Copy Link
Add to Bookmark
Report
Chaos IL Issue 04
< The Israeli Underground Information eXchage >
,
Ú ,g,___.,,Úg?Pü~ g¿,,,.
g.,gd$Pü''~``'4${ ,, ,,._ __..,, _.,._}$$$$%'
'ü4$$b, ' gÚÚ,.. :} :}"üP#g,. ,yPü~"ü4Py. ,gP'~"üü"~`
'$$$b. ~ü4$$4 }$ }$ `$$b: d$} }$b,%%}
:$$$% ~$$i _.,, iiÚÚ,, `4$%%%?W, ;$$} $$; ,
.}$$$P g¿,,,. .}$$b#Pü"}: Ã$~"ü4 `$$b.`4?g,,.,g?Pü` ;?W,.,,Úg?Pü~
,dPü"' .,._}$$$$%':d$$' $}g4: `$$$b. `~}}~`` `4?~``'4${
'' ,gP'``~"üü"~` ,$$P' iiü' .'Pü~' ,d$P'
'' .d$$' $} ,g, --IL d$$P'
'' '~ü4` :4g, `ü' .,,, {$$$
.. / `ü' '?${_.,, `üPb,
jizm#@ 'ü"~``'4g, ``
''
''
Chaos IL - Issue #4, 26/Jul/1998 ..
,,
Oi! ~If freedom is outlawed, only outlaws will have freedom~ Oi!
Chaos IL Issue Four Index:
~~~~~~~~~~~~~~~~~~~ ~~~~~~
01. Introduction to Issue #4 (NEWS) by morgoth
02. Gaining supervisor on school Novell NetWare by Insaine
03. Cheating Israeli ISPs for Dummies PART I by Volatile
04. Israeli Blue boxing in the '90s by morgoth
05. Extra Extender INFO by Radon
06. Resetting Fastcomm router by skade
07. Bezeq's DMX system - Information and usage by morgoth
08. Information about BezeqNet (135) for PBXers by Mota Boy
09. Resources & Credits *
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
***
01. General NEWS & Introduction to Issue #4
###### ## ## ###### ####### ######## #### ##
## ## ## ## ## ## ## ## ## ##
## ####### ###### ## ## ######## ## ##
## ## ## ## ## ## ## ## ## ##
###### ## ## ## ## ####### ######## #### ########
! Issue #4 !
(c) Chaos-IL Foundation 1998
We are still alive (!). Due to internal group re-arrangement situation and
major technical problems, we became inactive and were away for a while.
The main problem has began when we couldn't supply anough information to
compile a new issue. However, currently, we are truely fixed and here is
another fresh issue of Chaos IL with updates and new information as always.
We are looking for more information suppliers (read below). I would like to
greet the whole Chaos-IL team for being Chaos IL, major greets to the #972
eleet hax0rs :], who were involved in making Chaos-IL possible.
We are open for applications.
If you have any interesting information for us, and you are
* ARTICLES * willing to write an article about it or just to share the
information with us and let us handle it, contact the staff.
:
9
: n$X :
?L $$B :X
$B<: U$$$X :X!
7$$N$ <R$$$@ :W$E
T$$$i: @$$$& :u$$$$
C H A O S M$$$$: @$$$R :t$$$$* C H A O S
^%$_ 7"$$$:7$$$R:!@$$$*! _$%^
I L ~$$$N$*%_\9$$$/R$$!$$$*:/_%$$$$*~ I L
*$$$$$*WX!$N~$FtW#Xd$$$$$*
_ ^^^%$$$%%%%$$$%^^^ _
^^%%##%%#$$$%%%$%%$$$%^^
~~~~^:$$:^~~~~
X#
||
plus, I would like to say a big FUCKYOU! to Bezeq, that are charging me for
local calls, while it cost them NOTHING.
--morgoth
Contact info updates:
DOMAIN- Our new domain is currently under heavy constructions.
http://www.chaos-il.org/
IRC CHANNEL- Our IRC channel is now public on the EFnet - #chaos-il
_____________________________________________________________________________
[ THE MEMBERSHIP ]
Chaos-IL primary members:
(IN *NO* FUCKING ORDER)
morgoth morgoth@chaos-il.org
squish squish@chaos-il.org
Dissection dsn@chaos-il.org
Easy easy@chaos-il.org
The Trick trick@mindless.com
Mota Boy mota_boy@the-hood.com
skade skade@encrypted.org
Terminal Man terman@hotmail.com
malder malder@chaos-il.org
Volatile volatile@unique98.org
Blue Grass ???
Jekyll jekyll@chaos-il.org
The Errormaker emaker@chaos-il.org
Fourth Horseman 4thm@chaos-il.org
[ DISTRIBUTION ]
*Chaos IL Issues will be regulary available once released in the following
distribution boards and sites:
ANARCHY WORKSHOP +972-3-XXXXXXX 2 Nodes HQ
LIQUID UNDERGROUND +972-3-XXXXXXX 1 Node DIST
KAOS ON COMPTON +972-8-XXXXXXX 4 Nodes DIST
THE ORPHANED LAND +972-8-XXXXXXX 1 Node DIST
*Anon sites*
ftp.fc.net /pub/phrack/underground/chaos-il/
ftp.auscert.org.au /pub/emags/chaos_il/
You can also:
-Join our IRC channel at the EFNet: #chaos-il
***
02. Gaining supervisor on school Novell NetWare
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
/ \
\ Gaining supervisor on school Novell NetWare /
/ \
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
(c) Chaos-IL Foundation & Insaine 1998
-=[The "Secret" method to gain supervisor access on Novell NetWare
that used to teach in CNE classes]=-
-[x]- This Document has been written by Insaine -[x]-
Well, If you are on a Novell NetWare and you want to hack it and gain a
supervisor access, There is a "secret" way to do it.
What you need is a DOS-Based sector editor to edit the entry in the FAT.
And reset the bindery to default upon server reboot. This gives you Supervisor
and Guest with no passwords. The method was taught in case you Lost Supervisor
on a NetWare 2.15 server and you had no supe equivalent accounts Created.
It also saves the server from a wipe and reboot in case the Supervisor account
is corrupt, deleted, or trashed.
While you get a variety of answers from Novell about this technique, from it
Doesn't work to it is technically impossible, truth be it can be done.
Here are the steps, as quoted from comp.os.netware.security, with my comments
in [Brackets]:
[Start of quote]
A NetWare Server is supposed to be a very safe place to keep your files. Only
People with the right password will have access to the data stored there. The
Supervisor (or Admin) user's password is usually the most well kept secret in
the organization / company, since anyone that has that code could simply log
to the server and do anything he/she wants.
But what happens if this password is lost and there's no user that is
Security-equivalent to the supervisor? What happens if the password system
is somehow damaged and no one can log to the network? According to the manual
(Novell Administrating Book), there's simply no way out. You would have to
reinstall the server and try to find your most recent Backup.
Fortunately, there is a very interesting way to gain complete access to a
NetWare server without knowing the Supervisor's (or Admin.'s) password. You
may imagine that you would have to learn complex decryption techniques or even
type in a long C program, but that's not the case. The trick is so simple and
generic that it will work the same way for NetWare 2.x, 3.x and 4.x.
The idea is to fool NetWare to think that you have just installed the server
and that no security system has been established yet. Just after a NetWare 2.x
or 3.x server is installed, the Supervisor's password is null and you can log
in with no restriction. NetWare 4.x works slightly differently, but it also
allows anyone to log in after the initial installation, since the installer
is asked to enter a password for the Admin user.
But how can you make the server think it has just been installed without
actually reinstalling the server and losing all data on the disk? Simple.
You just delete the files that contain the security system. In NetWare 2.x,
all security information is stored in two files (NET$BIND.SYS and NET$BVAL.SYS).
NetWare 3.x stores that information in three files (NET$OBJ.SYS, NET$VAL.SYS
and NET$PROP.SYS). The all-new NetWare 4.x system stores all login names and
passwords in five different files (PARTITIO.NDS, BLOCK.NDS, ENTRY.NDS, VALUE.NDS
And UNINSTAL.NDS [This last file may not be there, don't worry]).
