempts that pass the screening test are permitted to use the
normal password or a one-time password. Others are notified that the
use of the one-time password is required.

Password echo

Normally systems disable printing during the typing of a password so
that an onlooker cannot steal the password. With a one-time password,
this is unnecessary. The replacement login command allows the user
to turn echo on by pressing “return” at the password prompt. This
makes it easier to enter the longer one-time password.

Acknowledgments
—————
The idea behind our system was originally described by Leslie Lamport.
Some details of the design were contributed by John S. Walden who
wrote the initial version of the client software.

References
———-

Eugene H. Spafford, “The internet worm program: An analysis.” Computer
Communications Review 19(1):17-57, January 1989.

D. C. Feldmeier and P. R. Karn, “UNIX Password Security – Ten Years
Later”, Crypto ’89 Conference , Santa Barbara, CA August 20-24, 1989.

J. G. Steiner, C. Neuman, and J. I. Schiller. “Kerberos: An
authentication service for open network systems.” USENIX Conference
Proceedings, pp. 191-202, Dallas, Texas, February 1988.

Catherine R. Avril and Ronald L. Orcutt. Athena: MIT’s Once and
Future Distributed Computing Project. Information
Technology Quarterly , Fall 1990, pp. 4-11.

R. L. Rivest, The MD4 Message Digest Algorithm, Crypto ’90 Abstracts
(August 1990), 281-291.

Leslie Lamport, “Password Authentication with Insecure Communication”,
Communications of the ACM 24.11 (November 1981), 770-772.

Overview of Computer Security by E.A. Bedwell, EDP Specialist

COMPUTER SECURITY
—————–

Notes of the presentation to
The Institution of Production Engineers
March 21, 1990 by

E.A.Bedwell, E.D.P. Specialist
ORTECH International (NRC/IRAP)
2395 Speakman Dr., Mississauga L5K 1B3
(416) 822-4111, Ext. 261

The writer wishes to thank the Institution of Production Engineers and
it’s President for the invitation to make this presentation, and to
express sincere appreciation to David Stang, Ph.D., Director of Research,
National Computer Security Association, for his contribution both to this
paper and to computer security in general. And I would be very remiss if
I neglected to mention the professional secretarial assistance provided by
Jane Templeman, who makes our whole team tick like the NRC official time
clock – the one that gives the CBC time signal.

This document is, hopefully, written softly: after all, it might be
easier to digest if I have to eat my words. I do not profess to be “the
expert” in the field of computer security; an expert is someone who knows
more and more about less and less until s/he knows absolutely everything
about nothing. I hope never to stop learning, which means (thankfully)
I’ll never be an expert.

INDEX PAGE
—– —-
1. Definition/Scope of “COMPUTER SECURITY” 2
2. Why Should You Be Concerned? 2
3. Types of Security Breaches 3
4. Reasons for Exposure 7
5. General Security Rules (all computer systems) 8
6. Viruses: 9
6.1 History 9
6.2 Effect 10
6.3 Why do people do it? 10
6.4 Symptoms 10
6.5 Concerns 11
6.6 Known Virus Software (1) 11
6.7 Quick Guide to Virus Names (1) 12
6.8 Table of Virus Effects 16
6.9 Virus Detector/Antidote software 19
6.10 Trojan Horses 20
7. PC Rules of Thumb 22
8. Easy Tricks for PC Security 23
9. So You’re Infected (Cure) 24
10. Summary: What Can You Do? 25
11. Security Policy: Points for Consideration 26
12. To run SCAN (included on this diskette) 29

(1) David Stang, Ph.D, “Network Security in the Federal Government,”,
January, 1990, p.168-169 (updated by E.A.Bedwell, March, 1990)

– 2 –
Tonight’s topic is “Computer Security,” a subject near and dear to my
heart after catching fraud a few times, and cracking system security a
few times. The only unfortunate part of this evening is that I have
enough material to cover an intensive 2 or 3 day seminar and I only have
something over an hour, so in addition to extensive notes from this
presentation, I’ve put an article on viruses, and a PC virus detector
program on diskette for you.

1. SCOPE OF COMPUTER SECURITY

Computer security relates to any potential loss of information or your
ability to operate, regardless of the source of the problem. Of course,
all the publicity about computer security is going to the virus
situation. I don’t want to dissuade anyone from their concerns about
viruses, because it’s definitely a growing problem, and if you get hit,
you’ll be sorry you ever laid eyes on a computer. But, current estimates
indicate that viruses represent only 3% of all the computer problems now
occurring. Of course, if you’re one of the 3%, like CNIB or Barclay’s
Bank Canada were last fall, you’ll feel like you’re the only one on
earth. The difference between viruses and other computer security issues
is apparently one of control: I hope to convince you that you have as
much control over viruses and as little control over the other 97% of
problems as to make them equal threats to the safety of your computer.

I’m going to get to viruses later, their prevention, detection and cure,
but I’d like first like to cover the other major problems that affect
computer security – the other 97% – and I’d like to start with reasons
why you should be concerned about security.

2. WHY SHOULD YOU BE CONCERNED?

Your data is a valuable asset, just like premises, equipment, raw
materials and inventory. Because so much of modern business depends on
computers – financial systems, engineering design, medical diagnosis,
production and safety control – the destructive potential is greater
every year. There has been more than one company that’s suffered great
losses, and even gone under because of the loss of things like their
accounts receivable records: no one is going to pay you if you don’t
send them a bill, and if they get word of your inability to invoice them,
their darned unlikely to volunteer payment – so you’re in a financial
mess. The same goes for your design information, production data, the
consequences if safety control systems malfunction, or even the simple
loss of your customer list.

Another reason why you should be concerned is, too often, people don’t
think about computer security until it’s too late. There’s a saying in
my industry that, “He who laughs last probably made a backup.” Another
saying is, “Experience is something you don’t get until just after you
needed it the most.” Well, if it means the life of your company, or the
loss of potentially millions of dollars, or even just the information on
your home computer, it might be wise to get at least some basic knowledge
before the disaster strikes.

– 3 –

3. TYPES OF SECURITY BREACHES

Now that the ‘why’ is out of the way, let’s break down the 97% of
problems. These are not in a specific order, but just as they came to
me. Nor have I attempted to attach percentages to each type of risk,
because very few computer crimes are actually reported, so any figures
that anyone could estimate would not be realistic:

FRAUD/THEFT
By far the biggest problem is fraud or theft. Some examples of this are:

CHAOS – 1987 – Hamburg -> NASA data bank info sold to USSR

Foreign exchange } famous because of big $
Electronic Funds Transfer } amounts, and because of the
Insider Trading } publicity they’ve received

Most common: Cookie jar technique – e.g., interest, income tax
(aka ‘Salami’ technique – take a little and no one
will notice)

Specific examples I’ve caught were in Payroll (no crash on < or =), Accounts Payable (dummy companies), Purchasing (failed reasonableness test), and Accounts Receivable (failed balance routine). These were all thefts of money. Another example of theft which is very interesting is the 28-year-old Canadian who was arrested at UNISYS in Pittsburgh on Dec. 13/89 - what he is alleged to have stolen was NCR's trade secrets - to the tune of US$68M, which comes under a different Canadian law from monetary theft. MALICIOUS DAMAGE / VANDALISM The next major type of computer security breach is the disgruntled employee syndrome. Their favourite is the logic bomb or time bomb: on a certain date or condition after they leave the company, something's going to happen, such as at the health centre in LA where all prescriptions suddenly multiplied by 2. That's really serious, even compared to the logic bomb that superzaps all your files off the face of the earth, because someone could die. At least with a superzap, you can recover if you've been backing up and have a disaster recovery plan in effect. Pure physical vandalism occurs more often at educational institutions, but is still a serious threat. I wouldn't let me near your machine if I was angry with you - my vandalism would be difficult to detect (and expensive to repair). A simple application of a magnetized screwdriver ...... LACK OF SECURITY PLANNING IN SYSTEM DESIGN STAGE One of the biggest logic bombs that's going to occur is on January 1/2000. Do you know how many computer systems use a 2 digit number for the year? Do you know how much work it's going to be to adapt systems to recognize 00 as being greater than 99? My grandmother was born in 1886, and most systems show her birth year as 99. If she lives to the year 1999, I wonder if they'll start sending her the baby bonus. This time bomb is not malicious damage, it's pure lack of planning at the system design stage. - 4 - (Lack of Security Planning - continued) Things like balance checks and reasonableness tests are not built into the system from the beginning, and it's not easy to put them in later. Users must participate at the system design stage, because only they know what's reasonable and what can be balanced. Don't expect a computer technician to know everything there is to know about your job. DISTORTED SENSE OF HUMOUR Then there's the practical joker - the one who thinks it's funny to break into the system to see what he can change, or create some dumb message to appear on your screen. That's what happened at IBM when the infamous Christmas tree appeared 2 years ago (1987). The joke was three-fold - first it analyzed your electronic mail distribution lists and reproduced itself to send to everyone you normally send messages to - this clogged the system up with people reading more messages than normal. The second part was a little more technical - everyone who read the message caused a separate load of the offending program to take up space in memory, unlike most systems where two or more people who are doing the same thing are sharing one load of the software. This clogged memory up so that nothing else could run. There was one more part to this: there were delay timers built into the program so it deliberately ran very slowly. The result was that the largest computer network in the world was shut down for 4 hours. Someone must have had a great need for a power trip. MISTAKE Next, there's fumble fingers: you know, the one who keys the formula in as 600 grams instead of 60 grams, or the estimated production time of 2 hours instead of 2 days. Or the one who almost took me into court when he blamed "the computer" for a mistake. Without going into details about that incident, I can say that going through the grilling by several lawyers in a preliminary investigation was not the high point of my career. What saved the situation (for me and the organization) was audit trailing: every time a transaction was entered, the system recorded the terminal i.d., the user i.d., the date and the time. It also saved a copy of the record as it existed prior to the transaction taking place. A more common mistake, though, is to unlatch a diskette door before the light goes out. Few people realize that the FAT (file attributes table) is the last thing written on a disk, and you can corrupt the FAT by removing the disk too early. "EVERYONE DOES IT" SYNDROME Then there's everyone's favourite: copying software. Believe it or not, in Canada, that falls under the Copyright law, not under theft, but it has been successfully prosecuted. Even if you reverse engineer it and make some minor changes, it will come under the "look and feel" test of the Copyright law - if it looks and feels the same as the original, you can be prosecuted. Copying software is illegal, and your company as the registered owner could be held liable if it is detected. - 5 - ILLEGAL ACCESS Many major computer crimes are perpetrated by illegal access: the 14- year old who broke into NASA from his basement computer room is just one example. There is password software on all larger machines, and it's not difficult to put it on PCs. On the larger machines, one of the major problems is not changing the standard passwords that are set when the machine is delivered: the standard user-level password may be USER, the standard operator password may be OPERATOR, and the standard field repair person's password may be REPAIR, and so on. Guess how I've cracked security a couple of times. In a 1988 article by Dr. Cliff Stoll in "Computers and Security,", he reported that in 10 months of systematic testing on computers attached to the US Defense Data Network (Milnet), access was gained in 13% of the attempts simply by guessing at passwords! There should be some rules applied to passwords: not less than 7 or 8 characters, must be changed at least every 60 days, don't use common things like names (another way I've broken security), don't share it under any circumstances and, for heaven's sake, don't post it on the front of your machine or leave it where someone can find it. It's your personal PIN - just like the money machine - and the information you're dealing with is worth money. Some of the most difficult passwords to break (take it from me) are "two words reversed" (e.g., boardwall, hornshoe, cuptea), or foreign language words (e.g., coupdegrace, millegrazie, caliente). Nonsense is good, too: geebleurql is nice. If you're installing password security on a PC, consider whether you should have it so tight that there is no recourse to the DOS level or no ability to boot from the A: drive. You'd need really good password software (or a good technician on staff) if you have both of these facilities - otherwise you can lock yourself out - but it's my preference (especially for the guy who's wiped his root directory twice). PHYSICAL SECURITY Finally, another area that affects computer security or your ability to carry on computer operations, and one that is often overlooked, is simple physical security: keys, thermal shock, vibration, dirt, water, fire, visibility of information, steady power supply, discharge of static electricity, magnetic fields, are all relevant to security. We have one man in our network who should have (a) cabling bolted to his computer and the floor, (b) a key to his unit, and (c) dust protectors (as well as password access only without recourse to the DOS level). When it comes to thermal shock, if you work in an area where the heat is reduced on winter weekends, I strongly recommend you leave your unit running over the weekend - just lock the keyboard. If the air conditioning is shut down, turn your unit off, and don't turn it on until the temperature is 23C or less. And please don't leave your machine sitting in the sun, or in front of an open window to attract dust. The internal temperature raises within 20 mins. or so to >30C, and the effects
of thermal shock are such that it can, first, rock memory chips out of
their sockets, and, worse, misalign the read heads on your disk drive so
that nothing can be read.

– 6 –

(Physical Security – continued)

Vibration, too, is a source of problems, especially for drives. The read
heads actually float over the surface of drives, not on them the way a
record player needle does, and the space tolerance between is measured in
Angstroms (metric version of microinches). Vibration can cause the head
to hit the drive, and you can say goodbye to whatever was written there.

If you’re in a particularly sensitive field, and your information is what
might be called top secret to your company, you might also want to look
at two protection devices: one is encryption, and the other is Tempest
hardware or shielding. Encryption involves translating your data using
algorithms to something unreadable, and de-coding it when you need it. It
uses a “key” to choose the algorithm – dont’ lose the key! It comes in a
few forms: software controlled encryption, hardware based encryption, or
a combination of the two. Most encryptors work with standard algorithms,
but defense departments and other high-security installations prefer
random algorithms. Tempest hardware, or shielding, protects against
sniffing of signals. ( Signal emanation surveillance is called
“sniffing.”) I don’t have a computer here to demonstrate this, but if
you take an old battery-operated transistor radio and set the dial to the
bottom of the AM band around 520, try passing it within a foot of your
computer. Your ear might not pick up the individual signals, but I assure
you there’s equipment that does. That’s why the US Army was blasting rock
music around the Vatican Embassy when Noriega was there – to mask signals.

More important to the average user, though, is avoidance of electro-
magnetic fields (such as ringing phones near a disk or disk drive), and
having an automatic disk head ‘parker’ that moves the heads to a safe zone
every few seconds. That way, something like a brief power failure is less
likely to cause a “head crash” on the disk.

Simple visibility of information is a risk. Recently I went to a bank
with a court order in hand to give me access to an account. The clerk
simply turned the terminal toward me and, if I’d wanted to bother, I could
have had the account numbers of two other people with identical names.
There is screen saving software that will blank your screen after an
inactivity duration you choose, and personnel should be made conscious
that unauthorized viewing of information is a security risk. And watch
what your staff throw out on paper, too.

When it comes to fire and water, there are two basic rules that everyone
can follow: first, don’t smoke around the PC, and second, don’t feed the
PC coffee and donuts. You might be able to save a keyboard or some parts
with a bath in distilled water, possibly followed by drying with a warm
hair dryer, but there’s no guarantee. I prefer pure isopropyl alcohol –
without the hairdryer so I don’t get fried in the process. Don’t blast a
computer with a fire extinguisher if you can avoid it. If you do have a
fire or a flood, though, you’d better have a tested disaster recovery
plan, and your backups stored off-site.

All of these issues are reasonably within your control: fraud, theft,
disgruntled employees, practical jokers, fumble fingers, software copying
and physical security, at least as much as the infamous viruses that are
around, but let’s take a look at why you’re at risk.

– 7 –

4. REASONS FOR EXPOSURE

Concentration of data in one place

Instantaneous adjustment

Alteration without a trace

Lack of visible records

Complexity of the system

Networking

Technical persons can befuddle

General ignorance by non-techie and management

Detection problems

Lack of training

Security checks in programs not specified

Systems not documented

Limited staff resource for programming/management

No separation of duties

Possibility of enormous losses remaining undetected

Reluctance to report – Embarrassment
Lack of sufficient evidence to prosecute
Cost to prosecute outweighs recovery
Company policy (“Press would have a field day”)

– 8 –

5. GENERAL SECURITY RULES (All Systems, big and small)

Disaster Recovery } Backup Backup Backup
Plan } Restore (test it to make sure it works)

Store your backup off-site (not in your car!)

Physical security

Password for access control (don’t stick your password on
the front of your machine!)

Access to menu only – not to system control level

Reasonableness tests

Balance checks (rounding: up, down, (out?); cross-calculations

Audit trails – all records (terminal i.d., user i.d., date and
time stamping, history record retention)

Fall-through coding (if it doesn’t meet a condition, does it go to limbo)

Payroll/Accounts payable: don’t pay the same # twice

Fault tolerance level supported (user friendly/hostile –
balance between fault tolerance & productivity)

Call back or no answer on dial-up systems

UPS (Uninterrupted Power Supply, or allowance for graceful
degradation) – or at least an automatic head parker

Logical view rights (your user ‘privileges’ allows access only to the
data you need to see, e.g., accounting clerks don’t need to see
production formulae)

Multi-user environment: protection against deadly embrace

Automatic logoff on inactivity timer / Screen saver

Policy statement re purchasing/use/theft/illegal
software, etc.

Encryption (?) – don’t lose the key!

Shielding (“Tempest” hardware for secure systems)

Educate users

– 9 –

6. VIRUSES

As in medicine, a virus needs an ‘organism’ to which it may attach itself,
and a virus is ‘contagious’.

In the case of computers, a virus is usually a destructive piece of code
which attaches to a working program, such as your word processor,
spreadsheet or CAD/CAM software. Viruses are usually written to detect
any load of a computer file that has an extension of .EXE, .COM, .OVL,
.BIN – such extensions representing executable programs. Often, the
virus loads itself into memory, then loads the program you just called, so
the virus is sitting at the front. Then when you exit the program, the
virus code calls for the re-writing of the program back onto the disk –
with the virus still sitting at the front. Other viruses simply go
straight into your boot sector, so they get loaded every time you turn on
your machine. Some do both.

However they ‘hide’, and whatever they attach to, they got to your machine
on an infected diskette. If you are infected and then copy your software
to use on another machine, guess what happens? Right! That’s where the
‘contagious’ element comes in.

In 1989, more viruses were discovered than in all previous years. There
were over 110 at the end of the year, and 7 were discovered in December
alone. Sources have been from as far away as Pakistan and Bulgaria.

Only .004% have reported infections, but most are not reported. Consider
this: if only 1% were infected, that would be 1/2 million units in the
U.S. alone. At a cost ranging from $300 to $3,000 per unit to recover,
the problem starts to impact the economy as well as the productivity of
staff at your organization. It cost one Texas company US$10M to shut
down their 3,000-unit network for 4 days to find 35 infected units.

One of the major problems with viruses is that 90% of the users who
recover are re-infected within 30 days. One person at my organization
was re-infected 7 times in 2 months! Most reinfections occur for one of
two reasons (not necessarily in this order): your back-up was infected,
or it was a virus that hid in the boot sector on track 0, and track 0 is
not re-written by the standard “FORMAT” command (only a low-level format
will get rid of a track 0 virus). Be careful of some new software as
well: there has been more than one instance of shrink-wrapped software
being infected (software companies have disgruntled employees, too, it
seems).

6.1 HISTORY

1959 – Scientific American article about ‘worms’
1963 – caught my first two frauds (Payroll & Accounts Payable)
1970 – Palo Alto lab – worm which directed activities
1982 – Anonymous Apple II worm
1984 – Scientific American CoreWare Series: held contest to
find the most clever/difficult to detect ‘bug’
1987 – Apparent change from intellectual exercise to
dangerous activity.

– 10 –

6.2 EFFECT

Massive destruction: Reformatting
Programs erased
Data file(s) modified/erased

Partial/Selective destruction: Modification of data/disk space
File allocation tables altered
Bad sectors created
If match with event, alter or delete

Random havoc: Altering keystroke values
Directories wiped out
Disk assignments modified
Data written to wrong disk

Annoyance: Message
Execution of RAM resident programs
suppressed
System suspension

6.3 WHY DO PEOPLE DO IT?

Financial gain
Publicity
Intellectual exercise
Terrorism/Fanaticism/Vandalism
Revenge
Just plain wierd

6.4 SYMPTOMS

Change in file size (Usually on .COM, .EXE
.OVL, .BIN, .SYS or .BAT files)
Change in update time or date
Common update time or date
Decrease in available disk or memory space
Unexpected disk access
Printing and access problems
Unexpected system crashes

– 11 –

6.5 CONCERNS

Variety: Virus vs Bug vs Worm vs Trojan Horse vs Superzapper
vs Trap Doors vs Piggybacking vs Impersonation
vs Wiretapping vs Emulation
Strains / Complexity / Growing Sophistication
Bulletin board use and free software
Largest threats from taking computer work home
Kids using same machine at home
Networked mainframe systems
Travel/airline computers (AA wiped out early 1989)
Work message systems (E-Mail)
POS terminals
Banking / Credit Cards / Money Machines
Income Tax records
Health records

**************************************************************
* Global disaster may be on the way *
* No specific laws to deal with malicious programming *
* No single national centre to gather data on infections *
**************************************************************

6.6 KNOWN VIRUS SOFTWARE

12 viruses (and their strains) account for 90% of all PC infections:
_
|_| Pakistani Brain
|_| Jerusalem
|_| Alameda
|_| Cascade (1701/1704)
|_| Ping Pong
|_| Stoned
|_| Lehigh
|_| Den Zuk
|_| Datacrime (1280/1168)
|_| Fu Manchu
|_| Vienna (DOS 62)
|_| April First

– 12 –

6.7 QUICK GUIDE TO VIRUS NAMES (Cross referenced)

Name Synonym-1 Synonym-2 Synonym-3 Synonym-4

1168 Datacrime-B
1184 Datacrime II
1280 Datacrime Columbus Day October 12th Friday 13th
1536 Zero Bug
1701/1704 Cascade Falling Letters Falling Tears Autumn Leaves
1704 Cascade
1704 Cascade-B
1704 Cascade-C
1704 Cascade-D
1704 Format 1704 Blackjack Falling Letters
1704 Blackjack 1704 Format Falling Letters
1808 Jerusalem Black Box/Hole Israeli PLO 1808/1813
1813 Jerusalem Black Box/Hole Israeli PLO 1808/1813
2086 Fu Manchu
2930
3066 Traceback
3551 Syslock
3555
123nhalf
405
500 Virus Golden Gate
512 Virus Friday 13th COM virus
648 Vienna DOS 62 DOS 68 Austrian
AIDS VGA2CGA Taunt
AIDS Info Disk
Alabama
Alameda Virus Yale Merritt Peking Seoul
Alameda-B Sacramento Yale C
Alameda-C
Amstrad
Anti
Apple II GS LodeRunner
April 1st SURIV01 SURIV02
April 1st-B
Ashar
Austrian 648 Vienna DOS 62 DOS 68
Australian Stoned New Zealand Marijuana
Autumn Leaves Cascade 1701/1704 Falling Letters Falling Tears
Basit virus Brain Pakistani Brain Lehore
Black Box Jerusalem Israeli Black Hole 1808/1803 PLO
Black Hole Jerusalem Black Box Israeli 1808/1813 PLO
Black Hole Russian
Blackjack 1704 1704 Format Falling Letters
Bouncing Ball Vera Cruz Ping Pong Bouncing Dot Italian virus
Bouncing Dot Italian virus Bouncing Ball Vera Cruz Ping Pong
Brain-B Brain-HD Harddisk Brain Houston virus
Brain-C
Brain-HD Harddisk Brain Houston virus Brain-B

– 13 –

Brain Pakistani Brain Basit virus Lehore
Cascade 1701/1704 Falling Letters Falling Tears Autumn Leaves
Cascade(-B-C-D) 1704
Century Oregon Jan.1, 2000
Century-B
Chroma
Clone
Clone-B
Columbus Day 1280/Datacrime October 12th Friday 13th
COM virus 512 virus Friday 13th
COM-B Friday 13th-B
COM-C Friday 13th-C
Cookie virus Sesame Street
Dark Avenger
Datacrime 1280
Datacrime-B 1168
Datacrime-II 1184
dBASE virus
Den Zuk Search Venezuelan
Disk Killer Ogre
Do-Nothing (don’t believe it!)
DOS-62 Vienna DOS-68 648 Austrian
DOS-68 Vienna DOS-62 648 Austrian
DOS-62 UNESCO
DOS-62-B
Falling Tears Cascade 1701/1704 Falling Letters Autumn Leaves
Falling Letters 1704 Blackjack 1704 Format
Falling Letters Cascade 1701/1704 Falling Tears Autumn Leaves
Falling Letters-Boot Ping Pong B
Fat 12 Swap Israeli Boot
FluShot4 (a corrupted version of a virus detector – use FluShot4+)
Friday 13th 1280/Datacrime Columbus Day October 12th COM
Friday 13th-B COM-B 512
Friday 13th-C COM-C
Fumble Type
Fu Manchu 2086
Ghost-Boot
Ghost-COM
Golden Gate 500 Virus
Golden Gate -B
Golden Gate-C Mazatlan
Golden Gate-D
Harddisk Brain Brain-B Brain-HD Houston virus
Holland Girl Sylvia
Houston virus Brain-B Brain-HD Harddisk Brain
Icelandic Disk-Crunching-virus Saratoga 2
Icelandic 1 Saratoga 1
Icelandic 2 System virus
INIT29
IRQ v. 41
Israeli Friday13 Jerusalem Black Box/Hole 1808/1813 PLO
Israeli Boot Swap Fat 12

– 14 –

Italian virus Bouncing Ball Vera Cruz Ping Pong Bouncing Dot
Jan.1, 2000 Century Oregon
Jerusalem Israeli Black Box/Hole 1808/1813 PLO Friday 13th
Jerusalem-B New Jerusalem
Jerusalem-C
Jerusalem-D
Jerusalem-E
Jork
Key
Lehigh
Lehigh-2
Lehore Brain Pakistani Brain Basit
Lisbon
LodeRunner Apple II GS
MacMag Peace virus
Madonna (while the nice music plays, your hard disk is being destroyed)
Mailson
Marijuana New Zealand Stoned
Mazatlan Golden Gate-C
Merritt Alameda virus Yale Peking Seoul
Mix1
Music virus Oropax virus
New Jerusalem Jerusalem-C
New Zealand Stoned Marijuana Australian
New Zealand-B Stoned-B
New Zealand-C Stoned-C
nVIR
October 12th 1280/Datacrime Columbus Day Friday 13th
Ohio
Ogre Disk Killer
Oregon Century
Oropax virus Music virus
Pakistani Brain Lehore Basit Brain
Palette Zero Bug
Payday
Peace Virus MacMag
Pearson
Peking Alameda virus Yale Merritt Seoul
Pentagon
Ping Pong Bouncing Dot Italian virus Bouncing Ball Vera Cruz
Ping Pong-B Falling Letters-Boot
PLO Jerusalem Friday 13th 1808/1813 Israeli
Russian Black Hole
Sacramento Alameda-B Yale C
Saratoga 1 Icelandic 1
Saratoga 2 Icelandic Disk-Crunching-virus
Scores
Search Den Zuk Venezuelan
Seoul Alameda virus Yale Merritt Peking
Sesame Street Cookie virus
SF virus
Shoe virus UIUC virus (see also Terse Shoe)

– 15 –

Shoe virus-B
Stoned New Zealand Marijuana Australian
Stoned-B New Zealand-B
Stoned-C New Zealand-C
SUMDOS
Sunday
SRI (destroys anti-viral programs before it damages your system)
SURIV01 April 1st
SURIV02 April 1st
SURIV03
Swap Israeli Boot Fat 12
Sylvia Holland Girl
SYS
Syslock 3551
System virus Icelandic 2
Taunt AIDS VGA2CGA
Terse Shoe (see also Shoe virus)
TP04VIR Vacsina
TP25VIR Yankee Doodle
TP33VIR Yankee Doodle
TP34VIR Yankee Doodle
TP38VIR Yankee Doodle
TP42VIR Yankee Doodle
TP44VIR Yankee Doodle
TP46VIR Yankee Doodle
Traceback 3066
Typo (boot)
Typo (COM) Fumble
UIUC virus Shoe virus
UNESCO DOS-62
Venezuelan Den Zuk Search
Vera Cruz Ping Pong Bouncing Dot Italian Virus Bouncing Ball
Vacsina TP04VIR
VGA2CGA AIDS Taunt
Vienna DOS-62 DOS-68 648 Austrian
Vienna-B
Yale Alameda virus Merritt Peking Seoul
Yale C Alameda-B Sacramento
Yankee Doodle TP25VIR
Yankee Doodle TP33VIR
Yankee Doodle TP34VIR
Yankee Doodle TP38VIR
Yankee Doodle TP42VIR
Yankee Doodle TP44VIR
Yankee Doodle TP46VIR
Zero Bug 1536

– 16 –

6.8 TABLE OF VIRUS EFFECTS (by virus name)

This information is a reformatted version of that which was made
available to the writer by the National Computer Security Association,
Suite 309, 4401-A Connecticut Ave. NW, Washington, D.C., 20008.

This list is not as complete as the list of names preceding. Since
viruses must be created and caught before they can be analyzed for the
type of information that follows, this list will never be as complete as
the list of names. In some instances, you may have been infected with a
variation of the name. You might wish to check this list for all
possible variations of a name you’ve found on the list of synonyms.

Explanation of codes used under “What it does”, and analysis of frequency
of occurrence of each effect:

EFFECT # OCCURRENCES %
—— – ———– –
1. Virus uses self-encryption 13 12
2. Virus remains resident 83 74
3. Infects COMMAND.COM 8 7
4. Infects .COM files 62 55
5. Infects .EXE files 41 37
6. Infects .OVL files 15 13
7. Infects floppy disk boot sector 36 32
8. Infects hard disk boot sector 14 13
9. Infects partition table 1 1
10. Corrupts or overwrites boot sector 31 28
11. Affects system run-time operation 53 47
12. Corrupts program or overlay files 57 51
13. Corrupts data files 4 4
14. Formats or erases all/part of the disk 17 15
15. Corrupts file linkage (FAT) 9 8
16. Overwrites program 4 4
17. Mac virus (as opposed to PC virus) 2 2

Increase in Disinfector
VIRUS NAME Prog’m size that works What it does
———- ———– ———– ————

1168/Datacrime B 1168 SCAN/D 1, 4, 12, 14
1184/Datacrime 2 1184 1, 4, 5, 12, 14
123nhalf 3907 2, 5, 11, 13
1280/Datacrime 1280 SCAN/D 1, 4, 12, 14
1514/Datacrime II 1514 SCAN/D 1, 4, 5, 12, 14
1536/Zero Bug 1536 SCAN/D 2, 4, 11, 12
1701/Cascade 1701 M-1704 1, 2, 4, 11, 12
1704/Format 1704 M-1704 1, 2, 4, 11, 12, 14
1704/Cascade 1704 M-1704 1, 2, 4, 11, 12
1704/Cascade-B 1704 M-1704 1, 2, 4, 11, 12
1704/Cascade-C 1704 1, 2, 4, 11, 12
1704/Cascade-D 1704 1, 2, 4, 11, 12
2930 2930 SCAN/D 2, 4, 5, 12

– 17 –

3066/Traceback 3066 M-3066 2, 4, 5, 12
3551/Syslock 3551 SCAN/D 1, 4, 5, 12, 13
3555 3555 1, 3, 4
405 SCAN/D 4, 16
AIDS SCAN/D 4, 16
AIDS Info Disk 0 AIDSOUT 11
Alabama 1560 SCAN/D 2, 5, 11, 12, 15
Alameda-B 2, 7, 10
Alameda-C 2, 7, 10
Alameda/Yale MDISK 2, 7, 10
Amstrad 847 SCAN/D 4, 12
April 1st 2, 4, 11
April 1st-B 2, 5, 11
Ashar MDISK 2, 7, 10
Black Hole 1808 2, 4, 5, 6, 11, 12, 15
Brain-B 2, 7, 8, 10
Brain-C 2, 7, 8, 10
Century 2, 4, 5, 6, 11, 12, 14, 15
Century-B 2, 4, 5, 6, 11, 12, 14, 15
Clone-B 2, 7, 10, 15
Clone virus 2, 7, 8, 10
dBASE 1864 SCAN/D 2, 4, 11, 12, 13
DOS-62-B 3, 4, 11
DOS-62-UNESCO 650 3, 4, 11
Dark Avenger 1800 M-DAV 2, 3, 4, 5, 6, 11, 12, 15
Datacrime II-B 1917 SCAN/D 1, 3, 4, 5, 12, 14
Disk Killer MDISK 2, 7, 8, 10, 11, 12, 13, 14
Do-Nothing 608 SCAN/D 4, 12
Fri 13th COM 512 SCAN/D 4, 12
Fri 13th COM-B 512 4, 12
Fri 13th COM-C 512 4, 12
Fu Manchu 2086 SCAN/D 2, 4, 5, 6, 11, 12
Ghost-Boot ver. MDISK 2, 7, 8, 10, 11
Ghost-COM ver. 2351 SCAN/D 4, 10, 12
Golden Gate 2, 7, 10, 14
Golden Gate-B 2, 7, 10, 14
Golden Gate-C 2, 7, 10, 14
Golden Gate-D 2, 7, 10, 14
IRQ v. 41 4, 5, 11
Icelandic I 642 SCAN/D 2, 5, 11, 12
Icelandic II 661 SCAN/D 2, 5, 11, 12
Italian/Ping Pong MDISK 2, 7, 10, 11
Italian-B MDISK 2, 7, 8, 10, 11
Jerusalem 1808 SCAN/D/A 2, 4, 5, 6, 11, 12
Jerusalem-B 1808 M-JERUSLM 2, 4, 5, 6, 11, 12
Jerusalem-C 1808 2, 4, 5, 6, 11, 12
Jerusalem-D 1808 2, 4, 5, 6, 11, 12
Jerusalem-E 1808 2, 4, 5, 6, 11, 12, 15
Jork 2, 7, 10
Lehigh SCAN/D 2, 3, 12, 14, 16
Lehigh-2 2, 3, 12, 14, 15, 16
Lisbon 648 SCAN/D 4, 12

– 18 –

MIX1 1618 SCAN/D 2, 5, 11, 12
New Jerusalem 1808 M-JERUSLM 2, 4, 5, 6, 11, 12
New Zealand MD 7
New Zealand-B 7, 8
New Zealand-C 7, 8
nVIR 11, 17
Ohio MDISK 2, 7, 10
Oropax 2, 4
Pakistani Brain MDISK 2, 7, 10
Palette/Zero Bug 1536 2, 3, 4,
Payday 1808 M-JERUSLM 2, 4, 5, 6, 12
Pentagon MDISK 7, 10
SF Virus 2, 7, 11, 14
SRI 1808 2, 4, 5, 6, 11, 12
SURIV01 897 SCAN/D 2, 4, 11, 12
SURIV02 1488 SCAN/D 2, 5, 11, 12
SURIV03 SCAN/D 2, 4, 5, 6, 11, 12
SYS 2, 7, 8, 11, 12
SYS-B 2, 7, 8, 11, 12
SYS-C 2, 7, 8, 11, 12
Saratoga 632 SCAN/D 2, 5, 11, 12
Saratoga-2 2, 5, 11, 12
Scores 11, 17
Search HD 2, 7, 8, 10, 11
Search-B 2, 7, 10, 11
Search/Den Zuk MDISK 2, 7, 10, 11
Shoe virus 2, 7, 8, 10
Shoe virus-B 2, 7, 10
Stoned/Marijuana MDISK/P 2, 7, 9, 10, 11, 15
SumDOS 1500 4, 5, 14
Sunday 1636 SCAN/D 2, 4, 5, 6, 11, 12
Swap/Israeli Boot MDISK 2, 7, 10
Sylvia/Holland 1332 SCAN/D 2, 4, 12
Terse Shoe virus 2, 7, 10
Typo (Boot) MDISK 2, 7, 8, 10, 11
Typo/Fumble (COM) 867 SCAN/D 2, 4, 11, 12
Vacsina/TP04VIR 2, 4, 5
Vienna-B 648 SCAN/D 2, 4, 5, 12
Vienna/648 648 M-VIENNA 4, 12
Yankee Doodle 2855 SCAN/D 2, 4, 5, 11, 12
Yankee Doodle/TP25VIR 2, 4, 5
Yankee Doodle/TP33VIR 2, 4, 5
Yankee Doodle/TP34VIR 2, 4, 5
Yankee Doodle/TP38VIR 2, 4, 5
Yankee Doodle/TP42VIR 2, 4, 5
Yankee Doodle/TP44VIR 2, 4, 5
Yankee Doodle/TP46VIR 2, 4, 5

– 19 –

6.9 VIRUS DETECTOR AND ANTIDOTE SOFTWARE

*** None offer complete protection ***

Some do NOT test for boot sector viruses, modification of the command
interpreter, branching into the BIOS, etc., unconventional things that
nasty viruses are known to do. This is not a comprehensive list, but
you’ll have an idea of what’s available, either commercially or through
public domain. Look for a product that will detect as many of the
effects identified in the previous section as possible. Warning: some
highly publicized virus detectors only search for ONE (1) virus! Others
are more sophisticated, and may even act as a disinfector as well as a
detector.

Old virus symptoms vs file changes
Antidote
Antigen

Bombsqad
Canary
Cylene-4
C-4
Disk Defender * recommended (add-on board – write-protects hard disk)
Disk watcher
Dr. Panda Utilities
IBM – COMPare in DOS
Mace vaccine
Magic Bullets
Syringe
Sentry * recommended for systems booted regularly
Vaccine
Viraid
Virus-Pro * recommended for large corporate environments
Shareware: Novirus
Flushot4+
Virusck
Viruscan

Plus what’s shown on preceding pages as a “Disinfector that works”. I
also have a list of over 100 shareware products that do everything from
detect and/or disinfect to write-protecting the hard drive and requiring
password access …. but my fingers are getting tired from typing at this
point, and there are more important things to cover – after all, if
you’re careful, you won’t need a list of detectors/disinfectors.

– 20 –

6.10 TROJAN HORSES

While a “virus” is something hidden within another program that is
waiting to make your system really sick, and a “worm” may be something
that lives on its own and usually transmits through networked computers,
a “Trojan Horse” is a little of both, so I’ve included it with this virus
section if only to warn you of its existence. It lives on its own as a
program, and will bring you down like Helen of Troy’s soldiers. “I
wouldn’t copy something like that,” you say. Well, like Helen’s horse,
it comes disguised. It will purport to do something really neat, like
compress files (so you have more disk space available), sort your
directories (so you can find things more easily), or play chess or
another game with you. In actuality, it’s really just waiting to do the
things that viruses do – trash your files, scramble your boot sector, fry
your FAT, or erase your hard disk. It doesn’t usually do anything it
promises to do.

