💾 Archived View for spam.works › mirrors › textfiles › hacking › dpacintr.rot captured on 2023-11-14 at 09:50:42.
⬅️ Previous capture (2023-06-14)
-=-=-=-=-=-=-
Reign of Terror [ R o T ] Presents * ----------------------- * ***** INTRODUCTION TO DATAPAC ***** * ----------------------- * (and PSN's in general) Written by: Deicide A BEGINNER'S GUIDE TO CANADA'S LARGEST PACKET-SWITCHING NETWORK Accessible from local dial-ins in most Canadians cities as well as through every other packet-switching network world wide. --------------------------------- TABLE OF CONTENTS --------------------------------- I. INTRODUCTION - intro to Datpac/Advantages of PSN's - how it works - services/systems offered II. ACCESSING DATAPAC - From Canada: Datapac - From U.S. : BT Tymnet/Sprintnet - From Intl. : Your local packet-switcher III. WHAT CAN I DO? - Datapac Information Service - Legitimate use: Business use & Online service - Illegitimate use: Intro to NUA's IV. ILLEGITIMATE USE: YOUR COMPLETE GUIDE TO NUA'S - Theory of NUA's - Intro to Datapac's NUA's & NUA prefixes - NUA Scanning : Procedure - NUA Scanning : What to scan - Error messages - So you found a system... V. EXTRA - Special commands VI. CONCLUSION - Wrap up - BBS' to reach me on for extra help & NUA's ----------------------------- I. INTRODUCTION What is Datapac/Advantages of PSN's Well, Datapac, or DPAC as it is sometimes called, is a packet-switching network that allows you to connect to thousands of computer systems across the globe, free of charge! It allows the user access to any type of system you can imagine, from huge supercomputers & mainframes to tiny IBM 386's. You will find every type of company on packet-switching networks, from huge conglomerates like IBM and Xerox, to small non-pay BBSes, as well as government installations, etc. Datapac also has poor security, as it is extremely hard to track every call, considering there are thousands of connects every day across the network, and the authorities STILL haven't caught on to the amount of people abusing it , which means you can hack/phreak continually without much fear of prosecution from Telco. authorities, unless the people who run the systems themselves which you are abusing complain. It is also quite easy to make traces very difficult, as the amount of private PAD's(Packet Assembler/Disassembler) and outdials available on Datapac ensure at least a few bounces before arriving at your destination (you can communicate simultaneously with up to 255 different locations over one physical link! talk about a difficult trace(tho slow hacking)!). Also, if you need help with a network problem or a certain computer system you are trying to access, it is usually readily available, as most people have a local dial-in to a packet-switching network[also known as PSN, or PSDN (packet-switching data network, same thing)] that will allow access free of charge to the system you are working on, quite a bit simpler than a data # local to you only. And for all those reasons it is a fairly good place for the beginning h/p person to start out, especially in these troublesome days for us hackers(DIE FED DIE!!)(Damn k-rad c0DeZ kidz ruin it for us all). Sound like a dream?? Nope, it's a reality to many the hacker, so let's abuse it as much as we can before our Telco. authorities shut down our last refuge. Have phun! How it works First of all, the user connects to a remote dial-in port for their local packet-switcher, usually Datapac 3000 in Canada, and either Sprintnet(also known as Telenet, its previous name) or BT Tymnet in the U.S.. The dial-in is also known as a DTE(Data Terminal), or your X.25 PAD. X.25 is the protocol for transmitting data within the Datapac network, and Packet Assembly/Disassembly is how you get the data ready for transfer. When connected to a PAD the data you send is assembled by the PAD into "packets" which are then sent over the net at speeds ranging from 1200-56,000 bps, then received by the PAD of the system you are connecting to, and disassembled back into data the system can understand. The system then in turn sends back its response to your data in another packet, which your PAD disassembles and gives to you. Packets are generally either 128 or 256 bytes in size. The motive behind all this packet-switching is that it enables two computer systems with different protocols and baud rates to communicate, using one common standard, the X.25 protocal. When connecting internationally, Datapac uses the X.75 & X.121 protocols, with the same general principles behind the transfer of data. Services offered If you are REALLY new to H/P, and don't really know what you can do with the systems you access thru Datapac then here is a brief list: - Access to Online Services such as Compuserve and Prodigy with improved transmission quality, and a bit cheaper than direct dialing. Also a lot harder to trace if you are abusing an account. - Business