💾 Archived View for gemini.spam.works › mirrors › textfiles › phreak › WIRETAPPING › lmos.phk captured on 2022-06-12 at 17:54:04.

View Raw

More Information

-=-=-=-=-=-=-

 Assistance Program)
 Title: lmos

               HOW TO MONITOR A PHONE LINE

                  (FROM A DIAL UP LINE)

                       WITH LMOS

                   by Monique   (frm WORM 1,5)

    The Loop Maintenance Operations System (LMOS) is an operations

system for Bell Operating Companies reppair bureaus. LMOS is a

database containing the online information necessary for trouble-

shooting and maintaining telephone service. Such information as:

costomer trouble report, customer name and address for all numbers

(including non-published), and telephone line histories are stored
{Slam a key , You SCURVY DOG}                             
here. Also present are maintenance functions which allow various

tests to be performed on a customers line. This includes AUDIBLY

MONITORING A LINE TO CHECK FOR TROUBLE. These functions are meant

to be only accessible via dedicated terminals.

    An LMOS host consists of two major parts: a front-end, and a

back-end. Although the back-end containes the database of

information, the front-end is what's commonly targeted by hackers.

A front-end is a mini-computer running a UNIX shell; in the older

configurations PDP 11/70's were used.The new LMOS set-ups, called

HICAP (short for HIgh CAPacity), are run on VAX 8600's or 8650's.

    In most cases these LMOS front-end hosts will have an async

dial up port, this is there window of vulnerability. Computer
{Slam a key , You SCURVY DOG}                             
hackers can easily gain access to the UNIX operating system because

of poor password choices by BOC employees. It is also through these

dial-up ports that telephone lines can be remotely monitored.

    After gaining access to the UNIX shell, the fun begins. The

main obstacle is that the the database is designed for synchronous

operation only. However, through a terminal program used by system

maintenance personnel to test the system, it is possable to use

LMOS remotely. This program, under various names, is commonly

located in either the /lmos/bin or /lmos/usr directories. Upon

running the program a user is able to enter commands as if she was

at a terminal within a telephone company office.

    The actual procedure to monitor a line is quite simple:
{Slam a key , You SCURVY DOG}                             
the command /FOR TV would be entered, thus bringing up a Trouble

Verification mask. The user would then fill-in the fields,

supplying such information as: telephone nuumber to monitor, test

type and a callback number.

    The type of test we are interested in is the QUICK test. In

order to monitor a line, a callback number must be specified in the

CB field. This number will be used to esteblish a voice connection

and must be in the same calling area. After a QUICK test begins the

user will receive a report with test results and information about

the customers line (CL) and the telephone companies equipment. If

the CL is currently in use LMOS can then give a call to the number

specified in the callback field. When the hacker picks up the phone
{Slam a key , You SCURVY DOG}                             
she will be hearing whatever is happening on the customer's line.

    Once the hacker is monitoring there are a few commands to make

her job more enjoyable. By using the plus and minus (+/-) keys she

may raise or lower the volume of the monitored call. If she has

anything to add she can press "t" and the other parties will hear

her. Keep in mind that two phone lines are necessary: one to

monitor the line and one connecting to LMOS.



COMMENTS: seems that some things are not being said here; "database

is desighned for syncronous operation only...through a terminal

program...poss. to use sys. remotely...prog. found under various

names, located in..." - how used(connected), and what those various
{Slam a key , You SCURVY DOG}                             
names are, is not mentioned. "CB #, must be in same calling area";

seems like you could use call forwarding to get arround this. "two

phones are necessary"; how about call waiting?... DISCUSION?
/s

[T.A.P. (Technical Assistance Program) #10]
[80] Read (1-86,<CR>,T,Q,P,A,R,B,W,D) :