The following are just a few examples of the known Trojan Horses, most
of which come from bulletin boards. Please don’t misunderstand me, most
BB operators are honest people who are trying to help the computer
industry as

Screwing with School Computers, by Liquid Bug

*** Screwing with School Computers ***

Hacking is all about information. To become a hacker you must learn everything you know
on your own or by listening to other hackers. Schools and what they call “education” has little
to do with learning. So this file is here to show you some truly productive things to do at
school:

Most middle and high schools use Macintosh computers for 2 reasons. They’re easier to use
and harder to fuck up. Almost all school computers use some sort of security program. Here I
will discuss how to get around two popular security programs: FoolProof and At Ease. You can
probably use these methods on other programs as well.

– FoolProof: FoolProof is a program that locks up parts of the computer. It is run thru the
extention FoolProof INIT whenever the computer is started up. The first thing to try is to
hold SHIFT during startup to turn the extentions off. Sometimes this works. Sometimes it
doesn’t. If this does work, try to copy FoolProof onto a disk to use as an unlock disk if you
ever come to a computer where the extentions off method doesn’t work. If shift doesn’t work
there is a few other things you can do. If you just want to get into a locked folder just do a
FIND and search for a file you know is inside. Example: You want to get into the System folder.
Go to FIND and search for FINDER, a file you know is inside System Folder. It will bring you to
the Finder, inside the System Folder. From there you can use anything else inside. Sometimes
every single file inside the System Folder will also be locked and then this doesn’t work. If all
else fails you need to get an unlock disk. Here is how to make and use one:

1) Go to an old computer such as a Mac Classic and hold shift during start-up.
2) FoolProof should be turned off along with the extentions.
3) Copy FoolProof onto a disk
4) Take the disk to a locked computer
5) Run FoolProof off the disk
6) It’ll display some message asking you if you want to shut down to other version of
FoolProof running. Click YES.

If you can’t get to a computer where the extentions off method works tell a nice teacher that you
need to move some files and you need FoolProof to be off. He should turn it off and when he
isn’t looking you can copy FoolProof to a disk.

– At Ease: At ease is a different Operating System than the Mac OS and it won’t let you out
unless you have the password. If you have a nack for guessing passwords try that. Do this: hold
COMMAND and hit the POWER key. You should get a box with a little > prompt. Type G FINDER to
get back to the finder. If this doesn’t work run as many applications as you can to clog up
memory. You should soon get a message saying “Not enough memory to run this application, would
you like to close At Ease?” Click yes (no, really?).

Things to do to a computer once its unlocked:
– Change the colors: Go into Control Panel and change the colors of everything. It should
annoy sysadmins a bit.

– Change the font: Change the main font to Zaft Dingbats or Symbol so no one can read the
titles to things.

– Change icons: Change the names and pictures of a bunch of icons

– Put messages in StartUp items: Type a message and put it into the Startup Items menu.

– Shut down on StartUp: Go to Apple Menu Items and get the Shut Down item. Put it into the
StartUp itmes folder. Gee, I wonder what that would do?

– Relock: If you can get a version of FoolProof with no password assigned put it into use
with a different password so teachers will be locked out of their comptuers.

There are bajillions of other cool tricks you could do, so just play around. Remember:
Anyone can delete a file. There’s no challenge in that, its just vandalism. It is much better
to make a kewl alteration to something then to delete it.

Fun stuff to do to Netscape:

– Change the home page location to either, your own page or a really nasty site.

– Change the font to Zaft Dingbats or Symbol

– Select “Always use my colors” on the Color prefs and change the backgroud, foreground and
links to white. It’ll be more than slightly anoying.

Prank E-Mailing:

Change the Identity settings to someone else and send nasty E-Mail messages to all your favorite
teachers. Or if you really hate a teacher you can SPAM them like this:

1) First send as many messages as you can to the target with large attachments.
2) Go on the internet and sign the target up for a million mailing lists. A great place with
tons of mailing lists to sign her/him up for can me found at the “List of Entemology Resources
on the Web — complete”. Just type “insects” at infoseek.
3) Go into a weird newsgroup and type a bunch of messages asking people to mail you back as
the targets adress.

The Administration Shared Disk:

This is the server disk in which all the information about Grades, Discipline and a bunch of
other crap is stored. Sometimes you can find a link to it on a student computer by seraching for
theses words “admin”,”shared disk”, and the name of your school district. If you get to it you
will probably need a User Name and password. Type the name of one of the Sysadmins at the school
in a bunch of formats like “last, first intial”, “last, first”, “first last” and so on. Then
try to guess a password. Use things like the persons kids names, wife’s names and words like
“secret”, “password”, “school”, “education” or other info. And easier way to get onto the
shared disk is to get on it directly from a sysadmin computer. Here is a way to get acess to one:

1) While your class is doing a report get some info on it onto a Mac formatted disk.
2) Right after school gets out, find a nice teacher that looks busy.
3) Tell him/her that you have info on a Mac disk and you need to get it put onto an IBM disk
so you can take it home to work on (tell him you have and IBM at home).
4) Ask him how you would do that (even though you probably know) just to act stupid.
5) He should tell you how and let you use the computer.
6) Start to copy the files and reformatt like you are supposed to be doing really slow until
he turns his back.
7) FIND the sysadmin shared disk and copy as much info as you can into a folder marked personal
on the disk.
8) Finish the copying and formatting.

The reason you named it personal is in case he wants to look in the folder you can just
tell him its private. Now you can read all the info and alter it to your liking. This may
containt info on passwords and other important stuff. After you edit it on the disk do the same
trick again either the next day (pretend you need to change them back to Mac files) or some
other day to a different teacher and replace the info currently on there with the new stuff.
If the reformat trick doesn’t work here are some others:

– One day when you get in trouble and are in the principal or vice-principals office, if he
leaves the room for a while, really quickly copy the files. This is why you should ALWAYS carry
a disk in you pocket. It will come in handy.

– Simply sneak into a clasroom while the teacher’s at lunch

Fun stuff you can get off the net. Go to El Grande’s Mac Hack page (just look up
“El Grande’s Mac Hacks” on infoseek). There are a bunch of cool Mac tricks that are very good
for usage on school computers.

Hacking from home: I’m not quite sure if it would be any use, but here is a way to get
the phone number of any school computer:

If your phone company has a number you can dial to find out where you are at (like 811) then
just do this: Go into a terminal (such as Microsoft Works Communications), dial 811 and listen
really closesly to the computer. You should be able to make out a number.

If your phone company has no such service then try this:

Right before you come home from school do this:

1) Go into a terminal (such as Microsoft Works Communications)
2) Dial your home phone number and let someone pickup and say “Hello” about 5 times or if no
one’s home just let it ring for a while.
3) Go directly home, imediately.
4) Run to the phone and dial *69
5) If no one has called after you did, it should tell you the number of the computer you
dialed from.

Thats about it. This whole time I have been under the assumption that your school uses
Macs. If it doesn’t there are many more tricks you can do on a PC as long as you know your
way around DOS. If you are fluent with DOS you have infinite power on a PC.

_____________________________
| _________________________ |
|| /\ /\ ||
|| \ ___ / ||
|| <.> <.> Liquid Bug ||
|| \ / ||
||_________________________||
|___________________________|

Coping with the Threat of Computer Security Incidentys, by Russell L. Brand (June 8, 1990)

Coping with the Threat of Computer Security Incidents

A Primer from Prevention through Recovery

Russell L. Brand ?

June 8, 1990

Abstract

As computer security becomes a more important issue in
modern society, it begins to warrant a systematic
approach. The vast majority of the computer security
problems and the costs associated with them can be
prevented with simple inexpensive measures. The most
important and cost effective of these measures are
available in the prevention and planning phases. These
methods are presented followed by a simplified guide to
incident handling and recovery.

—————————
?Copyright ?c Russell L. Brand 1989, 1990 Permission to copy
granteddprovidede eachscopyfincludes attributionoand the pversion
information. This permission extends for one year minus one day
from June 8, 1990; past that point, the reader should obtain a
newer copy of the article as the information will be out of date.

0

Contents

1 Overview 4

2 Incident Avoidance 5

2.Passwords :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: : 5

2.1Joe’s :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: : 6

2.1Same Passwords on Different Machines :: :: :: :: :: :: : 6

2.1Readable Password Files :: :: ::: :: :: :: :: :: :: :: : 7

2.1Many faces of a person : :: :: ::: :: :: :: :: :: :: :: : 9

2.1Automated Checks for Dumb Passwords : :: :: :: :: :: :: : 9

2.1Machine Generated Passwords :: ::: :: :: :: :: :: :: :: :10

2.1The Sorrows of Special Purpose Hardware :: :: :: :: :: :12

2.1Is Writing Passwords Down that Bad? : :: :: :: :: :: :: :13

2.1The Truth about Password Aging ::: :: :: :: :: :: :: :: :13

2.1How do you change a password : ::: :: :: :: :: :: :: :: :13

2.Old Password Files :: :: :: :: :: ::: :: :: :: :: :: :: :: :14

2.Dormant Accounts : :: :: :: :: :: ::: :: :: :: :: :: :: :: :14

2.3VMS :: :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :14

2.Default Accounts and Objects : :: ::: :: :: :: :: :: :: :: :14

2.4Unix : :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :16

2.4VMS :: :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :17

2.4CMS :: :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :18

2.File Protections : :: :: :: :: :: ::: :: :: :: :: :: :: :: :18

2.Well Known Security Holes : :: :: ::: :: :: :: :: :: :: :: :19

2.New Security Holes :: :: :: :: :: ::: :: :: :: :: :: :: :: :20

1

2.7CERT : :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :20

2.7ZARDOZ :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :21

2.7CIAC : :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :21

2.Excess Services :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :21

2.Search Paths :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :21

2.Routing : :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :21

2.Humans :: :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :22

2.1Managers :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :22

2.1Secretaries :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :22

2.1Trojan Horses : :: :: :: :: :: ::: :: :: :: :: :: :: :: :22

2.1Wizards : :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :23

2.1Funders : :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :23

2.Group Accounts :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :23

2..rhosts and proxy logins :: :: :: ::: :: :: :: :: :: :: :: :24

2.Debugging :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :24

2.Getting People Mad at You : :: :: ::: :: :: :: :: :: :: :: :24

3 Pre-Planning your Incident Handling 25

3.Goals: :: :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :25

3.1Maintaining and restoring data ::: :: :: :: :: :: :: :: :25

3.1Maintaining and restoring service :: :: :: :: :: :: :: :26

3.1Figuring how it happenned : :: ::: :: :: :: :: :: :: :: :26

3.1Avoiding the Future Incidents and Escalation : :: :: :: :26

3.1Avoiding looking foolish :: :: ::: :: :: :: :: :: :: :: :27

3.1.Finding out who did it :: :: ::: :: :: :: :: :: :: :: :27

2

3.1Punishing the attackers :: :: ::: :: :: :: :: :: :: :: :27

3.Backups : :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :27

3.2Why We Need Back Ups :: :: :: ::: :: :: :: :: :: :: :: :28

3.2How to form a Back Up Strategy that Works : :: :: :: :: :29

3.Forming a Plan :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :30

3.Tools to have on hand :: :: :: :: ::: :: :: :: :: :: :: :: :31

3.Sample Scenarios to Work on in Groups :: :: :: :: :: :: :: :31

4 Incident Handling 33

4.Basic Hints: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :33

4.1Panic Level :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :33

4.1Call Logs and Time Lines :: :: ::: :: :: :: :: :: :: :: :33

4.1Accountability and Authority : ::: :: :: :: :: :: :: :: :33

4.1Audit Logs : :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :33

4.1Timestamps : :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :34

4.Basic Techniques : :: :: :: :: :: ::: :: :: :: :: :: :: :: :34

4.2Differencing :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :34

4.2Finding : :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :34

4.2Snooping :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :34

4.2Tracking :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :34

4.2Psychology : :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :34

4.Prosecution: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :35

4.Exercise: :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :35

5 Recovering From Disasters 36

A Micro Computers 36

3

B VMS Script 39

C Highly Sensitive Environments 42

D Handling the Press 44

D.Spin Control :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :44

D.Time Control :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :44

D.Hero Making: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :44

D.Discouraging or Encouraging a Next Incident :: :: :: :: :: :45

D.Prosecution: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :45

D.No Comment : :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :45

D.Honesty : :: :: :: :: :: :: :: :: ::: :: :: :: :: :: :: :: :45

E Object Code Protection 46

F The Joy of Broadcast 47

G Guest Accounts 48

G.Attack Difficulty Ratios :: :: :: ::: :: :: :: :: :: :: :: :48

G.Individual Sponsors : :: :: :: :: ::: :: :: :: :: :: :: :: :48

G.The No Guest Policy : :: :: :: :: ::: :: :: :: :: :: :: :: :48

H Orange Book 49

I Acknowledgements 50

4

1 Overview

Since 1984, I have been periodically distracted from my
education, my research and from my personal life to help handle
computer emergencies. After presenting dozens of papers,
tutorials talks on computer security, Roger Anderson and George
Michale arranged for me to lead a one day intensive seminar on
the practical aspects of computer security in an unclassified
networked environment for IEEE Compcon. This primer was written
as a basic text for this type seminar and has been used for about
2 dozen of them in the past year , and is still in draft form.

The text is divided into four main sections with a number of
appendices. The first two major sections of this document
contain the material for the morning lecture. The two following
sections contain the afternoon lecture contain the afternoon’s
material. The remaining appendices include material that is of
interest to those people who have to deal with other computer
security issues.

Since this primer is a direct and simple “how to guide” for
cost-effective solutions to computer security problems, it does
not contain as many stories and examples as my other tutorials.
Those readers interested in these stories or who are having
difficulty convincing people in their organization of the need
for computer security are referred to Attack of the Tiger Team,
when it becomes available. and those readers interested in
comprehensive list of computer security vulnerabilities should
contact the author regarding the Hackman project.

Suggestions, questions and other comments are always welcome.
Please send comments to primer@cert.sei.cmu.edu. I hope to
publish a this set of notes in a more complete form in the
future. When sending comments or questions, please mention that
you were reading version CERT 0.6 of June 8, 1990.

Russell L. Brand
brand@lll-crg.llnl.gov
1862 Euclid Ave, Suite 136
Berkeley, CA 94709

5

2 Incident Avoidance

“An ounce of prevention is worth a pound of cure.” In computer
security this is an understatement by a greater factor than can
be easily be believed. Very little has historically been done to
prevent computer break-ins and I have been told by a number of
the country’s top computer scientists that “Computer Security is
a waste of time.” The belief that security measures or
preventive medicine is a waste has led to giant expenditures to
repair damage to both computers and people respectively. Must of
my surprise, several system managers reviewing this document were
sure that even basic preventative measures would not be cost
effective as compared to repairing disasters after they occurred.

The vast majority of the security incidents are caused by one of
about a dozen well understood problems. By not making these
mistakes, you can prevent most of the problems from happening to
your systems and avoid untold hassles and losses. Almost every
site that I survey and almost every incident that did not involve
insiders was caused by one of these problems. In the most of the
insider cases, no amount of computer security would have helped
and these are in many ways demonstrated problems with physical
security or personnel policy rather than with computer security
per se.

Most of the security incidents are caused by “attackers” of
limited ability and resources. Because of this and because there
are so many easy targets, if you provide the most basic level of
protection, most of the attackers will break into some other site
instead of bothering yours. There are of course exceptional
cases. If you are believed to have highly sensitive information
or are on a “hit list” of one type or another, you may
encounter more dedicated attackers. Readers interested in more
comprehensive defensive strategies should consult the appendices.

Over all, prevention of a problem is about four orders of
magnitude cheaper than having to handling it in the average case.
Proper planning can reduce the cost of incident handling and
recovery and is discussed in the section on planning. In
addition to whatever other measures are taken, the greatest
incremental security improvement will be obtained be implementing
the simple measures described below.

6

2.1 Passwords

While “good passwords” is not a hot and sexy topic and will
never command the prestige of exploitable bugs in the operating
system itself, it is the single most important topic in incident
prevention. Doing everything else entirely correctly is almost
of no value unless you get this right!

2.1.1 Joe’s

A “Joe” is an account where the username is the same as the
password. This makes the password both easy to remember and easy
to guess. It is the single most common cause of password
problems in the modern world.

In 1986, there was popular conjecture that every machine had a
Joe. There was fair amount of random testing done and in fact a
Joe was found on each and every machine tested. These included
machines that had password systems designed to prevent usernames
from being used as passwords.

This summer, while I was testing a series of sensitive systems,
where hundred of thousands of dollars were spent to remove
security holes including re-writing a fair fraction of the
operating system, there were Joes.

It is worthwhile to include a process in your system batching
file (cron on unix) to check for Joes explicitly. The most
common occurrences of Joes is the initial password that the
system administrators set for an account which has never been
changed. Often this initial password is set by the administrator
with the expectation the user will change it promptly. Often the
user doesn’t know how to change it or in fact never logs in at
all. In the latter case a dormant account lies on the system
accomplishing nothing except wasting system resources and
increasing vulnerabilities.

2.1.2 Same Passwords on Different Machines

Many years ago when a computing center had a single mainframe the
issue of a user having the same password on multiple machines was
moot. As long the number of machines that a user accessed was
very small, it was reasonable to request that a person to use a
different password on each machine or set of machines. With a

7

modern workstation environment, it is no longer practical to
expect this from a user and a user is unlikely to comply if
asked. There are a number of simple compromise measures that can
and should be taken.

Among these measures is requesting that privileged users have
different passwords for their privileged accounts than for their
normal use account and for their accounts on machines at other
centers. If the latter is not the case, then anyone who gains
control of one of these “other” machines which you have no
control over, has gained privileged access to yours as well.

The basic question of when passwords should be the same is
actually a simple one. Passwords should be the same when the two
machines are (1) logically equivalent (as in a pool of
workstations), (2) “trust each other” to the extent that
compromising one would compromise the others in other ways, or
(3) are run by the same center with the same security measures.
Passwords should be different when the computers are (1) run by
different organizations, (2) have different levels of security or
(3) have different operating systems.

Lest this seems too strict, be assured that I have on several
occasions broken into machines by giving privileged users on the
target machines accounts on one of my own and exploiting their
use of the same password on both. Further, machines with
different operating systems are inherently vulnerable to
different “programming bugs” and hence by having the same
passwords on the two machines, each machine is open to the all
the bugs that could exist on either system.

It is interesting (but of little practical value) to note that an
attacker can gain a cryptographic advantage by having two
different encrypted strings for the same password. This would
happen when the user has the same password on two machines but it
has been encrypted with different salts. In principle, this
makes hostile decryption much easier. In practice, the attack
methods that are most often used do not exploit this.

The worst offenders of the “shared password problem” are
network maintenance people and teams. Often they want an account
on every local area net that they service, each with the same
password. That way they can examine network problems and such
without having to look up hundreds of passwords.

While the network maintainers are generally (but not always) good
about picking reasonable passwords and keeping them secret, if
any one machine that they are using has a readable password file

8

(discussed below) or is ever compromised, this password is itself
compromised and an attacker can gain unauthorized access to
hundreds or thousands of machines.

2.1.3 Readable Password Files

A readable password file is an accident waiting to happen. With
access to the encrypted password an attacker can guess passwords
at his leisure without you being able to tell that he is doing
so. Once he has a correct password, he can then access your
machine as that user. In the case of certain operating systems,
including older versions of VMS, there is a well know inversion
for the password encryption algorithm and hence the attacker
doesn’t need to guess at all once he can read the password file.

Changing the encryption method to some other method that is also
publically known doesn’t help this set of problems, even if the
crypto-system itself is much stronger. The weakness here is not
in the crypto-system but rather in the ease of making guesses.

It is vital to protect your password file from being read. There
are two parts to this. First you should prevent anonymous file
transfers from be able to remove a copy of the password file.
While this is generally very easy to do correctly, there is a
common mistake worth avoiding. Most file transfer facilities
allow you to restrict the part of the file system from which
unauthenticated transfers can be made. It is necessary to put a
partial password file in this subsection so that an anonymous
agent knows “who it (itself) is”. Many sites have put complete
password files here defeating one of the most important purposes
of the restrictions. (Of course without this restriction “World
Readable” takes on a very literal meaning:::)

The second part of the solution is somewhat harder. This is to
prevent unprivileged users who are using the system from reading
the encrypted password from the password file. The reason that
this is difficult is that the password file has a great deal of
information that people and programs need in it other than the
passwords themselves. Some version of some operating systems
have privileged calls to handle the details of all this and hence
their utilities have already been written to allow protection of
the encrypted passwords.

Most of the current versions of Unix are not among of these
systems. Berkeley has distributed a set of patches to
incorporate this separation (called shadow passwords) and the

9

latest version of the SunOS has facilities for it. For those who
are using an operating system that does not yet have shadow
passwords and cannot use one of the new releases, a number of ad
hoc shadowing systems have been developed. One can install
shadow passwords by editing the binaries of /bin/login,
/bin/passwd and similar programs that actually need to use the
password fields and then modify /etc/vipw to work with both the
diminished and shadow password files.

Of course, since most of us use broadcast nets, there is a real
danger of passwords being seen as they go over the wire. This
class of problems is discussed in the the Joys of Broadcast
appendix and the Guests appendix.

Kerberos, developed at MIT’s Athena project has an alternative
means of handling passwords. It allows one to remove all the
passwords from the normal use machines and to never have them
broadcasted in clear text. While Kerberos is vulnerable to a
number of interesting password guessing and cryptographic attacks
and currently has problems with multi-home machines (Hosts with
more than one IP address), it does provide the first practical
attempt and network security for a university environment.

An often overlooked issue is that of passwords for games. Many
multiplayer computer games, such as “Xtrek” and “Empire”
require the user to supply a password to prevent users from
impersonating one another during the game. Generally these
passwords are stored by the game itself and are in principle
unrelated to the passwords that the operating system itself uses.
Unfortunately, these passwords are generally stored unencrypted
and some users use the same password as they do for logging into
the machine itself. Some games now explicitly warn the users not
use his login passwords. Perhaps these games will eventually
check that the password is indeed not the same as the login
password.

2.1.4 Many faces of a person

A single individual can have many different relationships to a
computer at different times. The system programmers are acting
as “just users” when they read their mail or play a computer
game. In many operating systems, a person gets all of his
privileges all of the time. While this is not true in Multics,
it is true in the default configuration of almost every other
operating system. Fortunately a computer doesn’t know anything
about “people” and hence is perfectly happy to allow a single

10

person have several accounts with different passwords at
different privilege levels. This helps to prevent the
accidentally disclosure of a privileged password. In the case
where the privileged user has his unprivileged account having the
same password as his unprivileged account on other machines it
will at least be the case that his privileges are not compromised
when and if this other machine is compromised.

The one case where it is especially important to have separate
accounts or passwords for a single individual is for someone who
travels to give demos. One can be assured that his password will
be lost when he is giving a demo and something breaks. The most
common form of “breakage” is a problem with duplex of of delay.
It would nice if all that was lost was the demo password and for
the demo password to be of no use to an attacker.

2.1.5 Automated Checks for Dumb Passwords

Automated checks for dumb passwords come in three varieties. The
first is to routinely run a password cracker against the
encrypted passwords and notice what is caught. While this is a
good idea, it is currently used without either of the other two
mechanisms we will describe. Since it is computationally less
efficient than the others by about a factor of 50,000, it should
be used to supplement the others rather than be used exclusively.
Among its many virtues is that an automated checking system that
reads the encrypted passwords does not require having source for
the operating system or making modification an system
modifications.

The second method of preventing dumb password is to alter the
password changing facility so that it doesn’t accept dumb
passwords. This has two big advantages over the first method.
The first of these is computational. The second is more
important. By preventing the user from selecting the poor
password to begin with, one doesn’t need an administrative
procedure to get him to change it later. It can all happen
directly with no human intervention and no apparent
accountability. As a general rule, people are not happy about
passwords and really don’t want to hear from another person that
they need to change their password yet again.

While this change does require a system modification, it can
often be done without source code by writing a pre-processor to
screen the passwords before the new password is passed to the
existing utilities. The weakness in this approach lies with the

11

users who are not required to use the new style of password
facility. As a result, one finds that facilities that use only
this method have good passwords for everyone except the system
staff and new users who have had their initial passwords set by
the system staff.

The third method is designed primarily to catch the bad passwords
that are entered in despite the use of the second method. Once
could check the “dumbness” of a password with each attempted
use. While this is computationally more expensive than the
second method, it generally catches everyone. Even the system
programmers tend to use the standard login utility. It has the
nice feature of locking out anyone that finds a way to circumvent
the second method. This generally requires a small amount of
system source and risks causing embarrassment to “too clever”
system staff members.

In terms of dumb passwords, there are a number of “attack
lists”. An attack list is a list of common passwords that an
attacker could use to try to login with. Several of these have
been published and more are constantly being formed. These lists
are used for the automated password guesser and they may also be
used directly in the second and third method described above.
With the second and third method one may also use criteria
including minimum length, use of non-alphabetic characters, etc.
Finally, information about the individual user found in standard
system files can be scanned to see if the user has incorporated
this information into his password.

2.1.6 Machine Generated Passwords

Most users hate machine generated passwords. Often they are
unrememberable and accompanied by a warning to “Never write them
down” which is a frustrating combination. (We will discuss the
the writing down of passwords later.) Machine generated
passwords come in four basic types

Gibberish. This is the most obvious approach to randomness.
Independently selected several characters from the set of
all printable characters. For a six character password,
this gives about 40 bits of randomness. It is very hard to
guess and perhaps even harder to remember.
Often a little bit of post processing is done on these
passwords as well as on the random syllables discussed
below. This post processing removes passwords that might

12

prove offensive to the user. When a potentially offensive
password is generated, the program simply tries again. The
user often behaves the same way and runs the randomizer over
and over again until a password that seems less random and
more memorable to him is selected. In principle, the clever
user could write a program that kept requesting new random
passwords until an English word was chosen for him; this
would take much too long to be practical.

Numbers. Numbers are a lot like letters. People don’t try to
pronounce them and there are very few numbers that are
“offensive” per se. An eight digit random number has
about 26 bits of randomness in it and is of comparable
strength to a 4 character random password chosen from the
unrestricted set of printable characters. (The amount of
randomness in a password is the log (base 2) of the number
of possible passwords if they were all equally likely to
occur.)
Eight digit numbers are hard to remember. Fortunately
“chunking” them into groups (as 184—25—7546) makes
this less difficult than it would otherwise be.

Syllables. This is by far the most common method currently used.
The idea is to make non-words that are easy to remember
because they sound like words. A three syllable, eight
letter non-word often has about 24 bits of randomness in it
making it not quite as strong as an 8 bit number but
hopefully a little bit more memorable.
The principle here is good. In fact, this pseudo-word idea
should work very well. In practice it fails miserably
because the standard programs for generating these
pseudo-syllables are very poor. Eventually we may find a
good implementation of this and see a higher level of user
acceptance.

Pass Phrases. Pass phrases are the least common way to implement
machine generated passwords. The idea here is very simple.
Take 100 nouns, 100 verbs, 100 adjective and 100 adverbs.
Generate an eight digit random number. Consider it as four
2 digit random numbers and use that to pick one of each of
the above parts of speech. The user is then given a phrase
like “Orange Cars Sleep Quickly.” The words within each
list are uniquely determined by their first two characters.
The user may then type the phrase, the first few letters of
each word or the eight digit number.
The phrases are easy to remember, the system remains just as
secure if you publish the list of words and has about 26
bits of randomness. One can adapt the system down to three

13

words with 20 bits of randomness and still be sufficiently
safe for most applications.

I believe that machine generated passwords are generally a bad
solution to the password problem. If you must use them, I
strongly urge the use of pass-phrases over the other methods. In
any event, if your center is using machine generated passwords,
you should consider running an occasional sweep over the entire
user file system looking for scripts containing these passwords.
Proper selection of your password generation algorithm can make
this much easier than it sounds.

As with almost all password issues, the user of a single computer
center which gives him one machine generated password for access
to all the machines he will use will not have nearly the level of
difficulty as the user who uses computers at many centers and
might have to remember dozens or even hundreds of such passwords.

2.1.7 The Sorrows of Special Purpose Hardware

With the problems of broadcast networks and user selecting bad
passwords or rebelling at machine generated password, some
facilities have turned to special purpose hardware that generates
keys dynamically. Generally these devices look like small
calculators (or smart card) and when a user enters a short
password (often four digits) they give him a password that is
good for a single use. If the person wants to login again, he
must get a new password from his key-generator.

With a few exceptions, the technology of these devices works very
well. The exceptions include systems with bad time
synchronization, unreliable or fragile hardware or very short
generated keys. In at least one case the generated keys were so
short that it was faster to attack the machine by guessing the
password “1111” than by guessing at the user generated
passwords it replaced.

Despite the technology of these devices working well and the
installation generally being almost painless, there are two
serious problems with their use. The first is cost. Buying a
device for a user of large center can easily cost more than an
additional mainframe. The second problem is more serious. This
is one of user reluctance. Most users are unwilling to carry an
extra device and the people who are users of many centers are
even less willing to hold a dozen such devices and remember which
is which.

14

In one center, these devices were used only for privileged
accesses initiated from insecure locations. Only a handful of
them had to be made. (Being innovative, the center staff built
them from old programmable calculators.) They were used only by
the “on call” system programmer when handling emergencies and
provided some security without being to obtrusive.

2.1.8 Is Writing Passwords Down that Bad?

One of the first things that we were all told when we began using
timesharing is that one should never write down passwords. I
agree that the users should not record their passwords on-line.
There have been a large number of break-ins enable by a user
having a batch script that would include a clear-text password to
let them login to another machine.

On the other hand, how often has your wallet been stolen? I
believe that a password written down in wallet is probably not a
serious risk in comparison to other the problems including the
selection of “dumb” password that are easier to remember. In
classified systems, this is, of course, not permitted.

2.1.9 The Truth about Password Aging

Some facilities force users to change their passwords on a
regular basis. This has the beneficial side effect of removing
dormant accounts. It is also the case that it limits the utility
of a stolen password.

While these are good and worthwhile effects, most system
administrators believe that changing passwords on a regular basis
makes it harder for an attacker to guess them. In practice, for
an attacker that has gotten the crypt text of the password file,
he generally only needs a few hours to find the passwords of
interest and hence frequent changes do not increase the
difficulty of his task. For the attacker who is guessing without
a copy of the encrypt password, even changing the password every
minute would at most double the effort he would be required to
expend.

15

2.1.10 How do you change a password

Users should be told to change their passwords whenever they have
reason to expect that another person has learned their passwords
and after each use of an “untrusted” machine. Unfortunately
many users are neither told this, nor how to change the password.
Be sure both to tell you users how to change their passwords and
include these instructions in the on-line documentation in an
obvious place. Users should not be expected to realize the
password changing is (1) an option for directory maintenance
under TOPS-20 and many versions of CMS, (2) is spelled passwd
under unix or (3) is an option to set under VMS.

2.2 Old Password Files

It is often the case at sites running shadow password systems,
someone forgets to prevent the shadow password file from being
publically readable. While this is easy to prevent by having a
batch job that routinely revokes read permissions that were
accidently granted, there is an interesting variant of this
problem that is harder to prevent.

When password files are edited, some editors leave backup files
that are publically readable. In fact when a new system is
installed a password file is often created by extracting
information from the password files of many existing systems.
The collection of password files is all too often left publically
readable in some forgotten disk area where it is found by an
attacker weeks or months later. The attacker then uses this data
to break into a large number of machines.

2.3 Dormant Accounts

While requiring annual password changes does eventually remove
dormant accounts, it is worthwhile to try a more active approach
for their removal. The exact nature of this approach will vary
from center to center.

2.3.1 VMS

In VMS, the account expiration field is a good method of retiring
dormant accounts, but care should be taken as no advance notice

16

is given that an account is near expiration.

Also VMS security auditing makes the removal of expired users a
bad idea. Because one of the most common errors is typing the
password on the username line, DEC suppresses any invalid
username from the logs until a breaking attempt is detected. But
if the username is valid and the password wrong, the username is
logged.

2.4 Default Accounts and Objects

One of the joys of many operating systems is that they come
complete with pre-built accounts and other objects. Many
operating systems have enabled either accounts or prelogin
facilities that present security risks.

The standard “accounts” for an attacker to try on any system
include the following:

Open. A facility to automatically create new accounts. It is
often set by default to not require either a password or
system manager approval to create the new accounts.
Help. Sometimes the pre-login help is too helpful. It may
provide phone numbers or other information that you wouldn’t
want to advertise to non-users.

Telnet. Or Terminal. An account designed to let someone just use
this machine as a stepping stone to get to another machine.
It is useful for hiding origins of an attack.

Guest. Many operating systems are shipped with guest accounts
enabled.
Demo. Not only are several operating systems shipped with a demo
account, but when installing some packages, a demo account
is automatically created. All too often the demo account
has write access to some of the system binaries (executable
files).

Games. Or Play. Often the password is Games when the account
name is Play. In some cases this account has the ability to
write to the Games directory allowing an attacker to not
only play games, and snoop around, but to also insert Trojan
horses at will.

Mail. Quite often a system is shipped with or is given an
unpassworded mail account so that people can report problems

17

(like their inability to login) without logging in. In
two-thirds of the systems that I have observed with such an
account, it was possible to break into the main system
through this account.

Often these default accounts are normal accounts with an
initialization file (.login, .profile, login.cmd, login.bat,
etc.) or alternate command line interpreter to make it do
something non-standard or restrict its action. These are
generally called, “Captive Accounts” or “Turnkey Logins.”
Setting up a restricted login so that it stays restricted is very
hard. It should of course be very easy, but in most cases a
mistake is made.

Subjobs. It is often the case that a restricted account is set up
to only run a single application. This single application
program is invoked by a startup script or instead of the
standard command interpreter. Very often this program has
an option to spawn a subprocess.
In some cases this might be an arbitrary job (e. g. the
/spawn option to Mail in VMS or “:!” to vi in unix) or
might be limited to a small number of programs. In the
former case the problem is immediate, in the latter case, it
is often the case that one of these programs in turn allows
arbitrary spawning.
A carefully written subsystem will prevent this (and all
other such problems). Generally these subsystems are
created quickly rather than carefully.

Editors. Most editors are sufficiently powerfully that if the
restricted system can use an editor, a way can be found to
cause problems.

Full Filenames. Many restricted subsystems presume that by
resetting the set of places the command interpreter looks
for executable programs (called its “search path”)
functionality can be restricted. In unix this might be done
by altering the Path variable or the logical names table in
VMS.
All too often the clever attacker is able to defeat this
plan by using the complete filename of the file of interest.
Sometimes non-standard names for the file are necessary to
circumvent a clever restriction program.

Removable Restriction Files. When a system relies on an
initialization file to provide protection, it is important
that this file cannot be altered or removed. If an

18

restricted application is able to write to its “home
directory” where these initialization files are kept it can
often free itself.

Non-standard Login. Some network access methods do not read or
respect the startup files. Among these are many file
transfer systems. I have often been able to gain privileged
access to a machine by using the the login and password from
a captive account with the file transfer facility that
didn’t know that these accounts weren’t “normal.” Many
file transfer facilities have methods for disabling the use
of selected accounts.

Interrupts. It is sad that a number of the captive accounts won’t
withstand a single interrupt or suspend character. Try it
just to be sure.

Making sure that you have not made any of the above listed
mistakes is of course not sufficient for having a perfectly safe
system. Avoiding these mistakes, or avoiding the use of captive
accounts at all, is enough to discourage the vast majority of
attackers.

Each operating system for each vendor has some particular default
accounts that need to be disabled or otherwise protected.

2.4.1 Unix

Under unix there are a lot of possible default accounts since
there are so many different vendors. Below is a partial list of
the default accounts that I have successfully used in the past
that are not mentioned above.

Sysdiag. Or diag. This is used for doing hardware maintenance
and should have a password.

Root. Or Rootsh or rootcsh or toor. All to often shipped without
a password.
Sync. Used to protect the disks when doing an emergency shutdown.
This account should be restricted from file transfer and
other net uses.

Finger. Or Who or W or Date or Echo. All of these have
legitimate uses but need to be set up to be properly
captive.

19

Among the things that one should do with a new unix system is

grep :: /etc/passwd

to see what unpassworded accounts exist on the system. All of
these are worth special attention.

2.4.2 VMS

Since VMS is available from only one vendor, the default account
here are better known. On large systems, these appear with
standard well known passwords. On smaller systems, these
accounts appear with no passwords at all. With the exception of
Decnet, all have been eliminated on systems newer than version
4.6.

Decnet

System
Systest

Field

UETP

Many of the networking and mail delivery packages routinely added
to VMS systems also have well know password. In the past six
months these accounts have been commonly used to break into VMS
systems.

MMPONY

PLUTO

The password on all of these accounts should be reset when a new
system is obtained. There are many problems with the DECNET
account and the with the Task 0 object. System managers should
obtain one of the standard repair scripts to remove these
vulnerabilities.

20

2.4.3 CMS

It has been many years since I have seriously used CMS. At last
glance the default configuration seemed to include well know
passwords for two accounts.

rcsc
operator

2.5 File Protections

With file protections simple measures can avoid most problems.
Batch jobs should be run on a regular basis to check that the
protections are correct.

Writable Binaries and System Directories. The most common problem
with file protections is that some system binary or
directory is not protected. This allows the attacker to
modify the system. In this manner, an attacker will alter a
common program, often the directory listing program to
create a privileged account for them the next time that a
privileged user uses this command.
When possible the system binaries should be mounted
read-only. In any event a program should systematically
find and correct errors in the protection of system files.
“Public” areas for unsupported executable should be
moderated and these executable should never be used by
privileged users and programs. System data files suffer
from similar vulnerabilities.

Readable Restricted System Files. Just as the encrypted passwords
need to be protected, the system has other data that is
worth protecting. Many computers have passwords and phone
numbers of other computers stored for future use. The most
common use of this type of information is for network mail
being transported via UUCP or protected DECNET. It is
difficult to rework these systems so that this information
would not be necessary and hence it must be protected. You
have an obligation to protect this data about your neighbors
just as they have a responsibility to protect similar data
that they have about you.

Home Dir’s and Init Files Shouldn’t Be Writable. Checking that
these directories and files can be written only by the owner

21

will prevent many careless errors. It is also worthwhile to
check that peoples mail archives are not publically
readable. Though this is not directly a security threat, it
is only one more line of code while writing the rest of
this.

In many versions of the common operating systems special
checks are placed in the command interpreters to prevent
them from using initialization files that were written by a
third party. In this case there are still at least two
types of interesting attacks. The first is to install a
Trojan horse in the person’s home directory tree rather than
in the initialization file itself and the second is to
simple remove the initialization files themselves. Often
security weaknesses are remedied through the proper
initialization file and without these files the
vulnerabilities are re-introduced.
No Unexpected Publically Writable Files or Directories. There are
of course places and individual files that should be
publically writable but these are stable quantities and the
script can ignore them. In practice user seems to react
well to being told about files that they own that are
publically overwritable.