administration tasks such as: -- sending/receiving files -- E-mail -- database access - Sales tasks such as: -- credit verification -- merchandise sales -- accounting - Order tracking & processing - Viewing and altering inventory lists - Shipping control - Dispatch - Information retrieval - Electronic Funds Transfer For us system abusers the illegitimate possibilities are endless! For the less bright of you, you can use these services to get files (some which could be VERY important, as in military secrets, etc..), reading other peoples private mail(funny to read the security people's mail to each other as they desperatly try and catch "hacker"), credit record retrieval (extremely valuable to some people, especially with credit trouble, fun to mail to them), and for the bored of you, you can send someone you hate 10 toilets. Then of course we have Electronic Funds Transfer, which is taking money from somewhere and putting it somewhere else...(any ideas people???). Draining bank accounts can also be useful if REAL revenge is needed(remember Newsweek's Richard Stanza?! hehe..) II. ACCESSING DATAPAC From Canada : Datapac To connect to the Datapac network from Canada you will need to dial into your local Datapac node, which is accessible in most cities via your local Datapac dial-in number. You want Datapac 3000 numbers, not 3101 numbers, as 3000 is what we will always be using. If it doesn't specify which, assume it is Datapac 3000. There are quite a few ways to find your local Datapac dial-in. It will usually be in your telephone book under "DATAPAC PUBLIC DIAL PORT 3000". If not, you could try directory assistance for the same name. Alternatively, there are a couple phone #'s for finding your dial port(these are also customer assistance): 1-800-267-6574 (Within Canada) 1-613-781-6798 Also, these numbers function only from 8:30 to 5:00 EST(Eastern Standard Time).Also, the Datapac Information Service at NUA 92100086 has a complete list of all public dial-ins. More on DIS later. I think you can use both communication parameter settings work, but 8/N/1 (8 data bits, No parity, 1 stop bit) is used most frequently, so set it initially at that. Some NUA's on Datapac use 7/E/1, change to it if needed after you are connected to a Datapac dial-in. Ok,if you have your Datapac 3000 Public Indial number, you've set your communication parameters at 8/N/1, then you are now set to go. Dial your indial just like a BBS(duh..) and once connnected: You will have a blank screen Type 3 periods and press RETURN (this is to tell Dpac to initialize itself) The Datapac herald will flash up stating: DATAPAC : XXXX XXXX (your in-dial's NUA) You are now ready to enter commands to Datapac. Example: (YOU ENTER) atdt 16046627732 (YOU ENTER) ... (DATAPAC RESPONDS) DATAPAC : 6710 1071 Now you are all set to enter the NUA for your destination. More on how to find NUA's later on in this article. From USA: BT Tymnet/Sprintnet When accessing Datapac from the United States, it is not necessary nor cost efficient to call a Datapac in-dial direct (unless you wish to connect directly to Datapac and are phreaking, but then why waste a good PBX/Outdial on something when you can access it free locally?), rather you could call one of the many other packet-switching networks accessible from the United States. From other packet-switching networks within the U.S. or Canada you can connect to Datapac addresses without a NUI or extra charge. The most popular of PSDN's are Sprintnet & BT Tymnet. To find a public indial port for Sprintnet you may possibly be able to find it in your telefone book(look under Sprintnet) or by Directory Assistance. If not, try Sprintnet Customer Service at 1-800-336-0437. This also will probably only function between 8:30 and 5:00 EST, maybe a bit different. Also, for a data number for in-dial look ups try 1-800-424-9494 at communication parameters 7/E/1(or 8/N/1 also i believe). Type <ENTER> twice or @D for 2400bps and press enter so Sprintnet can match your communications parameters. It will display a short herald then a TERMINAL= prompt. At the TERMINAL= prompt type VT100 for VT100 terminal emulation, if you are using a personal computer i think D1 works, or just <ENTER> for dumb terminal. Then type "c mail", at the username prompt type "phones", and for password type "phones" again. It is menu driven from there on. Now that you have your Sprintnet public dial port number, call it up like you would a BBS, then when it connnects type the two <ENTERS> for 300/1200bps or the @D for 2400bps, then it will display its herald, something like: SPRINTNET(or in some cases TELENET) 123 11A (where 123 is your area code & Sprintnet's address prefix and 11A is the port you are using) TERMINAL=(type what you did previously eg:VT100,D1,<ENTER>) then when Sprintnet displays the @ prompt you know you are connected to a Sprintnet PAD and you are ready to go. Read on for more information as to