One last question remains. How can we delete these files if we don't have
access to the network, anyway? The answer is, again, simple. Although the people
from Novell did a very good job encrypting passwords, they let all directory
information easy to find and change if you can access the server's disk directly,
using common utilities like Norton's Disk Edit. Using this utility as an example,
I'll give a step-by-step procedure to make these files vanish. All you need is
a Bootable DOS disk, Norton Utilities' Emergency Disk containing the DiskEdit
program and some time near the server.
1. Boot the server and go to the DOS prompt. To do this, just let the network
boot normally and then use the DOWN and EXIT commands. This procedure does not
work on old NetWare 2.x servers and in some installations where DOS has been
removed from memory. In those cases, you'll have to use a DOS bootable disk.
2. Run Norton's DiskEdit utility from drive A:
3. Select "Tools" in the main menu and then select "Configuration". At the
configuration window, uncheck the "Read-Only" checkbox. And be very careful
with everything you type after this point.
4. Select "Object" and then "Drive". At the window, select the C: drive and
make sure you check the button "physical drive". After that, you'll be looking
at your physical disk and you be able to see (and change) everything on it.
5. Select "Tools" and then "Find". Here, you'll enter the name of the file you
are trying to find. Use "NET$BIND" for NetWare 2.x,"NET$PROP.SYS" for NetWare
3 and "PARTITIO.NDS" for NetWare 4. It is possible that you find these strings
in a place that is not the NetWare directory. If the file names are not all near
each other and proportionally separated by some unreadable codes (at least 32
bytes Between them), then you it's not the place we are looking for. In that
case, you'll have to keep searching by selecting "Tools" and then "Find again".
[In NetWare 3.x, you can change all occurrence of the bindery files and it
should still work okay, I've done it before. ]
6. You found the directory and you are ready to change it. Instead of deleting
the files, you'll be renaming them. This will avoid problems with the directory
structure (like lost FAT chains). Just type "OLD" over the existing "SYS" or
"NDS" extension. Be extremely careful and don't change anything else.
7. Select "Tools" and then "Find again". Since NetWare store the directory
information in two different places, you have to find the other copy and change
it the same way. This will again prevent directory structure problems.
8. Exit Norton Disk Edit and boot the server again. If you're running NetWare
2 or 3, your server would be already accessible. Just go to any station and
log in as user Supervisor. No password will be asked. If you're running NetWare
4, there is one last step.
9. Load NetWare 4 install utility (just type LOAD INSTALL at the console prompt)
and select the options to install the Directory Services. You be prompted for
the Admin password while doing this. After that, you may go to any station and
log in as user Admin, using the password that you have selected.
What I did with Norton's Disk Edit could be done with any disk editing utility
with a "Search" feature. This trick has helped me save many network supervisors
who lost their passwords. I would just like to remind you that no one should
break into a NetWare server unless authorized to do it by the company that owns
the server. But you probably know that already.
[End of quote]
I actually had this typed up but kept changing it, so I stole this quote from
the newsgroup to save me retyping ;-)
Now the quickly for 3.x users. Use LASTHOPE.NLM, which renames the bindery
and downs the server. Reboot and you have Supe and Guest, no password.
That's all folks, Now remember, You have to work on the server, it means you
must have access to it (or u can break in).
Cya in the next issue
-[o]- Insaine ( mail me: insaine@cyberdude.com) -[o]-
03. Cheating Israeli ISPs for Dummies PART I
---------------------------------------------
"Cheating ISP'S in israel For Dummies Part I"
---------------------------------------------
(c) Chaos-IL Foundation 1998
***
well here i will show you some basic idea on how to cheat the ISP'S in
israel...
its not too hard, and dangrous as buying a new pair of shoes if you know
what your doing....
first i will start with the mega-giant called Netvision....
Mega Giant In My a** this company security level is low when it come to
service support...
the first thing you need to do is to simply telnet the finger port (write
"telnet netvision.net.il 79") and write a common user name (e.g moshe) now
after you got some detiles about user "moshe" like the name he is
registered on netvision (e.g Moshe Levi) from there all you need to do is
call netvision support, and claim you have lost the paper with the
password (sounding completly dumb will help you sound reliable and thats
the key word) and in 65% to 70% they will give you the password just like
that, if you tried it once and it didn't worked, don't give up, try it
again and again and i promise like the precents show, you will get user
"moshe" password!
now the main problem in this issue is to sound reliable, becouse thats what
make the diffrence, if you don't know how to sound reliable and mature
(also help) find another business becouse cheating is all about acting a
charcter :) now after vola's course on how to hack stupid netvision... i
will give you some detiles about the server as a bonus....
heres what i know....
Main Server : dns.netvision.net.il
Working On : Digital Unix
Finger : works, but with one slight problem, you can only finger one
user, every couple hours...
thats all i know about netvision, its not that hard as you may think...
the best way is to hit a new support man/women becouse those usely dosn't
know all the rules and they are preety naive and sometimes lack of
intrest in the work (lazy enough to let you get away with it).
no one will try to trace you if you will be smart...
ok now i will break from the top of the cream (supposly, between us they
are fast as my digasting system =]), to the most bad suppLIER in israel
called Aquanet (Aquanut even) those guys give bad costumer support as
they give bad internet connection, anyway to cheat them is the easy thing
in the book.
Someone you hate have an aquanet account.
-----------------------------------------
well you hate someone who use an aquanet account?
you know his/her name and/or user name?
well if you do you can close her/his account in one minute, all you have
to do if you have the user name is to say you want to close your account,
give the user name and the account is closed (aquanet account cost 120nis
to open =]).
if you don't have the user name and you happend to fall on a somewhat
smart support man (rarley happens in aquanet IF it happens =]), all you need
to do is sound like an upset dad and say something like "my son as become
an addicted to the internet and i want to close our account" then they
will ask you for the username, just say "user name?" now give the name of
the person the account is reg'd on "my name is..." acting dumb allways
works here, now if you get lucky the support man/women will just do it
without checking, but the key word is to sound like someone serious and
trusted, be kind, but not too kind, talk calm becouse pepole notice when
you talk like a nervious rack, that work most of the times...
Getting a password
-------------------
Meny (Aquanet Manager) is a maniak (to his luck he closed the finger port)
anyway that make it harder, but again choose a common user name "moshe"
and tell the support man/women that you forgot your password and ask him
kindly (sounding honest is the key) for the password, now thats harder
then in netvision becouse you have hard time getting the name of the
owner of the account and thats a minus, but trust me cheating them is much
easier then cheating netvision if you know what your doing...
the most common way to get access and even it sounds suspicious is to ask
them to change the password (in that point they will tell you, you can do it
from thier site) just tell them your using internet for irc and you don't
even have a browser, not to speak of knowing how to use one...
that works sometimes and you can even get more info about it later on...
by emailing them with questions about your account (id number and sevral
other detiles) be carfull in this part becouse later on they can trace you
if they get suspicious...
using an hacked aquanet account is strangely more dangrouse then using a
Netvision account, becouse aquanet is a small company and they have time
to trace you down, a friend of mine used an hacked account and
someone supposly owned the account called him and told him he was using
his account, and he need to pay for it... (he didn't by the way)
well the thing is that they log the phone number with the hours, so users can
check about hours and calls, its stupid but dangrouse so dial *43 before
using aquanet hacked account, becouse their support group is full of big
mouth's who dosn't afraid to give any information (good for us and bad for
us) about the account activity (yes i think also where the call was made
from), so ask bezeq to disable the *42 perm so they can't trace you...
Getting a Username Of Someone You Hate On Irc, who use aquanet
--------------------------------------------------------------
well if someone piss you on irc, and you know he use an aquanet account but
you don't know nothing else but his irc nick, well no worries, its even more
easy then to know the user full name...
all you need to do, when he's online on irc or whatever (icq, etc) is to get
his ip address (newbie note : to get an ip address of someone in irc all you
need to do is "/dns nickname" then after you got the ip and wrote it down
just go to the aquanet page (www.aquanet.co.il) and click on "services" then,
click on "who's online" and search for the ip address, walla, you got the user
name, from there you can close his account (as written above) or scare the
hack out of him, showing off your hax0ring skills =), or get his password and
give it to your friends and another nice option is to change his password
via the site, just goto www.aquanet.co.il and click on "support" then click on
"change password" and change it).
Do You Want a Phone Number ?