When Parents aren’t Owners. While it is not unusual for someone
to have a link to a file outside of his directory structure,
it is unusual for there to be a file to be in his home
directory that is owned by someone else. Flagging this when
the link-count is “1” is worthwhile.

Automated scripts can find these errors before they are
exploited. In general a serious error of one of the types
described above is entered into a given cluster university system
every other week.

2.6 Well Known Security Holes

While hundreds of security holes exist in commonly used programs,
a very small number of these account for most of the problems.
Under modern version of VMS, most of them relate to either DECNET
or creating Mailboxes.

Under unix, a handful of programs account for most of the
problems. It is not that these bugs are any worse or easier to
exploit than the others, just that they are well known and

22

popular. The interested reader is referred to the Hackman
Project for a more complete listing.

Set-Uid Shell Scripts. You should not have any set-uid shell
scripts. If you have system source, you should consider
modifying chmod to prevent users from creating set-uid
programs.

FTP. The file transfer utilities has had a number of problems
both in terms of configuration management (remembering to
disallow accounts like “sync” from being used to transfer
files) and legitimate bugs. Patched version are available
for most systems.
Login on the Sun 386i and under Dec Ultrix 3.0, until a better
fix is available,

chmod 0100 /bin/login

to protect yourself from a serious security bug.
Sendmail. Probably the only program with as many security
problems as the yellowpages system itself. Again a patched
version should be obtained for your system.

TFTP. This program should be set to run as an unprivileged user
and/or chrooted.

Rwalld. This program needs to be set to run as an unprivileged
user.
Mkdir. Some versions of unix do not have an atomic kernel call to
make a directory and hence can leave the inodes in a “bad”
state if it is interrupted at just the right moment. If
your system is one of these it is worthwhile to write a
short program that increases the job priority of a job while
it is making a directory so as to make it more difficult to
exploit this hole.

YP & NFS. Both present giant security holes. It is important to
arrange to get patches as soon as they become available for
these subsystems because we can expect more security
problems with them in the future. Sun has recently started
a computer security group that will help solve this set of
problems.

While the ambitious and dedicated system manager is encouraged to
fix all of the security problems that exist, fixing these few
will discourage most of the attackers.

23

2.7 New Security Holes

New security holes are always being found. There are a number of
computer mailing lists and advisory groups the follow this.
Three groups of particular interest are CERT, ZARDOZ and CIAC.

2.7.1 CERT

Cert is a DARPA sponsored group to help internet sites deal with
security problems. They may be contacted as
cert@cert.sei.cmu.edu. They also maintain a 24 hour phone number
for security problems at (412) 268-7090.

2.7.2 ZARDOZ

Neil Gorsuch moderates a computer security discussion group. He
may be contacted as zardoz!security-request@uunet.UU.NET
or security-request@cpd.com.

2.7.3 CIAC

CIAC is the Department of Energy’s Computer Incident Advisory
Capability team led by Gene Schultz. This team is interested in
discovering and eliminating security holes, exchanging security
tools, as well as other issues. Contact CIAC as
ciac@tiger.llnl.gov.

2.8 Excess Services

Every extra network service that a computer offers potentially
poses an additional security vulnerability. I am emphatically
not suggesting that we remove those services that the users are
using, I am encouraging the removal of services that are unused.
If you are not getting a benefit from a service, you should not
pay the price in terms of system overhead or security risk.
Sometimes, as with rexecd under unix, the risks are not
immediately apparent and are caused by unexpected interactions
that do not include any bugs per se.

24

2.9 Search Paths

If a user has set his search path to include the current
directory (“.” on Unix), he will almost always eventually have
a serious problem. There are a number of security
vulnerabilities that this poses as well as logistical ones.
Searching through the all of the users initialization files
and/or through the process table (with ps -e on unix) can detect
this problem.

2.10 Routing

Routing can provide a cheap partial protection for a computer
center. There are some machines that don’t need to talk to the
outside world at all. On others, one would might like to be able
to initiate contact outward but not have any real need to allow
others to contact this machine directly.

In an academic computer when administrative computers are placed
on same network as the student machines, limiting routing is
often a very good idea. One can set up the system such that the
users on administrative machines can use the resources of the
academic machines without placing them at significant risk of
attack by the student machines.

Ideally one would wish to place the machines that need to be
protected on their own local area net with active routers to
prevent an attacker from “listening in” on the broadcast net.
This type of an attack is becoming increasingly popular.

2.11 Humans

In almost all technological systems, the weakest link is the
human beings involved. Since the users, the installers and the
maintainers of the system are (in the average case) all humans,
this is a serious problem.

2.11.1 Managers

Managers, bosses, center directors and other respected people are
often given privileged accounts on a variety of machines.
Unfortunately, they often are not as familiar with the systems as

25

the programmers and system maintainers themselves. As a result,
they often are the targets of attack. Often they are so busy
that do not take the security precautions that others would take
and do not have the same level of technical knowledge. They are
given these privileges as a sign of respect. They often ignore
instructions to change passwords or file protections

The attackers rarely show this level of respect. They break into
the unprotected managerial account and use it as a vector to the
rest of the system or center. This leads to an embarrassing
situations beyond the break-in itself as the manager is made to
look personally incompetent and is sometimes accused of being
unfit for his position.

Prevent this type of situation form occurring by giving
privileges only to people that need and know how to use them.

2.11.2 Secretaries

Secretaries are often give their bosses passwords by their
bosses. When a secretary uses his bosses account, he has all the
privileges that his boss would have and generally does not have
the training or expertise to use them safely.

It is probably not possible to prevent bosses from giving their
passwords to their secretaries. Still one can reduce the need
for this by setting up groups correctly. One might consider
giving “bosses” two separate accounts one for routine use and
one for privileged access with a hope that they will only share
the former with their secretary.

2.11.3 Trojan Horses

Having an “unsupported” or “public” area on disk where users
place binaries for common use simplifies the placement of Trojan
horse programs. Having several areas for user maintained
binaries and a single user responsible for each reduces but does
not eliminate this problem.

2.11.4 Wizards

Wizards and system programmers often add their own security
problems. They are often the ones to create privileged programs

26

that are needed and then forgotten about without being disabled.
Thinking that an account doesn’t need to be checked/audited
because it is owned by someone that should know better than to
make a silly mistake is a risky policy.

2.11.5 Funders

Funders are often giving accounts on the machines that they
“paid for.” All to often these accounts are never used but not
disabled even though they are found to be dormant by the
procedures discussed above. Again, this is a mistake to be
avoided.

2.12 Group Accounts

A group account is one that is shared among several people in
such a way that one can’t tell which of the people in the group
is responsible for a given action.

Those of you familiar with Hardin’s “The Tragedy of The Common”
will understand that this is a problem in any system computer or
otherwise. Part of the problem here is with passwords.

1. You can’t change the password easily. You have to find
everyone in the group to let them know.
2. If something Dumb happens you don’t know who to talk to
about it.

3. If someone shares the group password with another person,
you can never find out who did or who all the people who
knew the password were.

Group accounts should always be avoided. The administrative work
to set up several independent accounts is very small in
comparison to the extra effort in disaster recovery for not doing
so.

One must not only avoid the explicit group accounts, but also the
implicit ones. This is where an individual shares his password
with dozens of people or allows dozens, perhaps hundreds of them
to use his through proxy logins or .rhosts.

27

2.13 .rhosts and proxy logins

Just as some people trust each other, some accounts trust each
other and some machines trust each other. There are several
mechanism for setting up a trust relationship. Among these are
hosts.equiv, .rhosts, and proxy logins.

These mechanisms essentially allow a user to login from one
machine to another without a password. There are three basic
implications to this.

1. If you can impersonate a machine, you can gain access to
other machines without having to provide passwords or find
bugs.
2. Once you get access to one account on one machine, you are
likely to be able to reach many other accounts on other
machines.

3. If you gain control of a machine, you have gained access to
all the machines that trusts it.

Various experiments have shown that by starting almost anywhere
interesting, once one has control of one medium size machine, one
can gain access to tens of thousands of computers. In my most
recent experiment, starting from a medium size timesharing
system, I gained immediate access to 150 machines and surpassed
5000 distinct machines before completing the second recursion
step.

2.14 Debugging

About one third of the security holes that I have come across
depend on a debugging option being enabled. When installing
system software, always check that all the “debugging” options
that you are not using are disabled.

2.15 Getting People Mad at You

It is sad but true that a small number of sites have gotten
groups of hackers angry at them. In at least two cases, this was
because the hackers had found an interesting security hole, had

28

tried to contact the administrators of the center and were given
a hard time when they were seriously trying to help.

When one is given a “tip” from someone that won’t identify
themselves about a security problem, it is generally worth
investigating. It is not worth trying to trick the informant
into giving his phone number to you. It almost never works, and
it is the “type of dirty trick” that will probably get people
mad at you and at the very least prevent you from getting early
warnings in the future.

29

3 Pre-Planning your Incident Handling

3.1 Goals

Despite your best plans to avoid incidents they may very well
occur. Proper planning can reduce their serverity, cost and
inconvenience levels. There are about half dozen different goals
that one can have while handling an incident.

1. Maintain and restore data.
2. Maintain and restore service.

3. Figure out how it happenned.

4. Avoid the future incidents and escalation.
5. Avoid looking foolish.

6. Find out who did it.

7. Punish the attackers.

The order shown above is what I believe the order of priorities
generally should be. Of course in a real situation there are
many reasons why this ordering might not be appropriate and we
will discuss the whens and why of changing our priorities in the
next section.

For any given site, one can expect that a standard goal
prioritization can be developed. This should be done in advance.
There is nothing so terrible as being alone in a cold machine
room at 4 on a Sunday morning trying to decide whether to shut
down the last hole to protect the system or try to get a phone
trace done to catch the attacker. It is similarly difficult to
decide in the middle of a disaster whether you should shut down a
system to protect the existing data or do everything you can to
continue to provide service.

Noone who is handling the technical side of an incident wants to
make these policy decisions without guidance in the middle of a
disaster. One can be sure that these decisions will be replayed
an re-analyzed by a dozen “Monday Morning Quarterbacks” who
will explain what should have been done could not be bothered to
make up a set of guidelines before.

Let us look at each of these goals in a little more detail.

30

3.1.1 Maintaining and restoring data

To me, the user data is of paramount importance. Anything else
is generally replacable. You can buy more disk drives, more
computers, more electrical power. If you lose the data, though a
security incident or otherwise, it is gone.

Of course, if the computer is controlling a physical device,
there may be more than just data at stake. For example, the most
important goal for the computer in Pacemaker is to get the next
pulse out on time.

In terms of the protection of user data, there is nothing that
can take the place of a good back-up strategy. During the week
that this chapter was written, three centers that I work with
suffered catastrophic data loss. Two of the three from air
conditioning problems, one from programmer error. At all three
centers, there were machines with irreplacable scientific data
that had never been backed up in their lives.

Many backup failures are caused by more subbtle problems than
these. Still it is instructive to note that many sites never
make a second copy of their data. This means than any problem
from a defective disk drive, to a water main break, to a typing
mistake when updating system software can spell disaster.

If the primary goal is that of maintaining and restoring data,
the first thing to do during an incident needs to be to check
when the most recent backup was completed. If it was not done
very recently, an immediate full system dump must be made and the
system must be shutdown until it is done. Of course, one can’t
trust this dump as the attacker may have already modified the
system.

3.1.2 Maintaining and restoring service

Second to maintaining the data, maintaining service is important.
Users have probably come to rely on the computing center and will
not be pleased if they can’t continue to use it as planned.

3.1.3 Figuring how it happenned

This is by far the most interesting part of the problem and in
practice seems to take precident over all of the others. It of

31

course strongly conflicts with the two preceeding goals.

By immediately making a complete copy of the system after the
attack, one can analyze it at one’s leisure. This means that we
don’t need to worry about normal use destroying evidence of about
the attacker re-entering to destroy evidence of what happenned.

Ultimately, one may never be able to determine how it happenned.
One may find several ways that “could have happenned”
presenting a number of things to fix.

3.1.4 Avoiding the Future Incidents and Escalation

This needs to be an explicit goal and often is not realized until
much too late. To avoid future incidents one of course should
fix the problem that first occurred and remove any new security
vulnerabilities that were added either by the attackers or by the
system staff while trying to figure out what was going on.

Beyond this, one needs to prevent turning a casual attacker who
may not be caught into dedicate opponent, to prevent enticing
other attackers and to prevent others in one’s organization and
related organizations from being forced to introduce restrictions
that would be neither popular nor helpful.

3.1.5 Avoiding looking foolish

Another real world consideration that I had not expected to
become an issue is one of image management. In practice, it is
important not to look foolish in the press, an issue that we will
discuss more fully in an appendix. Also it is important for the
appropriate people within the organization to be briefed on the
situation. It is embarrising to find out about an incident in
one’s own organization from a reporter’s phone call.

3.1.6 Finding out who did it

This goal is often over emphasized. There is definitely a value
in knowing who the attacker was so that one can debrief him and
discourage him from doing such things in the future.

In the average case, it effort to determine the attackers
identity than it is worth unless one plans to prosecute him.

32

3.1.7 Punishing the attackers

This merits of this goal have been seriously debated in the past
few years. As a practical matter it is very difficult to get
enough evidence to prosecuter someone and very few succesful
prosecutions. If this is a one of the goals, very careful record
keeping needs to be done at all times during the investigation,
and solving the problem will be slowed down as one waits for
phone traces and various court orders.

3.2 Backups

It should be clear that accomplishing most of the goals requires
having extra copies of the data that is stored on the system.
These extra copies are called “Backups” and generally stored on
magnetic tape.

Let us consider two aspects of keeping backup copies of your
data. First, we will look at why this important and what the
backups are used for and then we will examine the charateristics
of a good backup strategy.

3.2.1 Why We Need Back Ups

Good back ups are needed for four types of reasons. The first
three of these are not security related per se, though an
insufficeint back up strategy will lead to problems with these
first three as well.

If a site does not have a reliable back up system, when an
incident occurs, one must seriously consider immediate shutdown
of the system so as not to endanger the user data.

User Errors. Every once in a while, a user delete a file or
overwrites data and then realizes that he needs it back. In
some operating systems, “undelete” facilities or version
numbering is enough to protect him, if he notices his
mistake quickly enough. Sometimes he doesn’t notice the
error for a long time, or deletes all of the versions, or
expunges them and then wants the data back.
If there is no backup system at all, the users data is just
plain lost. If there is a perfect backup system, he quickly
is able to recover from his mistake. If there is a poor

33

back up system, his data may be recovered in a corrupted
form or with incorrect permission set on it.

There have been cases where back up systems returned data
files to be publically writeable and obvious problems have
ensued from it. Perhaps as seriously, there are sites that
have stored all of the back up data in a publically readable
form, including the data that was protected by the
individual user.
System Staff Errors. Just as users make mistakes, staff members
do as well. In doing so, they may damage user files, system
files or both. Unless there is a copy of the current system
files, the staff must restore the system files from the
original distribution and then rebuild all of the site
specific changes. This is an error prone process and often
the site specific changes including removing unwanted
debugging features that pose security vulnerabilities.

Hardware/Software Failures. Hardware occassionally fails. If the
only copy of the data is on a disk that has become
unreadable it is lost. Software occasionally fails. Given
a serious enough error, it can make a disk unreadable.

Security Incidents. In this document, our main concern is with
security incidents. In determining what happen and
correcting it, backups are essential.
Basically, one would like to return every file to the state
before the incident except for those that are being modified
to prevent future incidents. Of course, to do this, one
needs a copy to restore from. Naively, one would think that
using that modification date would allow us to tell which
files need to be updated. This is of course not the case.
The clever attack will modify the system clock and/or the
timestamps on files to prevent this.
In many attacks, at one the following types of files are
modified.

? The system binary that controls logging in.
? The system authorization file lists the users and their
privileges.

? The system binary that controls one or more daemons.
? The accounting and auditing files.
? User’s startup files and permission files.

? The system directory walking binary.

Now that we understand why we need back ups in order to recover

34

3.2.2 How to form a Back Up Strategy that Works

There are a few basic rules that provide for a good backup
strategy.

? Every file that one cares about must be included.
? The copies must be in non-volitile form. While having two
copies of each file, one on each of two separate disk drives
is good for protection from simple hardware failures, it is
not defense from an intelligent attacker that will modify
both copies, of from a clever system staffer who saves time
by modifying them both at once.

? Long cycles. It may take weeks or months to notice a
mistake. A system that reuses the same tape every week will
have destroyed the data before the error is noticed.

? Separate tapes. Overwriting the existing backup before
having the new one completed is an accident waiting to
happen.
? Verified backups. It is necessary to make sure that one can
read the tapes back in. One site with a programming bug in
its back up utility had a store room filled with unreadable
tapes!

3.3 Forming a Plan

While the first major section (avoidance) contained a lot of
standard solutions to standard problems, planning requires a
great deal more thought and consideration. A great deal of this
is list making.

Calls Lists. If there a system staffer suspects security incident
is happening right now, who he should call?
And if he gets no answer on that line?

What if the people are the call list are no longer employees
or have long since died?
What if it Christmas Day or Sunday morning?

Time–Distance. How long will it take for the people who are
called to arrive?
What should be done until they get there?

35

This a user notices. If a user notices something odd, who should
he tell?

How does he know this?
Threats and Tips. What should your staffers do if they receive a
threat or a tip-off about a breakin?

Press. What should a system staffer do when he receives a call
from the press asking about an incident that he, himself
doesn’t know about?
What about when there is a real incident underway?

Shutting Down. Under what circumstances should the center be
shutdown or removed from the net?
Who can make this decision?

When should service be restored?
Prosecution. Under what circumstances do you plan to prosecute?

Timestamps. How can you tell that the timestamps have been
altered?
What should you do about it?

Would running NTP (the network time protocal) help?
Informing the Users. What do you tell the users about all this?

List Logistics. How often to you update the incident plan?
How does you system staff learn about it?

3.4 Tools to have on hand

File Differencing Tools

Netwatcher

Spying tools

Backup Tapes

Blanks Tapes

Notebooks

36

3.5 Sample Scenarios to Work on in Groups

In order to understand what goal priorities you have for you
center and as a general exercise in planning, let us consider a
number of sample problems. Each of these is a simplified version
of a real incident. What would be appropriate to do if a similar
thing happenned at your center? Each new paragraph indicates new
information that is received later.

? A system programmer notices that at midnight each night,
someone makes 25 attempts to guess a username–password
combination
Two weeks later, he reports that each night it is the same
username–password combination.

? A system programmer gets a call reporting that a major
underground cracker newsletter is being distributed from the
administrative machine at his center to five thousand sites
in the US and Western Europe.
Eight weeks later, the authorities call to inform you the
information in one of these newsletters was used to disable
“911” in a major city for five hours.

? A user calls in to report that he can’t login to his account
at 3 in the morning on a Saturday. The system staffer can’t
login either. After rebooting to single user mode, he finds
that password file is empty.
By Monday morning, your staff determines that a number of
privileged file transfer took place between this machine and
a local university.
Tuesday morning a copy of the deleted password file is found
on the university machine along with password files for a
dozen other machines.

A week later you find that your system initialization files
had been altered in a hostile fashion.
? You receive a call saying that breakin to a government lab
occurred from one of your center’s machines. You are
requested to provide accounting files to help trackdown the
attacker.

A week later you are given a list of machines at your site
that have been broken into.
? A user reports that the last login time/place on his account
aren’t his.

37

Two weeks later you find that your username space isn’t
unique and that unauthenticated logins are allowed between
machines based entirely on username.

? A guest account is suddenly using four CPU hours per day
when before it had just been used for mail reading.
You find that the extra CPU time has been going into
password cracking.

You find that the password file isn’t one from your center.
You determine which center it is from.

? You hear reports of computer virus that paints trains on
CRT’s.
You login to a machine at your center and find such a train
on your screen.
You look in the log and find not notation of such a feature
being added.

You notice that five attempts were made to install it within
an hour of each before the current one.
Three days later you learn that it was put up by a system
administrator locally who had heard nothing about the virus
scare or about your asking about it.

? You notice that your machine has been broken into.
You find that nothing is damaged.
A high school student calls up and apologizes for doing it.

? An entire disk partition of data is deleted. Mail is
bouncing bouncing because the mail utilities was on that
partition.
When you restore the partition, you find that a number of
system binaries have been changed. You also notice that the
system date is wrong. Off by 1900 years.

? A reporter calls up asking about the breakin at your center.
You haven’t heard of any such breakin.
Three days later you learn that there was a breakin. The
center director had his wife’s name as a password.

? A change in system binaries is detected.
The day that it is corrected they again are changed.

This repeats itself for some weeks.

38

4 Incident Handling

The difficulty of handling an incident is determined by several
factors. These include the level of preparation, the sensitivity
of the data, and the relative expertise levels of the attacker(s)
and the defender(s). Hopefully, preliminary work in terms of
gathering tools, having notification lists, policies and most
importantly backup tapes, will make the actual handling much
easier.

This section is divided into three parts. The first of these
deal with general principles. The second presents some
particular (simple) techniques that have proven useful in the
past. Finally, the third section presents a description of a
simulation exercise based a set of real attacks.

4.1 Basic Hints

There are a number of basic issues to understand when handling a
computer incident. Most of these issues are present in handling
most of these issues and techniques are relevant in a wide
variety of unusual and emergency situations.

4.1.1 Panic Level

It is critical to determine how much panic is appropriate. In
many cases, a problem is not noticed until well after it has
occurred and another hour or day will not make a difference.

4.1.2 Call Logs and Time Lines

All (or almost all) bad situations eventually come to an end. At
that point, and perhaps at earlier points, a list of actions and
especially communications is needed to figure out what happened.

4.1.3 Accountability and Authority

During an incident it is important to remind people what
decisions they are empowered to make and what types of decisions
that they are not. Even when this is explicitly discussed and

39

formulated in a contingency plan, people have a tendency to
exceed their authorities when they are convinced that they know
what should be done.

4.1.4 Audit Logs

Audit logs need to be copied to a safe place as quickly as
possible. It is often the case that an attacker returns to a
computer to destroy evidence that he had previously forgotten
about.

4.1.5 Timestamps

The second most powerful tool (second only to backup tapes) in an
incident handlers arsenal is timestamps. When in doubt as to
what to do, try to understand the sequencing of the events. This
is especially true when some of the actions will change the value
on the system clock.

4.2 Basic Techniques

There are five basic sets of techniques for understanding what
has happened.

4.2.1 Differencing

Differencing is that act of comparing the state of a part of the
computer system to the state that it was in previously. In some
cases we have compared every executable system file with the
corresponding file on the original distribution tape to find what
files the attacker may have modified. Checksums are often used
to decrease the cost of differencing. Sometimes people look only
for differences in the protection modes of the files.

4.2.2 Finding

Finding is generally cheaper than differencing. Finding is the
act of looking at a part of a computer system for files that have
been modified during a particular time or have some other
interesting property.

40

4.2.3 Snooping

Snooping is the act of placing monitors on a system to report the
future actions of an attacker. Often a scripting version of the
command line interpreter is used or a line printer or PC is
spliced in to the incoming serial line.

4.2.4 Tracking

Tracking is the use of system logs and other audit trails to try
to determine what an attacker has done. It is particularly
useful in determining what other machines might be involved in an
incident.

4.2.5 Psychology

A wide range of non-technical approaches have been employed over
the years with an even wider range of results. Among these
approaches have been leaving messages for the attacker to find,
starting talk links, calling local high school teachers, etc.

4.3 Prosecution

Prosecution has historically been very difficult. Less than a
year ago, the FBI advised me that it was essentially impossible
to succeed in a prosecution. More recently, FBI agent Dave
Icove, (icove@dockmaster.cnsc.mil, 703–640–1176) has assured me
that the FBI will be taking a more active role in the prosecution
of computer break-ins and has expressed interest in lending
assistance to investigation where prosecution is appropriate.

4.4 Exercise

The bulk of this class hour is reserved for an incident handling
simulation. A facility will be described. A consensus policy
for incident handling will be agreed upon and then the simulation
will begin.

During the simulation, the effects of the attackers actions and
those of third parties will be described. The participants can

41

choose actions and take measurements and will be informed of the
results of those actions and measurements. In a sufficiently
small working group that had several days, we would run a
software simulation; but as many of the actions take hours (ega
full system comparison to the original distribution), we will
proceed verbal in the short version of this workshop.

42

5 Recovering From Disasters

Incident recovery is the final portion of the of the incident
handling process. Like the other portions of incident handling,
it is not particularly difficult but is sufficiently intricate to
allow for many errors.

Telling everyone that is over. For a large incident, it is not
unusual to have contacted people at a dozen or more sites.
It is important to let everyone know that you are done and
to be sure to give your colleagues the information that they
need. It is also important that your staff knows that
things are over so that they can return to normal work.
Generally a lot of people need to thanked for the extra
hours and effort that they have contributed.
Removing all Tools. Many of the tools that were installed and
using during an incident need to removed from the system.
Some will interfere with performance. Others are worth
stealing by a clever attacker. Similarly a future attacker
that gets a chance to look at the tools will know a lot
about how you are going to track him. Often extra accounts
are added for handling the incident. These need to be
removed.

File and Service Restoration. Returning the file system to a
“known good state” is often the most difficult part of
recovery. This is especially true with long incidents.

Reporting Requirements. Often, especially if law enforcement
agencies have become involved, a formal report will be
required.
History. After everything is over, a final reconstruction of the
events is appropriate. In this way, everyone on your staff
is telling the same story.

Future Prevention. It is important to make sure that all of the
vulnerabilities that were used in or created the incident
are secured.

Just after an incident, it is likely to be a good time to create
sensible policies where they have not existed in the past and to
request extra equipment or staffing to increase security.
Similarly, it is a logical time for someone else to demand
stricter (nonsensical) policies to promote security.

43

A Micro Computers

While the bulk of this book and class has concerned multi-user
computers on networks, micro computers are also worth some
attentions.

Basically there are four issues that cause concern.

Shared Disks. In many settings, micro computers are shared among
many users. Even if each user brings his own data, often
the system programs are shared on communal hard-disk,
network or library or floppies. This means that a single
error can damage the work of many people. Such errors might
include destruction of a system program, intentional or
accidental modification of a system program or entry of a
virus.
To combat this, systematic checking or reinstallation of
software from a known protected source is recommended. In
most shared facilities, refreshing the network, hard-disk or
floppy-library weekly should be considered. Shared floppies
should be write protected and the original copies of
programs should be kept under lock and key and used only to
make new copies.
Trusted server the provide read only access to the system
files have been successfully used in some universities. It
is absolute critical that these machines be used only as
servers.

Viruses. A number of computer viruses have been found for
micro-computers. Many experts consider this problem to be
practically solved for Macintoshes an soon to be solved for
IBM-style PC’s.
Two basic types of anti-viral software are generally
available. The first type is installed into the operating
and watches for virus’s trying to infect a machine.
Examples of this on the Mac include Semantic’s SAM (Part 1),
Don Brown’s vaccine and Chris Johnson’s Gate Keeper.
The second type of anti-viral software scans the disk to
detect and correct infected programs. On the Mac, SAM (Part
2), H. G. C. Software’s Virex, and John Norstab’s Disinfinct
are commonly used disk scanners.

On the PC type of machines we find three types of virus.
The first of these is a boot sector virus that alters the
machine language start up code found on the diskette. The
second infects the command.com startup file and the third
alters the exe (machine language executable files).

44

Flu Shot Plus by Ross Greenberg is an example of a program
to deal with command.com & some exe virus. Novirus and
cooperatively built by Yale, Alemeda and Merit is one of the
boot track repair systems.
There are a number of electronic discussion groups that deal
with computer virus. On BITNET (and forwarded to other
networks), virus-l supports discussion about PC and Mac
virus, while valert is used to announce the discovery of new
ones. Compuserve’s macpro serves as a forum to discuss
Macintosh viruses.

Network. The third is issue is the placement of single user
computers on networks. Since there is little or no
authentication on (or of) these machines, care must be taken
to not place sensitive files upon them in such a
configuration.

Reliability. Finally there is a reliability issue. Most single
user computers were never designed for life and time
critical applications. Before using such a computer in such
an application, expert advise should be sought.

In the use of single user computers, there are some basic issues
that need be considered and some simple advice that should be
given.

In the advice column, there are a few basic points.

1. Where practical, each user should have his own system disks
and hence be partially insulated from potential mistakes.
2. When people are sharing disks have an explicit check out
policy logging the users of each disk. Be sure to set the
write-protect them and teach the users how to write protect
there own system disks. (Most PC programs are sold on
write-protected disks, this is not true of most Macintosh
programs.

3. Keep a back up copy of all system programs and system
programs to allow for easy restoration of the system.
4. Write lock originals and keep them under lock and key for
emergency use only.

5. Have an explicit policy and teach users about software theft
and software ethics.

6. Teach users to back up their data. Just as with large
computers, the only real defense from disaster is
redundancy.

45

Even when the computer center is not providing the machines
themselves, it should generally help to teach users about
backups, write protection, software ethics and related issues.
Most PC users do not realize that they are their own system
managers and must take the responsibility of care for their
systems or risk the consequences.

46

B VMS Script

This script is courtesy of Kevin Oberman of Lawrence Livermore
National Labs. It is used on DEC VMS systems to close a number
of the standard created by the normal installation of DECNET.
Rather than typing this in by hand, please request one by
electronic mail. This DCL script is provided for reference
purposes only and is not guaranteed or warranted in any way.

$ Type SYS$INPUT

countpandedure changes the password for the default DECnet ac-
sets up a new account for FAL activity. It prevents unautho-
rized users
from making use of the default DECnet account for any pur-
pose except
file transfer.

This procedure assumes a default DECnet account named DECNET us-
ing a
directory on SYS$SYSROOT. If this is not the case on this sys-
tem, do
readypinceed! It will use UIC [375,375]. If this UIC is al-
use, do not continue.

$ Read/End=Cleanup/Prompt=”Continue [N]: ” SYS$COMMAND OK
$ If .NOT. OK Then Exit
$ Say := “Write SYS$OUTPUT”
$ Current_Default = F$Environment(“DEFAULT”)
$ Has_Privs = F$Priv(“CMKRNL,OPER,SYSPRV”)
$ If Has_Privs Then GoTo Privs_OK
$ Say “This procedure requires CMKRNL, OPER, and SYSPRV.”
$ Exit
$POnvControl_Y Then GoTo Cleanup
$ On Error Then GoTo Cleanup
$ Set Terminal/NoEcho
$ Read/End=Cleanup/Prompt=”Please enter new default DECnet pass-
word: ” –
SYS$Command DN_Password
$ Say ” ”
$ If F$Length(DN_Password) .GT. 7 Then GoTo DN_Password_OK
$ Say “Minimum password length is 8 characters”
$ GoTo Privs_OK
$DN_Password_OK:
$ Sayd”E”d=Cleanup/Prompt=”Enter new FAL password: ” SYS$COMMAND FAL_Password
$ If F$Length(FAL_Password) .GT. 7 Then GoTo FAL_Password_OK

47

$ Say “Minimum password length is 8 characters”
$ GoTo DN_Password_OK
$FAL_Password_OK:
$ Set Terminal/Echo
$ Type SYS$INPUT

The FAL account requires a disk quota. This quota should be large
enough to accomodate the the files typically loaded into this account.
formldefaultqouta be exhausted, the system will fail to per-
DECnet file transfers.

It is also advisable to clear old files from the direc-
tory on a daily
basis.

$ If .NOT. F$GetSYI(“CLUSTER_MEMBER”) Then GoTo Not_Cluster
$ Say “This system is a cluster member.
$ Read/Prom=”Has this procedure already been run on another clus-
ter member: “-
$ IfSClusterCTheneGoTo No_Create
$Not_Cluster:
$ Read/End=Cleanup –
/Prompt=”Disk quota for FAL account (0 if quotas not en-
abled): ” –
SYS$COMMAND Quota
$ If F$Type(Quota) .EQS. “INTEGER” Then GoTo Set_Quota
$ Say “Diskquota must be an integer”
$ GoTo FAL_Password_OK
$Set_Quota:
$ Say “Setting up new FAL account.”
$ Set NoOnult SYS$SYSTEM
$ UAF := “$Authorize”
$ UAF Copy DECNET FAL/Password=’FAL_Password’/UIC=[375,375]/Directory=[FAL]
$ Create/Directory SYS$SYSROOT:[FAL]/Owner=[FAL]
$No_Create:
$ NCP := “$NCP”
$ NCP Define Object FAL USER FAL Password ‘FAL_Password’
$ NCP Set Object FAL USER FAL Password ‘FAL_Password’
$ If (Quota .eq. 0) .OR. Cluster Then GoTo NO_QUOTA
$ Say “Entering disk quota for FAL account.
$ Set Default SYS$SYSTEM
$ Open/WritetQuota”SET_QUOTA’PID’.COM
$ Write Quota “$ Run SYS$SYSTEM:DISKQUOTA”
$ Write Quota “Add FAL/Perm=”Quota'”
$ Close Quota
$ @SET_QUOTA’PID’
$ Delete SET_QUOTA’PID’.COM;
$No_Quota:

48

$ Say “Resetting default DECNET account password”
$ NCP Define Executor Nonpriv Password ‘DN_Password’
$ NCP Set Executor Nonpriv Password ‘DN_Password’
$ UAF Modify DECNET/Password=’DN_Password’
$Cleanup:
$ Set Default ‘Current_Default’
$ Set Terminal/Echo
$ Exit

49

C Highly Sensitive Environments

An computing environment should be considered highly sensitive
when it is potentially profitable to covert the data or when
great inconvenience and losses could result from errors produced
there. In particular, you should consider you site sensitive if
any of the following conditions apply:

1. You process data that the government considers sensitive.
2. You process financial transactions such that a single
transaction can exceed $25,000.00 or the total transactions
exceed 2.5 Million dollars.

3. You process data whose time of release is tightly controlled
and whose early release could give significant financial
advantage.

4. Your function is life critical.
5. Your organization has enemies that have a history of
“terrorism” or violent protests.

6. Your data contains trade secrete information that would be
of direct value to a competitor.

Essentially money is more directly valuable than secrets and a
“vilian” can potentially steal more from one successful attack
on one financial institution than he will ever be able to get
selling state secrets for decades. There is significant concern
that the electrical utility companies and and bank conducting
electronic funds transfer will be targets of terrorists in thee
next decade.

For centers the must support sensitive processing it is strongly
advised to completely separate the facilities for processing this
data from those facilities used to process ordinary data and to
allow absolutely no connection from the sensitive processing
systems to the outside world. There is No substitute for
physical security and proper separation will require an attacker
to compromise physical security in order to penetrate the system.
Techniques for coping with the remaining “insider threat” are
beyond the scope of this tutorial.

In analysis of computing in sensitive environments, there are two
different security goals. The first is that of protecting the
system. All of the advice in this booklet should be considered

50

as a first step towards that goal. The second goal is the
protection of job or “Technical Compliance.” This is is the
goal of showing that all of the regulations have been followed
and that protecting the system has been done with “due
diligence.”

It is important to realize that these two security goals are
separate and potentially conflicting. It may be necessary to
work towards the latter the goal and that is often more a legal
and bookkeeping question than a technical one. It is also beyond
the scope of this work.

51

D Handling the Press

Often media inquiries can absorb more time than all of the others
issues in incident handling combined. It is important to
understand this and to use your public affairs office if it
exists. In the excitement, people, especially those who are not
experience speakers will often forget that they are not empowered
to speak for the center and that nothing is ever really said,
“Off the record.”

D.1 Spin Control

The phrase “Spin Control” was first used in political circles.
It refers to altering the perceptions about an incident rather
than the delaying with the facts of the incident themselves.
Consider the two statements.

1. To keep our machines safe, we decided to disconnect them
from the network.
2. We were forced to shut down our network connections to
prevent damage to our machines.

I have found that the giving the press a state like the former
tends to produce a laudatory piece about one’s staff while a
statement like the latter, produces an embarrassing piece. The
two statements are of course essentially identical.

Your public affairs group is probably familiar with these issues
and can help you form press statements

D.2 Time Control

With a sufficiently large incident, the media attention can
absorb almost unbounded amounts of time. The press will often
call employees at home. It is important the staff that are
solving a problem understand that the solving the incident is
more important that dealing with the press. At the very least
insist that all press representatives go through the public
affairs often so that the standard questions can be easily and
time-efficiently be answered.

52

D.3 Hero Making

The press likes to find outstanding heroes and villains. As a
result, the media will tend to make one of your staff members
into a hero if at all possible from them to do so. It is more
likely than not that the Hero will not be the person who has
worked the hardest or the longest.

D.4 Discouraging or Encouraging a Next Incident

The attention that an incident receives greatly affect the
likelihood of future incidents at that particular site. It
probably also influences the decision process or potential future
crackers in the community at large. Claiming that your site is
invulnerable is an invitation to a future incident. Giving the
media step by step instructions on how to break in to a computer
is also not a wonderful idea.

I (personally) suggest stressing the hard work of your staff and
the inconvenience to the legitimate users and staff members. To
the extent practical portray the cracker as inconsiderate and
immature and try to avoid making him seem brilliant at one
extreme or the attack seem very simple at the other.

D.5 Prosecution

If you considering prosecution, you need to consult with your
legal counsel and law enforcement official for advise on press
handling.

D.6 No Comment

One common strategy for avoiding (or at least bounding) time loss
with the press is to simply decline to comment on the situation
at all. IF you are going to adopt this approach, your public
affairs office can advise you on techniques to use. It is
important to tell everyone who is involved in the incident that
they should not discuss the situation; otherwise people will leak
things accidently. Also, without correct information from your
center, the press may print many inaccurate things that represent
their best guesses.

53

D.7 Honesty

I recommend against trying to mislead the press. It is hard to
keep a secret forever and when and if the press finds that you
have lied to them, the negative coverage that you may receive
will probably far exceed the scope of the actual incident.

54

E Object Code Protection

To keep object code safe from human attackers and virus, a
variety of techniques may be employed.

Checksums. Saving the checksums of each of the system files in a
protected area an periodically comparing the stored checksum
with those computed from the file’s current contents is a
common and moderately effective way to detect the alteration
of system files.
Source Comparisons. Rather than just using a checksum the
complete files may be compared against a known set of
sources. This requires a greater storage commitment.

File Properties. Rather the computing a checksum, some facility
store certain attributes of files. Among these are the
length and location on the physical disk. While these
characteristics are easy to preserve, the naive attacker may
not know that they are important.