where you can go(NUA's). For finding Tymnet dial-ins the procedure is much the same, look in the phone book under Tymnet or BT Tymnet, or phone directory assistance and ask for BT Tymnet Public Dial Port numbers, or you can call Tymnet customer Service at 1-800-336-0149. Generally try between 8:30 and 5:00 EST. I don't have the Tymnet data number for finding in-dials, but once you are on Tymnet type INFORMATION for a complete list of in-dials as well as other things. Once you have your in-dial number set your communication parameters at either 8/N/1 or 7/E/1 then dial the number just like you would a BBS. At connect you will see a string of garbage characters or nothing at all. Press <ENTER> so Tymnet can match your communication parameters. You will then see the Tymnet herald which will look something like this: -2373-001- please type your terminal identifier If it wants a terminal identifier press A(if you want, you can press A instead of <ENTER> at connect so it can match your communication parameters and get your terminal identifer all at once). After this initial part you will see the prompt: please log in: You are now ready to enter the NUA of the system you wish to connect to. If you have the choice between either Tymnet or Sprintnet i would strongly recommend going with Sprintnet. Tymnet offers more services, but not too much more, and Tymnet has one MAJOR disadvantage, in that it only allows three mistakes at NUA's, then it disconnects. This flaw severly hampers NUA scanning extremely, in other words GO WITH SPRINTNET. III. WHAT CAN I DO???? Datapac Information Service(DIS) The first thing you may want to do upon your first connection to Datapac or alternatively Tymnet/Sprintnet is to visit the Datapac Information Service. DIS has a full list of public dial-ins, as well as a pretty good overview & documentation. You can reach it at NUA 92100086. So from Datapac type: 92100086 from Sprintnet : c 302092100086 from Tymnet : 302092100086 (you may or may not need to use a "1" in front of the NUA from tymnet or sprintnet) Legitimate Use Datapac can be used to connect to many online services & to perform various business functions, as described in the introduction, by authorized people. Unfortunely, people don't authorize us, so we find our own way in. Illegitimate Use Datapac & its systems can be abused in all the ways i described in the introduction, as well as for phreaking with outdials and so on."But how do I access these services and such?" you may ask. You enter the systems 8 digit Network User Adress(NUA also know as a DNA or Data Network Address)(9 or 10 digits if using LCN logical channel subaddressing)(up to 12 if on another packet-switcher: you must enter Dpac's DNIC as well) that is kind of like a computer's dial-up data phone number. "But i doubt that the system operators would be so kind as to hand over the NUA if i am not authorized to use the system!?!" Quite true, which is where the first stage of hacking comes in: NUA scanning, our next topic. IV. ILLEGITIMATE USE: YOUR COMPLETE GUIDE TO NUA'S Theory of NUA's NUA stands for Network User Address,also known as DNA's(Data Network Address) which is a packet-switching network's equivilant to a in-dial data number for computer systems. But instead of phoning the system directly with the data number, you first logon to your packet-switching system, then enter the NUA for the system you wish to connect to. NUA is the format used on every packet-switching network i know of, and definetly all the major ones. But a major difference between phoning a Montreal indial from Vancouver direct and calling a Montreal NUA from Datapac exists; it is that you don't have to pay for the call! Every call across Datapac, or any other packet- switcher for that matter, is automatically COLLECT(no operator involved as well unless specified otherwise by yourself upon enabling a NUI, more on that later. And systems are usually set up to automatically receive all collect calls, unless made "reverse charging systems" which force you to use a NUI or private pad. So you will never receive a long-distance bill for calling systems across Datapac, the operators of those systems assume those bills. Intro to NUA formats & prefixes Like a phone number, NUA's have many different parts to them, each with a special meaning. And, also like a phone number, the NUA format varies depending on where you are calling from, although certain segments are always used. Take for example the phone number: 1-666-555-1234 It has four parts to it, the long distance number (1), the area code(666), the local prefix(555), and the number(1234). Say this number is in Igloo, Yukon. If you are from outside the province (eg: BC, Montreal, California, etc..) you must dial the full number. If you are inside the province but long-distance to the city itself, you must use the long distance number, plus the local prefix and the number, while excluding