----------------------------
Someone you know is real lame and use aquanet(proves he's even more lame then
you thought =)) and you want to get his phone number and give it to your
friends... n/p its easy as crashing winblows 95, all you need to do is to get
his user name (as described above) and then to go to the aquanet site, and
click on "services" then click on "time counter" and enter his user name
and walla, there's the phone number in there (a usefull tip : when using
aquanet, do *43 before the number, becouse obvisiouly aquanet is too stupid
to figure that this thing is invading your privicey and that us hackers can
be spotted up, by any dumbshit who know how to browse the aquanet site)
Thank you...
Information About The Server : the last time i used them, the stupid
mother fuckers used WINBLOWS NT yes you heared right, they used windows
nt, they probebly still use it in some area codes... (07 area-code use
linux or digital unix), the main server is : main.aquanet.co.il (useless i
guess becouse they closed 98% of the ports).
See You In "Cheating ISP'S for dummies Part II"
so go cheat some ISP'S, GO!
thank you, squish for the info about the time counter...
Volatile.
04. Israeli Blue boxing in the '90s
[][][][][][][][][][][][][][][][][][][][][][][][]
C [] [] C
H [] Israeli Blue boxing in the '90s [] H
A [] [] A
O [] by morgoth [] O
S [] [] S
[] (c) Chaos-IL Foundation 1998! []
I [] [] I
L [][][][][][][][][][][][][][][][][][][][][][][][] L
-= Introduction =-
This is an updated guide for Israeli Blue boxing in the '90s. please note,
that information in this article wont guide you through GETTING seize tones
for blue boxing, or the like. This is only pure information that will guide
you through the oldschool and newschool Israeli blue boxing. Before you're
going to read this, let me just give you a strong advice: DONT fuck around
with it that much, the oldschool Blue boxing is dieding slowly, and there
are some major traces being made from global operator trunk lines.
(MY SELF EXPERIANCE).
* this article includes the following sections:
-- Introduction
-- Signalling
-- Trunk Lines (eH?)
-- The Operation
-- Getting around with C5
-- Some words about the Seize tone
-- Once it's breaked
-- What's the "ST" stands for?
-- Placing a call (in general)
-- List of Bezeq's Home Country Directs
-- Some notes about Security and Tracing I
-- Bezeq's FREQUENCY TONE DETECTOR (FTD)
-- Tracing & some Security tips II
-= Signalling =-
Signalling is the term used to describe how telecommunication
networks communicate with each other. There are MANY types of signalling
and some of them are unknown. These are examples of signalling systems that
are most known:
CCITT (Committee Consultative International Telegraph and Telephone)
DTMF (Dual Tone Multi-Frequancy) <Bezeq>
R1
R2
PULSE (Pulse dialset)
ANALOG (Analog dialset)
Telephone networks communicate via special "lines", connecting each other
up, called Trunks. Information about a call, and in some cases the
conversation, is passed through a trunk line to the called network. The
called end gathers the signalling information, manipulates some hardware,
and voila- a call is made. If the called line is busy etc.. then the
called end signals back to the called system, and the caller get a busy
signal.
Thats way over simplified, (and somewhat incorrect) but I'll explain more as
I go. Until then, here is an analogy. :)
-= Trunk Lines (eH?) =-
A trunk line is a circut that connects two (2) networks together. You
may already be familiar with the trunk lines running between CO's.
For C5, however, the trunk lines will be the ones that connect transit
(international) networks to terminal (national) networks in distant countrys.
The trunk lines not only transmit signalling information, they also
transmit your conversation. So, when you make a call over one of these
trunks you have access to more than a friendly voice. :) I once wondered
why in the hell anyone would ever do such a stupid thing, but the answer
is simple: 1. It's known Bezeq are stupid 2. With the volume of traffic
going overseas, and the cost of the cable, equipment, boats, crew and design,
the profit for using a single line to handle both signalling and voice eaisly
outweighs the amount of "potential" loss due to fraud or bad connections.
No one really cares.
Trunk lines are like Bridges (the kind you drive over). Instead of running
many small bridges to various locations, one large bridge is built in a
convienient spot. Even though there is only one bridge, it's big and handles
lots of traffic, effectivley connecting two sections of town. :)
-= The Operation =-
Blue boxing is the art of seizing lines in another country with the affect
that you have operator control over the line. What you are looking for is
a CCITT#5 (C5) phone system of a foreign country, that can be seized.
CCITT (aka C) has 7 versions up to now that are running,
The one signalling system I will discuss is: CCITT5. It is still possible
to use other systems (Like R1), but most people wont be able to find them.
CCITT5 (C5) is an international Signalling system. It was designed for
handeling international calls going over the trans-atlantic cables. Its
still widley used in many South American, Carribean, Asian and poorer
countrys. Slowly, it's dying.
Seize is a signal sent in the forward direction to prepare the incoming
exchange (free toll number) for a call.
Seizing involves sending a 2600Hz/2400Hz tone down the lines for about
100ms-500ms. This is generally followed by a 2400Hz tone for the same
time. Some systems require a 2600/2400 clear forward for 100-150ms and then
the seize tones that are in other tone range, though it's harder, that is the
modern way for Blue boxing.
-= Getting around with C5 =-
Usually if you listen, you will hear wierd beeps or clicks before the phone
rings, when the person answers the phone, or after the called party
hangs up. These noises are actually signals being sent in the reverse
direction. If you got into one of these, this is a C5 phone system.
After you got your C5, there are a few steps you have to do in order to gain
a free call, or in order words.. Blue box :P
1. Breaking the operator trunk line or in other words, break into the C5.
2. Prepare the trunk line for dialing or in other words, after you breaked
the C5, send the seize tones to prepare the line for dialing.
[*] C5 can be breaked by sending variations of 2600Hz/2400Hz tones for
about 100ms-500ms to the line. Each country has it own frequancies
and you'll have to use another variation for breaking it.
Example:
Breaking ENGLAND (177-022-XXXX)
-------------------------------
Break tone: 2400Hz + 2600Hz / 300ms / vol22
Seize tone: 4400Hz + 2420Hz / 252ms / vol44
Info/Explaination
-----------------
*Break Tone* sending 2400 + 2600 Hz tones for 300 mili-seconds at volume 22.
*Seizing Tone* sending 4400 + 2420 Hz tones for 252 mili-seconds at volume 44.
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-
** This is a luzzy example, so don't think you're a wize ass and bother to
try it out even :))
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-
Some words about the Seize tone
-------------------------------
After you breaked the C5 trunk line, you mostly get silence or a low tone,
in this situation you have to send a seizing tone that will Seize the line
and prepare it for dialing. Seize tone must include a 2400Hz in it since
2400Hz is the C5's Seizure tone. The 2400Hz in your seize tone will come
secondary, it should look like something in this syntax:
(Seize tone example) - <first Hz tone> + 2400Hz / <mili-seconds> / <volume>
-----------------------------------------------------------------------------
Once it's breaked
-----------------
Greetings. send the Seize tone properly to prepare and line you are on, and
the line is ready for dialing! Switch your Blue box Dialing program to C5
dialset, and follow the next dialing rules...
After breaking you'll have to dial in C5 signalling, it is different from
the normal DTMF tones we are using daily with our home phone.
Here are the C5 signals:
+++++++++++++++++++++++++++++++
+ CCITT system 5 Line Signals +
+++++++++++++++++++++++++++++++
Signal Frequency(Hz)
--------------+--------------
Seizure 2400 *
Clear Forward 2600 + 2400 *
Clear Backward 2600
Proceed-to-Send 2600
Release guard 2400 + 2600
KP1 (term) 1100 + 1700
KP2 (trans) 1300 + 1700
Digit 1 700 + 900
2 700 + 1100
3 900 + 1100
4 700 + 1300
5 900 + 1300
6 1100 + 1300
7 700 + 1500
8 900 + 1500
9 1100 + 1500
0 1300 + 1500
Code11 700 + 1700
Code12 900 + 1700
ST (end) 1500 + 1700
You probably saw those signals already, in your Blue box Dialer, but I guess
some of you who have'nt Blue boxed yet don't know thier meanings.
KP1: Indicates the beggining of a terminal (national) routing.
KP2: Indicates the beggining of a transit (international) routing.
ST: Indicates the end of a routing.
A terminal call is one that is inside of the national network that owns the
trunk line. It's kind of like a local call, but fuck the regional boundries.
In other words, will perform a local call in the country you breaked into.