Read-Only Devices. Where practical, the system sources should be
stored on a device that does not permit writing. On many
system disk partitions may be mounted as “Read-Only.”
Dates. On many systems the last modification date of each file is
stored and recent modifications of system files are reported
to the system administrator.

Refresh. Some system automatically re-install system software
onto there machines on a regular basis. Users of TRACK
often do this daily to assure that systems have not be
corrupted.

55

F The Joy of Broadcast

The majority of the local area nets (LAN’s) use a system called
broadcast. It is somewhat like screaming in a crowded room.
Each person tends to try to ignore messages that weren’t meant
for them.

In this type of environment, eaves-dropping is undetectable.
Often passwords are sent unencrypted between machines. Such
passwords are fair game to an attacker.

Various cryptographic solutions including digital signature and
one time keys have been used to combat this problem. Kerberos,
developed at the MIT Athena project is available without cost and
presents one of the few promising potential solutions to the
broadcast problem.

56

G Guest Accounts

The computer center guest policy is among the most hotly debated
topics at many computer centers. From a security standpoint, it
should be obvious that an attacker who has access to a guest
account can break into a computer facility more easily.

G.1 Attack Difficulty Ratios

Basically it is a factor of ten easier to break into a machine
where you can easily get as far as a login prompt that one where
you can’t. Being able to reach the machine through a standard
networking discipline and open connections to the daemons is
worth another order of magnitude. Access to a machine that is
run by the same group is worth another factor of three and access
to a machine on the same LAN would grant a factor of three beyond
that. Having a guest account on the target machine makes the
attack still another order of magnitude easier.

Essentially, having a guest account on the target simplifies an
attack at least a thousand fold from having to start cold.

G.2 Individual Sponsors

I strongly suggest requiring each guest to have an individual
staff sponsor who takes responsibility for the actions of his
guest.

G.3 The No Guest Policy

In centers that prohibit guests, staff members often share their
passwords with their guests. Since these are generally
privileged accounts, this is a significant danger.

57

H Orange Book

You have doubtlessly by now heard of the “Orange Book” and
perhaps of the whole rainbow series.

Much of the “Orange Book” discusses discretionary and mandatory
protection mechanism and security labeling. Another section
deals with “covert channels” for data to leak out. While most
of these issues are not important in a university, the ideas of
protecting password files (even when encrypted), individual
accountability of users and password aging are worth implementing
in an unclassified environment.

58

I Acknowledgements

— Help of a lot of people. — copies were sent out to 48 people
for peer review

Jerry Carlin. For examples from his training course.
Joe Carlson. For help with spelling and grammar.

James Ellis. For help with organization.

Alan Fedeli.
Paul Holbrook. For help getting this document distributed.

David Muir. For help with spelling, grammar and comments about
computer games.

Kevin Oberman. For help with VMS issues, spelling and grammar.
Mike Odawa. For help with the microcomputers section.

59

PC Pursuit and Telenet Local Access Numbers

PC PURSUIT AND TELENET LOCAL ACCESS NUMBERS

FOR THE MOST UP-TO-DATE LISTING OF THE PC PURSUIT U.S. ACCESS
TELEPHONE NUMBERS, DO THE FOLLOWING:

1. USE A MODEM TO DIAL 1-800-424-9494 WITH PARAMETERS SET AT
7-E-1.

2. TYPE THREE CARRIAGE RETURNS (CR) (CR) (CR)

3. INPUT YOUR AREA CODE AND LOCAL EXCHANGE

4. YOU WILL THEN RECEIVE THE PROMPT SIGN “@”

5. THEN, TYPE:
MAIL (CR)
USER NAME: PHONES (CR)
PASSWORD: PHONES (CR)

———————————————————————

WHY USE PC PURSUIT?

Are you tired of poor quality lines and large phone bills from
using regular phone service to dial long-distance with your modem?

USE PC PURSUIT !!
– And get high quality data transmission using Telenet’s
Public Data Network,

– PLUS- SAVE, SAVE, SAVE on those long distance phone bills!
Just look at the COST SAVINGS as shown in the charts below:

LONG DISTANCE DATA-COMM. COST COMPARISONS

EVENING/WEEKEND ^ BUSINESS DAY – COST PER HOUR
^
300 + Direct–> / ^ |—————————–+
| Dial / ^ | DIRECT DIAL (AVG) |
MONTHLY + / ^ |—————————–+
PHONE | / ^ |
BILL 200 + / ^ |——————-+
$ | / ^ | WATS |
+ / ^ |——————-+
| / ^ |
100 + / ^ |————+
| / ^ | PC PURSUIT |
+ / PC Pursuit ^ |————+
25 |-/————- ^ |
0 +/-+–+–+–+–+ ^ +—–+—–+—–+—–+—–+
5 15 25 ^ 5 10 15 20 25
^
HOURS PER MONTH ^ $ COST PER HOUR
^
————————————————————————–
AUGUST 1986

Welcome to PC Pursuit! – and here is your copy of the first PC Pursuit
newsletter. We have now formed a PC Pursuit User Group, and all
PC Pursuit subscribers are charter members. You will receive this
newsletter at least 6 times a year and it will keep you updated on
PC Pursuit – ie. adding new cities, adding 2400 bps and other
enhancements, and good BBS/database numbers to dial.

HEADLINE NEWS MACRO & COMMAND FILES
***************
Several good command files and
* Ports expanded macro’s have been developed
* Local exchange list available to make logging on to PC
* More cities coming Pursuit even easier. Most
* 2400 bps available soon require that you just edit in
* Improved response codes your personal ID and PW and
* Improved protocols for file transfer then away you go. A good one
* We will be visiting several for Procomm users is called
User Groups Pursuit.cmd and is available
on the Net-Exchange BBS at
(see below for more details) (703) 689-3561. (Accessible
also thru PC Pursuit 202 area).

WE NEED A NAME! A contest is now underway to select a good name for
this newsletter – and the prize will be a $25 credit on your next
month’s PC Pursuit bill. So get creative – and earn that credit!
You can either input your entries on the On-line User Guide (in a
message to the sysop – and leave your name & phone), or you can
mail your entries to: Telenet, PC Pursuit – HQ24E, Sunrise Valley Drive,
Reston, Va. 22096. All entries must be received no later than
September 15, 1986.

EXPANDED PORTS
—————-
When we announced the enhanced PC Pursuit service in June, 1986, we
suddenly were flooded with many new registrations, which resulted in
much more traffic and sometimes the requested city was “busy”.
So, from July 23 to Aug 13, we expanded the PC Pursuit ports in each
city. It takes us about 3 weeks from the time we identify a busy
location to expand capacity there — but we are regularly watching
the traffic patterns and volumes in each city to provide you the
best possible service performance.

MORE IMPROVEMENTS COMING LOCAL EXCHANGE LIST AVAILABLE

You will be pleased to know that A list of the outward dialing
this Fall, several additional local exchanges for each of
improvements will be coming: the 14 PC Pursuit cities is
now available. Call the
– 2400 bps service On-line BBS at (800) 835-3001
– Improved outdial response messages or the Net-Exchange BBS at
(ie. No Answer, No Carrier, …) (703) 689-3561 and d-load the
– Improved protocols for file transfer EXCHLST1 and EXCHLST2 file today.
– More cities — tell us on the We hope to keep this list up to
User Guide which ones you want date based on the info we get
to dial to! from the telephone companies.
Let us know if you find any
corrections.

SOME GOOD BBS #’S TO TRY FACTS – DID YOU KNOW ??

212 989-2696 N.Y. MICRO CONNECTION * Telenet handles over 10 million
213 694-2044 MISSION CONTROL BBS data calls per month, with over
201 330-0613 PLEASURE DOME (300 BPS) 1 million connect hours/month.
312 280-8764 INDIVIDUAL INVESTORS
312 598-0525 SPORTSFIDO * Each month, Telenet transmits
415 322-3213 CHANNEL 64 BBS over 1 billion packets of data,
617 536-1917 PC WEEK BBS or the equivalent to 28 million
617 489-4930 BOSTON CITINET typed pages.
703 689-3561 NET-EXCHANGE
202 377-3870 U.S. DEPT OF COMMERCE * PC Pursuit uses the same high-
213 474-0270 WHAT TO DO/BUY IN L.A. quality X.25 data lines in
212 696-0360 PC MAGAZINE the Public Data Network as used
703 698-8230 ARQUIMEDES by Telenet’s other major
404 928-1876 ATLANTA GETAWAY corporate customers.
202 775-6738 NAT’L GEOGRAPHIC BBS
215 276-5177 GARDEN WORKS

GIVE US YOUR QUESTIONS/COMMENTS — NUMBERS TO CALL FOR INFO/HELP:

–> What additional cities do you (800) 835-3001 – On-line BBS
want to dial to? User Guide (24 hrs)

–> What are your favorite BBS’s (800) 368-4215 – PC Pursuit info,
or databases accessible registrations (voice, 8-5pm)
across PC Pursuit?
(800) 336-0437 – Customer Service
–> ENTER YOUR COMMENTS ON THE – for help with accessing and
ON-LINE USER GUIDE. THANKS! using the Telenet Network

BEST FROM THE BBS ON-LINE GUIDE — (800) 835-3001

“I’ve been a subscriber to PC Pursuit for several months now and find
the service fantastic… my BBS addiction has never been so well fed.”
– Clifford Gilmore

“Hey–things are looking up! Congratulations! I left you a few messages
about busies, but now it seems with the additional ports that it works
much better. Keep up the good work.
I recently started using the Y-modem protocol and it runs about 95% of
the calculated speed. You might suggest to your users that they use
Y-modem anytime they can because it is MUCH faster than X-modem. The
reason is that Y-modem sends 1024 byte blocks instead of the 128 byte
blocks of X-modem. Thus, there is much less need for hand-shaking
between the two computers. Y-modem is available on QMODEM and PROCOMM
comm. software, and also on many BBS’s.”
– Birk Binnard

“I am from Milwaukee and my wife is going to kill me if she sees
another $200 phone bill. I have friends facing the same predicament.
Pursuit is just what I need!”
– (name withheld to protect the husband…)

************************************************************************
* *
* AND HAPPY BIRTHDAY PC PURSUIT. ON AUG. 7, 1986, PC PURSUIT WAS *
* ONE YEAR OLD – AND IT IS GROWING AND EXPANDING MORE! *
* *
************************************************************************

FILE TRANSFERS – BITS & BYTES TECHNICAL QUESTIONS ?

You have probably learned by now that Call the NET-EXCHANGE BBS at
to access the Telenet network, you need (703) 689-3561 for some good
to use parameter settings of 7 data bits, messages from/to other PC
Even parity, and 1 stop bit,… but you Pursuit users and also to
can STILL do 8-bit file transfers across ask questions to the PC
PC Pursuit. You can switch to 8 data Pursuit team. Questions are
bits, No parity, and 1 stop bit if needed read and responded to at least
to do file transfers with XMODEM or other weekly on that BBS, and it
8-bit protocols. The best place to change is a great place to exchange
your parameter settings is just after you good info about other BBS’s
get the DIALXXX/XX CONNECTED response from accessible through PC Pursuit.
PC Pursuit; you will then be logging on to
your target BBS at the parameter settings (The Net-exchange BBS can
required by that BBS. Some communication also be accessed through
packages, such as Procomm, will automatically the PC Pursuit 202 area at
change your parameters once the file transfer 689-3561).
is initiated.
—————————————————————————-

How To Use PC Pursuit Service
—————————–

Placing a PC Pursuit Call
————————-

* Use a modem to dial your local Telenet access telephone
number with parameters settings of 7-E-1. You can switch
later to 8-N-1 after step 5 for file transfers (see ACCESS
File to obtain your access number).

* Type two CARRIAGE RETURNS (CR) (CR)

Telenet Prompt User Input Comments
======================================================================

(1) Terminal = D1 (CR) Input Terminal ID.
D1 is typical for
PC’s. If not known,
type CR.

(2) @ C DIAL212/12,YOUR ID (CR) Type area code desired,
modem speed and your
user ID. (Note that
/3 = 300 bps, and /12 =
1200 bps).

(3) PASSWORD = PASSWORD (CR) Enter user Password

(4) DIAL 212/12 Connected to target
CONNECTED city outdial modem.

(5) ATZ Type ATZ (in upper case)

(6) OK Modem responds as cleared.

(7) ATDT 7654321 Type ATDT (in upper case)
and the 7-digit number
you wish to dial.

(8) CONNECT (CR) (CR) You are now connected to
the computer that you
dialed. Procees as if
the number was dialed
directly.

NOTES:
—–

1. If the connection was not made, a BUSY will be seen within 30
seconds. The BUSY message means that the number dialed was either
busy, not in service, or an invalid attempt to dial more than 7
digits. A BUSY will also be seen after disconnecting from the
host computer, but you can dial another number by starting again
at the fifth step and typing ATZ and dialing the number.

2. PC Pursuit uses standard HAYES dialing commands, which enable
you to type the A/ (no CR) command to redial the previously
dialed number.

3. When a typing mistake is made in the second and third steps,
the log-on must be re-entered.

To Disconnect from PC Pursuit
—————————–

Telenet Prompt User Input Comments
======================================================================

(CR) @ (CR) Escape to Telenet
command level.

@ D (CR) At the @ sign,issue
disconnect command.

DIAL212/12 Disconnect from the
DISCONNECTED target city complete.
User is still connected
to Telenet at the local
dial-up city. A PC Pursuit
can now be placed to
another city.

NOTES:
——

1. To DISCONNECT FROM TELENET, log off your computer as usual, or
hang-up.

======================================================================
T H E E N D
======================================================================



PC-Pursuit Outdialing System: The Complete Guide, by Digital Demon of the Modernz, 1992

><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
*********************************************************
* *
* PcPursuit Outdialing System *
* The Complete Guide *
* *
* *
* Another Modernz Presentation *
* *
* by *
* Digital-demon *
* *
* (C)opyright January 26, 1992 *
* *
*********************************************************

*********************************************************
The Modernz can be contacted at:

MATRIX BBS
WOK-NOW!
World of Kaos NOW!
World of Knowledge NOW!
St. Dismis Institute – Sysops: Wintermute & Digital-demon
(908) 905-6691
(908) WOK-NOW!
(908) 458-xxxx
Home of Modernz Text Philez
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>

TANSTAAFL
The Church of Rodney – Sysop: Tal Meta
(908) 830-7960
Home of TANJ Text Philez
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
*********************************************************
Also can be reached at :

Hellfire BBS – SANctuary World HQ
Sysop: Red
(908)495-3926

*********************************************************
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>

Well this file has been several months in the making,
most hackers/phreakers are looking for anything at all
on outdials…This is a compilation of everything I
have ever gotten a hold of or learned as to pcpursuit
outdials…If you are looking for other types of outdials
I may get around to writting a phile on them as well, but don’t hold your breath…if there is something you can’t
find in this phile, feel free to get in touch with me and
I will help you if I can.

_-Demon

P.S. Salutations and Greetings to all that know me,
if yah don’t…then I could care less.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

PC PURSUIT
———-

With PC PURSUIT, you can explore a wealth of free resources and even
discover more uses for your PC. In any of the locations accessible to
PC PURSUIT, you have the ability to:

* communicate with friends and associates on-line,

* download and upload public domain software from
thousands of Bulletin Board Systems in the 34 PC
PURSUIT cities,

* research professional projects and personal hobbies
through free databases, and

* shop and advertise in electronic catalogs.

The features and benefits offered by PC PURSUIT SERVICE include:

Portability:

————
Because the service is widely accessible, you can use
PC PURSUIT at home, at the office, or traveling.

Accessibility:
————–
The service can be accessed from nearly 9000 local
telephone exchanges via the Sprint network. You can
dial thousands of free databases at 300, 1200, and 2400
bps in 34 major cities across the nation, 24 hours a day.

Convenient Billing:
——————
All PC PURSUIT service charges are billed directly to
your VISA, MASTERCARD, DISCOVER or AMERICAN EXPRESS account;
or automatically debited from your checking account.

Nonstop Support:
—————
As with all other Sprint services, The Sprint Network
Control Center provides 24-hour management to ensure
reliable data transmission. Customer Service is available
to handle problem system problem reports 24 hours a day
at 1-800-336-0437.

START SAVING TODAY AND JOIN THE THOUSANDS OF PC USERS FROM COAST TO
COAST WHO ARE ALREADY ENJOYING THE COST-EFFECTIVE WORLD OF PC
COMMUNICATIONS THROUGH PC PURSUIT. CALL TO REGISTER AT 800-736-1130
(voice) OR 800-877-2006 (modem).

——————————————————————————-

4/12/89

We have installed a new version of TPBBS which corrects some
of the file transfer problems of the past. In the instructions
below, the only reason for using the SET commands is if you
need to escape to the PAD to issue additional commands. Downloads
now appear to work at 8-N-1 w/o having to issue 2:0,4:1. Uploads
are still restricted to 7-E-1 Kermit.

——————————————————————

Many of you have indicated that you have been having problems
with file transfers to and from this BBS. First, file uploads
have been disabled pending resolution of a bug report submitted
to Sun regarding problems with their X25 package. File downloads
on the other hand, are possible if you use the following
procedure:

– call SprintNet at 8-N-1 and use the correct hunt/confirm
sequence to wake up the port (see hunt.txt in the pcp
file area)

– use or D1 at the TERMINAL= prompt
– enter: SET 0:0,57:1,63:0
– enter: C PURSUIT
– when you get the CONNECTED message, immediately enter:

@

– you will see TELENET and the @
– enter: SET 2:0,4:1
– enter: CONT
– and the BBS will display (or finish displaying) the
initial welcome message

After you do your file transfer, you may find that you have lost
your character echo. If this happens, enter;

@
SET 4:1
CONT

If you are not going to be doing file transfers, you can call in
using 7-E-1 and ignore all the SET commands. We regret the
complexity of the logon procedures, but we’re hoping that Sun
will be able to supply us with a version of the X25 package which
will work better in our environment.

PC Pursuit Technical Coordinator

——————————————————————————-

There are a number of questions that are asked repeatedly on
this BBS….here are the answers to some of them:

Q: I used to be able to do file transfers at a reasonable speed.
Now my file transfers go at a snail’s pace or fail entirely. What’s
going on?
A: We have had a team of engineers looking into the file transfer problems.
They have found and corrected a network problem which appears to have
been affecting file transfers. This change has been implemented
everywhere we have outdials. In general, both uploads and downloads
should go much more efficiently now. If any additional problems are
found or the engineers have additional suggestions for how to improve
your transfers, that information will be posted here.

Q: This BBS is always busy…can I download the files in your PURSUIT
file area and post them on *my* BBS so that other customers can
get to them easier?
A: Yes…If you decide to do that though, please try to make sure that
the information you post is kept up to date.

Q: I’m having problems with file transfers….what do I do?

A: First, take a look at the file TIPS.TXT in the PURSUIT file
area. Also, if you’re more technically oriented, there are
other .TXT files in that file area (such as TELE_ITT.TXT and
X3_ITI.TXT) which you may find useful.

Q: I’ve looked at TIPS.TXT and am still having problems…now what?
A: Leave a public message in the GENERAL message area indicating your
hardware and software configuration and a short but complete
description of the problem. There are many users on this BBS
(both Sprint employees and other customers) who are very knowledgeable
about the service who will be glad to assist.

Q: I can’t get through to the Net Exchange at night but I’ve been told
this is where to go for help with the service. What now?
A: As long as you call the Net Exchange using “C PURSUIT”,
the call to this BBS is free 24 hours a day, 7 days a week. The
BBS may be down for short periods during the day for maintenance
but it’s available at most other times.

Q: Occasionally, I have problem accessing an outdial during the weekend
for a short period of time, what could cause such an intermittent
outage?

A: You may be experiencing an outage due to reload. Reloads
occur in order to perform required maintenance and table changes
on the SprintNet network.
There are three time periods when TP reloads are scheduled.

Saturday (00:00 – 08:00 local time)
Sunday (00:00 – 08:00 local time)
Monday (00:00 – 08:00 local time)

Q: Where do I request new in-dial and out-dial rotaries?
A: If you have a request for a new in-dial site or a new speed in an
existing site, leave a message to our product manager. Requests for
new outdial sites should be composed via questionnaire #6.

Q: Where can I leave an ad for my BBS so others will call me?
A: All ads for BBSs should be left in the BBS message area.

Q: Other than PURSUIT and the outdial rotaries, can I use my PURSUIT
account to access other services through Sprint?
A: Yes, there are a number of direct connect BBS services that are
available with your PURSUIT account. These include PORTAL and PLINK.
You are charged for these services just like you are for using the
outdial rotaries.

Q: What does the DISCONNECT message mean?
A:
####### DISCONNECTED 00 40 00:00:02:39 143 16
^ ^ ^ ^ ^ ^ ^ ^ ^
| | | | | | | | |
| | | | | | | | +– Packets from user
| | | | | | | +—– Packets to user
| | | | | | +——— Seconds connected
| | | | | +———— Minutes connected
| | | | +————— Hours connected
| | | +—————— Days connected
| | +——————— Clearing diagnostic
| +———————— Clearing cause
+——————————————- Remote address

(thanks to Vann Hall for supplying this information)

——————————————————————————-

Dear PC Pursuit Customers:

Based on a request for clarification from the Product Management
message area, please note the following information:

1. Calls of 90 seconds or less will not be billed.

2. Usage is rounded to the next minute for the purpose of
calculating total usage on each connection. This means
that a call of 11:59 minutes will rounded to 12 minutes.

3. All calls are subject to a minimum call duration of two
minutes unless they are 90 seconds or less. This means a
1:29 minutes call will not be billed, but a call of 1:31
minutes will be billed as a two minutes call.

4. Calls that begin on the last day of the month and do not
terminate until after midnight will be billed in the ending
month and treated as that month’s current usage for purposes
of computing minimum usage charges.

——————————————————————————-

PC BUSINESSCALL

——————————————————————————-

PC BusinessCall is designed for professionals and for small-
to medium-sized businesses that typically spend between 5 to 300
hours per month accessing PCs, bulletin boards or host computers
by dialing long distance. Using the Sprint Public Data Network
to carry the long distance portion of data calls, PC BusinessCall
saves customers up to 75% off their monthly long distance
charges.

Sprint is offering PC BusinessCall in two pricing packages:
the Initiator Program for intermittent low-volume users, and the
Professional Program, which offers maximum discounts to customers
with consistent monthly usage. The Professional plan requires a
$95 per month minimum, but this $95 prepays for the user’s first
$175 of usage per month.

The Initiator plan has a $10./month account fee, plus rates
ranging from $2.95/hr to $7.50/hr for basic service. Rates are
higher for US Outdial (OutWATS) or Dial-in WATS. For the

Professional plan, the user has no $10./month account fee.
Instead, a $95./month monthly minimum prepays the user’s first
$175. of standard usage (not including US Outdial or In-WATS).
Professional rates are also lower, ranging from $2.50/hr to
$6.95/hr for basic service.

INITIATOR:

$50.00 one-time signup fee
$10.00 monthly account fee

7.50/hr peak time usage
5.50/hr prime time usage
2.95/hr non-prime usage

10.00/hr prime time US Outdial
6.50/hr non-prime US Outdial

7.75/hr WATS Dial-in surcharge (prime time)
5.50/hr WATS Dial-in surcharge (non-prime)

PROFESSIONAL:

$50.00 one-time signup fee
$95.00 monthly minimum

6.95/hr peak time usage
4.95/hr prime time usage
2.50/hr non-prime usage

9.00/hr prime time US Outdial
5.75/hr non-prime US Outdial

7.00/hr WATS Dial-in surcharge (prime time)
5.00/hr WATS Dial-in surcharge (non-prime)

PC BusinessCall uses the Sprint Public Data Network to
access remote computers equipped with 300 bps, 1200 bps or
2400 bps auto-answer modems.

To use this service, a customer has his PC or terminal dial
a local telephone number to connect to the Sprint Public Data
Network. Local access is provided from more than 18,000 cities
and towns in the United States. The user enters the destination
city, and then enters a command for dialing the local phone
number of the system he is accessing. A special outdial modem on
the network then completes the call and connects the user to the
database, remote PC or other information source of his choice.

At present, PC BusinessCall is available for accessing
systems in the local calling area of 34 major cities in the
continental U.S., with additional expansion planned for 1990.
Access is provided to all other locations in the continental
U.S. through US Outdial calling.

Besides calling regional information systems, remote PCs, or
private computer systems, applications of PC BusinessCall include
retail store polling, collecting inventory or sales updates,
customer order delivery, hotel and airline reservation systems,
telex delivery, automated data back-up and recovery services, and
many more.

——————————————————————————-

Restrictions regarding BBS access are generally done at the
request of Sprint Network Security or TELCO. It is not Sprint’s
intent to censor our customers; however, we do want to protect
customer ID’s and passwords. If a BBS is posting user ID’s
we will restrict access. We do not shut down an entire exchange to
restrict a BBS.

——————————————————————————-

10/8/91

Dear PC Pursuit customers

We are pleased to announce a new outdial
city. The city is:

New Orleans, LA

This city supports both 1200 and 2400 baud
modems, and its mnemonic addresses are:

D/LANOR/12 for 1200 baud
D/LANOR/24 for 2400 baud

Product Management

——————————————————————————-

03/01/91

Dear Customers:

The following bulletin contains information relevant to three of
the most frequent and “popular” file transfer questions we receive
from our customer base. Special thanks to Vann Hall from Tech
Support, and Ben Chen from Product Marketing, for making this
bulletin possible.

Thanks,
Paul Golder
Outdial Product Management

QUESTION 1:

“If most file transfers don’t allow flow control, then why is the
default setting: “Enables flow control?”

ANSWER 1:

Because people use PC Pursuit for many things other than file

*** Depress a key to continue ……..
transfer — sending messages, reading text files, etc. — that work
best with flow-control enabled. In addition, the file transfer
protocols that perform the best across SprintNet, like ZModem, are
designed to be used with flow-control.

QUESTION 2:

“I sometimes experience problems with large file transfers — any
thoughts why?

ANSWER 2:

Note: Additional info on file transfers can be found in the “How
to Use US Sprint’s PC Outdial Services” user guide, and in the file
section of this BBS.

In brief, the network can handle data rates of 2400 baud — and
far greater — with no problem. A datascope or other such measuring
tool will show data flowing at that rate. What users see as delay,
though, is the time lag caused by packetizing data.

For instance, every XModem block contains 131 bytes: 128 data
bytes and three overhead/management bytes. When the transmitting PC
sends the block, the network takes the first 128 bytes received and
sends it across the network as a full packet of data. In the
meantime, the PC sends the remaining three bytes. The network
equipment then waits a predetermined period of time before
deciding the PC has nothing more to send before it packetizes
the remaining three bytes and sends them along.

The timeout value (called the “idle timer”) is 0.1 seconds. That
is, if the PC has not sent enough bytes to fill a network packet
(128), the network equipment will wait 0.1 of a second before
sending the data. At 2400 baud, this delay immediately reduces
effective baud rate by 240 bps.

On the other side of the connection, the receiving PC has to send
a one-byte acknowledgement/unacknowledgement of the XModem block.
This ack/unack character also has to wait in the network PAD’s
buffers for 0.1 second before being forwarded, an effective baud
rate of 100 bps.

Compounding this situation is the fact that the network induces

some delay on an end-to-end transmission. This delay is usually
less than 0.25 seconds round-trip. With data flowing mainly one
direction or the other, the delay is unnoticeable — if you’re
sending 1 Mb of data, an additional quarter- or half-second is
nothing. However, if each end of the connection has to talk,
alternatingly, every so often, the delay affects each turn-around.

That’s why the best protocols for PC Pursuit are those like
ZModem, which calls for the receiving station to transmit only when
an error is seen and not to positively acknowledge every block, or
those like Windowed Xmodem or Windowed Kermit. These latter
protocols allow the transmitting PC to send several blocks of data
before having to receive an acknowledgement for the first block
sent. Since the acknowledgement for the first block and the data
for, say, the third block often “pass” each other in the network,
the PCs can maintain an effectively uninterrupted data flow.

QUESTION 3:

“What can I do to eliminate the message “POSSIBLE DATA LOSS?

ANSWER 3:

POSSIBLE DATA LOSS messages (PDLs) are sent to warn the user that
data may have been lost as a result of an X.25 reset occurring
within the network. In most cases for PC Pursuit, the result is
occurring internally within the network PAD equipment at either end
of the connection.

To reduce the chances of receiving a PDL, flow-control should be
enabled at both ends of the connection, and the user should not try
to mismatch speeds. For instance, a user dialing into the network
at 1200 baud can connect to a 2400-baud rotary and dial out to a
BBS at 2400 baud. Should he try to review data with no flow-control
enabled, data will enter the network at twice the speed they can
exit. Although the network can buffer a certain amount of data,
eventually it runs out of places to stuff bytes on hold, it issues
a reset, and the PDL results.

Also, with flow-control enabled, users may still receive PDLs if
they flow-control a port for too long. Say you’re reading a message
on a BBS, you Ctrl-S during the middle of it to stop it from
scrolling, you get up for a moment: When you get back, you may see
a PDL. What has happened is that buffers have gone unused for a
while, and the PAD resets the link just in case the problem is
internal to it.

To enable flow-control at both ends of the VC, users must issue
both a SET? and an RST? command. Parameters 5 and 12 should both be
set to a value of 1 at each end of the VC.

——————————————————————————-

NEW ACCESS CENTERS AND RECENT CHANGES
———————————————————————-

NEW DOMESTIC ASYNCHRONOUS ACCESS CENTERS
———————————————-
EFFECTIVE AREA
ST DATE CODE ACCESS CENTER 300-2400 BPS CLASS
—————————————————————–
CA 7//91 (805) ancaster 949-7396 B
CA 7/3/91 (714) Saddle Brook Valley 458-0811 B
IN 7/3/91 (317) Richmond 935-7532 B
MS 7/3/91 (601) Port Gibson 437-8916 B
NC 7/3/91 (919) Burlington 229-0032 B
SC 7/3/91 (803) Florence 669-0042 B
SC 7/3/91 (803) Myrtle Beach 626-9134 B

NEW 2400 DOMESTIC ASYNCHRONOUS ACCESS CENTERS
—————————————————
EFFECTIVE AREA

ST DATE CODE ACCESS CENTER 2400 BPS CLASS
———————————————————————-
FL 7/3/91 (407) Boca Raton 338-3701 B
IN 7/3/91 (812) Bloomington 331-8890 C
ME 7/3/91 (207) Portland 761-9029 C
MA 7/3/91 (508) Brockton 588-3315 B
NC 7/3/91 (919) Tarboro 823-7459 C
SC 7/3/91 (803) Spartanburg 585-9197 B
SD 7/3/91 (605) Rapid City 348-2048 C
TX 7/3/91 (915) Abilene 672-2280 B
TX 7/3/91 (903) Athens 677-1712 C
TX 7/3/91 (409) Bryan 779-0713 C
TX 7/3/91 (903) Longview 758-1161 C
VT 7/3/91 (802) Burlington 864-5485 B
WA 7/3/91 (206) Tacoma 383-2233 B

——————————————————————————-

____________________________________________
| |
| NEW 800 NUMBERS FOR PC OUTDIAL SERVICES |
| |
——————————————–

To better serve you, Our Telemarketing Department has been
reorganized, and can be reached by a new 800 number for:

* general information regarding PC Outdial Services
* and to register for PC Pursuit and PC BusinessCall.

The toll-free number is:

1-800-736-1130 from 7:00 a.m. – 7:00 p.m. (CST)
Monday through Friday

You can also register online for PC Pursuit by calling our
PC-PURSUIT BBS at:

1-800-877-2006 (24 hours a day)

Thank you very much,

Product Management
12/03/1990

——————————————————————————-

PC Pursuit Service Availability
——————————–

PC Pursuit can be used to access local numbers in the
following cities. Note that not all exchanges in a
given area code are accessible via PC Pusuit! For a
list of exchanges in the individual cities,
please see the exchange lists.

Example of use:

C D/DCWAS/12,,

City Code City Entries
————————– —- ————-

Ann Arbor, MI 313 D/MIAAR/12
D/MIAAR/24

Atlanta, GA 404 D/GAATL/3

D/GAATL/12
D/GAATL/24

Austin, TX 512 D/TXAUS/12
D/TXAUS/24

Boston, MA 617 D/MABOS/3
D/MABOS/12
D/MABOS/24

Chicago, IL 312 \ D/ILCHI/3
708 > D/ILCHI/12
815 / D/ILCHI/24
(for 708, must use 1708 + phone number)
(for 815, must use 1815 + phone number)

Cleveland, OH 216 D/OHCLE/3
D/OHCLE/12
D/OHCLE/24

Colton, CA 714 D/CACOL/3
D/CACOL/12

D/CACOL/24

Columbus, OH 614 D/OHCOL/12
D/OHCOL/24

Dallas, TX 214 \ D/TXDAL/3
> D/TXDAL/12
817 / D/TXDAL/24
(for 817, must use 817 + phone number)

Denver, CO 303 D/CODEN/3
D/CODEN/12
D/CODEN/24

Detroit, MI 313 D/MIDET/3
D/MIDET/12
D/MIDET/24

Glendale, CA 818 \ D/CAGLE/3
> D/CAGLE/12
213 / D/CAGLE/24
(for 213, must use 1213 + phone number)

Hartford, CT 203 D/CTHAR/3
D/CTHAR/12
D/CTHAR/24

Hempstead, NY 516 D/NYHEM/12
D/NYHEM/24

Houston, TX 713 D/TXHOU/3
D/TXHOU/12
D/TXHOU/24

Indianapolis, IN 317 D/ININD/12
D/ININD/24

Kansas City, MO 816 \ D/MOKCI/3
> D/MOKCI/12
913 / D/MOKCI/24

Los Angeles, CA 213 \ D/CALAN/3
> D/CALAN/12
818 / D/CALAN/24

(for 818, must use 1818 + phone number)

Miami, FL 305 D/FLMIA/3
D/FLMIA/12
D/FLMIA/24

Milwaukee, WI 414 D/WIMIL/3
D/WIMIL/12
D/WIMIL/24

Minneapolis, MN 612 D/MNMIN/3
D/MNMIN/12
D/MNMIN/24

Newark, NJ 201 \ D/NJNEW/3
> D/NJNEW/12
908 / D/NJNEW/24
(for 908, must use 1908 + phone number)

Memphis, TN 901 \ D/TNMEM/12
601 / D/TNMEM/24
(for 601, must use 1601 + phone number)

New Brunswick, NJ 908 D/NJNBR/12
D/NJNBR/24

New Orleans, LA 504 D/LANOR/12
D/LANOR/24

New York, NY 212 \ D/NYNYO/3
516 \ D/NYNYO/12
718 / D/NYNYO/24
914 /
(for 516, must use 1516 + phone number)
(for 718, must use 1718 + phone number)
(for 914, must use 1914 + phone number)

Oakland, CA 415 D/CAOAK/3
D/CAOAK/12
D/CAOAK/24

Orlando, FL 407 D/FLORL/12
D/FLORL/24

Palo Alto, CA 415 D/CAPAL/3
D/CAPAL/12
D/CAPAL/24

Philadelphia, PA 215 D/PAPHI/3
D/PAPHI/12
D/PAPHI/24

Phoenix, AZ 602 D/AZPHO/3
D/AZPHO/12
D/AZPHO/24
(Some exchanges must use 1602 + phone number
please check AZPHO.xch for details)

Pittsburgh, PA 412 D/PAPIT/12
D/PAPIT/24

Portland, OR 503 D/ORPOR/3
D/ORPOR/12
D/ORPOR/24

Research Triangle Park, NC 919 D/NCRTP/3

D/NCRTP/12
D/NCRTP/24

Sacramento, CA 916 D/CASAC/3
D/CASAC/12
D/CASAC/24
(Some exchanges must use 1 + phone number
please check CASAC.xch for details)

Salt Lake City, UT 801 D/UTSLC/3
D/UTSLC/12
D/UTSLC/24

San Diego, CA 619 D/CASDI/3
D/CASDI/12
D/CASDI/24

San Francisco, CA 415 D/CASFA/3
D/CASFA/12
D/CASFA/24

San Jose, CA 408 \ D/CASJO/3
> D/CASJO/12
415 / D/CASJO/24
(for 415, must use 1415 + phone number)

Santa Ana, CA 714 \ D/CASAN/3
> D/CASAN/12
213 / D/CASAN/24
(for 213, must use 1213 + phone number)

Seattle, WA 206 D/WASEA/3
D/WASEA/12
D/WASEA/24

St. Louis, MO 314 \ D/MOSLO/3
> D/MOSLO/12
618 / D/MOSLO/24
(for 618, must use 1618 + phone number)

Tampa, FL 813 D/FLTAM/3
D/FLTAM/12
D/FLTAM/24

Washington, DC 202 \ D/DCWAS/3
703 > D/DCWAS/12
301 / D/DCWAS/24
(for 703, must use 703 + phone number)
(for 301, must use 301 + phone number)

Note: /3 = 300 bps, /12 = 1200 bps, /24 = 2400 baud

——————————————————————————-

Type CTL-K to skip this

NEW ID/PASSWORD SOFTWARE RELEASE

We just recently implemented a new ID/Password software release on SprintNet.
With this implementation, PC Pursuit and PC BusinessCall IDs will only
allow connections to be made to the following types of network addresses:

— Standard Mnemonic outdial “city codes”
— Those addresses of public “Pursuitable” hosts such as DELPHI.

Calls attempted to numeric rotary addresses (violating the Outdial Terms
and Conditions) will be blocked, and you will receive the message “ACCESS TO
THIS ADDRESS NOT PERMITTED”. Calls to standard mnemonic “city codes” will
see no change in service.

If you experience difficulty in accessing any publicly available(“Pursuitable”)
SprintNet host, please contact us via either this BBS or Tech Support at
1-800-877-5045.

Thanks,

PC Pursuit Management

——————————————————————————-

How To Use PC Pursuit Service
—————————–

Placing a PC Pursuit Call
————————-

* Use a modem to dial your local SprintNet access telephone
number with parameters settings of 8-N-1.

* Type two CARRIAGE RETURNS (CR) D (CR)

Telenet Prompt User Input Comments
======================================================================

(1) Terminal = D1 (CR) Input Terminal ID.
D1 is typical for
PC’s. If not known,
type CR.

(2) @ C D/NYNYO/12,YOUR ID (CR) Type area code desired,
modem speed and your
user ID. (Note that
/3 = 300 bps, /12 = 1200
bps, /24 = 2400 bps).

(3) PASSWORD = PASSWORD (CR) Enter user Password

(4) D/NYNYO/12 Connected to target
CONNECTED city outdial modem.

(5) ATZ Type ATZ (in upper case)

(6) OK Modem responds as cleared.