the area code. If you are inside the city & province, or within free calling of that number than you only need dial the local pref. and the number. It is something like that with a NUA, but the long-dist. prefix usually does not apply, although i have to use it to connect to other packet-switchers outside Datapac, and it is possible that if you are calling from a different packet-switcher you will too, try without it first, if it doesn't work, use it. NUA's can be between 4 and 14 digits, with NUA's within Datapac being 8 digits normally, 9-10 digits with subaddressing(more on that later). The NUA has up to five parts: -The pre-DNIC digit(usually not counted as part of the NUA, just a prefix) -The DNIC -The address prefix -The address -The LCN digits The pre-DNIC digit is like a long distance number prefix, its use is varied: The pre-DNIC digit for Datapac is 1 when calling international. The pre-DNIC digit for Sprintnet is 0 i believe. (try 1 when calling to Datapac from another network does not work properly) The The rest of the address is unique and non-optional(changing 1 digit will call a completely different system), although as i illustrated with the telephone example above, certain parts of it may be omitted from the full address. The reason for this uniqueness is mainly the DNIC, or Data Network Identification Code, which is the packet-switching networks own prefix. It MUST be used when connecting from to a system that is on a packet-switching network other than the one you are currently on. Some PSN's DNIC's are: Datapac : 3020 Tymnet : 3106 Sprintnet: 3110 The third part is the address prefix, which is like an area code(but non- optional), it specifies which part of the country you wish to call, as designated by the packet-switching company. On Sprintnet the address prefix corresponds with the area code that you are calling(ie the area code for Seattle is 206, so every address that has a 206 prefix is in Seattle). On Datapac it does not correspond to the area code you are calling, rather they were distributed in chunks, like early 6XX is Alberta, and late 6XX is B.C. etc. Address prefixes are generally 3 digits then a zero. The fourth part is the address, or port, which designates the computer you are calling within the prefix & DNIC. The addresses are generally not handed out in any specific way, although companies occasionally buy large blocks of them at a time, so you may find 20 of the same company's computers in a row. The last part's use is rare, it is the system subaddressing, or Logical Channel(LCN). They are the 9 and 10th digits of a standard address within Datapac(without long-d pref. or DNIC). These are not used frequently enough to scan regularly for, though, as a general rule stick to the 8 digit format. NOTE: If you find a Gandalf system(i'll explain how to identify them in another g-phile)they will often have 1, 2 & 3 subaddressing. After finding the address try a 1,2 or 3 after the address. Gandalf's generally have the systems FOX,LOGGER & MACHINE after an XMUX which are generally on standard addresses. FOX is just a test machine, LOGGER has a very small log, and on MACHINE enter S for small log of the XMUX, L(system optional) for a complete log of NUA's/user-id's for a system-specified amount of time, sometimes up to a month) SAMPLE FORMAT FOR CALLING PACKET-SWITCHING NETWORKS OTHER THAN THE ONE YOU ARE CURRENTLY CONNECTED TO: (brackets not included,used for illustration) (1)(3020)(1230)(0001)(01) | | | | | | | | | | International Prefix | | | (if needed)(or zero) | | | | | | | Datapac DNIC | | | | | | Address Prefix| | | | System's Address| | LCN Subaddressing(if used) REMINDER: On sprintnet you must use a 'c' then a space before the NUA SAMPLE FORMAT FOR CALLING DATAPAC SYSTEMS FROM WITHIN THE DATAPAC PACKET- SWITCHING NETWORK: (brackets not included, used for illustration) (1230)(0001)(01) | | | | | | Address Prefix | | | | System's Address | | LCN Subaddressing(if used) Usually within Datapac the address will just be 8 digits, use that as a rule when scanning. NUA Scanning : Procedure Ok, so now that you know how all this works, you will want to begin using it, but you need NUA's to call, and most Operators won't hand them out freely (unless you are skilled at social engineering), so what are you to do? You could get a copy of a NUA list off someone, or from Eric Bloodaxe's article in the LOD Technical Journal #4, or from one of the lists in Phrack (issues 21 and 27, i believe). Or you could get your own by NUA scanning! The best choice would be a computer automated Datapac NUA scanner, much like a wardialer for direct calling but for use on Datapac. The most popular one i know of for Sprintnet is NUAA, a great program by Doctor Dissector. If you are hacking thru Datapac i know of none out yet, but never fear, RoT is coming out with one very soon. Although most Sprintnet scanners are meant for Sprintnet scanning, most