The format for a typical terminal call is:
KP1 - <Phone number> - ST
For example, if you breaked a US trunk line, you'll be able to dial numbers
in the US just like you are calling from within the US :)
Transit calls are formated a little diffrent because they obviously need
more information. The format for a typical transit call is:
KP2 - <Country Code> - 10 - <Phone number> - ST
What's the "ST" stands for?
---------------------------
ST signal will come at the end of the call operation. ST is actually similar
to the ENTER command, it tells the C5 you are done, and sends the info of the
call you want to perform.
Placing a call (in general)
---------------------------
Let's say we breaked a US exchange, and willing to call localy, to the free
toll US 1-800 number of AT&T, which is 1-800-426-7720. We dial the follow:
KP1-18004267720-ST
| | |
| | |
Local call | End
|
Phone #
Now let's say we want to call international to Netvision in Israel. We pick
the Netvision central system at 972-3-5166222. We dial the follow:
KP2-972-10-35166222-ST
| | | | |
| | | | |
Inter | Pass | End
Call | Digit |
| |
Country Phone #
Code
***
List of Bezeq's Home Country Directs
------------------------------------
177-430-2727 .............................................. Austria
177-610-2727 .......................... (TELSTRA Telecom) Australia
177-611-2727 ............................ (OPTUS Telecom) Australia
177-390-2727 .................... ........................... Italy
177-353-2727 .............................................. Ireland
177-100-2727 ......................... (AT&T Telecom) United States
177-150-2727 .......................... (MCI Telecom) United States
177-102-2727 ....................... (SPRINT Telecom) United States
177-320-2727 .............................................. Belgium
177-550-2727 ............................................... Brazil
177-440-2727 ................................ (BTI Telecom) Britian
177-441-2727 ............................ (MERCURY Telecom) Britian
177-490-2727 .............................................. Germany
177-450-2727 .............................................. Denmark
177-270-2727 ......................................... South Africa
177-310-2727 .............................................. Holland
177-360-2727 .............................................. Hungary
177-886-2727 ............................................... Tiewan
177-300-2727 ............................................... Greece
177-810-2727 ................................................ Japan
177-962-2727 ............................................... Jordan
177-352-2727 ............................................ Luxemburg
177-330-2727 ............................................... Monako
177-212-2727 .............................................. Morocco
177-470-2727 ............................................... Norway
177-640-2727 ........................................... New-Ziland
177-860-2727 ................................................ China
177-659-2727 ............................................ Singapore
177-340-2727 ................................................ Spain
177-100-2727 ........................................... Portu-Riko
177-351-2727 ............................................. Portugal
177-358-2727 .............................................. Finland
177-450-2727 ............................................ Froa-Cost
177-560-2727 ................................................ Chile
177-330-2727 ............................................... France
177-506-2727 ........................................... Costo-Riko
177-822-2727 .......................................... South Korea
177-105-2727 ............................................... Canada
177-357-2727 ............................................... Cyprus
177-460-2727 ............................................... Sweden
177-410-2727 .......................................... Switzerland
177-660-2727 .............................................. Tieland
177-900-2727 ............................................... Turkey
Syntax is 177-COUNTRY_CODE-2727 for any others that are not listed in here.
If you reach nothing in one of these that are listed here or you get a
broken line signal, try using a similar number like:
Canada - 177-105-2727 , 177-104-2727 .
_________________________________________________________________________
***
Some notes about Security and Tracing I
----------------------------------------
Since '94 and earlier in some exchanges, there have been tone detection
devices on operator trunk lines. One of the most known detectors being used
is the FTD (Frequency Tone Detector). The FTD is filtering your line and can
detect tones such as 2600Hz when being sent. The FTD's reaction is an immediate
disconnection from the exchange you dialed in (where you sent the tones),
informing/notifying Bezeq of your action, and a line shutdown for few minutes.
In order to Blue box, you MUST bypass/disable the FTD. You may Blue box in
the old ways through foreign contries and if you're experianced with a high
technique performance it might work, though you'll either get busted or
a line shutdown for a long period. There are a few ways to bypass/disable
the FTD that are actually based on the same technique, we've published the
easiest of them in Chaos-IL ISSUE#1, I've included it here anyway.
*RIPPED FROM CHAOS#1* *RIPPED FROM CHAOS#1* *RIPPED FROM CHAOS#1*
== CHAOS-IL ISSUE#1 ARTICLE #4 ===============================================
==============================================================================
Bezeq's Frequency Tone Detector is an InterLine exchange that is able to detect
2600hz tones and beyond. The project has came into act in 1989, when AT&T
distributed the first FTD to TeleComm. companys, in order to detect any kind of
"blue actions"/ Blue boxing that was much massive those days. Either that the
FTD is operated within the pick/hang up Hz tones, and an InterLine exchange,
it can bypassed VERY simply.
To first-check Bezeq's FTD, get any Blue boxing program that supports the local
DTMF(Dual Tone Multi-Frequency) dialset, and send generated phone number tones
to your phone's mouthpiece using the SoundBlaster/MIC. After performing 3 local
calls, your telephone will be shuted down for 5 seconds and with period, you
will hear a strange tone that sounds like a musical trunk, and the line will
be back to normal. This is the FTD, and what it did, is to announce Bezeq of
your illegal tone frequency and disabling your short pass calls that were
actually performed without of any Billing Incharges. (please note that this can
be mentioned in your monthly Telephone paperbill).
As said before, the FTD can be bypassed/disabled very easly. before excuting
your desired call, get a payphone number that is placed near to your house
(best in your street) and dial it in a reasonable hour. Wait for someone to
pick up the phone (a streetwalker). When the payphone is being picked
up, right then, the FTD gets disabled for the correct call. try to bullshit the
streetwalker that answered your call as much as you can in order to produce
more time if you get into troubles (it is not recommanded to repeat the same
way to the same payphone in generaly, in order to disable bezeq from
noticing anything). Anyhow, your call is out of the FTD. Now, you have to
quickly discharge the call, and send it over to your house. You have to make theperson who answer the phone to call you back within less then 5 seconds after
you closed down the corrent call. (5 seconds is the FTD's period time).
Now, this call should be performing very quickly, and it not seems to work some
of times couse of the payphone's "Telecard" delays, so the streetwalker
need to be ready with the Telecard verified inside. After he's done dialing
your phone's dialtones and the phone rings at your house, the FTD is enabled.
Quickly pickup the phone and hangup after 5 seconds exactly! (its recommanded
to use a clock near you). FTD is bypassed. you have 5sec to excute your desired
call using a Blue box or any other tone freq. that need to disable the FTD in
order to excute the call. I know this might not be clearly to some of you,
so I discribed an online FTD bypass that I did a short time ago:
* PP = Payphone (the remote payphone carrier)
* LP = Local Phone (you)
-- Calling the payphone --
-- Phone has been picked up --
PP: "Hello?"
LP: "Hello, is this 03-XXXXXXX payphone number, that is located in the main
Tel-aviv square?, Did I dialed correctly?"
PP: "You sure did. There was no one here to answer, so I picked up ..."
LP: "Can I use few minutes of your time?"
PP: "What happened?"
LP: "I'm a Bezeq lineman, I'm in the middle of Tele-line Device installation
and I need you to call back in here in order to verify the new Device."
PP: "I Understand. Then what is your purpose in calling this payphone?"
LP: "The device line is need to be tested within this Local Area Network,
The payphone you're talking through is serving the Network's point."
PP: "Ok, Understood. Which number should I call?"
LP: "Call to 03-XXXXXXX. Now, you must done the dialing within 5 seconds max.
the device will not get into act if you will pass the 5 seconds period.
put your Telecard in by now, so we wont lose any time."
PP: "Telecard is in. I will try doing this."
LP: "Ok, I am about to disconnect, please get ready and be alert."
PP: "Ok, all set."
LP: "Hanging up ..."
-- Call has been disconnected --
-- 3+ Seconds passed from disconnection --
-- Phone rings --
-- Picking up (This call should be closed within 5 Seconds) --
-- Clock Operated (To point the exact time period!) --
LP: "Hello?"
PP: "Thanks, Goodbye."
* DONT TAKE ANY CHANCES! DISCONNECT WITHIN 5 SECONDS PASS!