(7) ATDT 7654321 Type ATDT (in upper case)
and the 7-digit number
you wish to dial.

(8) CONNECT (CR) (CR) You are now connected to
the computer that you
dialed. Procees as if
the number was dialed
directly.

NOTES:
—–

1. If the connection was not made, a BUSY will be seen within 30
seconds. The BUSY message means that the number dialed was either
busy, not in service, or an invalid attempt to dial more than 7
digits. A BUSY will also be seen after disconnecting from the
host computer, but you can dial another number by starting again
at the fifth step and typing ATZ and dialing the number.

2. PC Pursuit uses standard HAYES dialing commands, which enable
you to type the A/ (no CR) command to redial the previously
dialed number.

3. When a typing mistake is made in the second and third steps,
the log-on must be re-entered.

To Disconnect from PC Pursuit
—————————–

Telenet Prompt User Input Comments
======================================================================

(CR) @ (CR) Escape to SprintNet
command level.

@ D (CR) At the @ sign,issue
disconnect command.

D/NYNYO/12 Disconnect from the
DISCONNECTED target city complete.
User is still connected
to SprintNet at the local
dial-up city. A PC Pursuit
can now be placed to
another city.

NOTES:
——

1. To DISCONNECT FROM SPRINTNET, log off your computer as usual, or
hang-up.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Equipment and Software Requirements
———————————–

To use PC PURSUIT, all you need are —

– a telephone line
– a modem – 300 or 1200 bps
– a terminal or a PC with asynchronous communications software

PARAMETERS:
———–
Communication parameters for your hardware should be set-up
consistent with the PC or BBS or host computer you wish to dial.

FILE TRANSFERS:
—————
Most transfer protocols are compatible with PC PURSUIT.
Across SPRINTNET’S Public Data Network, PC PURSUIT transmits
data utilizing 8 bit transparency. Due to XMODEM’S use of
single block by block acknowledgement of data sent, XMODEM
file transfers can take slightly longer. There are
however, more efficent transfer protocols such as KERMIT,
SUPER KERMIT and YMODEM.

You can now dial into SprintNet as 7-E-1 or 8-N-1. If you dial
in at 7-E-1, you can switch your parameters to 8-N-1 with
your software to prepare for a file transfer. Or, dial
SprintNet at 8-N-1 to begin with, using these steps —

1) Dial your SprintNet local access number with your settings
at 8-N-1.

2) Enter (cr) D (cr)

3) At “Terminal = “, enter D1 (cr)

4) proceed with your session….

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

PC PURSUIT AND SPRINTNET LOCAL ACCESS NUMBERS

FOR THE MOST UP-TO-DATE LISTING OF THE PC PURSUIT U.S. ACCESS
TELEPHONE NUMBERS, DO THE FOLLOWING:

1. USE A MODEM TO DIAL 1-800-546-1000 WITH PARAMETERS SET AT
7-E-1.

2. TYPE THREE CARRIAGE RETURNS (CR) (CR) (CR)

3. INPUT YOUR AREA CODE AND LOCAL EXCHANGE

4. YOU WILL THEN RECEIVE THE PROMPT SIGN “@”

5. THEN, TYPE:
MAIL (CR)
USER NAME: PHONES (CR)
PASSWORD: PHONES (CR)

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
<*> File Transfers <*>
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>

This section outlines the most common file transfer protocols used
with PC Pursuit. The performance of the protocols in the direct con-
nect and PC Pursuit environments are also indicated.

The following protocols were tested via the Chicago in-dial to the
Washington DC out-dial; the observations are summarized below.

XMODEM

PC Pursuit XMODEM file transfers performed at an average throughput of
34% when the correct hunt-confirm and terminal type was utilized.
XMODEM does not support flow control, therefore it is suggested that
the “relaxed” mode be invoked if the user’s communications software
permits this feature.

YMODEM

The performance of YMODEM file transfers VIA PC Pursuit was found to
have an average throughput of 77% when the correct hunt confirm and
terminal type is employed. Although YMODEM does not support flow
control, it uses large 1024 byte packets which the network PAD handles
quite readily under normal conditions. As a result, YMODEM is rated
one of the faster protocols for file transfer via PC Pursuit.

WXMODEM

WXMODEM file transfers utilizing the correct hunt-confirm and terminal
type performed well with an average transfer rate of 82%. This
protocol is capable of handling flow control which enables it to
perform with better reliability in the PC Pursuit environment. Users
should be aware that an early version of PROCOMM is known to have a
software problem which can affect the performance of WXMODEM file
transfers.

KERMIT

An optimum average throughput of 65% was obtained by KERMIT file
transfers via PC Pursuit. The throughput was obtained with a packet
size of 90 and a window size of 31. KERMIT software which supports the
sliding window feature performs with optimum efficiency in the PC
Pursuit environment.

SEALINK

SEALINK file transfers via PC Pursuit performed exceptionally well
with an average throughput of 91% with the correct hunt-confirm and
terminal type. SEALINK supports flow control and was specifically
designed to operate in the networking environment. Some versions of
SEALINK however, do not provide proper error recovery which could pose
a problem for some users.

ZMODEM

File transfers utilizing ZMODEM protocol via PC Pursuit yielded an
average transfer rate of 93%. ZMODEM performs well in the PC Pursuit
environment at the default settings. Depending on the type of user
equipment, ZMODEM options may need to be modified to permit optimum
throughput. The ZMODEM command line used in our test configuration was
simply as follows:

Uploads: DSZ port 1 rz
Downloads: DSZ port 1 sz

The X.3 PAD parameters which provide optimum performance are
1:0,4:10,5:1, 7:8,12:1. In addition, flow control (XON/XOFF) should be
enabled at the user PC and the host. It should be noted that in most
cases these additional PAD parameters are optional and need only be
employed if the user is experiencing difficulty transferring files via
ZMODEM.

STEP 1.: Set PC communications software to 8 bits, no parity,
1 stop bit, full duplex. At this time, the user may wish
disable or enable local (XON/XOFF) flow control depending
on the type of protocol to be used.

STEP 2.: Dial local rotary with the communications software
set at the desired speed.

STEP 3.: Upon connect use the correct hunt confirm sequence:
At 300/1200bps use –
At 2400bps – <@ D CR>
NOTE: “D” MUST BE UPPER CASE.

STEP 4.: At prompt “TERMINAL = ” enter and return.

STEP 5.: At the “@” prompt enter the destination mnemonic,
out-dial speed, ID and password. It is important
that out-dial speed matches in-dial speed.
DO NOT MIX IN-DIAL AND OUT-DIAL SPEEDS.

STEP 6.: If OPTIONAL X.3 pad parameters are to be changed, do
so at this point by entering <@ CR>. To set parameters
as prescribed perform the following:

To set parameters enter
Example: SET 7:8,4:10,5:1,7:8,12:1
To read parameters enter

Return to out-dial port by entering
.

STEP 7.: Upon connecting to the destination pad, ensure
communication with the out-dial modem by entering .
The destination modem will respond with “OK”.

STEP 8.: Enter and the local number you wish to dial.

STEP 9.: Queue host file transfer and start file transfer.

If you are experiencing trouble with PC Pursuit check the following
items:

* Verify the correct hunt-confirm sequence

* Verify user software comm parameters are set to 8 bits, no parity and
1 stop bit.

* If problems with file transfer only, try the optional ITI PAD parameters.

FILE TRANSFER
PERFORMANCE STATISTICS

General Communication Parameters = 8 bits
1 stop bit
N no parity

Terminal Type = D1

| PERFORMANCE STATISTICS DIRECT CONNECT |
| |
| |
| XFR |
| PROTOCOL SPEED SECONDS CPS BPS RATE |
|======================================================|
| |
| ZMODEM UP 1200 ***394 114.36 1143.55 95% |
| ZMODEM UP 2400 ***199 226.41 2264.12 94% |
| ZMODEM DN 1200 ***394 114.36 1143.55 95% |
| ZMODEM DN 2400 ***196 229.88 2298.78 96% |
| |
| SEALINK UP 1200 ***418 107.79 1077.89 90% |
| SEALINK UP 2400 ***200 225.28 2252.80 94% |
| SEALINK DN 1200 ***400 112.64 1126.40 94% |
| SEALINK DN 2400 ***205 219.79 2197.85 92% |
| |
| WXMODEM UP 1200 ***405 111.25 1112.49 93% |
| WXMODEM UP 2400 ***205 219.79 2197.85 92% |
| WXMODEM DN 1200 **277 96.12 961.16 80% |
| WXMODEM DN 2400 ***216 208.59 2085.93 87% |
| |
| YMODEM UP 1200 ***387 116.42 1164.24 97% |
| YMODEM UP 2400 ***194 232.25 2322.47 97% |
| YMODEM DN 1200 ***385 117.03 1170.29 98% |
| YMODEM DN 2400 ***199 226.41 2264.12 94% |
| |
| KERMIT UP 1200 ***553 81.48 814.76 68% |
| KERMIT UP 2400 ***287 156.99 1569.90 65% |
| KERMIT DN 1200 ***571 78.91 789.07 66% |
| KERMIT DN 2400 ***295 152.73 1527.32 64% |
| |
| XMODEM UP 1200 ***425 106.01 1060.14 88% |
| XMODEM UP 2400 ***219 205.74 2057.35 86% |
| XMODEM DN 1200 ***436 103.34 1033.39 86% |
| XMODEM DN 2400 ***228 197.61 1976.14 82% |
=======================================================

* Optional PAD parameters which optimize performance
** File size = 26624 *** File size = 45056

| PERFORMANCE STATISTICS VIA PCP
|
|
|
| HUNT OPTIONAL ITI
|
| XFR CONFIRM FLOW X.3 PAD
|
| PROTOCOL SPEED SECONDS CPS BPS RATE SEQUENCE CONTROL PARAMETERS NOTES
|
|=================================================================================================
==================|
|
|
| ZMODEM UP 1200 ***399 112.92 1129.22 94% CR D CR XON/XOFF *1:0,4:10,5:1,7:8,12:1 *Host a
terminal XON/XOFF |
| ZMODEM UP 2400 ***200 225.28 2252.80 94% @ D CR XON/XOFF *1:0,4:10,5:1,7:8,12:1 *Host a
terminal XON/XOFF |
| ZMODEM DN 1200 ***398 113.21 1132.06 94% CR D CR XON/XOFF *1:0,4:10,5:1,7:8,12:1 *Host a
terminal XON/XOFF |
| ZMODEM DN 2400 ***204 220.86 2208.63 92% @ D CR XON/XOFF *1:0,4:10,5:1,7:8,12:1 *Host a
terminal XON/XOFF |
|
|
| SEALINK UP 1200 ***420 107.28 1072.76 89% CR D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
| SEALINK UP 2400 ***202 223.05 2230.50 93% @ D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
| SEALINK DN 1200 ***402 112.08 1120.80 93% CR D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
| SEALINK DN 2400 ***207 217.66 2176.62 91% @ D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
|
|
| WXMODEM UP 1200 ***406 110.98 1109.75 92% CR D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
| WXMODEM UP 2400 ***263 171.32 1713.16 71% @ D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
| WXMODEM DN 1200 ***469 96.07 960.68 80% CR D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
| WXMODEM DN 2400 ***214 210.54 2105.42 88% @ D CR XON/XOFF *7:8,1:0 *Host a
terminal XON/XOFF |
|
|
| YMODEM UP 1200 ***467 96.48 964.80 80% CR D CR NONE *7:8,1:0
|
| YMODEM UP 2400 ***252 178.79 1787.94 74% @ D CR NONE *7:8,1:0
|
| YMODEM DN 1200 ***461 97.74 977.35 81% CR D CR NONE *7:8,1:0
|
| YMODEM DN 2400 ***263 176.00 1760.00 73% @ D CR NONE *7:8,1:0
|
|
|
| KERMIT UP 1200 ***558 80.75 807.46 67% CR D CR XON/XOFF *7:8,1:0
|
| KERMIT UP 2400 ***285 158.09 1580.91 66% @ D CR XON/XOFF *7:8,1:0
|
| KERMIT DN 1200 ***579 77.82 778.17 65% CR D CR XON/XOFF *7:8,1:0
|
| KERMIT DN 2400 ***297 151.70 1517.04 63% @ D CR XON/XOFF *7:8,1:0
|
|
|
| XMODEM UP 1200 ***985 45.74 457.42 38% CR D CR NONE *7:8,1:0
|
| XMODEM UP 2400 ***636 70.84 708.43 30% @ D CR NONE *7:8,1:0
|
| XMODEM DN 1200 ***1001 45.01 450.11 38% CR D CR NONE *7:8,1:0
|
| XMODEM DN 2400 ***636 70.84 708.43 30% @ D CR NONE *7:8,1:0
|
===============================================================================

* Optional PAD parameters ** File size = 26624 *** File size = 4506

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
<*> What the fuck is a Racal-Vadic?!? <*>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

OVERVIEW
———-
The Racal-Vadic mode is an unsupported and to date, poorly documented
feature of the outdial modems that are currently in use with PC Pursuit.
It enables you to better understand what is happening at the other end of
your connection by telling you what is happening. This type of operation is
known as “call progression” because it gives you a response as the modem
progresses through the phone call.

ACITVATING AND DEACTIVATING THE MODE
————————————–
The first thing we will cover is how to activate and de-activate the
Racal-Vadic mode. Some of you may have already experienced the rather
unexpected “MANUAL ANSWER” response after entering the Hayes command
“ATZ”. What has happened is that you have connected with a modem that
is already in the Racal-Vadic mode of operation. When you entered “ATZ”,
the ‘A’ was sensed by the modem as the command to manualy answer the
phone line. If this happens, just press your return key. This will make
the modem return to command mode signified by the ‘*’ prompt. While at
this prompt you could enter an ‘I’ and then press return. This will make
the modem dle the Racal-Vadic mode and return you to the Hayes mode
of operation.

If, on the other hand, you were to receive the normal “OK” response
from the modem after entering the “ATZ” command. You can activate the
Racal-Vadic mode by entering -E and pressing the return key. The
modem will now respond with “HELLO, I’M READY” and the ‘*’ prompt.

To summarize activation and de-activation:

From the Hayes mode – -E and – to activate.

From the ‘*’ prompt – and – to de-activate.

I suggest getting into the habit of sending the de-activation sequence
when you first connect to a city node so that you know exactly what mode
the modem is in. You should also send an “ATZ” to make sure that the modem
is operational by seeing if the modem sends you back an “OK” response.
You can then send the activation command to enter Racal-Vadic mode.

There are two cases where the modem will return by itself to the Hayes
mode. The first is after you connect to a BBS. The other is while you’re
at the command prompt and haven’t entered anything for a short period of
time.

DIALING
———
Now your ready to dial a phone number using the Racal-Vadic mode.
To do this, just enter a ‘D’ followed by the number you wish to dial.
For example, “D1234567”, (pressing return of course!) will dial 123-4567.

Well, we’ve dialed a phone number, what now? After all, any modem can
dial a number, right? But not every modem can tell you what follows…

RESPONSE MESSAGES
——————-
The following is a short description of each response the Racal-Vadic
mode can give you while dialing. They are, for the most part, self-
explanatory. But there are a few things you should consider with some of
them and I’ll point those out just in case.

DIALING… – The modem has detected a dial tone and is now dialing
the phone number.

NO DIAL TONE – Just what it means, no dial tone was detected. Try again,
if you keep getting this then there is something wrong with
either the modem or the telephone line on that end. Contact
Customer Support and tell them you experienced this, tell
them the city node you were connected to also.

BUSY! – A busy signal has been detected. This is not the same
kind of BUSY as you’d get in the Hayes mode. There is
circuitry in the modem that can sense a busy signal, so
it will return to the command mode quicker to allow you
to decide what to do next. (Please see my note about the
BUSY response below also)

RINGING… – Self-explanatory.

ANSWER TONE – Self-explanatory.

ON LINE – Self-explanatory.

FAILED CALL – The phone rang for ten times with no answer. Either the
the BBS you called is down or no longer in existence, or
you reached someone’s home and they weren’t there.

REDIALING A NUMBER
——————–
After you have received a BUSY! response you can re-dial the same
phone number up to 9 times with the ‘R’ command. To use this command,
enter an “R” and press the return key.

DISCONNECTING WHILE ONLINE
—————————-
In a manner similar to the “+++” “ATH” Hayes command sequence, there
is a two control code sequence that will dis-connect you from the BBS
you are connected to. To activate it press -C then -D.

Prior to disconnecting from the city node, make sure the modem is not
in Racal-Vadic mode by issuing the dle command. Be nice to others that
may not be aware of this mode of operation yet!

OTHER COMMANDS
—————-
The command ‘P’ or ‘?’ will print the following list of commands that
the modem is designed to use. Since these are not needed in order to use
the Racal-Vadic mode effectively they will not be discusssed. This list
is here purely for your information.

A MANUAL ANSWER
D DIAL NUMBER
G MANUAL ORGINATE
I IDLE
K PAUSE
O OPTIONS
P,? PRINT MENU
R REDIAL
T TABLE OF OPTIONS
CONTROL A ALB TEST
CONTROL (CD) DISCONNECT
CONTROL D REQUEST DLB TEST
CONTROL H BACKSPACE

BEWARE THE BUSY
—————–
The BUSY! response primarily indicates that the phone number you dialed
was busy, common sense tell you that. What I want to point out to you in
this section is that there are other possibilities that could mean that
something else is actually occuring.

a. CONTINUOUS BUSIES
———————-
The first thing to be aware of is Telenet’s exchange lock-out feature.
This prevents you from making a long-distance call or any local calls
to exchanges that Telenet would be charged more than is profitable. All
you will know is that you constantly get BUSY! responses when you dial a
certain phone number. The response tends to be returned from the modem
much quicker then a legitimate BUSY! for a valid phone number. This is
not a hard and fast rule though. Two methods that are available to you
for determining if this is the cause of the continuous busies are:

1. – Check the exchange lists provided by Telenet, if the exchange is
not listed for the number your calling, you may as well stop
wasting anymore time calling that number. It is a victim of the
exchange lock-out.

2. – If the exchange is listed but you’ve always received a BUSY!
response, try this. Hang-up from Telenet and dial the number
direct. If you hear a busy signal you can continue trying some
more, you may have latched onto a very, very busy system. But
if the phone rings, hang-up immediately. This way you won’t be
charged for the call. You should then leave word with Customer
Support or on the Net-Exchange that this happened. Telenet may
have a typo concerning that exchange.

b. RINGING… BUSY!
———————
There are a few things that can cause this. Although I’m not talking
about the RING BUSY RING BUSY… loop that can occure when you first
connect to a city node. You can get out of that by rapidly and repeatedly
sending an “ATZ” to the modem in an effort to break out of the loop. There
is a narrow window where this will succeed, but it can be done.

The main cause of this is by dialing a person’s phone instead of a BBS.
This will usually be followed by a variable number of rings prior to
getting the BUSY!. Make certain that the phone number you have is really
a BBS. If you’ve never called that BBS before, you may have a case where
the BBS folded and someone else received the phone number after the sysop
canceled that phone line. A BBS less than 6 months old or with less than
24 hour access can be highly suspect. New and odd-hour BBS’s tend to come
and go rather often.

If you want to continue to dial this number, first call direct to make
sure that it isn’t a person’s phone. Constantly getting a carrier signal
in your ear is not a pleasurable experience. You would also be doing them
a favor by letting them know that their new phone number used to be a
BBS. If that’s the case they’ve probably been getting a ton of bizzare
calls, especially late at night, and could benefit from your call so that
they can get their number changed.

If, on the other hand, you receive a carrier signal, try the other
Baud rate. if that doesn’t work you could have reached a private system
that is looking for a logon sequence immediately or will dis-connect you.

Another possibility is that the BBS you’ve called has bombed and the
modem is dutifully answering calls but there is no computer program
operating to give you feed-back.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< <*> Making the Best of your protocols <*>
<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>< To modify MNP setting in the Hayes command mode: AT*E0 No MNP AT*E1 Auto MNP AT*E2 Force MNP (call will fail if MNP unavailable) To modify MNP setting in Racal-Vadic mode: connect to modem and get to R/V mode (^E)
O
2 (you want one of the options in group 2)
(system reponds with a list)
19
(system responds with option 19 and possible settings)

1 (auto error control)
–or–
2 (disable error control)
–or–
3 (force error control)

0 (return to previous menu)
0 (return to previous menu)
4 (menu item is “EXECUTE”)

At this point you will get back the * prompt of the
Racal-Vadic mode.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

How to access and set the ITI parameters

All commands are entered at the Telenet network @ prompt.

X.3 ITI Parms
————-

To Display:

Enter:

“PAR?

The network will respond:

“PAR1:,2:,…”

To Change:

Enter:

“SET? :,:,….”

The network will respond:

“PAR:,…”

Telenet ITI Parms
—————–

To Display:

Enter

“PAR? 0,,,…”

The network will respond:

“PAR:,:,…”

To Change:

Enter
“SET? 0:33,:,:,…”

The network will respond:

“PAR0:33,:,…”

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

X.3 ITI Parameters
——————

Para-
meter Description
—– ———–

0 National Options Marker

This parameter serves to mark the division between International
(X.3) parameters and Network Dependent (e.g., Telenet) paramaters
in an X.28 or X.29 parameters list. All parameters preceding the
marker are X.3, and those following are Network Dependent. Values
may be:

0 CCIT specified value
33 Telenet permitteed value

Telenet accepts either value. Whenever possible, the CCITT
specified value of zero should be used.

1 Escape to Command Level

This paramter allows the terminal to initiate an escape from Data
Transfer Mode, in order to send a command to the PAD. Values are:

0 Escape not possible
1 Escape possible (default)

2 Echo

This paramter provides for all characters received from the
terminal to be transmitted back to the terminal, as well as being
interpreted and forwarded by the PAD to the the remote DTE.
Values are:

0 No echo
1 Echo (default)

3 Data Forwarding

This paramter allows the PAD to recognize defined character(s)
received from the terminal as an indication to complete assembly
of characters to forward a DATA packet to the remote DTE. Values
may be OR-ed together (e.g., value of 3=1+2=Alphanumerics plus
Carriage Return)

0 No signal
1 Alphanumerics
2 Carriage Return (Default)
4 Escape
8 Editing Characters
16 Terminators
32 Form Effectors
64 Control Characters
128 Other Characters (Not valid according to CCITT
recommendations)

4 Idle Timer

Should the interval between successive characters received from
the terminal exceed the selected Idle Timer delay, the PAD will
terminate assembly of characters and forward a DATA packet to the
remote DTE. Values are:

0 Timer disabled
n multiples of 50 ms (.05 seconds), where 1<=n<=255. n=1 n=1 and n=2 not recommended. (Default is 80, 4 seconds) 5 Ancillary Device Control This paramter enables flow control between the PAD and the terminal. The PAD uses the XON and XOFF characters (decimal 17 and 19) to indicate to the terminal whether ir not it is ready to accept characters. Values are: 0 No use if XON/XOFF (default) 1 Use XON/XOFF 6 Suppression of Service Signals This paramter provides for the supression of all messages sent by the PAD to the terminal. Values are: 0 Signals not transmitted (messages not sent) 1 Signals transmitted (messages sent) (Default) 7 Break Options This paramter specifies the action taken on receipt of a Break signal from the terminal. The only valid values are: 0 Do nothing (Default) 1 Send INTERRUPT Packet to Host 2 Send RESET Packet to Host 8 Escape to PAD Command State 21 Flush-on-Break (Discard Output, Send Indication of Break and Send INTERRUPT) 8 Discard Output This controls transmission of data to the terminal. Values are: 0 Normal data delivery to the terminal (Default) 1 Discard all output to the terminal 9 Carriage Return Padding This paramter provides for automatic insertion by the PAD of null character padding after the transmission of a carriage return to the terminal. Values are: 0 No padding 1-31 Number of character delays 10 Line Folding This provides for automatic insertion by the PAD of appropriate format effectors to prevent overprinting at the end of a terminal print line. Values are: 0 No line folding n Character per line before folding, where 1<=n<=255 11 Binary Speed This paramter is set by the PAD when the terminal establishes a physical connection to the network. This allows the remote DTE or terminal user to examine the speed, as determined by the PAD. Values are: 0 110 bps 1 134.5 2 300 3 1200 4 600 5 75 6 150 7 1800 8 200 9 100 10 50 11 75/1200 12 2400 13 4800 14 9600 15 19,200 16 48,000 17 56,000 18 64,000 12 Flow Control of the PAD by the terminal This allows for flow control between the terminal and the PAD. The terminal indicates whether or not it is ready to accept characters from the PAD, via XON and XOFF characters. Values are: 0 No use of XON/XOFF 1 Use XON/XOFF 13 Linefeed Insertion This paramter instructs the PAD to routinely insert a linefeed (LF) character into the data stram following each appearance of a carriage return (CR) character. Values may be OR-ed together: 0 No LF Insertion (TP4 Default) 1 Insert LF after CR on output to the terminal 2 Insert LF after CR on input from the terminal 4 Insert LF after CR on echo to the terminal 14 Linefee Padding This paramter provices for automatic insertion by the PAD of null character padding after the transmission of a linefeed to the terminal. Values are: 0 No padding 1-15 null characters 15 Editing This paramter enables local editing of text within the PAD before transmission through the network. Note, if editing is enabled, transmission on timers is disabled. Values are: 0 Editing disabled (Default) 1 Editing enabled 16 Character Delete Parameter 16 specifies the editing character which causes the PAD to erase the previous character entered by the terminal. Parameter 16 is only valid if editing is enabled. Default is 127. 17 Line Delete Parameter 17 specifies the editing character which causes the PAD to erase the entire buffer. If data is forwarded on carriage return only, the buffer contains one line at a time. Parameter 17 is only valid if editing is enabled. Default is 24. 18 Line Display Parameter 18 specifies the editing character which causes the PAD to echo the entire buffer to the terminal. Paramter 18 is only valid if editing is enabled. Default is 18. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Telenet ITI Parameters
———————-

Summary of Telenet ITI Parameters
———————————

Para- Para-
meter Description (Default Value) meter Description (Default Value)
—– ————————— —– —————————
1 Line feed Insertion (0) 31+ Interrupt Character (0)
2 Network Message Display (0) 32 Automatic Hang-up (0)
3 Echo (1) 33+ Flush Output (0)
4 Echo Mask (163) 34 Transmit on Timers (1)
5 Transmit Mask (2) 35 Idle Timer (80)
6* Buffer Size (0) 36 Interval Timer (0)
7* Command Mask (127) 37 Network Usage Display (0)
8* Command Mask (3) 38 Carriage Return PAD (Variable)
9 Carriage Return PAD (Fixed) 39 Padding Options (1)
10 Linefeed Padding 40 Insert on Break (0)

11 Tab Padding 41 PAD-Terminal Flow Control (0)
12 Line Width 42 PAD-Terminal XON Character (17)
13 Page Length (0) 43 PAD-Terminal XOFF Character (19)
14 Line Folding (1) 44* Generate Break (INV)
15 Page Wait (0) 45* APP on Break (0)
16 Interrupt on Break (0) 46 Input Unlock Option (0)
17 Break Code (0) 47 Input Unlock Timer (0)
18 NVT Options (0) 48 Input Unlock Character (0)
19 Initial Keyboard State (0) 49 Output Lock Option (2)
20 Half/Full Duplex 50 Output Lock Timer (10)

21 Real Character Code 51 Output Lock Option (0)
22 Printer Style 53* Break Options (0)
23 Terminal Type 54 Terminal-PAD Flow Control (0)
24 Permanent Terminal (0) 55 Terminal-PAD XON Character (17)
25 Manual or Auto Connect (0) 56 Terminal-PAD XOFF Character (19)
26 Rate 57 Connection Mode (2)
27 Delete Character (127) 58 Escape to Command Mode (1)
28 Cancel Character (24) 59* Flush Output on Break (0)
29 Display Character (18) 60 Delayed Echo
30+ Abort Output Character (0) 63 Eight-bit Transparency (1)
64+ Early ACK (0)
65 More-Data Bit Generation (3)
66 Defer Processing of User (0)
67 ESP Packetizing Option (0)
68 Escape Sequence Timer (0)
69 Escape Sequence Maximum Length (0)
70 Escape Sequence Initiator (0)
71 Parameter Reset on Disconnect (0)

Note: All Telenet Parameters must follow the National Option Marker
(Parameter 0, value ’21’ Hex) in PAD Messages.

Parameters marked with “*” should not be used.

Parameters marked with “+” should be used with caution.

Telenet ITI Parameters Arranged by Functional Category
——————————————————

Para- Para-
meter Description (Default Value) meter Description (Default Value)
—– ————————— —– —————————

(CONNECTION MODE) (BREAK HANDLING)
57 Connection Mode (2) 16 Interrupt on Break (0)
58 Escape to Command Mode (1) 40 Insert on Break (0)
17 Break Code (0)
(CALL ESTABLISHMENT & CLEARING) 44* Generate Break (INV)
25 Manual or Auto Connect (0) 45* APP on Break (0)
32 Automatic Hang-up (0) 59* Flush Output on Break (0)
53* Break Options (0)
(COMMAND PROTECTION)
7* Command Mask (127) (VIRTUAL TERMINAL DEVICE)
8* Command Mask (3) 39 Padding Options (1)
9 Carriage Return PAD (Fixed)
(DEVICE DEPENDENT) 38 Carriage Return PAD (Variable)
24 Permanent Terminal (0) 10 Linefeed Padding
23 Terminal Type 11 Tab Padding
20 Half/Full Duplex 12 Line Width
21 Real Character Code 13 Page Length (0)
22 Printer Style 14 Line Folding (1)
26 Rate 15 Page Wait (9)
63 Eight-bit Transparency (1) 1 Linefeed Insertions (0)

(TERMINAL DISPLAY) (VIRTUAL TERMINAL PROCESS)
3 Echo (1) 18 NVT Options (0)
4 Echo Mask (163) 27 Delete Character (127)
2 Network Message Display (0) 28 Cancel Character (24)
37 Network Usage Display (0) 29 Display Character (18)
60 Delayed Echo (0) 31 Interrupt Character (0)
30 Abort Output Character (0)
(PACKET ASSEMBLY/DISASSEMBLY) 33 Flush Output (0)
6* Buffer Size (0)
5 Transmit Mask (2)
34 Transmit on Timers (1) (2741 Terminal Support)
35 Idle Timer (80) 19 Initial Keyboard State (0)
36 Interval Timer (0) 46 Input Unlock Option (0)
60 Delayed Echo 47 Input Unlock Timer (0)
64 Early ACK (0) 48 Input Unlock Character (0)
65 More-Data Bit Generation (3) 49 Output Lock Option (2)
50 Output Lock Timer (10)
(RESELECT HANDLING) 51 Output Lock Option (0)
66 Defer Processing of Input
71 Parameter Reset on Disc (0) (ESCAPE SEQUENCE PROCESSING)
67 ESP Packetizing Option (0)
(FLOW CONTROL) 68 Escape Sequence Timer (0)
41 PAD-Terminal Flow Control (0) 69 Escape Sequence Length (0)
42 PAD-Terminal XON Character (17) 70 Escape Sequence Initiator (0)
43 PAD-Terminal XOFF Character (19)
54 Terminal-PAD Flow Control (0)
55 Terminal-PAD XON Character (17)
56 Terminal-PAD XOFF Character (19)

Parameters marked with “*” should not be used.

Detail of Telenet ITI Parameters

Following is a description of each of the Telenet ITI parameters. Defaults
for Telenet Public Dial Ports are noted

As noted by (+) use the equivalent X.3 parameter wherever possible

Parameters marked (*) are archaic and should not be used.

Para-
meter Description
—– ———–

+1 Linefeed Insertion

This parameter instructs the PAD to routinely insert a linefeed
(LF) character into the data stream following each appearance of a
carriage return (CR) character. Values may be OR-ed together:

0 No LF Insertion (Default)
1 Insert LF after CR on output to the terminal
2 Insert LF after CR on input from the terminal
4 Insert LF after CR on echo to the terminal

+2 Network Message Display

This parameter controls the transmission of network-oriented
messages to the terminal. Values are:

0 Transmit network-oriented messages (Default)
1 Suppress network-oriented messages

+3 Echo

This specifies whether or not the network returns images of
characters entered from the terminal during Data Transfer mode.
Values are:

0 Network does not echo
1 Network echoes according to the Echo Mask (Default)

4 Echo Mask

The Echo Mask specifies which characters are to be echoed during
Data Transfer mode. Values may be OR-ed together:

1 Alphanumerics
2 Carriage Return
4 Escape
8 Editing Characters
16 Terminators
32 Form Effectors
64 Control Characters
128 Other Characters

Default is 163 = 1+2+32+128 (Alphanumerics, Carriage Return, Form
Effectors, and Other Characters).

+5 Transmit Mask

The Transmit Mask specifies those characters which indicate a
logical break in the data being entered from a terminal and which
force transmission of that data to its destination. Values may be
OR-ed together:

0 Transmission on Transmit Mask disabled
1 Alphanumerics
2 Carriage Return (Default)
4 Escape
8 Editing Characters
16 Terminators
32 Form Effectors
64 Control Characters
128 Other Characters

Note: see Character Codes and Masking Categories below

*6 Buffer Size

This parameter is archaic and should no longer have any affect on a
TP. It is used to specify the maximum number of characters that
will be accumulated by the network before they are forwarded to the
Host.

0 Buffer 256 characters (Default)
1-255 Buffer 1-255 characters

*7 Command Mask

This is an archaic parameter. Its use has been phased out, but the
parameter number has not be redefined for another function.

*8 Command Mask

This is an archaic parameter which has not been redefined to
support another function.

+9 Carriage Return Padding

The Carriage Return Padding parameters specify the number of PAD
character times to be inserted after each carriage return
character sent to the terminal. Parameter 9 specifies the Fixed
Component. Values may run from 0 through 31 character-times of
padding provided.

+10 Linefeed Padding

This specifies the number of pad character delays inserted after
each linefeed (LF) character sent to the terminal. Values may
range from 0 through 15 character-times of padding provided.

11 Tab Padding

This specifies the number of pad character delays inserted after
each horizontal tabulation (HT) character sent to the terminal.
Values may range from 0 through 15 character-times of padding
provided.

12 Line Width

This identifies the number of character positions per terminal
print line. Values range from 1 through 255 characters per line;
or 0, which specifies 256 characters per line.

13 Page Length

This parameter identifies the number of lines per terminal page or
display screen. Values range from 1 through 255 lines per page; or
0, which specifies an infinite page length.

14 Line Folding

This parameter specifies whether or not the PAD begins a new line
when the number of characters in a print line exceeds the line
width:

0 Disable line folding
1 Enable line folding (Default)

15 Page Wait

This parameter specifies whether or not the PAD automatically
enters a flow controlled state (X-OFFed) at the end of each page.
Page length is defined by Telenet parameter 13, above.

0 Page Wait disabled (Default)
1 Page Wait enabled

+16 Interrupt on Break

This parameter specifies whether or not the PAD will transmit an
INTERRUPT packet to the Host when a break signal is received from
the terminal. Values are:

0 No INTERRUPT packet sent on break (Default)
1 Send INTERRUPT packet on break

17 Break Code

The Break Code specifies an eight-bit representation for the break
signal condition. Codes may be any number from 1 through 255.
Default is 0 (No break code).

+18 Network Virtual Terminal (NVT) Option

This parameter enables or disables NVT facilities by functional
group (The Process Control function should no longer be used):

0 NVT disabled (Default)
2 Enables Process Control function *
4 Enables Editing Function

* use with caution

*19 Initial Keyboard State

This archaic parameter defined the initial state of the terminal
keyboard at the beginning of a virtual call.

0 Keyboard initially locked (Default)
1 Keyboard initially unlocked

20 Half/Full Duplex

This parameter specifies the echoing requirement of the terminal.
Values are:

0 Full duplex terminal
1 Half duplex terminal

*21 Real Character Code

This parameter specified the communications code for representing
data generated or recognized by the terminal. Values are:

0 ASCII
1 Correspondence (standard Selectric)
2 EBCD
3 APL ASCII (typewriter-paired)
4 APL ASCII (bit-paired)
5 APL Correspondence
6 APL EBCD

22 Printer Style

This identifies the class of printing mechanism used by the
terminal:

0 Typewriter style terminal
1 Line printer style terminal

23 Terminal Type

This identifies the specific make and model of the terminal.
Values are:

0 Unknown or Synchronous Host
1-126 Terminal codes
127 Asynchronous Hosts

24 Permanent Terminal

This determines whether the network queries for a terminal
identifier or employs a pre-set identifier. Values are:

0 Request identifier (Default)
1 Use pre-set identifier

25 Manual/Automatic Connection

This parameter specifies whether a pre-defined virtual circuit is
to be established automatically for the terminal, or it the call
must be initiated by a C(onnect) or ID command entered from the
terminal. Values are:

0 Manual (Connect or ID required) (Default)
1 Automatic (Address pre-defined)

+26 Rate

This parameter specifies the transmission speed of the terminal,
as determined by the network:

0 110 bps
1 134.5
2 300
3 1200
4 600
5 75
6 150
7 1800
8 200
9 100
10 50
11 75/1200
12 2400
13 4800
14 9600
15 19,200
16 48,000
17 56,000
18 64,000

+27 Delete Character

This specifies the character to be used for single-character
editing.

0 Function disabled
1-127 Identifies the character to be used

Default is decimal 127.

+28 Cancel Character

Specifies the character to be used to delete input data buffered
for the terminal at the PAD.

0 Function disabled
1-127 Identifies the character to be used

Default is decimal 24.

+29 Display Character

Specifies the character to be used for displaying data which has
been accumulated by the PAD.

0 Function disabled
1-127 Identifies the character to be used

Default is decimal 18.

*30 Abort Character

This is an NVT Process Control parameter and should no longer be
used. If NVT Process Control was enabled (Telenet 18:2), then
this parameter specified the character which, when received from
the terminal, caused the PAD to Flush Output (Telenet 33:1) and
generate an X.25 INTERRUPT containing F5 hex in the optional data
byte. Note, data remained flushed until X.3 parm 8 or Telenet
parm 33 was reset to zero.

0 Function disabled (Default)
1-127 Identifies the character to be used

*31 Interrupt Character

This is an NVT Process Control parameter and should no longer be
used. If NVT Process Control was enabled (Telenet 18:2), then
this parameter specified the character which, when received from
the terminal, caused the PAD to generate an X.25 INTERRUPT
containing F4 hex in the optional data byte.

0 Function disabled (Default)
1-127 Identifies the character to be used

32 Automatic Hang Up

This specifies whether the terminal is to be physically
disconnected from the network or left in Command Mode at the end
of a virtual call. Values are:

0 Leave in Command Mode upon disconnect (Default)
1 Hang up upon disconnect

+33 Flush Output

This parameter controls the transmission of all data from the Host
to the terminal:

0 Transmit all information sent from (Default)
the Host to the terminal

1 Discard all information sent from
the Host to the terminal

34 Transmit on Timers

This specifies that characters accumulated by the network are
forwarded upon expiration of either the Idle or Interval Timer.
Values are:

0 Disable transmission on timers
1 Enable transmission on timers (Default)

+35 Idle Timer

The Idle timer defines the time interval between characters
arriving from the terminal which, when exceeded, causes the
network to transmit any accumulated characters to the Host.
Values are:

0 Timer disabled
2-255 Multiples of 50 ms (.05 seconds)

Note: Default is 80 (4 seconds)

36 Interval Timer

The Interval Timer specifies the maximum time period during which
the network PAD will accumulate characters before forwarding them
to their destination. Values are:

0 Timer disabled (Default)
2-255 multiples of 50 ms (.05 seconds)

37 Network Usage Display

This controls the transmission of information on chargeable network
usage provided at the end of a virtual call. Values are:

0 Exclude network-generated usage information
from the DISCONNECTED message (Default)

1 Include network-generated usage information
from the DISCONNECTED message

38 Carriage Return Padding (Variable)

This specifies the amount of time-delay padding to be provided
after each carriage return sent to the terminal, for every 10
printable characters on the line (E.g., no padding for nine
characters; five time the value of parameter 38 for 50 characters.)
Values may run from 0 through 7.

39 Padding Options

This parameter specifies whether or not the network provides time
delay padding after form effectors sent to the terminal. Values
are:

0 Network provides no time delay padding

1 Network provides time delay padding (Default)
after CR, LF, and HT characters

40 Insert on Break

This specifies whether or not the PAD inserts the Break Code in the
data stream at the point at which the break signal is received from
the terminal. Values are:

0 Do not insert on break (Default)
1 Insert Break Code on break

+41 PAD-to-Terminal Flow Control

This parameter specifies network XON/XOFF control of transmission
from the terminal. Values are:

0 No PAD-to-Terminal Flow Control (Default)
1 Network provides flow control

42 PAD-to-Terminal XON Character

This identifies the character which, when sent from the network to
the terminal, causes the terminal to resume transmission of
buffered data. Value may be any character from 1 to 127. Default
is 17 (19 octal, 11 hex).

43 PAD-to-Terminal XOFF Character

This identifies the character which, when sent from the network to
the terminal, causes the terminal to temporarily suspend
transmission of buffered data. Value may be any character from 1
to 127. Default is 19 (21 octal, 13 hex).

*44 Generate Break

This parameter used to cause a break signal to be transmitted
from the PAD to the terminal. It is no longer valid to set this
parameter.

*45 APP on Break

This parameter specified whether or not the PAD transmitted a
SET & READ PARAMETERS PAD Message to the Host system when a break
signal was received from the terminal. This parameter should no
longer be used.

0 No SET & READ PARAMETERS PAD Message (Default)
generated on break

1 SET & READ PARAMETERS PAD Message generated
on break

*46 Input Unlock Option

This archaic parameter specifies what action the PAD took after the
terminal user had entered a line of data, the keyboard had been
locked, and the PAD had no data to deliver to the terminal. Values
are:

0 Unlock based on timer expiration (Default)
1 Unlock based on input data content

*47 Input Unlock Timer

This archaic parameter specified the time interval that the PAD
would wait before unlocking the terminal keyboard, if the PAD had
no data pending delivery to the terminal and parameter 46 was set
to 0. Values ranged from 0 through 255 multiples of 50 ms (.05
seconds). Default was 0 seconds.

*48 Input Unlock Character

This archaic parameter specified the character which, when appearing
at the beginning of a data line, caused the PAD to leave the keyboard
locked at the end of the data line (if there is no data pending
delivery to the terminal). Value was any character code from 0
through 127; or 240, which leaves the keyboard locked after all
characters. Default was 0.

*49 Output Lock Option

This archaic parameter specified the action the PAD took when it
received data for delivery to the terminal, when the keyboard was
unlocked for input from the terminal. Values are:

0 Discard output data
1 Transmit output after input completion
2 Transmit output id input idle (Default)

*50 Output Lock Timer

This archaic parameter defined the interval between characters
arriving from the terminal which, when exceeded, caused the PAD
to lock the keyboard when it had output pending delivery to the
terminal. Values may range from 0 through 255 multiples of 50 ms
(.05 seconds). Default was 10 (500ms).

*51 Output Lock Option

This archaic parameter specified what action the PAD took after it
had transmitted all pending data to the terminal. Values are:

0 Unlock based on timer (Default)
1 Unlock based on output completion
2 Unlock based on output data content

+53 Break Options

This allows for a combination of options for handling break signals
from the terminal. Values may be OR-ed together:

0 No options selected (Default)
1 Interrupt on break
4 APP on break
32 Insert on break

Note, X.3 parameter 7 should be used instead of this parameter

54 Terminal-to-PAD Flow Control

This parameter specifies XON/XOFF control of transmission from the
network. Values are:

0 No Terminal-to-PAD flow control (Default)
1 Network respects flow control

55 Terminal-to-PAD XON Character

This identifies the character which, when sent to the network,
causes the network to resume the transmission of buffered data.
Value may be any character code from 1 through 127. Default is 17
decimal.

56 Terminal-to-PAD XOFF Character

This identifies the character which, when sent to the network,
causes the network to temporarily suspend the transmission of
buffered data. Value may be any character code from 1 through 127.
Default is 19.

57 Connection Mode

This parameter specifies which level of terminal code conversion
the PAD is to perform during data transfer mode. Values are:

0 Transparent
1 Real
2 Virtual (Default)

+58 Connection Escape

This parameter specifies whether or not the terminal may escape
from Data Transfer mode to Network Command mode. Values are:

0 Escape not possible
1 Escape possible (Default)

*59 Flush Output on Break

This parameter specified whether or not the PAD transmitted a SET &
READ PARAMETER PAD Message to the Host and began discarding output
to the terminal when a break signal was received from the terminal.
Rather than using this parameter set X.3 parameter 7 to 21
(decimal).

0 No SET & READ PARAMETERS PAD Message (Default)
sent and no output flushed

1 SET & READ PARAMETERS PAD Message sent and output
to the terminal

60 Delayed Echo

This parameter identified whether echo from the PAD to the terminal
will occur immediately or whether it will be delayed to appear
between data from incoming packets. If 60:1, then once the PAD has
begun processing an incoming packet, it will buffer echo characters
until it completes the packet. At that point, it will transmit all
buffered echo characters back to the terminal before processing the
next incoming packet. Values are:

0 Echo immediately (Default)
1 Delay echo to occur between incoming packets

63 Eight-bit Transparency

This parameter identifies whether the terminal uses the eighth
(most significant) bit for data or as a parity bit. Note, if
Telenet parameter 57:2, this parameter cannot be set to zero.
Values are:

0 No parity, eight-bit transparency
1 Parity required (Default)

64 Early ACK

This parameter specifies whether or not the PAD for terminal
support should acknowledge data packets received for the terminal
prior to transmitting the packets (in the form of a character
stream) to the terminal. Values are:

0 Acknowledge data packets after transmission
to the terminal (Default)

1-7 Acknowledge data packets 1-7 packets prior to
transmission to the terminal

Note: *Extreme Caution* should be exercised when modifying this
parameter. The increased “artificial window” size does not
guarantee packet delivery to the terminal. Large amounts of
data could be lost from any form of network disconnect.
Values of 5 or greater should never be used.

65 M-bit handling

This parameter specifies whether the terminal PAD will set the M-bit
on all full packets, on certain full packets, or on packets. Values
are:

0 M-bit is always zero
1 M-bit is set to one for certain full packets
3 M-bit is set to one in all full packets (Default)

If parameter 65:1, the PAD will set the M-bit on all full packets
except where the last user-entered character is a data-forwarding
character, as defined by X.3 parameter 3 (Transmit Mask). If,
however, the final character in the packet is a carriage return and
X.3 parameter 13 causes a line feed insertion following the carriage
return and X.3 parameter 3 marks carriage return as a data-forwarding
character, then the M-bit will be set to 1. The PAD will then
transmit a second packet, with M-bit set to 0, containing only a
line feed character.

If, after sending a packet with M-bit set to one, the PAD must send
a data-qualified packet (Q-bit=1), this is considered a data-
forwarding condition. Thus, the PAD will send a data packet with
M-bit = 0 containing the characters currently in its buffer. If
the buffer is empty the PAD will send an empty packet with M-bit = 0.
This prevents a protocol violation.

66 Defer Processing of User Input

This parameter instructs the PAD to halt processing of user input
data and buffer the data (to a maximum of 32-64 characters). Upon
disconnect, parameter 66 is rest and processing of user data resumes.
If the disconnect triggers a reselection (e.g., forwarding of the
call by TAMS), the buffered data is sent to the new called DTE
Otherwise, or if reselection fails, the data is interpreted by the
PAD as a command during command mode. Values are

0 Process user input normally (Default)
1 Defer processing of user input data

67 ESP Packetizing Option

This parameter specifies whether accumulated data is to be packet-
izied when the Escape Sequence Initiator is received (i.e., before
the Escape Sequence) and when the Escape Sequence is completed.
Values are:

Packetize Packetize
Before After

0 No No (Default)
1 No Yes
2 Yes No
3 Yes Yes

68 Escape Sequence Timer

This parameter specifies the maximum idle time allowed before ESP
processing expires. Values range from zero through 255 and
represent 50 ms intervals. Resolution of the timer is zero to
minus 50 ms (e.g., a value of 2 represents 50ms < timer < 100ms). Default is zero. 69 Escape Sequence Maximum Length This parameter specifies the maximum number of characters that may be contained in an Escape Sequence, including the Escape Sequence Initiator. A value of zero disables parameter 69 and the maximum Escape Sequence is 128 characters. Default is zero and values greater than 127 are not allowed. 70 Escape Sequence Initiator This parameter specifies the seven-bit representation of the Escape Sequence Initiator character (values 1-127). The default value of zero disables Escape Sequence Processing altogether. 71 Parameter Reset on Disconnect This parameter specifies the manner in which parameters are to be treated upon disconnect. Values are: 0 Reset ITIs to their initial values (Default) 1 Do not reset ITIs, except for reselect-related parameters (66 and 71) 2 Do not reset ITIs, except set 66:0 and 71:1 3 Do not reset ITIs, except set 66:0 Value 1 makes parameter 71 a "one-shot" parameter, this is it clears itself after being invoked once. Value 2 is a "two-shot" value and value 3 leaves parameter 71 active until explicitly reset. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

HUNT/CONFIRM SEQUENCE

========================================================================

BITS/STOP/PARITY MODEM TERMINAL DUPLEX HUNT/CONFIRM
SPEED SPRINTNET PROCEDURE

========================================================================

7 1 EVEN 300-1200 FULL
7 1 EVEN 300-1200 HALF ;
7 1 EVEN 2400 FULL @
7 1 EVEN 2400 HALF @;

8 1 NONE 300-1200 FULL D
8 1 NONE 300-1200 HALF H
8 1 NONE 2400 FULL @D
8 1 NONE 2400 HALF @H<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Terminal Identifiers

The following tables matches Terminal numerical IDs (telenet parmater 23)
Generic and Specific Terminal Identifiers.

ID # Generic Term ID Terminal Type (note)
—- ——- ——- —————————

0 Unknown or Synch. Host
1 B1 AJ63 Anderson Jacobson 630
2 B5 AJ86 Anderson Jacobson 860 (9)
3 A2 CD30 CDI 1030
4 D1 DP22 Datapoint 2200
5 D2 DP30 Datapoint 3000 & 3300
6 D3 HP21 Hewlett-Packard 2100s (9)
7 A2 CT30 CT Execuport 300
9 A4 GE30 GE Terminet 300
10 A3 GE12 GE Terminet 1200
11 D1 HZ20 Hazeltine 2000
12 E1 IBM1 2741 EBCD (5)
13 E2 IBM2 2741 EBCD (6)
14 E3 IBM3 2741 EBCD (7)
15 E4 IBM4 2741 EBCD (8)
16 C1 IBM5 2741 Correspondence (1)
17 C2 IBM6 2741 Correspondence (2)
18 C3 IBM7 2741 Correspondence (3)
19 C4 IBM8 2741 Correspondence (4)
20 D1 T4/2 Special Terminal
26 A1 TT33 Teletype 33
27 A1 TT35 Teletype 35
30 D1 TT40 Teletype 40
32 A7 TI25 TI 725
33 A2 TI33 TI 733 (Default)
34 A6 TI45 TI 735
35 B2 UV50 Univac DCT 500
38 D1 IFVD Infoton Vistar Display
39 D1 RI34 Teleray 3300-3700
40 A5 TN30 GE Terminet 30
41 A8 DECW DEC LA35/36 Decwriter II
43 A3 TN12 GE Terminet 120
44 A9 CT12 CT Execuport 1200
45 A1 Generic Terminal
46 A2 Generic Terminal
47 A3 Generic Terminal
48 A4 Generic Terminal
49 A5 Generic Terminal
50 A6 Generic Terminal
51 A7 Generic Terminal
52 A8 Generic Terminal
53 A9 Generic Terminal
54 D1 ADDS ADDS 520, 580, 980
55 B3 AJ83 AJ 830 & 832
56 B1 Generic Terminal
57 B2 Generic Terminal
59 D1 BHMB Beehive MiniBee 2
60 C1 Generic Terminal
61 C2 Generic Terminal
62 C3 Generic Terminal
63 C4 Generic Terminal
64 D1 CD11 CDI 1132
65 A2 CD12 CDI 1202 & 1203
66 D1 Generic Terminal
67 D2 Generic Terminal
68 D1 DECV DEC VT50 & VT52
69 D1 DGLG Digi-Log 33, Telecomputer I
70 A1 DPPT Data Products Portaterm
71 B3 DS16 Diablo 1550 & 1620
72 E1 Generic Terminal
73 E2 Generic Terminal
74 E3 Generic Terminal
75 E4 Generic Terminal
76 B3 GS30 Gen-Comm Systems 300
77 D1 HP26 HP 2640, 2644, 2645
78 D1 LSAM Lear Siegler ADM1, 2, 3
79 A2 NC60 NCR 260
80 B1 TD40 Trendata 4000
81 D1 TI45 TI 745
82 D2 TI65 TI 763, 765 (10)
83 D1 TK40 Tektronix 4002-4023
84 B3 TT43 Teletype 43
85 A3 WU30 Western Union EDT 30
86 A4 WU12 Western Union EDT 1200
87 B3 DT30 Data Term & Comm DCT 300-30 2
88 B3 Generic Terminal
89 B4 Generic Terminal
90 B5 Generic Terminal (9)
91 D3 Generic Terminal (9)
127 Asynchronous Hosts

The following are terminal models with corresponding generic terminal
types supported by the terminal handler.

Terminal Model ID (note)
————————————- ———

ADDS Consul 520, 580, 980 D1 (1)
ADDS Envoy 620, Regent D1 (1)
Alanthus Data Terminal T-133 A1
T-300 A8
T-1200 A3
Alanthus Miniterm A2
AM-Jacquard Amtext 425 D1 (1)
Anderson Jacobsen 510 D1 (1)
Anderson Jacobsen 630 B1
Anderson Jacobsen 830 & 832 B3 (2)
Anderson Jacobsen 860 B5
Apple II D1 (1)
Atari 400, 800 D1 (1)
AT&T Dataspeed 40/1, 40/2, 40/3 D1 (1)
Beehive MiniBee, MicroBee D1 (1)
Centronics 761 A8
Commodore Pet D1 (1)
Compu-Color II D1 (1)
Computer Devices CDI 1030 A2
Computer Devices Teleterm 1132 A8
Computer Devices Miniterm 1200 series A2
Computer Transceiver Execuport 300 A2
Computer Transceiver Execuport 1200 A2
Computer Transceiver Execuport 4000 A2
CPT 6000, 8000 D1 (1)
Datamedia Elite D1 (1)
Datapoint 1500, 1800, 2200, 3000, 3300,
3600, 3800 D1 (1)
Data Products Portaterm A1
Data Terminal & Comm DTC 300, 302 B3 (2)
Diablo Hyterm B3 (2)
Digi-log 33 & Telecomputer II D1 (1)
DEC (LA 35-36) Decwriter II A8
DEC (LA 120) Decwriter III A8
DEC VT50, VT52, VT100, WS78, WS200 D1 (1)
Gen-Comm Systems 300 B3 (2)
GE Terminet 30 A5
GE Terminet 120, 1200 A3
GE Terminet 300 A4
General Terminal GT-100A, GT-101, GT-110,
GT-400, GT-400B D1 (1)
Hazeltine 1500, 1400, 2000 D1 (1)
Hewlett Packard 2621 D3
Hewlett Packard 2640 series D1 (1)
IBM PC (and compatibles) D1 (1)
IBM 3101 D1 (1)
Informer I304, D304 D1 (1)
Infoton 100, 200, 400, Vistar D1 (1)
Intelligent Systems Intecolor D1 (1)
Intertex Intertube II D1 (1)
Lanier Word Processor D1 (1)
Lear Siegler ADM series D1 (1)
Lexitron 1202, 1303 D1 (1)
Memorex 1240 A2
Micom 2000, 2001 D1 (1)
NBI 3000 D1 (1)
NCR 260 A2
Perkin-Elmer Model 110, Owl, Bantam D1 (1)
Perkin-Elmer Carousel 300 Series A8
Radio Shack TRS 80 D1 (1)
Research Inc. Teleray D1 (1)
Tektronix 4002-4023 D1 (1)
Teletype Model 33, 35 A1
Teletype Model 40 D1 (1)
Teletype Model 43 B3 (2)
Teletype Model 40/1, 40/2, 40/3 D1 (1)
Texas Instrument 725 A7
733 A2
735 A6
743, 745, 763, 765 D1 (1)
820 B3 (2)
99/4 D1 (1)
Trendata 4000 (ASCII) B1
Tymshare 110, 212 A2
315 A8
325 B3 (2)
Univac DCT 500 B4
WANG 20, 25, 30, 105, 130, 145 D1 (1)
Western Union EDT 30, 35 A1
300 A4
1200 A4
XEROX 800, 850, 860 D1 (1)
XEROX 1700 B3 (2)

Notes: (1) Use D3 if you wish Telenet to respond to XON/XOFF
flow control.
(2) Use B5 if you wish Telenet to respond to XON/XOFF
flow control.

The following are the major characteristics of the generic terminal
types supported by the terminal handler:

Generic Tab LF CR Pad CR Pad Line Code
Pad Pad Fixed Var’bl Size Type (note)
——- — — —— —— —- ———————–

A1 0 1 0 0 72 ASCII
A2 0 2 7 0 80 ASCII
A3 0 0 0 0 120 ASCII – Printer
A4 0 6 0 0 120 ASCII
A5 0 5 5 0 120 ASCII
A6 0 0 1 1 80 ASCII
A7 0 4 0 2 80 ASCII
A8 2 0 1 0 132 ASCII
A9 12 10 16 6 132 ASCII

B1 1 0 2 1 132 ASCII–BUFFERED
B2 0 2 6 0 132 ASCII–BUFFERED
B3 0 0 0 0 132 ASCII–BUFFERED
B4 0 2 10 0 132 ASCII–BUFFERED
B5 0 0 0 0 132 ASCII–BUFFERED (9)

C1 1 1 4 1 130 2741 Correspondence (1)
C2 1 1 4 1 130 2741 Correspondence (2)
C3 1 1 4 1 130 2741 Correspondence (3)
C4 1 1 4 1 130 2741 Correspondence (4)

D1 0 0 0 0 80 ASCII–CRT
D2 0 0 0 0 72 ASCII–CRT
D3 0 0 0 0 80 ASCII–CRT (9)

E1 1 1 4 1 130 2741 EBCD (5)
E2 1 1 4 1 130 2741 EBCD (6)
E3 1 1 4 1 130 2741 EBCD (7)
E4 1 1 4 1 130 2741 EBCD (8)

Notes:

(1) Corresponds with Ball Types: 001, 005, 007, 008, 012, 020, 030,
050, 053, 067, 070, and 085. Ball Type code can be found
underneath the locking tab of the ball on an IBM 2741 terminal.

(2) Corresponds with Ball Types: 006, 010, 015, 019, 059, and 090.

(3) Corresponds with Ball Types: 021, 025, 026, 027, 028, 029, 031,
032, 033, 034, 035, 036, 037, 038, 029, 060, 068, 086, 123, 129,
130, 131, 132, 133, 134, 135, 146, 137, 138, 139, 140, 141, 142,
143, 144, 145, 156, and 161.

(4) Corresponds with Ball Types: 043 and 054.

(5) Corresponds with Ball Types: 963, 996, and 998.

(6) Corresponds with Ball Types: 938, 939, 961, 962, and 997.

(7) Corresponds with Ball Types: 942 and 943.

(8) Corresponds with Ball Types: 947 and 948.

(9) Terminal Types D3 and B5 enable Terminal-to-PAD flow control in
the Terminal PAD (TFLOW).

(10) The specific Terminal ID, TI65, incorrect maps to the generic
ID, D2. Since TI 763 and 765 print 80 character per line, users
with these terminals should specify a generic TERM ID of either
D3 (TFLOW enabled) or D1 (TFLOW not specified).

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

<< This is what the troubleshooters of PCPursuit are given to answer queries>>
<< from the legitamit users of its system. very interestinghow they work >>

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

1/18/87 TROUBLESHOOTING PC PURSUIT CALLS
(Tips for helping Cust. Svc. help Pursuit callers)

This is a list of typical questions about PC Pursuit and some answers that
should help. I will not swear that everything–or anything–is accurate.
However, most of the explanations will, at least, help most PC Pursuit
customers.

GENERAL RULES
“””””””””””””
First, listen to what the customer is saying. Some of these guys have more
experience with data communications than anyone in this building, let alone in
this department. They will obviously not be impressed if you run on autopilot
through the typical “are you at 8 bits and no parity” sort of question. Calls
tend to be one of two types: general, simple informational questions and
specific technical problems. If you treat one of the latter as if it were one
of the former, you will do little to convice the customer that you are steering
him correctly.
Second, don’t be too eager to dump the customer onto someone else or off the
line. This will make life easier for whoever has to eventually solve the
problem.

SPECIFIC PROBLEMS
“””””””””””””””””
“I can’t connect to a port; I keep getting D/DCWAS/12 [or whatever] BUSY.”
—————————————————————————-

Explain that these are legitimate busies and that port expansion, both in
adding new cities and in expanding existing rotaries, is underway.
We *will* be adding several hundred new lines to the system. Many cities
have already been upgraded, and more are being completed all the time.

“I connect to a port but I get hung. Not even ATZ will appear.”
——————————————————————

If they’re currently in the frozen port (some users know enough to hold it
open and call us on another line), run a port scan to see where they’re
connected. Reset the port to knock them out, C-space to it, and if you can’t
clear the trouble, busy it out and send a ticket to the field. (This should be
old hat by now, with the troubles we’ve recently found in the new DC modems.)

If they are not connected, your only approach is to try to connect directly
to each port and see if any refuses to respond. If you can’t find a malfunc-
tioning modem, make sure the user was entering “ATZ” in capital letters.

“I connect to a port and enter ATZ but everything seems to hang.”
——————————————————————–
Check to see if they are using a Hayes compatible modem. The PCP modems use
a limited subset of the Hayes “AT” commands. In theory, a working Hayes or
compatible modem will ignore these commands while in a data transfer state. To
place such a modem in command mode, the user must rapidly enter three plus
signs (+) in a row and then wait until the modem acknowledges the command
before entering any more data.

However, malfunctioning modems or some of the not-quite-compatible (usually
cheaper) modems will act on “AT” commands from within data transfer. When the
user enters the ATZ command to wake up the PCP modem, it instead resets the
user’s modem, usually dropping the connection. This would also happen if the
string “ATZ” was encountered during a file transfer.

There’s not a lot we can do to diagnose this, and PCP users
take none too kindly to the suggestion that their bargain modems are no
bargain. As a test, have the user connect to a port and enter one of the Hayes
commands not supported by the PCP modems–for instance, ATH0, which hangs up
the modem, or ATH1, which “lifts” it off the hook. If they are actually
talking to the PCP modem, it will respond with an “OK” and do nothing else; if
they are talking to their own modem, it will drop carrier.

To use PCP successfully, they will either (1) have to replace or repair
their modem, (2) find a way to disable its break to command mode, or (3) try
to throw the PCP port into Racal-Vadic mode (with a Ctrl-E). Note that the
latter solution does not always work unless the modem has been reset with an
ATZ command–which, of course, is out of the question–and may not always be an
option, depending on hardware manufacturer and version.

I have yet to find an instance of this that was not trouble on the
customer’s end, but I expect we will.

“I try to call this number from a PCP modem and I get a busy. I dial it
immediately after hanging up [or from another line] and I get through. I try
it again on PCP and get a busy.”
——————————————————————————–

First, make sure that the number they are dialing is within the accepted
exchanges for a given city (see the list in the PCP guide). Note that there
are a few exchanges that can be reached that are not on the list; a slightly
more up-to-date list is available on the Net Exchange BBS.

If the number should be valid, see if you can isolate the port the user is
calling from. Connect to that port, issue “ATZ”, and send the modem a Ctrl-E
and carriage return. This will throw the modem into Racal-Vadic mode, which
provides better diagnostics than Hayes mode. Try to dial the number and see
what transpires. Racal-Vadic mode will report on the absence of a dial tone,
each ring as it occurs, and the ultimate outcome of the call. Take appropriate
action. (Also, the new modems–the new ones in DC, not the ones that will be
used for the expansion–give a “NO DIAL TONE” message from within Hayes
emulation mode.)

If the user is certain that the exchange is local to the PCP city, ask him
to leave a message to the SysOp (i.e., Dave) on the Net Exchange board.
If you get a connection or what appears to be a legitimate busy, inform the
customer and chalk it up to chance and a busy BBS.

“Sometimes when I connect to a port, I get a message that says ‘MANUAL ANSWER’
and I can’t do anything but disconnect.”
——————————————————————————-

Since the Racal-Vadic mode provides better diagnostics (see above), many
users shift into it before dialing their BBS. If they terminate abnormally
(that is, if the session, not the user, terminates abnormally), the modem may
be left in Racal-Vadic mode.

For instance, User A uses Racal-Vadic mode to call a board. He then gets
bumped off the line (or perhaps hangs up before returning the modem to Hayes
emulation) and User B connects to the port before the modem has a chance to
reset (assuming it resets at all). The modem has sent the Racal-Vadic prompt–
an asterisk–to User A and is waiting for a command. User B sees no response–
the prompt has already been sent–so he assumes the modem is in Hayes mode. He
enters “ATZ” and waits for the “OK”. (To make matters worse, perhaps he is
using a command script that needs to “see” an “OK” before proceeding.)

The modem, currently ignorant of Hayes commands, interprets the “A” of the
“ATZ” as being the Racal-Vadic command to answer a call manually; that is, to
take the line off-hook and respond to the call. It does so, having first sent
the user the message “MANUAL ANSWER.” Since people rarely dial *into* a PC
Pursuit line, nothing happens and the modem just sits.

To get the user out of this trap, have him enter carriage returns until the
modem drops the line and prompts him with another “*”. At this prompt, have
the user enter “I”. This is a nonintuitive command–the “I” stands for “IDLE”
–but it has the happy result of returning the modem to Hayes mode.

There is a file called rvprimer.txt on the Net Exchange which describes the
Racal-Vadic mode.

“I use XMODEM across the system and transfers take twice [or thrice] as long as
they should. Why?”
——————————————————————————–

As best as I can tell, the information we were passed from the Net Exchange
BBS was well-meaning but wrong. Here is the scenario as I figger it–someone
let me know if I’m wrong, too.

XMODEM sends data in a 132-byte block that resembles a mini-packet:

<------------------------- Direction of transmission [SOH] [#] [#] [DATA] [CHK] | | | | |___ "Checksum" (kinda) for error-detection | | | |__________ 128 bytes of data | | |_______________ "One's complement" of block number | |___________________ Block number |________________________ Start of header (ASCII 01) This closely matches the size of a Telenet packet (generally 128 bytes) and can, for our purposes, be considered a packet's worth of data. PC Pursuit is set to forward data only on full packets and on expiration of idle timers (which are set for 1/10 second). The delay occurs because a connection through PC Pursuit goes through four modems and two entirely separate data transmissions. Each block of data must undergo the following (assuming a download from the BBS to the user): _____ _________ __________ | |____ ( )____ | | | BBS | /____( PDN ) /____| PCP user | |_____| (_________) |__________| |_______| |_______| |_______| | | |_____ 1.1 seconds | |_______________ Variable (0.1 to 1+ seconds) |_________________________ 1.1 seconds That's potentially 3+ seconds to transfer data that would take slightly over 1 second to transmit in a direct connection--maybe 35% efficiency. To make matters worse, the acknowledgment (ACK) from the user to the BBS may take upwards of a second--instead of a fraction of a second--to be transmitted back into the network, have idle timers expire, be forwarded to the outdialer, and be transmitted to the BBS. As you can see, though, the real delay is *not* because of the delay in sending the ACK, but because the block size and packet size so nearly match, the two computers are almost never working simultaneously. A protocol that uses a larger block size--YMODEM, for instance--will run faster over the system, but not because it needs fewer acknowledgements. Instead, while sending the larger block, it causes data forwarding on a full- packet condition. After the first packet gets sent, both machines are doing work for most of the rest of the transmission, as such: BBS USER """ """" Start of 1K block Sends packet 1 Does nothing Sends packet 2 Receives packet 1 Sends packet 3 Receives packet 2 Sends packet 4 Receives packet 3 Sends packet 5 Receives packet 4 Sends packet 6 Receives packet 5 Sends packet 7 Receives packet 6 End of 1K block Sends packet 8 Receives packet 7 Does nothing Receives packet 8 (Of course, the BBS is not really sending the *packet*, just a packet's worth of data.) In effect, YMODEM wastes only 2 of every 9 128-byte transfers; it should run at about 75% efficiency. In addition, since it only has a single ACK per kilobyte (instead of 8), less time is spent in waiting for the idle timer to expire. Of course, to make things more confusing, there are XMODEM packages using 256-byte and 1K blocks and XMODEM packages that allow a "window" of unacknowledged blocks to be sent, among other flavors. If the user is using one of the strange XMODEMs, he'll usually know enough to mention it. Recently, the default parameters for the PC Pursuit ports were changed; by whom, I don't know. For best results, users should break to command mode and set X.3 parameters 1 and 10 to 0 (disables break to command mode and word wrap) and set ITI parameter 57 to 1 and parameter 63 to 0 (enable 8-bit transparent mode). This is all done with similar commands as those issued when connecting to Exec PC. "I can't use PUNTER protocol across the network." ------------------------------------------------- I have sent word (through a friend) for Steve Punter to call me to discuss what might be going wrong with his procotol for Commodore machines. However, as best as I can tell, PUNTER protocol has a severely restrictive time-out setting--the amount of time it will wait for an acknowledgement back from the receiving site before assuming a block was lost and retransmitting it. As the diagram above shows, PC Pursuit introduces a lot of delay into the loop, and this is too much for the BBS to take. It starts to send the "lost" block again; the receiving station finally receives and acknowledges the block; and everything falls apart. (This is complete assumption, by the way; I haven't been able to find any hard info on PUNTER, although I am told it works in 256- byte blocks.) If this is true, I doubt PUNTER would even work over a satellite long-distance connection, so PUNTER BBSs will probably soon offer a "relaxed" PUNTER. Often, Commodore users having no luck with PUNTER have been able to run successful XMODEM transfers. "I have no [or little] trouble downloading from a BBS, but my uploads often fail." ----------------------------------------------------------------------------- This also seems to be related to time-out periods, but I'm not sure. Because a 132-byte block will be sent in 2 packets and, thus, activity on sending and receiving ends may overlap slightly, it is conceivable that the delay between sending the last byte of a data block and receiving the ACK would be a tiny bit less than the delay between sending the ACK and receiving the first byte of the next block. (Note: Here I am grasping for straws.) If the BBS has a particularly unforgiving time-out setting, it might reject the block or get out of sync (see the PUNTER hypothesis, above). Several Texas Instrument computer users have been able to trick PC Pursuit into handling transfers by calling into the networkj at 300 baud but calling out at 1200; I haven't the foggiest idea why this works, unless the time-out period is relatively more relaxed at the faster speed. "I can't get the listing of BBSs on the Net Exchange BBS to download" or "I've downloaded the listing of BBSs but can't read it; it's garbage." ------------------------------------------------------------------------------- Files with the extension .SQ have been squeezed; there are a number of slightly different programs and variations for doing this, some compatible with others. Many machines have access to some sort of squeezing utility; whether or not the file downloaded is in the proper format is another question. Files with the extension .LBR have been libraried; this procedure combines a number of files into a single file, usually without data compression. The resulting file is easier to download and catalog than the individual files would be, and takes up slightly less room. LU is the main program for librarying files in the IBM-compatible environment; I know of no comparable programs for other machines. Files with the extension .ARC have been archived; this is a technique that both squeezes and libraries files. Files are usually archived with ARC, a user-supported program distributed by System Enhancement Associates. As far as I know, there is only an official ARC for IBM-style computers; I think, but am not sure, that there is a compatible program for CP/M-based machines (like the Kaypro) and machines running Un*x. I know of no other computers that can make use of .ARC files. "What do NO CARRIER and NO ERROR CONTROL mean? I saw them in a recent connection to Wash D.C. (D/DCWAS)." ------------------------------------------------------------------------ The modems in Wash D.C. are the new Vadic modems, which will also support 2400 outdial when deployed. These new modems have expanded response messages. NO CARRIER is seen in the Hayes mode when carrier has been dropped between the Telenet outdial modem and the target BBS which the user dialed. The user still has control of the modem and can dial a new number in the city if desired. NO ERROR CONTROL - is displayed whenever one of the new modems is connected on-line with the target BBS. It simply means that the outdial modem is not in the MNP reliable modem (with local loop error protection). You see, MNP is built into these new modems, and that means that when these new modems call another modem with MNP in it, they will hand-shake and come up in the Microcom reliable mode - which provides error protection in the local phone loop. If it is not using MNP and says NO ERROR CONTROL, the call will still go through just fine to the remote BBS. "How do I get the Racal-Vadic command mode?" ---------------------------------------------- The Hayes command mode is the only officially supported command mode for PC Pursuit at this time - to simplify support and ease of use for users. However, users may use the R-V mode, which does give some better response messages (such as "Dialing", and also has re-dial). To get to the R-V mode, type ATZ to get the OK, then ctrl-E and you should wake up the modem into the R-V mode as it responds "Hello, I'm ready" with a * . Type ? (cr) for a list of the commands available. When done with your session, the modem will reset itself into the Hayes mode as you enter I (cr) to Idle the modem. (or depending on how you disconnect, it will automatically reset to Hayes mode for the next user within 10 - 100 seconds). <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

———————————————————————-

Outdial Site: D/NJNEW
300 bps: 311020100001
1200 bps: 311020100301
2400 bps: 311020100022

201 200 207 216 217 224 226 227 228 232 233 235 239 241 242 245
201 256 259 266 268 272 273 276 277 278 279 284 288 289 298 301
201 304 305 309 312 313 314 315 317 318 319 322 325 330 332 333
201 338 339 340 342 343 344 345 346 348 351 352 353 354 355 365
201 368 371 372 373 374 375 376 377 378 379 381 382 386 388 392
201 393 394 396 399 401 403 408 413 414 416 419 420 421 423 427
201 428 429 430 432 433 434 435 436 437 438 440 441 450 451 456
201 460 461 464 465 467 468 470 471 472 473 474 478 480 481 482
201 483 484 485 486 487 488 489 499 503 504 507 509 514 515 516
201 522 523 527 533 535 541 546 547 558 564 565 567 568 569 570
201 574 575 578 581 582 585 587 589 592 593 594 595 596 601 602
201 608 614 617 621 622 623 624 626 628 633 634 635 636 641 642
201 643 645 646 648 649 653 654 656 659 661 662 665 667 669 672
201 673 674 675 676 677 678 680 684 686 687 688 690 692 694 695
201 696 701 703 705 708 709 712 714 716 731 733 736 737 740 742
201 743 744 746 748 750 751 759 760 761 762 763 765 771 772 773
201 777 778 779 783 785 789 790 791 792 794 795 796 797 798 801
201 802 803 804 807 808 812 814 815 816 817 820 822 823 824 833
201 836 837 843 845 851 854 855 857 858 860 861 862 863 864 865
201 866 867 868 869 871 877 881 882 884 886 887 889 890 893 894
201 896 902 904 907 909 912 913 915 916 923 925 926 931 933 935
201 939 941 942 943 944 945 947 952 955 956 960 961 963 964 965
201 966 969 977 991 992 994 997 998

Number of exchanges: 338

———————————————————————-

Outdial Site: D/WASEA
300 bps: 311020600205
1200 bps: 311020600206
2400 bps: 311020600208

206 223 224 226 227 228 232 233 234 235 236 237 241 242 243 244
206 246 248 251 255 271 277 281 282 283 284 285 286 287 292 296
206 298 320 322 323 324 325 326 328 329 340 343 344 345 346 358
206 361 362 363 364 365 367 368 382 386 389 391 392 393 394 395
206 421 431 432 433 439 441 442 443 447 448 451 453 454 455 461
206 462 464 467 477 481 483 485 486 487 488 489 522 523 524 525
206 526 527 528 542 543 544 545 546 547 548 554 557 562 575 583
206 585 587 621 622 623 624 625 626 628 630 631 632 633 634 635
206 637 639 641 643 644 646 649 654 655 656 657 661 662 667 670
206 672 682 684 685 720 721 722 723 725 726 727 728 742 743 744
206 745 746 747 762 763 764 767 768 771 772 773 774 775 776 778
206 781 782 783 784 787 788 789 820 821 822 823 824 827 828 836
206 838 839 842 850 852 854 859 861 865 867 868 869 870 872 874
206 878 880 881 882 883 885 889 930 932 933 935 936 937 938 940
206 941 946 947 948 949 953 954 955 965 969 972 977 979 982 986
206 989 991 993 994 995 996 997 998 999

Number of exchanges: 234

———————————————————————-

Outdial Site: D/NYNYO
300 bps: 311021200315
1200 bps: 311021200316
2400 bps: 311021200412
other : 311021200028