-- Clock beeps, 5 seconds passed --
-- FTD is bypassed! FREE 5 seconds to excute the desired call --
-- Box- <EXCHANGE DIAL-IN>+2600HZ+KP1+XXXXXXXXX (just an example) --
-- Call performed --
The FTD is limited for only 2 switchings that are less then the period time
(5 seconds). When you switch 2 calls (switch=disable FTD/enable FTD) in less
then 5 seconds that are not operated from the same signalling system,
(payphones uses an auto-operated exchanging switching system named ACTS)
you get a free 5 seconds when the FTD is setting up, in those 5 seconds you
can send any tones without getting detected.
=============================================================================
***//NOTE//***
You also might want to take a look at Article #3 at CHAOS-IL ISSUE#1, covers
the Israeli Blue boxing.
Tracing & some Security tips II
-------------------------------
Well, you shouldn't pHEAR of Blue boxing like many does :P I'm gonna say
some facts that I hope wont get mixed for wrong by people who read this.
ANI is Automatic Number Identification. It's a packet that is sent everytime
you dial at least 7 digits on the phone that tells alot of information about
you. It gives the name of the person the phone number is registered to, the
phone number and area code, and any other information relating to you directly.
The conclusion is, that the number you are Blue boxing through have your info.
but Bezeq doesn't have it :). If you were Blue boxing through a free-toll which
is monitored by Bezeq they would detect and know your info if they would like,
through the ANI, but since you are Blue boxing through a foreign country, the
risks of getting noticed and cought becomes smaller. It is a great idea to
Blue box through a foreign country which are currently not in good relations.
That way, even if you'll get cought by one country, the lack of communication
between her and the other country wont allow tracing you. e.g: Israel -> Arab
[EOA]
Greeting
--------
This article is specially dedicated to all those "WTF! TEACH ME HOW TO BLUE
BOX MAN!" guyz. I hope this info is informative to anyone who read it, and
I hope more people will start boxing around our fuckedup country.
I would like to greet a few gods that helped me compiling this article, and
helped me to know what I know:
marauder
TheQ
BigBoss
Terminal Man
singned, morgoth.
[ c h a o s I L ]
***
05. Extender INFO
Extenders / radon
~~~~~~~~~~~
- Part 1 -
well , those extenders (pbxes) stuff has got spread all over israel and today
if you attend you will see that every second person got an extender.
its seems that bezeq already understood the trick about using extenders for
free calls and started to do something about it.
now, i know about at least 1 extender that is under bezeq trace and all
i can tell you guys that this is the most common extender in israel.
(the number of the extender will stay safety in the magazine systems) :)
anyway friends of mine that used the extenders for some time started to get
calls from bezeq that told them that they making some sort of survey that
regarding usage of 177,1800 and 199 numbers and that they would like to know
if they used those services in the last weeks and if yes what sort of services.
now , there is a chance that this survey is just a random call that really
come to check, regrat and improve those services by those questions, but still
one of the magazine perpous is to note you from any dangerous suspect of ours.
this is the formal form of the call usually:
[bezeq]: hello, we are from "mercaz dahaf" and we are doing a survey for
bezeq regarding usage of the 177,1800 and 199 services.
did you used those servies for any kind of function in the last weeks?
[person]: [now there are few answers you should answer here] :
person1: hmm, dunno maybe my father did or someone else in my family.
bezeq: we just want to know if there was any miss fanctions in our
services and what was the function you used.
person: sorry, no one from my family is at home right now.
-------------------------------------------------------------------------------
person2: i already recived a call from you today!!!
bezeq: ok, thanks for the cooperation.
-------------------------------------------------------------------------------
person3: i got a girlfriend that working in 199 thats why i calling alot
to there! :))
bezeq: ha, if this is the case so its ok! :)
-------------------------------------------------------------------------------
well here is a log of somone that quote his call into a log, this person got
little into tangle but here its go:
<person> ok
<person> i get a call oneday
<person> a nice lady
<bezeq> "we are from the mishlav (i think thats the name.. ) and we are doing
a survey for bezeq regarding usage of 177 and 199 numbers"
<bezeq> "u have been using them right?"
<person> "hmmms... dunno."
<bezeq> "well, we just wanna know if the service was good etc..."
<person> "no, i don't recall calling 177 or 199. maybe some1 from my family
and i don't wanna be in the seker"
<bezeq> "ok bye"
-----------------------------[ after 20 minutes ]------------------------------
<person> a man calls
<person> sounding VERY angry
<bezeq> "Hello. i'm from the seker, and u said u didn't use a number right?"
<person> "yes"
<bezeq> "are u sure?"
<person> "yes"
<bezeq> "do u live alone?"
<person> "yes"
<bezeq> "so u'r name is <he gave my father's name"
<person> "ohhhhh..... no"
<bezeq> "did i get to <my phone number>?"
<person> "yea"
<bezeq> "so who are u?"
<person> "i'm blah blah blah :) "
<bezeq> "but u said u live alone"
<person> "no, i ment i'm alone at home now"
<bezeq> "hmm. so u didn't call? u sure?"
<person> "yea."
<bezeq> "and no1 from u'r home?"
<person> "look, i dunno, i don't know who my family calls"
<bezeq> "ok, bye" (sounding pissed off)
-----------------------------------------------------------------------------
Last note: well, i did my best to get you guys conscious to the situation
today and this article was made and basic about good sources.
i wanna greet m0ta_boy that help me to get some stuff.
I will do my best to keep you inform about any new deatils that will come out,
keep following after chaos-il magazine.
- PART 2 -
Using the extenders with 135 / Radon
well, i think that you guys that use the extenders need to know something:
this calls that you make thru 177 numbers to 135 get charge by someone, even if
its belong to bezeq, when you call thru 135 the internet providers do charge
bezeq for the services, now someone told me ,and its do make sense, that when
someone use 135 with the extender the chance that they will close the extender
or start to make traces and find peoples that "charged" them for calls to 135
is bigger than you use extender with other isp account as IBM (see issue#1:
how to card ibm internet account / 4thm).
conclusion: dont use the extender with 135! its just more dangerous for you and
for us.
Irc Efnet: radon/rn86away
E-mail: radon666@hotmail.com
i would be glad to get any information/responses/fix/updates about
the article.
06.
***
- Resetting Fastcomm routers -
by skade
)) ) subject: resetting fastcomm routers
)) ) author.: skade (skade@encrypted.org)
lately alot of people are seeking for a way to reset their fastcomm
routers, the main reason is that actvnet is about to go bankrupt, and they
want to sell or use the routers . . well, I did some research and i finally
found a way to reset the router, its pretty simple when you think about
it. ok, first of all, you open up the router . . you can do it with a
simple screwdriver from the buttom of the router once you got that done,
you'll have to put a jumper right behind the SupV socket, after you
accomplished that all you have to do is power up the router, press the
reset and disconnect the router from the power, dont forget to remove
the jumper before closing up the router, well thats pretty much it.
here's another tip for all actvnet users out there, maybe it took me a
while, but i found the defualt passwords actvnet uses for their routers,
you might want to try this passwords before resetting the router which
will save you the time of reconfiguring the router. . the passwords are:
password #1: larom )) password #2: tavor )) password #3: fastcomm
signing off, skade.
07. BEZEQ'S DMX SYSTEM - INFORMATION AND USAGE
############################################################
# #
####. BEZEQ'S DMX SYSTEM - INFORMATION AND USAGE .####
# #
############################################################
###. by morgoth .##
(c) Chaos IL
Have you ever dreamed about monitoring your whole local area code? Have
you ever dreamed about managing the phone billing process of your whole damn
area code? ITS POSSIBLE. DMX stands for Direct Monitoring eXchange.
In past, empoylers of the phone company (in this case, Bezeq) used to do the
black-job of calculating the phone billing of the phone network users, etc.
right when the local humanity developped a bit, they built little monitoring
machines for each 3,000 phone lines that are connected to Bezeq's network.
nowdays, the gays let the DMX digital systems to monitor and calculate the
all needed for each each code. The biggest DMX system is the 03's area code
system, because 03 areacode has more phonelines then any other areacode.
A DMX system is storaging all the lines-information, line-owner's details,
location, and more. In short of a way, accessing one of Bezeq's DMX systems
is a total MAD SHIT.