212 200 205 206 207 208 210 213 214 216 218 219 220 221 222 223
212 225 226 227 228 230 231 232 233 234 235 236 237 238 239 240
212 241 242 243 244 245 246 247 248 249 250 251 252 254 255 260
212 262 264 265 266 267 268 269 272 276 277 279 280 281 283 285
212 286 288 289 290 291 292 293 294 295 296 297 298 299 301 302
212 303 304 305 306 307 308 309 310 312 313 314 315 316 319 320
212 321 322 323 324 325 326 328 329 330 333 334 335 337 339 340
212 341 342 344 346 348 349 350 351 352 353 354 355 356 357 358
212 359 360 361 362 363 364 365 367 368 369 370 371 373 374 378
212 379 380 382 385 390 391 392 393 395 396 397 398 399 401 402
212 404 406 407 408 409 410 412 413 414 415 416 418 419 420 421
212 422 425 427 428 430 431 432 433 436 437 439 440 446 447 448
212 449 451 452 453 455 456 457 458 459 460 461 463 464 465 466
212 467 468 469 472 473 474 475 476 477 480 481 482 483 484 485
212 486 487 488 489 490 491 492 493 495 496 502 503 504 505 506
212 508 509 510 512 513 514 515 517 518 519 520 521 522 523 524
212 525 527 528 529 530 531 532 533 534 535 536 537 538 541 542
212 543 545 546 547 548 549 551 552 553 554 556 557 558 559 560
212 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575
212 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590
212 593 594 595 597 598 599 601 602 603 605 606 607 608 609 610
212 612 613 614 616 617 618 619 620 621 623 624 625 627 628 629
212 632 633 635 637 639 640 641 642 643 644 645 648 649 650 652
212 653 654 655 656 657 658 659 661 662 663 664 665 666 667 668
212 669 671 673 674 675 676 677 678 679 681 682 683 684 685 686
212 687 688 689 690 691 692 693 694 695 696 697 698 701 702 703
212 704 705 707 708 709 711 713 714 715 716 717 719 720 721 722
212 724 725 727 730 731 732 733 734 735 736 737 740 741 742 744
212 745 746 747 749 750 751 752 753 754 755 757 758 759 760 761
212 764 765 766 767 768 769 770 772 775 776 777 779 781 785 786
212 787 790 791 792 793 794 795 796 797 798 799 804 806 807 808
212 809 812 813 815 818 819 820 822 823 824 825 826 827 828 829
212 830 831 832 836 837 838 839 840 841 842 844 847 848 850 852
212 853 854 855 856 858 860 861 862 863 864 865 866 867 868 869
212 870 871 872 873 874 876 877 878 879 880 881 882 883 884 885
212 886 887 888 889 891 892 893 898 899 901 902 903 904 905 906
212 907 908 909 912 916 918 920 921 922 923 924 925 926 927 928
212 929 930 931 932 933 935 936 938 940 941 942 943 944 945 947
212 949 951 952 953 954 955 956 957 960 962 963 964 966 967 968
212 969 971 972 973 974 975 977 978 979 980 982 983 984 985 986
212 988 989 991 992 993 994 995 996 997 998 999

Number of exchanges: 611

———————————————————————-

Outdial Site: D/CTHAR
300 bps: 311020300120
1200 bps: 311020300121
2400 bps: 311020300105

203 223 224 225 229 231 232 233 236 240 241 242 243 244 246 247
203 249 252 257 258 273 275 277 278 279 280 282 285 286 289 291
203 292 293 296 297 298 299 520 521 522 523 524 525 527 528 529
203 547 548 549 557 559 560 561 563 565 566 568 569 623 627 633
203 643 644 645 646 647 648 649 651 653 654 657 658 659 660 665
203 666 667 668 673 674 675 676 677 678 679 683 688 693 721 722
203 724 725 726 727 728 826 827 828 829 841 843 870 871 872 875
203 930 936 951 952 953 954

Number of exchanges: 111

———————————————————————-

Outdial Site: D/DCWAS
300 bps: 311020200115
1200 bps: 311020200116
2400 bps: 311020200117

202 200 204 206 207 208 209 210 213 214 217 218 220 222 223 224
202 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239
202 240 241 242 243 244 245 246 247 248 249 250 251 252 254 255
202 256 258 259 260 262 263 264 265 266 267 268 269 270 271 272
202 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287
202 288 289 291 292 293 294 295 296 297 298 299 306 307 309 310
202 317 319 320 321 322 323 324 325 326 328 329 330 331 332 333
202 334 336 337 338 339 340 341 342 343 344 345 346 347 348 350
202 351 352 353 354 355 356 357 358 359 360 362 363 364 365 366
202 369 370 371 372 373 374 376 377 378 379 380 382 383 384 385
202 386 387 388 389 390 391 392 393 394 395 396 397 398 399 401
202 402 403 404 406 407 408 409 415 416 417 418 420 421 422 423
202 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438
202 439 440 441 442 443 444 445 447 448 449 450 451 452 453 454
202 455 456 457 458 459 460 461 462 463 464 466 467 468 469 470
202 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485
202 486 487 488 490 492 493 495 496 497 498 499 501 502 503 504
202 505 506 507 509 513 514 516 517 519 520 521 522 523 524 525
202 526 527 528 529 530 532 533 534 535 536 537 538 539 540 541
202 542 543 544 545 546 547 548 549 550 551 552 553 554 556 557
202 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572
202 573 574 575 576 577 578 580 581 582 583 584 585 586 587 588
202 589 590 591 592 593 595 597 598 599 601 602 603 604 605 606
202 608 610 613 618 619 620 622 623 624 625 626 627 628 630 631
202 632 633 634 635 636 637 638 639 640 641 642 643 644 646 647
202 648 649 650 651 652 653 654 656 657 658 659 660 661 662 663
202 664 665 666 667 668 669 670 671 673 675 676 678 679 680 681
202 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696
202 697 698 699 702 706 707 708 709 712 713 714 715 719 722 723
202 724 725 726 727 728 731 732 733 734 735 736 737 738 739 742
202 745 746 749 750 751 752 753 755 756 758 759 760 761 762 763
202 764 765 767 768 769 770 772 773 774 775 776 778 779 780 781
202 783 784 785 786 787 789 790 794 795 797 799 801 802 803 805
202 806 807 808 812 815 816 817 818 820 821 822 823 824 825 826
202 827 828 829 830 832 833 834 835 836 837 838 839 840 841 842
202 843 844 845 846 847 848 849 850 851 852 853 856 857 860 861
202 862 863 864 865 866 868 869 870 871 872 874 875 876 877 879
202 881 882 883 885 887 888 889 890 891 892 893 894 895 896 897
202 898 899 901 904 906 907 912 913 914 916 917 920 921 922 924
202 925 926 927 928 929 930 931 933 934 935 936 937 938 939 940
202 941 942 943 944 946 947 948 949 951 952 953 954 955 956 957
202 960 961 962 963 965 966 967 968 971 972 974 975 977 978 979
202 980 981 982 983 984 985 986 989 990 991 994 996 998

Number of exchanges: 643

———————————————————————-

Outdial Site: D/CASAN

213 430 431 433 434 438 439 493 494 498 592 594 596 597 598 797
213 799 985 987

Number of exchanges: 18

———————————————————————-

Outdial Site: D/CAGLE
300 bps: none listed
1200 bps: 311021300412
2400 bps: 311021300413

213 201 202 203 204 205 221 222 223 224 225 226 227 228 229 230
213 236 237 238 239 245 250 251 252 253 254 255 256 257 258 259
213 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284
213 285 286 287 288 289 303 310 314 315 319 340 341 342 343 345
213 347 351 353 362 380 381 382 383 384 385 386 387 388 389 392
213 393 394 395 396 399 400 413 415 450 451 452 453 454 455 458
213 459 460 461 462 463 464 465 466 467 468 469 480 481 482 483
213 484 485 486 487 488 489 520 550 551 552 553 556 557 558 559
213 573 580 612 613 614 617 619 620 621 622 623 624 625 626 627
213 628 629 650 651 652 653 654 655 656 657 658 659 660 661 662
213 663 664 665 666 667 668 669 680 681 682 683 684 686 687 688
213 689 714 730 731 732 733 734 735 736 737 738 739 740 741 742
213 743 744 745 746 747 748 749 765 785 828 829 836 837 838 839
213 840 841 842 849 850 851 852 854 855 856 857 858 859 870 871
213 872 873 874 875 876 877 878 879 891 892 893 894 895 896 912
213 913 930 931 932 933 934 935 936 937 938 939 955 960 962 963
213 964 965 966 967 968 969 972 974 975 977

Number of exchanges: 250
———————————————————————-
Outdial Site: D/CALAN
(dial 1213+number)
300 bps: none listed
1200 bps: 311021300412
2400 bps: 311021300413

213 200 201 202 203 204 205 206 207 208 209 212 214 215 216 217
213 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233
213 234 235 236 237 238 239 241 245 248 249 250 251 252 253 254
213 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269
213 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284
213 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299
213 300 301 302 303 304 305 306 307 308 309 310 312 313 314 315
213 316 318 319 320 321 322 323 324 327 328 329 330 331 332 333
213 334 335 336 337 338 340 341 342 343 345 347 351 353 362 370
213 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385
213 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400
213 402 404 406 408 410 412 413 414 415 416 417 418 419 440 442
213 443 444 445 446 447 450 451 452 453 454 455 458 459 460 461
213 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476
213 477 478 479 480 481 482 483 484 485 486 487 488 489 500 512
213 515 516 520 527 531 532 533 535 536 537 538 540 541 542 543
213 544 545 546 550 551 552 553 554 556 557 558 559 560 561 562
213 563 564 565 566 567 568 569 573 574 578 580 581 582 583 584
213 585 586 587 588 589 600 601 602 603 604 605 606 607 608 609
213 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626
213 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641
213 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656
213 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671
213 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686
213 687 688 689 692 693 695 696 698 699 700 702 703 712 713 714
213 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729
213 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744
213 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759
213 760 761 762 763 764 765 769 770 771 772 773 774 775 776 777
213 778 779 780 781 782 783 785 791 794 801 802 803 804 806 807
213 809 812 813 814 819 820 821 822 823 824 825 826 827 828 829
213 836 837 838 839 840 841 842 846 849 850 851 852 854 855 856
213 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871
213 872 873 874 875 876 877 878 879 881 887 888 889 891 892 893
213 894 895 896 903 904 907 908 912 913 920 921 922 923 924 925
213 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940
213 941 942 944 945 946 948 949 955 960 962 963 964 965 966 967
213 968 969 970 971 972 973 974 975 977 978 979

Number of exchanges: 566

———————————————————————-

Outdial Site: D/TXDAL
300 bps: 311021400117
1200 bps: 311021400118
2400 bps: 311021400022

214 202 203 204 205 212 216 217 218 219 220 221 222 223 224 225
214 226 227 228 229 230 231 233 234 235 238 239 240 241 242 243
214 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258
214 259 260 262 263 264 266 269 270 271 272 275 276 278 279 281
214 284 285 286 287 288 289 290 291 293 296 298 299 301 302 303
214 305 306 307 308 309 313 314 315 316 317 318 319 320 321 323
214 324 327 328 330 331 332 333 336 337 339 340 341 343 348 349
214 350 351 352 353 357 358 360 361 363 368 369 371 372 373 374
214 375 376 380 381 384 385 386 387 388 391 392 393 394 397 398
214 399 401 402 403 404 406 407 412 413 414 416 417 418 420 421
214 422 423 424 426 428 434 436 437 438 441 442 443 444 445 446
214 450 453 456 458 462 464 466 470 471 475 480 484 487 490 492
214 494 495 497 502 503 504 506 508 513 514 516 517 518 519 520
214 521 522 526 528 530 533 539 541 550 553 554 556 557 558 559
214 565 570 573 574 575 578 579 580 590 591 594 596 601 602 603
214 604 605 606 607 608 609 612 613 615 616 618 620 621 630 631
214 634 637 638 641 642 644 647 650 651 653 655 658 659 660 661
214 669 670 676 680 681 686 688 689 690 691 692 696 698 699 701
214 702 704 705 706 707 708 709 712 713 714 715 716 717 718 720
214 721 724 727 733 739 740 741 742 744 745 746 747 748 749 750
214 751 754 760 761 767 770 771 780 781 783 787 788 790 791 799
214 804 808 812 815 818 819 820 821 823 824 826 827 828 830 840
214 841 844 850 851 855 864 867 869 871 879 880 881 888 890 891
214 902 904 905 907 909 913 917 918 919 920 922 929 931 933 934
214 939 941 942 943 944 946 948 949 951 952 953 954 956 957 960
214 964 969 977 978 979 980 985 986 987 988 991 992 993 995 996
214 997 999

Number of exchanges: 392

———————————————————————-

Outdial Site: D/PAPHI
300 bps: 311021500005 (this outdial currently 2400)
1200 bps: 311021500112
2400 bps: 311021500022

215 221 222 223 224 225 226 227 228 229 231 232 233 235 236 237
215 238 241 242 243 244 245 246 247 248 254 259 260 263 265 270
215 271 272 275 276 277 278 279 280 281 283 284 288 289 291 293
215 299 324 328 329 330 331 332 333 334 335 336 337 338 339 341
215 342 349 350 351 352 353 354 356 359 365 379 382 386 387 389
215 422 423 424 425 426 427 438 440 446 447 448 449 450 452 455
215 456 457 460 461 462 463 464 465 466 467 468 470 471 472 473
215 474 476 477 480 482 483 485 487 490 492 494 496 497 499 520
215 521 522 523 525 526 527 528 531 532 533 534 535 537 539 540
215 542 543 544 545 546 548 549 551 552 553 557 560 561 563 564
215 565 566 567 568 569 570 572 573 574 576 577 578 580 581 583
215 585 586 587 590 591 592 595 596 597 620 621 622 623 624 625
215 626 627 628 629 630 631 632 634 635 636 637 638 639 641 642
215 643 645 646 649 653 657 659 660 662 663 664 665 667 668 671
215 673 676 677 680 684 685 686 687 688 690 697 698 722 724 725
215 726 727 728 729 732 734 735 737 739 742 743 744 745 747 748
215 751 753 755 761 763 765 768 769 782 784 786 787 789 790 823
215 824 825 828 829 830 831 833 834 835 836 839 840 841 842 843
215 844 846 848 849 851 853 854 864 870 871 872 874 875 876 877
215 878 879 880 881 884 885 886 887 891 892 893 894 895 896 897
215 898 899 920 922 923 924 925 927 928 930 931 934 936 937 938
215 940 941 947 951 952 955 960 961 962 963 964 969 971 972 973
215 975 977 978 980 981 985 986 988 990 991 998

Number of exchanges: 341

———————————————————————-

Outdial Site: D/OHCLE
300 bps: 311021600020
1200 bps: 311021600021
2400 bps: 311021600120

216 221 226 228 229 231 232 234 235 236 237 238 241 243 247 248
216 249 251 252 261 265 266 267 268 271 278 281 283 289 291 292
216 295 299 321 328 331 333 338 341 344 348 349 351 356 361 362
216 363 368 371 381 382 383 389 391 397 398 421 423 425 429 431
216 432 433 439 441 442 443 444 445 446 447 449 451 459 461 463
216 464 467 468 469 471 473 475 476 479 481 486 487 491 521 522
216 523 524 526 529 531 541 543 561 562 566 572 574 575 578 579
216 581 582 585 586 587 589 591 621 622 623 631 634 641 642 646
216 651 656 659 661 662 663 664 671 676 681 687 689 691 692 694
216 696 721 728 729 731 732 734 736 737 741 749 751 752 754 761
216 765 766 771 777 779 781 789 791 795 822 826 831 835 838 842
216 843 844 845 851 861 871 881 883 884 885 886 888 891 892 899
216 921 931 932 941 942 943 944 946 951 953 961 975 987 991 995

Number of exchanges: 195

———————————————————————-

Outdial Site: D/DCWAS
300 bps: 311020200115
1200 bps: 311020200116
2400 bps: 311020200117

301 206 209 210 217 220 227 229 230 231 236 238 240 248 249 251
301 258 262 270 277 279 283 286 292 294 295 297 299 306 309 317
301 320 322 330 336 340 341 344 345 350 353 365 369 372 380 384
301 386 390 394 402 403 409 417 420 421 422 423 424 427 428 431
301 434 436 439 441 443 445 449 454 459 460 464 468 469 470 474
301 480 490 492 493 495 496 497 498 499 502 505 507 509 513 520
301 530 540 552 559 564 565 567 568 570 571 572 577 580 585 587
301 588 589 590 593 595 598 599 601 604 608 618 622 627 630 640
301 649 650 652 654 656 657 670 680 681 688 699 702 713 725 731
301 735 736 738 753 762 763 770 772 773 774 776 779 794 805 807
301 808 816 839 840 843 851 852 853 856 864 868 869 870 871 881
301 888 890 891 894 897 899 907 913 916 921 924 925 926 927 929
301 930 933 935 937 940 942 946 948 949 951 952 953 961 963 967
301 972 975 977 980 981 982 983 984 985 986 989 990

Number of exchanges: 207

———————————————————————-

Outdial Site: D/CODEN
300 bps: 311030300114
1200 bps: 311030300115
2400 bps: 311030300021

303 200 220 230 231 232 233 234 235 236 237 238 239 252 255 261
303 266 270 271 273 277 278 279 280 281 286 287 288 289 290 291
303 292 293 294 295 296 297 298 299 320 321 322 329 331 333 337
303 340 341 343 344 348 355 360 361 363 364 366 367 368 369 370
303 371 372 373 375 377 388 393 394 397 398 399 420 421 422 423
303 424 425 426 427 428 429 430 431 433 440 441 442 443 444 447
303 449 450 451 452 455 457 458 460 461 465 466 467 469 470 477
303 478 480 492 494 497 499 526 530 534 538 556 571 572 573 575
303 581 592 595 620 623 624 628 629 631 639 640 642 643 649 650
303 654 657 659 660 665 666 670 671 673 674 676 680 681 688 689
303 690 691 692 693 694 695 696 697 698 699 720 721 722 727 730
303 733 739 740 741 743 744 745 750 751 752 753 755 756 757 758
303 759 760 761 762 763 764 766 770 771 773 777 778 779 780 781
303 782 786 787 788 789 790 791 792 793 794 795 796 797 798 799
303 820 821 825 826 829 830 831 832 836 837 839 840 841 843 844
303 850 851 855 860 861 863 866 868 869 871 877 880 888 889 890
303 891 892 893 894 896 898 899 922 924 930 932 933 934 935 936
303 937 938 939 940 964 965 966 969 971 972 973 977 978 979 980
303 985 986 987 988 989

Number of exchanges: 275

———————————————————————-

Outdial Site: D/FLMIA
300 bps: 311030500120
1200 bps: 311030500121
2400 bps: 311030500122

305 220 221 222 223 224 226 227 230 232 233 235 238 242 245 246
305 247 248 250 251 252 253 254 255 257 258 261 262 263 264 266
305 267 268 270 271 274 279 284 285 324 325 326 327 329 332 342
305 343 347 348 349 350 352 353 354 358 361 362 363 364 365 366
305 371 372 373 374 375 376 377 378 379 380 381 382 385 386 387
305 388 397 399 441 442 443 444 445 446 447 448 449 460 464 470
305 471 477 478 520 526 529 530 531 532 534 535 536 538 539 541
305 542 543 544 545 547 548 549 550 551 552 553 554 556 557 558
305 559 560 567 571 573 575 576 577 578 579 590 591 592 593 594
305 595 596 598 599 620 621 623 624 625 628 633 634 635 636 637
305 638 642 643 644 649 651 652 653 654 661 662 663 665 666 667
305 669 670 672 673 674 681 685 687 688 691 693 694 696 751 754
305 756 757 758 759 762 769 770 773 775 780 787 789 794 795 821
305 822 823 825 827 829 835 836 854 855 856 858 859 861 864 865
305 866 867 868 871 873 874 876 880 881 882 883 884 885 886 887
305 888 889 891 892 893 895 899 931 932 933 935 937 939 940 944
305 945 947 948 949 951 952 953 956 957 993 995

Number of exchanges: 251

———————————————————————-

Outdial Site: D/ILCHI

Note: This is an interim exchange list while the 312 area code
undergoes a split to produce area code 708. While the Chicago
area is in transition, numbers which had been 312 (and are now
708) should be accessible as a 7 digit call to area code 312
or an 11 digit call (1708+number) to the new area. HOWEVER:
the phone company will be installing a voice intercept on calls
placed to the 7 digit number before routing you to the new
11 digit number and we do not know how the modems will respond
to this intercept message. You should therefore begin using the
new 1708 number ASAP. Exchanges in 708 are also listed in
the 312 table below during this transition.

300 bps: 311031200410
1200 bps: 311031200411
2400 bps: 311031200024

312 200 201 202 203 204 205 206 207 208 209 210 213 214 215 216
312 218 220 221 222 223 224 225 226 227 228 229 230 231 232 233
312 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248
312 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263
312 264 265 266 267 268 269 271 272 273 274 275 276 277 278 279
312 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294
312 295 296 297 298 299 301 302 303 304 306 307 308 310 313 314
312 315 316 317 318 319 321 322 323 324 325 326 327 328 329 330
312 331 332 333 334 335 336 337 338 339 341 342 343 344 345 346
312 347 348 349 350 351 352 353 354 355 357 358 359 360 361 362
312 363 364 366 367 368 369 371 372 373 374 375 376 377 378 379
312 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394
312 396 397 398 399 401 402 403 404 405 406 407 408 409 410 412
312 413 415 416 417 418 419 420 421 422 423 424 425 426 427 428
312 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443
312 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458
312 459 460 461 462 463 465 467 468 469 470 471 472 473 474 475
312 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490
312 491 492 493 495 496 498 499 501 502 503 504 505 506 507 508
312 509 510 512 513 514 515 516 517 518 519 520 521 522 523 524
312 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539
312 540 541 542 543 544 545 547 548 549 550 551 558 559 560 561
312 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576
312 577 578 579 580 581 582 583 584 585 586 588 589 590 591 592
312 593 594 595 596 597 598 599 601 602 603 604 605 606 607 608
312 609 612 613 614 615 617 618 619 620 621 622 623 624 625 626
312 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641
312 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656
312 657 658 659 660 661 662 663 664 665 666 667 668 670 671 672
312 673 674 675 676 677 678 679 680 681 682 684 685 686 687 688
312 689 690 691 692 693 694 695 696 697 698 699 701 702 703 704
312 705 706 707 709 712 713 714 715 716 717 718 719 720 721 722
312 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737
312 738 739 741 742 743 744 745 746 747 748 749 750 751 752 753
312 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768
312 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783
312 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798
312 799 801 802 803 804 805 806 807 808 810 812 814 816 817 818
312 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833
312 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848
312 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863
312 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878
312 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893
312 894 895 896 897 898 899 901 902 903 904 905 906 907 908 909
312 910 913 914 915 916 917 918 919 920 921 922 923 924 925 926
312 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941
312 942 943 944 945 946 947 948 949 951 952 953 954 955 956 957
312 960 961 962 963 964 965 966 967 968 969 971 972 973 974 975
312 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991
312 992 993 994 995 996 997 998

Number of exchanges: 742

———————————————————————

Outdial Site: D/MIAAR
300 bps: none accessable
1200 bps: 311031300216
2400 bps: 311031300024

313 420 426 428 429 434 437 439 449 451 453 454 455 459 475 481
313 482 483 484 485 486 487 495 572 662 663 665 668 677 747 761
313 763 764 769 930 936 971 973 981 994 995 996 998

Number of exchanges: 42

———————————————————————-

Outdial Site: D/MIDET
300 bps: 311031300214
1200 bps: 311031300216
2400 bps: 311031300024

313 222 223 224 225 226 237 240 245 252 255 256 259 267 270 271
313 272 273 274 275 276 277 278 291 292 295 297 298 320 321 322
313 323 328 330 331 336 337 341 342 343 345 361 365 366 368 369
313 371 372 381 382 383 386 388 389 390 393 396 430 431 436 438
313 440 441 444 446 448 460 491 493 494 496 499 520 521 526 527
313 531 532 533 534 535 536 537 538 554 556 560 561 562 563 564
313 565 567 568 571 577 579 581 582 584 592 593 594 596 599 630
313 690 745 770 780 821 822 823 824 829 831 832 833 834 835 836
313 837 838 839 841 842 843 845 846 849 861 862 863 864 865 866
313 867 868 869 871 872 873 874 875 876 881 882 883 884 885 886
313 891 892 893 894 895 896 897 898 899 921 922 923 924 925 926
313 927 928 929 931 933 934 935 937 940 943 945 956 961 962 963
313 964 965 966 972 974 976 980 983 993

Number of exchanges: 189

———————————————————————-

Outdial Site: D/MOSLO
300 bps: 311031400020
1200 bps: 311031400021
2400 bps: 311031400005

314 225 227 231 232 233 234 235 241 247 253 259 261 263 268 275
314 277 289 291 296 298 321 331 342 343 344 349 351 352 353 355
314 361 362 367 371 381 382 383 385 388 389 391 394 421 423 424
314 425 426 427 428 429 432 434 436 441 444 454 458 464 466 469
314 476 481 487 489 521 522 523 524 525 529 531 532 533 534 535
314 538 539 541 542 544 551 553 554 567 569 571 572 576 577 578
314 595 621 622 623 631 638 644 645 647 652 653 658 664 671 677
314 679 694 721 725 726 727 731 739 741 746 747 752 755 758 768
314 771 772 773 776 777 781 791 795 821 822 823 826 829 831 832
314 836 837 838 839 841 842 843 845 846 848 849 851 854 855 862
314 863 865 867 868 869 871 872 878 879 889 891 892 894 895 899
314 921 928 938 939 941 942 946 947 949 957 961 962 963 965 966
314 968 969 973 982 984 991 992 993 994 997

Number of exchanges: 190

———————————————————————-

Outdial Site: D/ININD
300 bps: none accessable
1200 bps:
2400 bps:

317 200 222 226 228 230 231 232 233 235 236 237 238 239 240 241
317 242 243 244 247 248 251 252 253 254 255 256 257 259 261 262
317 263 264 265 266 267 269 271 272 273 274 276 277 278 283 290
317 291 293 297 298 299 321 322 326 328 335 351 352 353 355 356
317 357 359 422 424 425 431 432 439 441 442 443 445 461 462 464
317 465 466 467 469 470 471 485 486 488 535 539 541 542 543 545
317 546 547 549 556 571 573 574 575 576 577 578 579 580 630 631
317 632 633 634 635 636 637 638 639 681 684 685 686 687 691 694
317 736 738 745 769 773 776 780 781 782 783 784 786 787 788 823
317 831 835 838 839 841 842 843 844 845 846 848 849 852 856 861
317 862 867 870 871 872 873 875 876 877 878 879 881 882 885 887
317 888 889 891 892 894 895 896 897 898 899 920 921 923 924 925
317 926 927 928 929 976 994 996

Number of exchanges: 187

———————————————————————-

Outdial Site: D/GAATL
300 bps: 311040400113
1200 bps: 311040400114
2400 bps: 311040400022

404 200 212 215 220 221 222 223 225 230 231 233 237 238 239 240
404 241 242 243 244 246 247 248 249 250 252 255 256 257 260 261
404 262 263 264 266 270 271 279 280 281 284 286 288 289 292 294
404 296 297 299 310 312 313 314 315 316 319 320 321 325 329 330
404 331 332 333 339 341 343 344 346 347 348 349 350 351 352 355
404 360 361 362 363 364 365 366 368 370 371 372 373 377 378 380
404 381 383 388 389 390 391 392 393 394 395 396 399 413 416 417
404 420 421 422 423 424 425 426 427 428 429 431 432 433 434 435
404 436 438 439 441 442 443 445 446 447 448 449 451 452 454 455
404 457 458 460 461 463 466 469 471 473 474 475 476 477 478 482
404 483 484 487 488 489 491 493 494 496 497 498 499 505 508 512
404 513 515 520 521 522 523 524 525 526 527 528 529 530 533 550
404 551 552 558 559 564 565 566 570 572 573 577 578 580 581 584
404 586 587 588 589 590 591 593 594 603 607 610 618 619 621 622
404 623 624 626 627 631 633 634 636 639 640 641 642 651 653 656
404 658 659 661 662 664 668 669 671 676 679 680 681 683 686 688
404 690 691 696 697 698 699 712 717 723 726 727 728 729 730 732
404 739 740 741 744 750 751 752 753 755 756 758 760 761 762 763
404 765 766 767 768 772 774 785 792 794 799 804 808 810 815 822
404 827 833 835 837 839 840 841 842 843 847 848 850 851 852 853
404 859 870 871 872 873 874 875 876 877 879 880 881 885 888 890
404 892 894 897 898 899 907 916 920 921 922 923 924 925 926 928
404 929 932 933 934 936 938 939 941 942 943 944 945 946 948 949
404 951 952 953 954 955 956 957 960 961 962 963 964 968 969 971
404 972 973 974 975 977 978 979 980 981 982 984 985 986 987 988
404 991 992 993 994 995 996 997 998 999

Number of exchanges: 384

———————————————————————-

Outdial Site: D/FLORL
(dial 1+407)
300 bps: None accessable
1200 bps: 311030500121
2400 bps: 311030500122

407 222 228 236 237 238 239 240 244 246 247 249 256 257 260 262
407 263 273 275 277 281 282 290 291 292 293 294 295 297 298 299
407 327 331 332 339 341 342 345 351 352 354 356 363 365 366 380
407 381 382 420 422 423 424 425 438 469 539 560 568 578 579 623
407 628 629 644 645 646 647 648 649 651 656 657 658 660 661 671
407 672 675 677 678 679 682 695 696 699 740 767 774 788 823 824
407 825 826 827 828 830 831 834 836 839 841 843 849 850 851 855
407 856 857 859 862 869 872 875 876 877 880 884 886 889 894 895
407 896 897 898 899 934 939

Number of exchanges: 126

———————————————————————-

Outdial Site: D/CASJO
300 bps: 311040800110
1200 bps: 311040800111
2400 bps: 311040800021

408 221 223 224 225 226 227 234 235 236 237 238 241 243 244 245
408 246 247 248 249 251 252 253 255 256 257 258 259 262 263 264
408 265 266 267 268 269 270 272 274 275 276 277 279 280 281 282
408 283 284 285 286 287 288 289 291 292 293 294 295 296 297 298
408 299 332 345 353 354 356 358 365 370 371 374 376 377 378 379
408 395 398 399 432 433 434 435 436 437 441 446 447 448 452 453
408 463 473 491 492 496 499 522 524 534 552 553 554 559 562 575
408 578 629 720 721 723 725 727 729 730 732 733 734 735 736 737
408 738 739 741 742 743 744 745 746 747 748 749 752 756 765 773
408 864 865 866 867 879 920 922 923 924 925 926 927 929 942 943
408 945 946 947 954 957 970 971 972 973 974 977 978 980 982 983
408 984 985 986 987 988 989 991 992 993 994 995 996 997 998

Number of exchanges: 179
———————————————————————-

Outdial Site: D/PAPIT
(dial 1+412)
300 bps: 311021500005
1200 bps: 311021500112
2400 bps: 311021500022

412 200 221 227 231 232 234 236 237 241 242 243 244 247 255 256
412 257 261 262 263 264 268 269 271 273 276 279 281 288 298 321
412 322 323 328 331 333 338 341 343 344 351 355 359 361 362 363
412 364 365 366 367 369 371 372 373 374 381 389 391 392 393 394
412 421 422 427 429 431 433 434 441 442 456 461 462 464 466 469
412 471 472 476 481 486 487 488 491 492 497 521 531 551 553 561
412 562 563 565 566 571 572 578 594 621 622 623 624 633 636 642
412 644 645 647 648 653 655 661 664 665 672 673 674 675 678 681
412 682 683 687 692 699 731 734 741 747 749 751 754 761 762 765
412 766 767 771 777 778 781 782 784 787 788 793 795 798 821 822
412 823 824 825 826 828 829 831 833 835 840 854 855 856 858 859
412 881 882 884 885 889 892 921 922 923 928 931 936 937 939 961
412 963 967

Number of exchanges: 182

———————————————————————-

Outdial Site: D/WIMIL
300 bps: 311041400020
1200 bps: 311041400021
2400 bps: 311041400120

414 221 222 223 224 225 226 227 228 229 237 241 242 243 246 251
414 252 253 254 255 256 257 258 259 263 264 265 266 271 272 273
414 274 276 277 278 281 282 283 287 288 289 291 297 298 299 321
414 322 323 327 332 341 342 343 344 345 347 351 352 353 354 355
414 357 358 359 362 365 367 372 374 375 377 382 383 384 385 421
414 422 423 425 427 438 442 444 445 447 449 453 454 461 462 463
414 464 466 471 475 476 481 482 483 486 491 521 523 524 527 529
414 535 536 538 541 542 543 544 545 546 547 548 549 562 575 579
414 581 643 645 647 649 662 663 671 672 678 679 691 744 747 761
414 762 764 765 768 769 771 774 778 781 782 783 784 785 786 789
414 791 792 796 797 798 799 821 835 844 871 873 874 881 896 931
414 933 935 936 937 941 955 961 962 963 964 966

Number of exchanges: 176

———————————————————————-

Outdial Site: D/CAJO
(dial 1+415)
300 bps: 311040800021
1200 bps: 311040800110
2400 bps: 311040800111

415 226 335 336 438 490 498 623 651 656 657 659 683 691 694 770
415 940 941 948 949 960 961 962 964 965 966 967 968 969

Number of exchanges: 28

———————————————————————-

Outdial Site: D/CASFA
300 bps: 311041500215
1200 bps: 311041500216
2400 bps: 311041500217

415 200 202 204 206 207 208 215 219 221 222 223 225 227 231 232
415 233 234 235 236 237 238 239 241 243 244 251 252 253 254 255
415 257 258 259 261 262 263 264 265 266 267 268 269 271 272 273
415 274 279 281 282 285 287 288 289 291 292 296 297 298 301 302
415 307 308 309 310 312 330 331 332 333 334 337 338 339 340 341
415 342 343 344 345 346 347 348 349 351 352 355 357 358 359 362
415 371 374 375 376 377 378 381 383 385 386 387 388 389 391 392
415 393 394 395 396 397 398 399 403 406 407 409 410 412 414 419
415 420 421 425 428 430 431 433 434 435 436 437 441 442 444 445
415 446 448 451 452 453 454 456 457 459 461 464 465 466 467 468
415 469 472 474 476 477 478 479 482 483 485 486 488 491 492 495
415 499 502 504 507 509 512 513 515 517 518 519 520 521 522 523
415 524 525 526 527 528 529 530 531 532 533 534 535 536 539 540
415 541 542 543 544 545 546 547 548 549 550 552 553 554 556 557
415 558 559 561 562 563 564 565 566 567 568 569 570 571 572 573
415 574 575 576 577 578 579 583 584 585 586 587 588 589 596 597
415 601 605 607 608 612 613 614 615 616 618 620 621 622 624 626
415 627 631 632 633 635 636 638 639 641 642 643 644 645 647 648
415 649 652 653 654 655 658 661 664 665 666 667 668 673 677 678
415 681 692 695 696 697 701 703 704 705 708 710 715 716 717 718
415 721 722 724 729 731 737 738 739 741 742 744 748 749 750 751
415 752 753 755 756 758 759 761 762 763 764 765 768 769 771 772
415 773 774 775 776 777 781 788 789 801 804 807 809 810 814 816
415 819 821 822 824 826 832 834 835 836 839 840 841 843 845 848
415 849 860 861 863 864 865 869 871 872 873 874 875 876 877 878
415 882 885 891 893 894 895 896 902 904 905 910 912 913 914 918
415 921 922 923 924 925 927 928 929 931 936 951 952 953 954 955
415 956 957 970 971 972 973 974 978 979 981 982 983 984 985 986
415 987 989 990 991 992 993 994 995 996 997 998 999

Number of exchanges: 432

———————————————————————-

Outdial Site: D/CAOAK
300 bps: 311041500108
1200 bps: 311041500109
2400 bps: 311041500224

415 200 202 204 206 207 208 210 215 219 221 222 223 225 227 231
415 232 233 234 235 236 237 238 239 241 243 244 245 251 252 253
415 254 255 256 261 262 263 264 265 266 267 268 269 271 272 273
415 274 276 278 279 281 282 283 284 285 287 288 289 291 292 293
415 295 296 297 298 301 302 307 308 309 310 317 330 331 332 333
415 334 337 338 339 346 351 352 357 362 374 376 385 386 387 391
415 392 393 394 395 396 397 398 399 403 406 407 409 410 412 414
415 419 420 421 425 428 430 431 433 434 435 436 437 441 442 444
415 445 446 448 451 452 464 465 466 467 468 469 474 476 477 478
415 481 482 483 486 495 502 504 509 512 515 517 518 519 520 521
415 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536
415 537 538 539 540 541 542 543 544 545 546 547 548 549 550 552
415 553 554 556 557 558 559 561 562 563 564 565 566 567 568 569
415 575 576 577 581 582 583 584 585 586 587 588 589 596 597 601
415 605 607 608 612 613 614 615 616 618 620 621 622 624 626 627
415 631 632 633 635 636 638 639 641 642 643 644 645 647 648 649
415 652 653 654 655 658 661 664 665 666 667 668 670 673 677 678
415 681 695 701 703 704 705 708 710 715 716 717 718 722 724 727
415 729 731 732 733 736 737 739 741 742 743 744 746 748 749 750
415 751 752 753 755 756 758 759 761 762 763 764 765 768 769 771
415 772 773 774 775 776 777 781 782 783 784 785 786 788 789 799
415 801 804 807 809 810 814 816 819 820 821 822 824 826 831 832
415 834 835 836 837 838 839 840 841 843 845 848 849 860 861 863
415 864 865 869 871 872 873 874 875 876 877 878 881 882 884 885
415 886 887 888 889 891 893 894 895 896 902 904 905 906 910 912
415 913 914 918 921 922 923 928 929 930 931 932 933 934 935 936
415 937 938 939 942 943 944 945 946 947 951 952 953 954 955 956
415 957 970 971 972 973 974 975 977 978 979 981 982 983 984 985
415 986 987 989 990 991 992 993 994 995 996 997 998 999

Number of exchanges: 433

———————————————————————-

Outdial Site: D/CAPAL
300 bps: 311041500108
1200 bps: 311041500011
2400 bps: 311041500005

415 226 276 278 321 322 323 324 325 326 327 328 329 335 336 340
415 341 342 343 344 345 347 348 349 354 358 361 363 364 365 366
415 367 368 369 371 375 377 378 424 429 438 471 475 481 487 489
415 490 493 494 496 497 498 537 538 570 571 572 573 574 578 579
415 581 582 591 592 593 594 595 598 623 637 651 656 657 659 670
415 683 688 691 694 696 722 723 725 727 732 733 745 770 780 782
415 783 784 785 786 790 791 792 793 794 795 796 797 851 852 853
415 854 855 856 857 858 859 881 884 886 887 888 889 926 940 941
415 948 949 960 961 962 964 965 966 967 968 969