##. Locating a DMX system .##
*ALL* of the DMX systems are located in the free-toll network. When there is
a network overflow, when too much operations(calls) are being made at a time,
the phone network falls down, to prevent a shutdown of the DMX system, which
will cause a total DOOM for the area code monitored by the DMX, Bezeq located
all of them in the free-toll network.
when connecting a DMX system you will be prompted with this:
CONNECT 1200
����? ^
����N003�>
NOTE! most of the Israeli local banks are using CISCO Routers as thier
calculating/managing machines, those routers looks almost the same as DMX
systems. (they are both routers). A Bank CISCO will prompt you with simple:
XXXXX >
[ Can be anything --> XXXXX ]
The DMX systems of Bezeq are always prompting with the N at first, which
stands for NODE. and then, the areacode that the DMX system is monitoring.
In this case, the one that I accessed was N003, the 03 areacode DMX. (wow :D)
Although, you might even find a bank system that will prompt you with N00?.
(I did). In that case, there is a way I found out to recognize between
each system, in the command prompt you get, enter 'EX'.
When prompting EX on the DMX system, it WONT ask for a password:
N003>EX
Logged Out -
TIME: 14:59:32 DATE: WED JUL-22-1998
When prompting 'EX' on the bank CISCO router, it will logout with asking for
a password at first. This is how you can make a difference between those
both alike systems.
Logged Out -
TIME: XX:XX:XX DATE: XXX XXX-XX-1998
ENTER PASSWORD :
--------------------------------------------------------------------
Use '?' to see a fast help screen.
����N003�>?
���� ?, @, CLR+, CON+, DEF+, DSC+, DSP+, LP+, MON+, NOD, RMV, SET+, TRC+, TST+,
���� BSY, CEN+, HEL, EP, CNV+, EX, DEL+, RST+, INS+, SAV+, LOA+, COP+, CLS,
���� HOM, S
Use 'help' to see the detailed help screen.
����N003�>help
���� ?
����
���� @
����
���� CLR @
���� CLR AQ
���� CLR BP LP
���� CLR BP PH
���� CLR CH
���� CLR DL
���� CLR MG
���� CLR PG
���� CLR PH
���� CLR RDN
���� CLR RLY
���� CLR RTE
���� CLR MC
���� CLR FMC
���� CLR DS0
���� CLR DS1
���� CLR TON
���� CLR LCL
���� CLR MUM LOC
���� CLR MUM REM
���� CLR SEC
���� CLR PW
���� CLR TMO
� CLR POL
���� CLR PRO
���� CLR MM
���� CLR VPR
���� CLR SPR
���� CLR LFM
���� CLR SRT
���� CLR SNA
���� CLR BNA
���� CLR TRA
����
���� CON CH
���� CON DR/ DS0
���� CON ND
���� CON PRO
���� CON DR
���� CON DS0
���� CON BDL
���� CON POL
���� CON PR
����
���� DEF @
���� DEF ALM
���� DEF CFB 1 CH
���� DEF CFB 1 DLR
���� DEF CFB 1 DRI
���� DEF CFB 1 DLT
���� DEF CFB 1 INT
���� DEF CFB 1 SC1
���� DEF CFB 1 SC2
���� DEF CFB 1 DS1
���� DEF CFB 1 SKP
���� DEF CFB 1 LFM
���� DEF CFB 2 CH
���� DEF CFB 2 DLR
���� DEF CFB 2 DRI
���� DEF CFB 2 DLT
���� DEF CFB 2 INT
���� DEF CFB 2 SC1
���� DEF CFB 2 SC2
���� DEF CFB 2 DS1
���� DEF CFB 2 SKP
���� DEF CFB 2 LFM
���� DEF CFB 3 CH
���� DEF CFB 3 DLR
���� DEF CFB 3 DRI
���� DEF CFB 3 DLT
���� DEF CFB 3 INT
���� DEF CFB 3 SC1
���� DEF CFB 3 SC2
���� DEF CFB 3 DS1
���� DEF CFB 3 SKP
���� DEF CFB 3 LFM
���� DEF CH/ QSC
���� DEF CH/ DSC
���� DEF CH/ QAM
���� DEF CH/ DCI
���� DEF CH/ QVM.1
���� DEF CH/ QVM.2
���� DEF CH/ QVM.3
���� DEF CH/ QSP
���� DEF CH/ QVM.6
���� DEF CH/ QVM.5
���� DEF CH/ QVM
���� DEF CH/ EVM
���� DEF CH/ FXS
���� DEF CH/ FXO
���� DEF CH/ ICM
���� DEF CH
���� DEF CON
���� DEF CP
���� DEF DL
���� DEF IO
���� DEF NOD
���� DEF OOS
���� DEF PSZ
���� DEF RTE
���� DEF SC
���� DEF RET
���� DEF DS1
���� DEF DST CH
���� DEF DST DS0
���� DEF DS0
���� DEF QUA
���� DEF BIA CH
���� DEF BIA DS0
���� DEF EP
���� DEF PW1
���� DEF PW2
���� DEF CSP
���� DEF MDS
���� DEF MSR POL
���� DEF POL
���� DEF MM
���� DEF MCL
���� DEF PRO
���� DEF LFM 10
���� DEF LFM 11
���� DEF LFM 12
���� DEF LFM 3
���� DEF LFM 14
���� DEF VPR
���� DEF SPR
���� DEF SP
���� DEF ILQ
���� DEF BDL PR
���� DEF BDL NPR
���� DEF DCM
���� DEF SRT
���� DEF SAL
����
���� DSC CH
���� DSC DL
���� DSC ND
���� DSC PRO
���� DSC DS0
���� DSC BP
���� DSC POL
���� DSC PR
���� DSC BDL
����
���� DSP @
���� DSP AQ
���� DSP CH
���� DSP CKS
���� DSP CON
���� DSP CP
���� DSP DL
���� DSP ERR
���� DSP FN
���� DSP PPN
���� DSP RTE
���� DSP ST BP
���� DSP ST CH
���� DSP ST DL
���� DSP ST SY
���� DSP ST DS1
���� DSP ST DS0
���� DSP ST QUA
���� DSP ST AL
���� DSP ST BDL
���� DSP ST POL
���� DSP ST CLK
���� DSP ST LFM
���� DSP ST VCH
���� DSP ST DCM
���� DSP SY
���� DSP TIM
���� DSP TST
���� DSP DS1
���� DSP DST CH
���� DSP DST DS0
���� DSP DST ALL
���� DSP DST *
���� DSP DST DL
���� DSP BW
���� DSP DS0
���� DSP REV
���� DSP SIG DS0
���� DSP SIG EQ
���� DSP SIG LI
���� DSP QUA
���� DSP TS
���� DSP TOP
���� DSP EP
���� DSP CFG
���� DSP CSP
���� DSP MDS
���� DSP POL
���� DSP ACT POL
���� DSP PRO
���� DSP LFM
���� DSP BDL PR
���� DSP BDL NPR
���� DSP VPR
���� DSP SPR
���� DSP SP
���� DSP ILQ
���� DSP PHN XDL
���� DSP PHN BCK
���� DSP DCM
���� DSP HIS
���� DSP SRT
���� DSP TRA
���� DSP LIT
����
���� LP RB CH
���� LP RB DL
���� LP LB CH
���� LP LB DL
���� LP RA CH
���� LP RA DL
���� LP RD CH
���� LP RD DL
���� LP LA CH
���� LP LA DL
���� LP LD CH
���� LP LD DL
���� LP BP
���� LP DS1 EQ
���� LP DS1 LI
���� LP DS1 BI
���� LP NI LK
���� LP NI LLB
���� LP DS0 EQ
���� LP DS0 LI
���� LP DS0 BI
���� LP DS0 VS
���� LP DS0 RA
���� LP DS0 RB
���� LP DS0 RD
���� LP LS CH
���� LP LP CH
���� LP VS CH
���� LP LFM LK
���� LP LFM LLB
����
���� MON L
���� MON R
����
���� NOD
����
���� RMV
����
���� SET BMP D
���� SET BMP E
���� SET BMP P
���� SET CKS
���� SET CLK
���� SET PG
���� SET RDN
���� SET RLY
���� SET TIM
���� SET TON EQ
���� SET TON LI
���� SET DAT
���� SET MUM REM
���� SET SEC
���� SET TMO
���� SET REG
���� SET CFG
���� SET CQT HI
���� SET CQT LO
���� SET GRM
���� SET PRO
���� SET CH
���� SET CTN D
���� SET CTN E
���� SET CTN C
���� SET RET
���� SET VSM
���� SET PHN XDL
���� SET PHN BCK
���� SET TSA
���� SET TSB
���� SET DRT
���� SET DTM
���� SET DL EXP
���� SET DL BCK
���� SET SID
���� SET SNA
���� SET BNA
���� SET CSW QS
���� SET CSW SS
���� SET TRA
���� SET IO
����
���� TRC BP
���� ªRC CH
���� TRC BCK
���� TRC SUB
����
���� TST L DAT C
���� TST L DAT P1
���� TST L DAT P2
���� TST L CNT C
���� TST L CNT P1
���� TST L CNT P2
���� TST R DAT C
���� TST R DAT P1
���� TST R DAT P2
���� TST R CNT C
���� TST R CNT P1
���� TST R CNT P2
���� TST DS0 EQ
���� TST DS0 LI
����
���� BSY
����
���� CEN PHS
����
���� HEL
����
���� EP
����
���� CNV BIA
���� CNV PRO
����
���� EX
����
���� DEL CH
���� DEL RTE
���� DEL SRT
���� DEL
����
���� RST BDL
���� RST DR
���� RST PS
���� RST PRT
���� RST CH
���� RST
����
���� INS RTE
���� INS SRT
���� INS
����
���� SAV DB
����
���� LOA SW
OK. I wont explain what each command does, because this is a complexed system
with like TONS of sub-commands. (the '+' signed next to the commands means
the command have sub-commands). I will guide through the interesting commands
though. At first, let me give you a wide look about how this system works
like; The DMX have some kind of a "room", a memory, that storages little
hosts. Each host is serving a phone line in the codearea that the DMX is
monitoring (in this case, its 03 arecode). Therefor, to monitor the number
you wish, you need to connect to his host first. The host is storaging all
the information about the line and about the owner of the line (a good way
to fuck up people! haha) plus options to change/update it.