Number of exchanges: 131

———————————————————————-

Outdial Site: D/LANOR
300 bps: None accessable
1200 bps:
2400 bps:

504 241 242 243 244 245 246 253 254 255 257 260 271 277 278 279
504 282 283 286 288 340 341 347 348 349 361 362 363 364 366 367
504 368 391 392 393 394 398 431 436 441 443 450 451 454 455 456
504 461 462 464 465 466 467 468 469 482 483 484 486 488 521 522
504 523 524 525 527 528 529 552 561 565 566 568 569 581 582 583
504 584 585 586 587 588 589 592 593 595 596 597 656 662 671 676
504 682 684 689 731 733 734 736 737 738 739 762 821 822 824 826
504 827 830 831 832 833 834 835 836 837 838 861 862 865 866 883
504 884 885 887 888 889 891 895 896 897 899 941 942 943 944 945
504 947 948 949 976

Number of exchanges: 139

———————————————————————-

Outdial Site: D/CASFA
(dial 1+510)
300 bps: 311041500215
1200 bps: 311041500216
2400 bps: 311041500217

510 200 204 208 215 222 223 231 232 233 234 235 236 237 251 253
510 254 261 262 263 264 265 268 269 271 272 273 279 287 297 298
510 302 308 309 339 351 352 357 374 376 385 420 425 428 430 436
510 437 444 446 448 451 452 464 465 466 482 483 486 509 518 519
510 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535
510 536 539 540 547 548 549 559 562 568 569 577 596 601 608 613
510 614 618 620 631 632 633 635 636 638 639 642 643 644 645 649
510 652 653 654 655 658 667 678 704 710 716 717 718 722 724 729
510 741 748 758 762 763 769 801 810 814 819 832 834 835 836 839
510 840 841 843 845 848 849 860 865 869 874 891 893 895 910 970
510 971 987 990 999

Number of exchanges: 154

____________________________________________________________________

Outdial Site: D/CAOAK
(dial 1+510)
300 bps: 311041500108
1200 bps: 311041500109
2400 bps: 311041500224

510 200 204 208 215 222 223 231 232 233 234 235 236 237 245 251
510 253 254 256 261 262 263 264 265 268 269 271 272 273 276 278
510 279 283 284 287 293 295 297 298 302 308 309 317 339 351 352
510 357 374 376 385 420 425 428 430 436 437 444 446 448 451 452
510 464 465 466 481 482 483 486 509 518 519 521 522 523 524 525
510 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540
510 547 548 549 559 562 568 569 577 581 582 596 601 608 613 614
510 618 620 631 632 633 635 636 638 639 642 643 644 645 649 652
510 653 654 655 658 667 670 678 704 710 716 717 718 724 727 729
510 732 733 736 741 743 746 748 758 762 763 769 782 783 784 785
510 786 799 801 810 814 819 820 831 832 834 835 836 837 838 839
510 840 841 843 845 848 849 860 865 869 874 881 884 886 887 888
510 889 891 893 895 910 930 932 933 934 935 937 938 939 942 943
510 944 945 946 947 970 971 975 977 987 990 999

Number of exchanges: 206

———————————————————————-

Outdial Site: D/NYHEM
(dial 1+516)
300 bps: 311021200315
1200 bps: 311021200412
2400 bps: 311021200413
other : 311021200028

516 220 221 222 223 227 228 229 235 236 237 238 239 248 249 252
516 255 264 270 285 292 293 294 295 296 299 326 328 333 334 335
516 336 338 346 349 352 354 355 357 358 364 365 367 371 374 378
516 379 383 384 391 394 420 431 432 433 437 454 463 466 481 482
516 483 484 485 486 487 488 489 496 520 521 522 526 531 535 536
516 538 541 542 546 559 560 561 562 564 565 566 568 569 573 574
516 575 576 577 579 593 596 598 599 621 623 624 625 626 627 628
516 629 644 647 656 658 659 663 671 674 676 677 678 679 681 682
516 683 684 686 691 692 694 731 733 735 739 741 742 745 746 747
516 752 753 755 756 759 763 764 766 767 773 775 777 781 783 785
516 789 791 794 795 796 797 798 799 822 823 824 825 826 829 832
516 833 842 844 845 847 867 868 869 872 873 876 877 883 887 889
516 890 897 921 922 925 926 931 932 933 934 935 937 938 939 942
516 943 944 949 997

Number of exchanges: 199

———————————————————————-

Outdial Site: D/NYNYO
(dial 1+516)
300 bps: 311021200315
1200 bps: 311021200316
2400 bps: 311021200412
other : 311021200028

516 221 222 223 227 228 229 235 236 237 238 239 248 249 252 255
516 264 270 285 292 293 294 295 296 299 326 328 333 334 336 338
516 346 349 352 354 357 358 364 365 367 371 374 378 379 391 420
516 431 432 433 437 454 463 466 481 482 483 484 485 486 487 488
516 489 496 520 521 526 531 535 536 538 541 542 546 559 560 561
516 562 564 565 566 568 569 574 575 576 577 579 593 596 598 599
516 621 623 624 625 626 627 628 629 644 647 656 658 663 671 674
516 676 677 678 679 681 682 683 684 686 691 692 694 731 733 735
516 739 741 742 745 746 747 752 753 755 756 759 763 764 766 767
516 773 775 781 783 785 789 791 794 795 796 797 798 799 822 823
516 824 825 826 829 832 842 844 845 847 867 868 869 872 873 876
516 877 883 887 889 890 897 921 922 926 931 932 933 934 935 937
516 938 939 942 943 944 949 997

Number of exchanges: 187

———————————————————————-

Outdial Site: D/TNMEM
(dial 1+601)
300 bps: 3110
1200 bps: 3110
2400 bps: 3110

601 342 349 393 781 851

Number of exchanges: 5

———————————————————————-

Outdial Site: D/AZPHO
300 bps: 311060200022
1200 bps: 311060200023
2400 bps: 311060200026

602 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
602 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249
602 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264
602 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279
602 280 285 320 331 336 340 345 350 351 352 370 371 375 376 377
602 379 381 382 389 390 391 392 393 395 396 397 412 420 423 431
602 433 434 435 436 437 438 439 440 441 443 450 451 460 461 464
602 468 470 481 482 483 484 486 490 491 493 494 495 496 497 498
602 528 530 531 534 540 542 543 545 547 548 549 551 553 554 563
602 585 588 589 596 597 598 630 631 640 641 644 649 650 661 678
602 681 693 730 731 732 752 756 759 784 786 788 789 820 821 827
602 829 830 831 832 833 834 835 838 839 840 841 842 843 844 846
602 848 849 852 853 856 860 861 862 863 864 866 867 869 870 872
602 873 876 877 878 879 890 891 892 893 894 895 897 898 899 921
602 924 925 926 929 930 931 932 933 934 935 936 937 938 939 940
602 941 942 943 944 945 946 947 948 949 951 952 953 954 955 956
602 957 961 962 963 964 965 966 967 968 969 970 971 972 973 974
602 975 977 978 979 980 981 985 986 990 991 992 993 994 995 996
602 997 998

Number of exchanges: 272

602 566 583 584 546 492 561 581 582 780 569 586 471 837 373 380
602 983 982 984 986 983 671 987 988

Number of exchanges: 22
(These exchanges require 1+602 XXX-XXXX dialing)

———————————————————————-

Outdial Site: D/MNMIN
300 bps: 311061200120
1200 bps: 311061200121
2400 bps: 311061200022

612 220 221 222 223 224 227 228 229 290 291 292 293 296 297 298
612 323 330 331 332 333 334 335 336 337 338 339 340 341 342 343
612 344 347 348 349 368 370 371 372 373 374 375 376 377 378 379
612 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434
612 435 436 437 438 439 440 441 443 444 445 446 447 448 449 450
612 451 452 454 455 456 457 458 459 460 461 462 463 464 469 470
612 471 472 473 474 475 476 477 478 479 481 482 483 484 487 488
612 489 490 491 492 493 494 496 497 498 499 520 521 522 526 527
612 529 533 534 535 536 537 538 540 541 542 544 545 546 552 553
612 557 559 560 561 566 569 571 572 574 588 591 593 620 621 622
612 623 624 625 626 627 631 633 635 636 638 639 640 641 642 643
612 644 645 646 647 648 649 653 663 667 673 681 683 687 688 690
612 696 698 699 720 721 722 723 724 725 726 727 728 729 730 731
612 733 735 736 737 738 739 741 750 753 754 755 757 770 771 772
612 774 776 777 778 779 780 781 782 784 785 786 788 789 822 823
612 824 825 827 828 829 830 831 832 835 851 853 854 858 861 863
612 865 866 867 868 869 870 871 872 874 879 881 884 885 887 888
612 890 891 892 893 894 895 896 897 920 921 922 924 925 926 927
612 929 931 932 933 934 935 936 937 938 939 941 942 944 949 976
612 977 989

Number of exchanges: 287

———————————————————————-

Outdial Site: D/MABOS
300 bps: 311061700311
1200 bps: 311061700313
2400 bps: 311061700026

617 200 223 224 225 226 227 230 231 232 233 234 235 236 237 239
617 241 242 243 244 245 246 247 248 252 253 254 257 258 261 262
617 263 264 265 266 267 268 269 271 274 275 276 277 278 279 280
617 282 284 285 286 287 288 289 290 292 296 298 320 321 322 323
617 324 325 326 327 328 329 330 331 332 333 335 337 338 340 343
617 345 348 349 350 353 354 357 361 362 364 367 375 377 380 381
617 382 387 389 391 393 394 395 396 397 421 423 424 426 427 428
617 429 431 432 434 436 437 438 439 442 444 445 446 449 450 451
617 455 456 457 461 463 464 466 469 471 472 473 479 482 483 484
617 486 487 488 489 491 492 493 494 495 496 497 498 499 522 523
617 524 527 532 534 536 538 539 541 542 546 547 552 553 556 558
617 560 561 562 565 566 567 568 569 570 571 572 573 574 576 577
617 578 579 581 586 589 592 593 594 595 596 598 599 621 622 623
617 625 628 629 630 633 635 637 638 641 642 643 646 647 648 654
617 661 662 665 666 669 674 680 684 693 694 695 696 698 720 721
617 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736
617 737 738 739 740 742 743 748 749 756 770 773 774 776 781 782
617 783 786 787 789 825 841 842 843 845 846 847 848 849 855 859
617 860 861 862 863 864 868 873 876 884 887 889 890 891 893 894
617 895 899 923 924 925 926 929 930 931 932 933 935 936 937 938
617 942 944 945 951 954 955 956 958 962 964 965 966 969 972 973
617 974 979 981 983 984 985

Number of exchanges: 321
———————————————————————-

Outdial Site: D/OHCOL
(dial 1+614)
300 bps: 311021600020
1200 bps: 310021600021
2400 bps: 311021600120

614 221 222 223 224 225 227 228 229 231 235 236 237 238 239 243
614 248 249 251 252 253 258 261 262 263 265 267 268 271 272 274
614 275 276 278 279 281 288 291 292 293 294 296 297 299 325 329
614 337 338 341 351 361 365 371 395 421 424 431 433 436 438 442
614 443 444 445 447 451 457 459 460 461 462 463 464 466 469 471
614 475 476 478 479 481 486 487 488 491 492 497 523 538 548 575
614 621 644 645 752 755 756 759 761 764 766 771 777 785 786 791
614 792 793 794 821 833 836 837 841 842 846 847 848 851 852 855
614 860 861 863 864 866 868 870 871 875 876 877 878 879 881 882
614 885 888 889 890 891 895 898 899 927 964 965

Number of exchanges: 146

———————————————————————-

Outdial Site: D/MOSLO
(dial 1+618)
300 bps: 311031400020
1200 bps: 311031400021
2400 bps: 311031400005

618 271 274 337 451 452 482 583 797

Number of exchanges: 8

———————————————————————-

Outdial Site: D/CASDI
300 bps: 3110
1200 bps: 3110
2400 bps: 3110

619 221 222 223 224 225 226 229 230 231 232 233 234 235 236 237
619 238 239 258 260 262 263 264 265 266 267 268 270 271 272 273
619 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288
619 289 290 291 292 293 294 295 296 297 298 299 336 338 390 401
619 404 406 408 412 413 416 417 419 420 421 422 423 424 425 426
619 427 428 429 435 437 440 441 442 443 444 447 448 449 450 451
619 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466
619 469 470 472 474 475 476 477 479 482 483 484 485 487 488 490
619 491 492 493 494 495 496 497 502 505 506 508 514 518 522 524
619 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539
619 540 541 542 543 544 545 546 547 548 549 551 552 553 554 556
619 557 558 559 560 561 562 563 565 566 569 570 571 573 574 575
619 576 578 579 580 581 582 583 584 585 586 587 588 589 592 594
619 604 660 661 662 668 669 670 672 673 690 691 692 693 694 695
619 696 697 698 699 701 702 717 980 981 987 990 991

Number of exchanges: 222

———————————————————————-

Outdial Site: D/DCWAS
(dial 1+703)
300 bps: 311020200115
1200 bps: 311020200116
2400 bps: 311020200117

703 204 207 214 218 222 235 237 239 241 242 243 246 247 250 255
703 256 260 263 264 266 271 273 274 276 278 280 281 284 285 321
703 323 325 329 339 351 352 354 355 356 358 359 360 370 378 379
703 385 391 406 407 415 418 425 430 435 437 438 440 442 444 448
703 450 451 455 461 471 476 478 481 482 486 487 503 506 516 517
703 519 521 522 524 525 527 528 532 533 534 536 538 548 549 550
703 551 553 556 557 558 560 569 573 578 591 602 603 620 631 641
703 642 643 644 648 658 660 661 664 671 683 684 685 689 690 691
703 698 706 709 712 715 719 733 734 739 742 746 749 750 751 756
703 758 759 760 761 764 765 768 769 780 781 787 790 795 799 802
703 803 815 817 818 820 821 823 824 826 827 830 834 836 838 841
703 845 846 847 848 849 850 860 866 874 875 876 883 892 893 904
703 912 914 920 922 931 934 938 941 960 968 971 974 978 979 998

Number of exchanges: 195

———————————————————————–

Outdial Site: D/ILCHI

Remember: the exchanges listed below are duplicated in the
312 list! Also, you MUST dial 1708-xxx-yyyy to reach numbers
in the 708 (and 815) area code.

300 bps: 311031200410
1200 bps: 311031200411
2400 bps: 311031200024

708 200 201 203 205 206 208 209 210 213 215 216 218 223 228 231
708 232 234 240 244 246 249 250 251 253 255 256 257 258 259 260
708 272 279 289 290 291 293 295 296 297 298 299 301 303 304 307
708 310 314 315 316 317 318 319 323 325 328 330 331 333 335 336
708 339 343 344 345 349 350 351 352 354 355 357 358 359 360 361
708 362 364 366 367 369 371 377 381 382 383 385 386 387 388 389
708 390 391 392 393 394 396 397 398 401 402 403 405 406 409 412
708 416 418 420 422 423 424 425 426 428 429 430 432 433 437 438
708 439 441 442 446 447 448 449 450 451 452 453 455 456 457 458
708 459 460 462 469 470 473 474 475 479 480 481 482 484 485 490
708 491 492 495 496 498 499 501 502 503 504 505 506 510 512 513
708 515 516 517 518 519 520 524 526 529 530 531 532 534 535 537
708 540 541 543 544 547 550 551 560 562 563 564 566 570 571 572
708 573 574 575 576 577 578 579 584 590 593 594 595 596 597 598
708 599 603 605 607 608 612 613 614 615 617 618 619 620 623 627
708 628 629 632 634 635 636 639 640 647 652 653 654 655 656 657
708 658 659 662 665 668 671 672 673 674 675 676 677 678 679 680
708 681 682 687 688 689 690 691 692 695 696 697 698 699 705 706
708 709 713 714 717 719 720 724 729 730 739 741 742 746 747 748
708 749 754 755 756 757 758 759 766 771 773 780 788 789 790 795
708 798 799 801 803 806 810 816 817 818 820 823 824 825 827 830
708 831 832 833 834 835 837 839 840 841 843 844 848 849 850 851
708 852 857 858 859 860 862 863 864 865 866 867 868 869 870 872
708 877 879 882 884 885 887 888 891 892 893 894 895 896 897 898
708 904 905 910 913 914 916 919 920 926 931 932 934 937 940 941
708 945 946 948 949 952 953 954 956 957 960 961 963 964 965 966
708 967 968 969 971 972 974 979 980 981 982 983 985 986 990 991
708 998

Number of exchanges: 406

———————————————————————-

Outdial Site: D/TXHOU
300 bps: 311071300113
1200 bps: 311071300114
2400 bps: 311071300024

713 200 220 221 222 223 224 225 226 227 228 229 230 233 235 236
713 237 238 240 241 242 244 246 247 252 253 254 261 263 264 265
713 266 267 268 269 270 271 272 274 277 278 280 282 283 284 285
713 286 287 289 293 295 320 324 326 328 331 332 333 334 335 336
713 337 338 339 341 342 343 346 347 350 351 353 354 355 356 358
713 359 360 363 364 367 370 371 373 374 376 377 378 383 388 390
713 391 392 393 394 395 420 421 422 424 425 426 427 428 431 432
713 433 434 436 437 438 439 440 441 442 443 444 445 446 447 448
713 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463
713 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478
713 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493
713 494 495 496 497 498 499 520 521 522 523 524 525 526 527 528
713 529 530 531 535 536 537 540 541 542 546 547 548 549 550 551
713 552 556 558 561 563 565 568 571 575 577 578 579 580 583 584
713 586 587 588 589 590 591 596 599 620 621 622 623 626 627 629
713 630 631 633 635 636 639 640 641 643 644 645 649 650 651 652
713 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667
713 668 669 670 671 672 673 674 675 676 678 679 680 681 682 683
713 684 685 686 688 690 691 692 694 695 696 697 699 720 721 723
713 726 728 729 731 732 733 734 738 739 741 744 746 747 748 749
713 750 751 752 753 754 757 758 759 761 762 763 764 765 768 769
713 771 772 774 775 776 777 778 779 780 781 782 783 784 785 786
713 787 788 789 790 791 792 793 794 795 796 797 798 799 820 821
713 822 823 824 825 826 827 828 829 831 833 834 835 836 840 841
713 842 844 845 846 847 850 852 853 854 855 856 857 858 859 861
713 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876
713 877 878 879 880 882 883 884 886 888 890 891 892 893 894 895
713 896 897 898 899 920 921 922 923 924 926 928 929 930 931 932
713 933 935 937 938 939 940 941 943 944 946 947 948 951 952 953
713 954 955 956 957 960 961 963 964 965 966 967 968 969 971 972
713 973 974 975 977 978 980 981 983 984 985 986 987 988 989 991
713 992 993 995 996 997 998 999

Number of exchanges: 472

———————————————————————-

Outdial Site: D/CACOL
300 bps: 311071400119
1200 bps: 311071400121
2400 bps: 311071400102

714 275 276 335 350 351 352 353 354 355 356 357 358 359 360 369
714 370 381 382 383 384 386 387 422 431 602 681 682 683 684 685
714 686 687 688 689 749 780 781 782 783 784 785 787 788 789 790
714 791 792 793 794 795 796 797 798 799 820 822 823 824 825 829
714 872 873 874 875 876 877 880 881 882 883 884 885 886 887 888
714 889

number of exchanges : 76

———————————————————————-

Outdial Site: D/CASAN
300 bps: 311071400023
1200 bps: 311071400024
2400 bps: 311071400021

714 220 228 229 236 239 241 250 251 253 255 256 258 259 261 262
714 265 282 283 285 289 321 322 323 324 325 326 327 328 329 332
714 367 372 373 374 380 385 414 415 418 432 433 441 447 449 455
714 458 472 474 475 476 490 491 494 497 499 502 503 509 513 515
714 516 517 519 520 521 522 523 524 525 526 527 528 529 530 531
714 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546
714 547 548 549 550 551 552 553 554 556 557 558 559 565 566 567
714 568 569 572 579 581 582 583 586 587 588 589 630 631 632 633
714 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648
714 649 650 651 660 662 663 664 665 666 667 668 669 670 671 673
714 675 680 691 692 693 707 708 712 720 721 722 723 724 725 726
714 727 729 730 731 732 733 738 739 740 741 742 743 744 745 746
714 747 748 750 751 752 754 755 756 757 758 759 760 761 762 764
714 768 770 771 772 773 774 775 776 777 778 779 786 821 826 827
714 828 830 831 832 833 834 835 836 837 838 839 840 841 842 843
714 846 847 848 850 851 852 854 855 856 857 858 859 863 870 871
714 879 890 891 892 893 894 895 896 897 898 921 937 938 939 951
714 952 953 954 955 956 957 960 961 962 963 964 965 966 968 969
714 970 971 972 973 974 975 977 978 979 990 991 992 993 994 995
714 996 997 998 999

Number of exchanges: 289

———————————————————————-

Outdial Site: D/NYNYO
(dial 1+718)
300 bps: 311021200315
1200 bps: 311021200316
2400 bps: 311021200412
other : 311021200028

718 200 204 209 217 221 224 225 229 230 232 233 234 235 236 237
718 238 240 241 244 247 248 251 252 253 256 257 258 259 260 261
718 262 263 265 266 267 268 270 271 272 273 274 275 276 277 278
718 279 282 284 287 291 296 297 317 318 321 322 326 327 330 331
718 332 335 336 337 338 339 341 342 343 345 346 347 349 351 352
718 353 354 356 357 358 359 360 361 363 366 370 372 373 375 376
718 377 380 381 383 384 385 386 387 388 389 390 392 395 397 398
718 403 417 421 423 424 426 428 429 434 435 436 438 439 441 442
718 443 444 445 446 447 448 449 451 452 453 454 455 456 457 458
718 459 461 462 463 464 465 467 468 469 470 471 474 476 478 479
718 480 481 482 485 486 489 492 493 494 495 497 498 499 507 520
718 522 523 525 526 527 528 529 531 533 539 541 544 545 552 557
718 565 571 574 575 591 592 596 599 604 615 622 624 625 626 627
718 628 629 630 631 632 633 634 636 638 639 641 642 643 644 645
718 646 647 648 649 651 656 657 658 659 667 670 672 680 692 693
718 694 698 699 706 712 720 721 723 726 727 728 729 735 738 739
718 740 743 745 746 748 754 755 756 760 761 762 763 764 767 768
718 769 771 773 774 776 778 779 780 782 783 784 786 788 789 793
718 797 802 803 805 816 821 826 827 830 831 832 833 834 835 836
718 837 843 845 846 847 848 849 851 852 853 854 855 856 857 858
718 859 868 871 875 876 883 886 891 894 895 896 897 898 899 917
718 919 921 922 927 932 934 935 937 938 939 941 942 945 946 948
718 949 951 953 955 956 961 962 963 965 966 967 968 969 972 977
718 978 979 981 983 984 987 990 995 996 997 998 999

Number of exchanges: 357

———————————————————————-

Outdial Site: D/UTSLC
300 bps: 311080100020
1200 bps: 311080100021
2400 bps: 311080100012

801 220 237 240 250 251 252 254 255 261 262 263 264 265 266 268
801 269 272 273 277 278 287 292 295 298 299 321 322 328 350 355
801 359 363 364 366 451 460 461 466 467 468 480 481 482 483 484
801 485 486 487 488 521 522 524 526 530 531 532 533 534 535 536
801 537 538 539 543 544 546 547 549 561 562 565 566 569 570 571
801 572 573 575 576 578 579 580 581 582 583 584 585 588 594 595
801 596 633 799 933 942 943 944 947 964 965 966 967 968 969 972
801 973 974 975 977

Number of exchanges: 109

———————————————————————-

Outdial Site: D/FLTAM
300 bps: 311081300020
1200 bps: 311081300021
2400 bps: 311081300124

813 221 222 223 224 225 226 227 228 229 231 232 234 236 237 238
813 239 240 241 242 247 248 251 253 254 258 259 264 265 272 273
813 276 281 286 287 289 620 621 622 623 626 628 633 634 641 645
813 653 654 661 662 664 671 677 681 684 685 689 690 830 831 832
813 835 837 839 840 854 855 870 871 872 873 874 875 876 877 878
813 879 880 881 882 883 884 885 886 887 888 889 920 931 932 933
813 935 948 949 960 961 962 963 968 969 971 972 973 974 977 978
813 979 980 985 986 987 988 989 990 996

Number of exchanges: 114

———————————————————————-

Outdial Site: D/ILCHI
(dial 1+815)
300 bps: 311031200410
1200 bps: 311031200411
2400 bps: 311031200024

815 254 372 423 424 436 439 469 474 478 485 722 723 725 726 727
815 729 740 741 744 773 774 834 838 886

Number of exchanges: 24

———————————————————————-

Outdial Site: D/MOKCI
300 bps: 311081600104
1200 bps: 311081600221
2400 bps: 311081600113

816 221 223 224 225 228 229 231 234 241 242 243 245 246 247 251
816 252 254 257 274 275 276 283 292 322 331 333 346 348 353 356
816 358 361 363 373 374 391 395 421 426 435 436 444 452 453 454
816 455 459 461 464 466 468 471 472 474 478 483 497 521 523 524
816 525 531 532 537 556 561 572 576 578 587 589 591 654 698 734
816 737 741 743 751 753 756 757 759 761 763 765 767 781 792 795
816 796 821 822 833 836 842 844 854 861 871 881 891 921 922 923
816 924 926 931 932 941 942 943 966 968 995 997

Number of exchanges: 116

———————————————————————-

Outdial Site: D/TXDAL
300 bps: 311021400117
1200 bps: 311021400118
2400 bps: 311021400022

817 261 265 267 268 273 329 355 356 366 379 421 424 425 429 430
817 432 449 450 461 467 469 475 477 481 498 530 540 543 572 577
817 588 589 640 654 667 671 679 695 784 792 832 856 884 890 922
817 925 929 930 961 962 963 967

Number of exchanges: 52

———————————————————————-
Outdial Site : D/CAGLE
300 bps: none listed
1200 bps: 311021300412
2400 bps: 311021300413

818 200 240 241 242 243 244 246 247 248 249 301 303 304 350 351
818 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366
818 367 368 370 371 372 373 374 375 376 377 378 379 381 382 393
818 397 398 399 400 401 402 403 404 405 406 409 440 441 442 443
818 444 445 446 447 448 449 450 459 500 501 502 503 504 505 506
818 507 508 509 528 542 545 546 547 548 560 564 565 566 567 568
818 569 574 575 577 578 579 580 584 753 754 760 761 762 763 764
818 765 766 767 768 769 777 780 781 782 783 784 785 786 787 788
818 789 790 791 792 793 794 795 796 797 798 799 818 821 831 840
818 841 842 843 845 846 847 848 890 891 892 893 894 895 896 897
818 898 899 901 902 903 904 905 906 907 908 909 951 952 953 954
818 955 956 957 972 980 981 982 983 984 985 986 987 988 989 990
818 994 995 997

Number of exchanges: 183

———————————————————————-
Outdial Site : D/CALAN
300 bps: none listed
1200 bps: 311021300412
2400 bps: 311021300413

818 200 240 241 242 243 244 246 247 280 281 282 284 285 286 287
818 288 289 300 301 302 303 307 308 309 350 357 358 359 401 402
818 409 442 443 444 445 446 447 448 450 451 457 458 459 500 502
818 507 529 545 546 547 548 570 571 572 573 574 575 576 579 580
818 805 821 956

Number of exchanges: 63

———————————————————————-

Outdial Site: D/TNMEM
300 bps: none accessable

901 227 272 274 276 278 320 323 324 325 327 332 344 345 346 348
901 353 357 358 360 362 363 365 366 367 368 369 371 372 373 375
901 377 382 385 386 387 388 395 396 397 398 452 454 458 465 475
901 476 483 484 485 486 521 522 523 524 525 526 527 528 529 531
901 532 533 535 543 544 572 575 576 577 578 579 597 654 678 681
901 682 683 684 685 721 722 725 726 728 729 743 744 745 747 748
901 752 753 754 755 756 757 758 761 762 763 765 766 767 774 775
901 785 789 794 795 797 829 853 854 867 872 873 876 877 922 942
901 946 947 948 976

Number of exchanges: 124

———————————————————————-

Outdial Site: D/MOKCI
(dial 1+913)
300 bps: 311021200315
1200 bps: 311021200316
2400 bps: 311021200412
other : 311021200028

913 236 262 268 281 287 299 321 334 339 341 342 345 362 371 375
913 381 383 384 422 432 441 451 469 491 492 541 551 573 574 576
913 588 596 599 621 631 642 648 649 661 676 677 681 721 722 724
913 764 780 782 787 788 791 829 831 888 894 897 962 967

Number of exchanges: 58

———————————————————————-

Outdial Site: D/CASAC
300 bps: 311091600011
1200 bps: 311091600012
2400 bps: 311091600007

916 227 228 255 262 263 264 277 278 321 322 323 324 325 326 327
916 328 329 331 332 334 338 339 344 348 349 351 353 355 360 361
916 362 363 364 366 368 369 371 372 373 374 381 382 383 386 387
916 388 391 392 393 394 395 399 421 422 423 424 425 427 428 429
916 433 440 441 442 443 444 445 446 447 448 449 451 452 453 454
916 455 456 457 464 481 482 483 484 485 486 487 488 489 531 535
916 537 539 551 552 553 557 566 567 568 593 631 635 636 638 641
916 643 646 648 649 653 654 657 665 682 683 684 685 686 687 688
916 689 731 732 733 734 736 737 739 747 761 762 763 764 765 766
916 767 768 769 852 854 855 863 867 920 921 922 923 924 925 927
916 928 929 933 939 942 944 951 952 955 956 957 961 962 965 966
916 967 969 971 972 973 974 978 983 985 987 988 989 991 992

Number of exchanges: 179

(Exchanges listed below require the 1+ phone number dialing)

916 721 722 723 725 726 727 728 729 745 785 752 753 754 756 757
916 758

Number of exchanges: 16

———————————————————————-

Outdial Site: D/NCRTP
300 bps: 311091900020
1200 bps: 311091900021
2400 bps: 311091900124

919 248 254 266 269 280 286 361 362 365 382 383 387 460 467 469
919 470 471 477 479 481 489 490 493 528 530 541 543 544 546 549
919 560 575 596 598 620 660 662 664 677 681 682 683 684 687 688
919 733 737 740 755 772 779 781 782 783 787 790 821 828 829 831
919 832 833 834 836 839 840 846 847 848 850 851 856 859 860 870
919 872 876 878 880 881 890 899 929 932 933 941 942 956 962 966
919 967 968 976 990 991 992

Number of exchanges: 96

———————————————————————-

Outdial Site: D/NJNBR
(dial 1+908)
300 bps: 311020100001
1200 bps: 311020100301
2400 bps: 311020100022

908 202 205 214 218 220 225 231 238 246 247 248 249 251 254 257
908 271 274 283 287 297 302 306 321 324 329 356 360 390 406 407
908 412 417 418 422 424 442 457 463 469 494 510 519 524 525 526
908 545 548 549 560 561 562 563 572 602 603 607 613 632 634 636
908 658 668 679 685 699 704 707 715 721 722 723 725 727 738 745
908 750 752 753 754 755 756 757 769 805 819 821 826 828 844 846
908 855 873 878 880 883 885 906 932 937 954 968 980 981 985

Number of exchanges: 104
———————————————————————-

Outdial Site: D/NJNEW
300 bps: 311020100001
1200 bps: 311020100301
2400 bps: 311020100022

908 200 232 233 241 245 272 273 276 277 289 298 317 322 351 352
908 353 354 355 381 382 388 396 419 464 474 486 499 522 527 541
908 558 574 582 594 602 634 636 654 665 686 687 688 709 737 750
908 760 771 789 815 820 851 855 862 889 913 925 931 964 965 969

Number of exchanges: 60

———————————————————————-

Outdial Site: D/NYNYO
300 bps: 311021200315
1200 bps: 311021200316
2400 bps: 311021200412
other : 311021200028

914 235 237 251 253 270 282 285 286 287 288 289 321 328 332 333
914 335 337 345 347 375 376 378 381 390 391 395 397 422 423 428
914 472 476 478 523 524 576 591 592 631 632 633 636 641 642 644
914 654 662 664 665 667 668 674 681 682 683 684 686 693 694 696
914 697 698 699 721 723 725 738 761 768 771 776 779 784 789 792
914 793 833 834 835 899 921 925 933 934 935 937 939 946 948 949
914 961 963 964 965 967 968 969 993 997

Number of exchanges: 99

———————————————————————-

<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>
<*> <*>
<*> <*>
<*> THIS HAS BEEN A MODERNZ PRESENTATION <*>
<*> <*>
<*> SEE YOU ALL AT MATRIX BBS (908)905-6691 <*>
<*> <*>
<*> NON-PURSUITABLE WIHTOUT A GLOBAL <*>
<*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*><*>

How to Use Telenet’s PC Pursuit Service by Z-Man

(> |_
|_ _|
_| How to Use Telenet’s PC Pursuit Service |_
|_ _
(>View: pc pursuit phreakin/f/overlord

_ _ _ _ _ _ _ _ _ _ _ _ _
_| |_| |_| |_| |_| |_| |_| |_| |_| |_| |_| |_| |_| |_
|_ _|
_| How to Use Telenet’s PC Pursuit Service |_
|_ _|
_| Typed by: Z-Man |_
|_ _ _ _ _ _ _ _ _ _ _ _ _ _|
|_| |_| |_| |_| |_| |_| |_| |_| |_| |_| |_| |_| |_|

This text file was released to aid phreaks that may get a PC Pursuit
password. To use PC Pursuit, you need a modem that operates at 300 or 1200 bps
and a terminal or PC with an asynchronous communications software package. At
this time, PC Pursuit does not support speeds above 1200.
I will tell you the various PC Pursuitable cities, how to dial systems with
PC Pursuit in normal mode and Racial Vadiac mode.
Before I begin, there are a few things you should know. (sp) will
represent you typing a space. (cr) will represent a carriage return that must
be issued. And anything in quotes is something you type in. Anything else will
be something the host issues.

PC PURSUIT CITIES

Once connected to the service, you can connect to any communicating PC or
host computer accessible with a local phone call in these PC Pursuit cities
within these area codes. Use the PC Pursuit access code during sign-on, “/3”
for 300 bps and “/12” for 1200 bps. An example: Calling Atlanta with 1200 bps,
you would type “DIAL404/12,XXXXXXXX”. XXXXXXXX is the User ID. It is usually 8
digits. Dialing at 300 bps, you would type, “DIAL404/3,XXXXXXXX”.

PC Pursuit Area
City Code

Atlanta 404
Boston 617
Chicago 312
Cleveland 216
Dallas 214
Denver 303
Detroit 313
Glendale 818
Houston 713
Los Angeles 213
Miami 305
Milwaukee 414
Minneapolis 612
Newark 201
New York 212
Philadelphia 215
Phoenix 602
Portland 503
Research Triangle Park 919
Salt Lake City 801
San Francisco 415
San Jose 408
Seattle 206
Tampa 813
Washington, DC 202

HOW TO SIGN ON

Dial the appropriate access telephone number of your Telenet Access Center.
Then:

Network Shows | You Type | Explanation
__________________|____________________________|____________________________
| (cr) (cr) |
__________________|____________________________|____________________________
TELENET | | Telenet network hearld and
XXX XXX | | your network address.
__________________|____________________________|____________________________
TERMINAL= | “D1” (cr) | Enter “D1” or press (cr)
__________________|____________________________|____________________________
@ | For 300 bps: | CONNECT command. To access
| “C(sp)DIALXXX/3,XXXX(cr)” | a PC Pursuit city type a PC
| | Pursuit access code and
| For 1200 bps: | your user ID.
| “C(sp)DIALXXX/12,XXXX(cr)” |
__________________|____________________________|____________________________
PASSWORD= | “XXXXXX” (cr) | Type the password
__________________|____________________________|____________________________
DIALXXX/X | “ATZ” (cr) | You are now connected to the
CONNECTED | | PCP city. Type ATZ (upper).
__________________|____________________________|___________________________
OK | “ATDTXXXXXXX” (cr) | Dials a number in PCP city
__________________|____________________________|___________________________
CONNECT | | Your are now connected to
| | your destination computer.
__________________|____________________________|___________________________

If the number you just dialed in the city you just dialed is busy, to dial a
different number in that same city: You will see BUSY, type “ATZ”, you will see
OK, then type, “ATDTXXXXXXX” (cr) to dial the next number in that same city.

To connect to a different PC Pursuit City, when you see the BUSY, type “@” (cr).
When you see a @, type “D” (cr). This disconnects you from the previous city.
You then follow the above procedures to dial another city.

USING RACIAL VADIAC MODE

To use this mode, which I consider is the best because it tells you that it
is dialing or whether or not the phone is ringing or actually busy.
Follow the procedure above to connect to a city. After you have connected
to that city, type “ATZ” (cr) then type “Ctrl-E” (cr). You will see:

HELLO! I’M READY
:

At the :, type “DXXXXXXX” (cr) to dial the number. It will say DIALING…, if
the number you have dialed is ringing, you will see RINGING… every time it
rings. If it is busy, after about 20 seconds, you will see BUSY then the :
prompt.

If you connect to a computer in this mode and you wish to hang up, just
type “Ctrl-C” then “Ctrl-D” (cr) and you will see DISCONNECT. Type “Ctrl-E” to
get back into the racial vadiac mode. Note: sometimes pressing Ctrl-E or
Ctrl-C then Ctrl-D dosen’t always work the first time. Just wait a few seconds
then try it again. It should then work.. don’t forget to press return after
these control sequences!
To exit Racial Vadiac mode and disconnect from the current city then dial
another city, do the following:

At the : prompt, type “I” (cr) then “@” (cr) then “D” (cr). This will
disconnect you from the current city and allow you to dial another.

HOW TO SIGN OFF

Type “HANGUP” (cr). Or, do what I do, just hang up.

I think I have covered all of the steps of using PC Pursuit. If I have
left anything out, you can reach me on the boards that follow. While I was
typing this, I just remembered you have to dial a Telenet exchange nearest you.
If I have time, I will type in the long list of Telenet access numbers. But for
now, if you need to know one, either contact me, or find someone that has the
Telenet pamphlet called “U.S. ACCESS TELEPHONE NUMBERS” and ask them for the
exchange nearest you.

Also, to avoid extra charge on someone elses account, the hours to use it
are 6 pm to 7 am on weekdays and all day weekends. I would strongly recommend
you also abide by these time restrictions even with someone elses account. You
won’t have to worry about getting another password, which is hard to get.

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \

Future World IIgs / Infinitys Border II ……301-486-4515 20 Megs/AE/CF
Hard Rock Cafe ………………………….201-362-6304 10 Meg Sup.Tac
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
\_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/ \_/