Let's say that my number at home is 03-6778080, and I want to access the host
that is monitoring it. The command 'CONN' which stands for CONNECT, is used
to connect to the DMX hosts. 'CONN' command have sub-commands as well:
���� CON CH - Connect to a specific host
���� CON DR/ DS0 - Conncet to a random host
���� CON ND - Connect to a specific host
���� CON PRO - View all hosts of the DMX
���� CON DR - Search for a host
���� CON DS0 - Connect to a DS channel number
���� CON BDL - Connect to a random host
���� CON POL - RE-Connect to the previous random host connection
���� CON PR - Re-Connect to the previous host (last connection)
If you have'nt understood yet (dumbfuck!#@), each phone line has it own host,
so HOST means a line in here. DS channels are used to see which lines are
active and which lines are not, but I wont mess around with it rightnow.
OK. my number at home is 03-6778080. Use 'CON CH' to connect to a specific
host:
N003�>con ch
You will be prompted with:
|host:@|host:# N003ENTER:
The DMX is hosting the lines, and the hosts are numerically arranged. The
number we are messing with is 6778080, in the DMX, the host name of it is 677.
(the three first digits). Use this to connect:
|host:@|host:# N003ENTER: 677-6778080
If the number is correct, and exists on the DMX, you will be gr
eeted:
CONNECTED TO HOST 677-6778080 AT DS0/03677
DS0/03677-6778080 >
You are connected. Here are the available commands (gained with '?'):
DS0/03677-6778080 >?
?
CONF
BULL
PRIME
MOV
DIS
CON
The commands stands for:
CONF - This command will install a conference call option on the line
you are messing with. Use 'CONF ?' to see the usage.
BULL - This command will enter the billing system of the line.
PRIME - This will re-connect a line to the network. Only the numbers
that are registered to the network can be re-connected. Which
means, only if it was removed with 'MOV'
MOV - This will remove the line from the network, but will keep the
line REGISTERED to the network. (like those numbers who say
"HA MISPAR ELAV HEGATA EINENO MEHOBAR" :))
DIS - This will disconnect the line from the network, and will ERASE
the line data. (like those numbers who sound this "broken tone"
when you are calling them).
CON - This will let you connect a new line to the network, using the
billing information of the person who owns the line you are messing
with. (in this case I am messing with 03-6778080, so if I'll
command to create a new line, it will be billed by the owner of
the line 03-6778080).
Alright now. I will detail how to use some of these commands. I am hardly
NOT RECOMMANDING to mess with the billing. Although, I will include the
article of messing around with the billing in the next issue of Chaos IL.
Installing a conference call feature
------------------------------------
I want to install a conference call option on my line, 03-6778080.
DS0/03677-6778080 >conf
c|o CONFERENCE?
Now this is easy, there are two commands; C to Cancel a conference option
on the line, or O to Operate a conference option on the line.
I want to Operate :)
c|o CONFERENCE? o
OPERATED
DS0/03677-6778080 >
Changes to the line are being made in less then 8 hours (tested).
Remove a line from the network
------------------------------
As I said before, this will just remove the line from the network but it'll
keep the line registered.
DS0/03677-6778080 >mov
ENTER TO CONFIRM
SUCCEED
Press ENTER to confirm the move of the line, if you want to cancel it press Q.
Connect a new line to the network
---------------------------------
This will auto-setup a new line into the network using the billing information
of the person who owns the line you are messing with. This command is useless
unless you are some mechanical guru, and you have tech equipment to wire phone
lines through your house to the phone-box. You can connect a new line to the
network with this command but this is just confirming the registration of the
line to Bezeq's network. If you can get someone to build a shocket to this
line and wire it, it will work. I've never tried it though.
========================================================================
This is it. Hopefully, I will detail about the other commands and even more
in the next issue of Chaos IL.
greetings:
El_Mago - how to access the DMX hosts
Ares - thanx for helping me to understand this krap!
MAJOR THANKS to all the Chaos IL krew.
signed, morgoth. (morgoth@chaos-il.org)
***
08. Information about BezeqNet (135) for PBXers
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
Information about BezeqNet (135) for PBXers
by
Mota Boy
-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-o-
(c) Chaos-IL 1998
In the past few years, Bezeq has developped a pretty stable Internet service
provider network - BezeqNet (aka "135").
BezeqNet's network offers two prodviders from thier machines (providers 4 & 22)
and 18 links to known and unknown ISP (Internet Service Providers) networks in
Israel.
When reaching BezeqNet you will be prompted with the following:
ATZ
OK
atdt135
CONNECT 28800/ARQ/V34/LAPM/V42BIS
Bezeq, The Israel Telecommunication Corp. Ltd. welcome you to BezeqNet.
Through BezeqNet you will be able to obtain information on a variety
of topics, from different sources, and access the internet through
different internet service providers.
The Information suppliers and internet providers on BezeqNet are solely
responsible for the services they provide.
Bezeq is not responsible for the contents of information, or the quality
of service supplied by independent companies.
BezeqNet service is provided upon the condition that Bezeq shall not
be reliable for any act or omission on the part of any information
supplier or internet provider to which access is provided on BezeqNet.
#. Provider |Price per call|Price per minute| Phone |
--------------------------------|--------------|----------------|------------|
1. Bezeqnet | 0.00 NIS | 0.00 NIS |177-022-0135|
url:"http://menu.bezeq.net" | | | |
----INTERNET PROVIDERS---- | | | |
2. S. Kat (IsraServ) + MAIL | 0.39 NIS | 0.03 NIS |09-7428522 |
4. Internet Bezeq Zahav | 0.29 NIS | 0.07 NIS |03-5433784 |
5. AquaNet L.T.D | 0.23 NIS | 0.04 NIS |03-5366503 |
6. Infolink | 0.36 NIS | 0.04 NIS |03-5332466 |
7. N.M.T + MAIL | 0.20 NIS | 0.05 NIS |03-7523333 |
8. SHANI Technologies | 0.36 NIS | 0.03 NIS |03-6391288 |
10. Urbis Computer Communication| 0.10 NIS | 0.03 NIS |03-5258527 |
12. S. Kat (K - Systems) | 0.29 NIS | 0.03 NIS |09-7428522 |
13. TalkTel + MAIL | 0.29 NIS | 0.05 NIS |03-6132822 |
14. SpeedNet 1 | -- | 0.03 NIS |09-9545288 |
15. Netline + MAIL | 0.20 NIS | 0.02 NIS |03-5746756 |
16. N.M.T (MANGO) | -- | 0.06 NIS |03-7513333 |
17. Urbis Fast | 0.10 NIS | 0.04 NIS |03-5258527 |
18. SpeedNet 2 | -- | 0.05 NIS |09-9545288 |
19. Netline Gold | 0.23 NIS | 0.04 NIS |03-5746756 |
20. Aquanet - TurboNet | 0.30 NIS | 0.05 NIS |03-5366503 |
22. Bezeq Zahav | 0.25 NIS | 0.05 NIS |03-5433784 |
23. Netvision | 0.25 NIS | 0.07 NIS |04-8560570 |
24. Internet Gold - Euronet | 0.23 NIS | 0.07 NIS |03-9020022 |
25. Infolink COI | 0.36 NIS | 0.05 NIS |03-5332466 |
-----------------------------------------------------------------------------|
Tariff for communication is price of local call plus 2.9 Agorot per minute
Prices not including VAT
Please choose an entry number for Internet/Service provider.
Provider:
----end----
(This is the most updated BezeqNet's ISP list currently, it might be changed
a bit, or alot, by the time you are read this article).
You will notice the list is missing a few numbers. The numbers that aren't
shown are down servers and/or private usage ISPs, and I have found that
you can type even higher numbers, even something like "113".
I tryed that a few times, but didn't even reach an Internet provider, just some
weired BBS-like system, but you may be luckier (note that you will still
probebly pay. They are just hidden for private usage, or tests I guess)
BezeqNet provider links - General Info.
---------------------------------------
This is for IRCers who gives a fuck about the hostmask of each ISP layout
and for general information about each ISP :)
(Sorry for incomplete info, but it wasn't possible to try out *all* the ISPs
so here are the highlites, mostly the only ones you will use anyway)
1. Bezeqnet (url:"http://menu.bezeq.net") -> **See note on the buttom**
2. S. Kat (IsraServ) + MAIL -- *.israsrv.net.il SERVER: 172.17.30.102:5050
4. Internet Bezeq Zahav -- 192.114.*.* SERVER: 192.116.206.21:57
5. AquaNet L.T.D -- 192.117.*.* SERVER: 192.117.240.4:230
6. Infolink -- 192.115.*.* SERVER: 192.115.208.10:57
7. N.M.T + MAIL -- 192.115.*.* SERVER: 192.115.48.130:4002
8. SHANI Technologies -- *.shani.net SERVER: ???
10. Urbis Computer Communication -- *.infogate.co.il SERVER:194.90.232.2:400
12. S. Kat (K - Systems) -- Same as number 2
13. TalkTel + MAIL -- 194.90.*.* SERVER:194.90.237.5:33
14. SpeedNet 1 -- 192.114.*.* SERVER:192.114.155.1:57
15. Netline + MAIL -- 192.114.*.* SERVER: 192.117.254.9:57
16. N.M.T (MANGO) -- Same as number 7
17. Urbis Fast -- 199.203.*.* SERVER: 199.203.190.3:400
18. SpeedNet 2 -- 192.114.*.* SERVER: 192.114.155.2:57
19. Netline Gold -- 192.117.*.* SERVER: 192.117.254.9:240
20. Aquanet - TurboNet -- 192.117.*.* SERVER: 192.117.240.4:230
22. Bezeq Zahav -- *.attgold.net.il SERVER: 192.115.8.135:57
23. Netvision -- *.netvision.net.il SERVER: 62.0.186.1:57
24. Internet Gold - Euronet -- 192.114.*.* SERVER: 192.116.206.22:57
25. Infolink COI -- Same as number 6
- Regarding number 1 on the list -
Some people may not understand the porpuse of number 1 in the list.
It may seem that it is only for the purpose of "surfing" through Bezeq's site,
wich is almost true. The idea of number 1 is that you choose it, press
"continue" in your win95 dialer, and then surf to http://menu.bezeq.net (wich
is acually the only site you are allowed to reach).
There you will find a list of ISPs (Internet Service Providers), the same ISPs
that are in the list that is shown after you dial 135, but in this case you just
press on their banner and you will recive a host and an IP, and ofcourse, the
ability to surf where ever you want. This is great, because you can always
surf back to http://menu.bezeq.net and just choose a different ISP if you are
not satisfied with the speed, or just bored with the host.
BezeqNet's Modems.
------------------
You may think, like I thought at first: "What? only 28800? what is it worth?".
Well, you could be right if you are on an ISDN. But most of the computer users
still have a 33600 modem, and alot still even have a 28800.
Besides, the max speed of the best 33600 can be alittle over 4K/s, but face it,
how often to you reach speeds of 4K/s? you usually get 3K/s, 3.5K/s, wich their
28800 modems can deliver easly (depending on the ISP you chose ofcourse).
Here is just alittle more information for the end:
##. | Provider | Speed | Stability | System | Network Usage |
-----------------------------------------------------------------------------
2 | IsraServ | FAST* | UNSTABLE | DG/UX | *****
4 | Bezeq Zahav | SLOW | UNSTABLE | ??? | ****
5 | AquaNet | SLOW | DURABLE | RH Linux | ***
6 | Infolink | FAST | STABLE | UN*X | *****
7 | N.M.T | SLOW | UNSTABLE | Tikshuvit(?)| x
8 | SHANI Tech | FAST | UNSTABLE | UN*X | ****
10 | Urbis Comm. | SLOW* | UNSTABLE* | ??? | x
12 | S. Kat | SLOW* | STABLE | DG/UX | x
13 | TalkTel | SLOW* | DURABLE | Linux 2.0.27| *
14 | SpeedNet 1 | FAST | STABLE | ??? | ***
15 | Netline | FAST | DURABLE | RH Linux | **
16 | N.M.T (MANGO) | SLOW | UNSTABLE* | ??? | x
17 | Urbis Fast | SLOW* | STABLE* | ??? | *
18 | SpeedNet 2 | FAST* | STABLE* | ??? | ***
19 | Netline Gold | FAST | STABLE | RH Linux | **
20 | Aquanet TurboNet | FAST | DURABLE | RH Linux | **
22 | Bezeq Zahav | FAST* | STABLE* | ??? | ***
23 | Netvision | SLOW | UNSTABLE | ??? | ****
24 | Inet Gold Euronet | SLOW | DURABLE | | *
25 | Infolink COI | SLOW | UNSTABLE* | | **
-----------------------------------------------------------------------------
notes:
x ====== less then 20 connections a month
* ====== 20+ connections a month
** ===== 80+ connections a month
*** ==== 140+ connections a month
**** === 220+ connections a month
***** == 300+ connections a month
1) When we say "STABLE" or "UNSABLE" we mean mostly disconnections and how
the speed holds up most of the time.
2) * == major
DURABLE == stable, but not for a while.
3) A "???" under the System means that there was no indication of any Operating System.
But in 99% of the time it's some sort of UNIX flavour.
In Conclution.
--------------
This is the best info we can supply you for now, regarding 135. Basically, the
idea of 135 is that you pay for the exact amount of your usage. Some may think
their prices are too high, but when you think about it, it will usually come
to about 100nis (more or less) per month, and it's basically what you would pay
any respectable ISP in Israel.
Thats it for now,
Mota Boy.
--------------------------------------------------------------
09. Resources & Credits
Chaos-IL would like to greet every possible resource who supported us and
helped us:
Bezeq TeleCommunictions INC.
Barak Israel-International INC.
GreenShop Computers (TEL-AVIV)
IDC Communications INC.
AT&T Communications INC.
SPRINT Global-One Communications
Israel Telegraph LTD.
2600 Magazine
Phrack INC. Newsletter
Informatik E-Magazine
PLA-Phone Losers of America
Hacker's Heaven (BBS)
Underground Society (BBS)
Route 66 (BBS)
Liquid Underground (BBS)
#972
#phreak
#telephony
#root
#2600
www.border.com
www.etext.org
www.l0pht.com
www.lat.com
www.liquid98.com
www.itd.nrl.navy.mil
ftp.fc.net
The Prototype
Captain Crunch
TS (Bezeq 144/199 Operator)
CB (Bezeq 188 Operator)
NI (Sprint Global One Operator)
retro
Manomaker
Unix geek
phriend-
The Milkman
Anti-D
Lizzard King
deadzed
Blackbird
prophet
Substance
jizm
stoner
f0k
Mindroot
Toast
BelowZero
*ALL of Chaos-IL Members
-[EOI#2]----------------------------------------------------------------------
(c) Chaos-IL Foundation
July 1998