of the good Sprintnet/Tymnet scanners(NUAA included) have an option to use DNIC's, so you can set it up to scan Datapac NUA's. If you can, try and get a scanner that does addresses randomly within a specified field, then saves where you are for next time, because this is less risky than doing sequential scanning (if by miracle a Telecom Canada employee actually notices your scanning!). Read on for more on "what" to scan(prefixes etc..). The second way, which is much more exhausting and time consuming(but a good alternative if you don't have a computer scanner)is manual scanning. Wait, don't scream yet! This is not AS bad as it may sound, if your term program has an option for macros on it(as any worthwhile one does). If not, and you still choose to do manual scanning, then i commend you for your dedication, as i sure the hell wouldn't do it! First of all, you need to get into your macro settings screen, which on TELIX is <alt>K, then T for Terminal Settings. Look in the help screen or docs of other programs for proper procedures. Usually you would pick a normally useless key, like one of the function keys(the best are F1 and F12, you are less likely to hit others, and it goes faster), and turn it into your macro key. From Datapac you want to scan 8 digit numbers, so enter the prefix you want(three digits usually) then make the rest zeroes until you have 6(SIX) digits on your macro. eg: 999000 The reason for this is that you only have to enter your macro key then two digits on your keypad then <ENTER>, so with a little practice you can make the process quite fast. Also with a little practice, it is such an automated process that it takes very little concentration, so you can pretty well do it in your sleep(or at least while listening to music, talking on the phone or watching TV). The easiest way to do this type of scanning is sequentially, which is risky when doing PBX's(Public Branch eXchanges) and occasionally risky when doing direct-dial scanning, but generally not risky when doing it on Datapac. So start with 00 and go until you reach 99, then enter your macro again and change the last digit to a 1, and start with 00 again, but now you will be doing 100's. Then, when done, repeat process with a 2 for 200's. Do this until there are only blank addresses for a while(or you get bored). A sample macro scanning session from Telix on Datapac would be: <alt>K, T , F1, 999000 (setting macro up for use) <F1>00 (enter your macro key, then 00, then <ENTER>) <F1>01 (enter your macro key, then 01, then <ENTER>) <F1>02 (enter your macro key, then 02, then <ENTER>) and so on... then after 99900099: <alt>k, T, F1, 999001 (setting macro up for next set of scans) and so on... NUA Scanning : What to scan Ok, now that you are able to connect to Datapac, and you know how to find systems, you are probably going to want to start right away...Don't! For maximum success in finding quality NUA's go at it with an attack plan: Know what you are scanning!! For example, there will be a substantially less amount of really great NUA's in a NUA prefix of Halifax than there would be in Toronto or Ottawa!! First of all,there are millions more people in Toronto or Ottawa than there are in Halifax, also, the majority of corporate business headquarters and government installations are housed in Toronto and Ottawa. Other good NUA prefixes to scan would be those in Vancouver, with another ton of NUA's in Montreal & Quebec City. Every province has a large number of NUA's, and you will eventually want them all, but you will want to start in a prefix with a large amount of quality connects so you won't be discouraged. "Ok, that's really neat, but how the hell am i supposed to know where i'm scanning on Datapac?" you might say. That is really true, because unlike Sprintnet the area codes don't correspond to the NUA at all. But, NUA prefixes are handed out in large chunks, with few exceptions, so you will have a good idea of where you are scanning from this list: early 200's: ONTARIO - Ottawa, Windsor, Kingston mid 200's: ONTARIO - Ottawa, Sudbury, Toronto late 200's: ONTARIO - Windsor all 300's: ONTARIO - London, Toronto, Kitchener, Guelph early 400's: QUEBEC - Quebec City mid 400's: ONTARIO - Hamilton, Toronto, Oshawa, Scarborough late 400's: QUEBEC - Quebec City, Montreal early 500's: QUEBEC - Montreal mid 500's: QUEBEC - Montreal midlate 500's: YUKON - Yellowknife, Inuvik late 500's: ALBERTA - Edmonton, Calgary early 600's: ALBERTA - Calgary mid 600's: B.C. - Vancouver, Kelowna, Prince George, Surrey late 600's: B.C. - Vancouver verylate 600's: MANTITOBA - Winnipeg early 700's: SASKATCHEWAN - Regina, Saskatoon mid 700's: NEW BRUNSWICK - St. John midlate 700's: NOVA SCOTIA - Halifax, Dartmouth late 700's: NEWFOUNDLAND - St. John's early 800's: ONTARIO - Toronto premidearly 800's: QUEBEC - Montreal midearly 800's: B.C. - Vancouver, Burnaby mid 800's: ONTARIO - Ottawa late 800's: ONTARIO - Ottawa early 900's: ONTARIO - Toronto,Clarkson premid 900's: MANITOBA - Winnipeg mid 900's: ALBERTA - Edmonton prelate 900's: ONTARIO - Toronto, Brampton late 900's: ONTARIO - Toronto Now, this list is just a general rule to help you out, there will be exceptions & additions. Also, the cities used are just examples found commonly in that prefix, there will be many other cities found than those mentioned as examples.The format for this guide is (area prefix)XXXXX, as in 200XXXXX where XXXXX is the rest of the address. Remember, you will find a lot of "bad" prefixes where there is little or no connects. Don't be discouraged, try some more, remember, there are TONS of great prefixes out there just waiting to be scanned...get to it! Error Messages Ok! Now you've started scanning and everything has been just great, tons of connects, no problems, right?? Well, maybe, but not usually. If you are lucky you will find an average prefix with quite a few connects, and more than your share of error messages. Error messages are VERY common, even if you are on an incredible prefix with huge amounts of connects, you will find a greater amount of error messages. Here is a small guide to those error messages, what they mean, and in some cases, how to get by them. ADDRESS NOT IN SERVICE: By far the most common message. It means that the address you are calling does not currently host a system. It may at sometime in the future, but not right now. These are unfilled and useless for now. COMMAND NOT ALLOWED: This is found frequently when you try to connect to another Datapac address directly from Datapac while still on another Datapac system. Sound confusing? I encountered this occasionally when phreaking off Datapac outdials; sometimes for various reasons i would return to the Datapac prompt(errors, etc), but i was still physically connected to the outdial, so Datapac would not allow me to call somewhere else as i was already using a Datapac system! If you were not connected to anywhere important, hang-up and call back, that clears the connection. If it was important you can *try* to exit the terminal program and then enter again, while not hanging up. This works most of the time, but occasionally it will malfunction and drop carrier. In this instance your only choice is to call back. BUSY: This is a completely ambiguous command; it essentially means that the system will not accept any more calls. BUT, the system may just be temporarily busy(a user is already on), down for a day to a week(maintenance) or permanently busy(various reasons). You may choose to call back at a different date, some people just ignore them and move on. INCOMPATIBLE CALL OPTIONS: It means that you have facilities not available at the system you are attempting to reach, or are just simply non-compatible. Don't bother with these. TEMPORARY NETWORK PROBLEM: These "temporary" problems are frequently permanent and exist over entire prefixes. Skip these prefixes. If you want, try them in a month or so. DESTINATION NOT RESPONDING: Either the destination is ignoring your call request, or it is down(either temporarily or permanently). ACCESS BARRED: I know very little about this "mysterious" error message although it is found frequently. It has something to do with the network itself blocking the call, because of a Closed User Group Violation. Now, i also know little about Closed User Groups, other than the command to enable them is 'c' at the Datapac prompt(although 'c' by itself just gets the error message "Closed User Group error", so you'll have to figure out the parameters yourself, sorry..). REMOTE PROCEDURE ERROR: This is the message given to you when you have not given a full address. Occasionally, the host system will specify the use of mnemonics in the address. Without these mnemonics, the call will not go through. The mnemonics are placed after the NUA digits, divided with a COMMA (,) which tells Datapac that you are now using data chars. As far as i know, the mnemonic can be anything, probably within 8 characters. Common mnemonics are: Modem, system, console, logon, access, dial. It depends on the system operator though, it can be anything he desires, quite often the company name or the function of the computer. Another thing about mnemonics is there can be multiple mnemonics possible for each system, like two mnemonics on one system, each separate from each other. The reason for this is to specify which system you wish to access, this is used occasionally if there are two separate systems on one NUA. To clarify this here are a few samples: Normal NUA w/mnemonic : 99900999,modem NUA with LCN + mnemonic : 111001112,modem NUA with multiple mnemonics: 12300456,host (to access host system) & 12300456,dial (to access outdial) REMOTE DIRECTIVE: Shows that a clearing of a virtual circuit in response to a clear request packet from the destination. Which means that you have been cleared of the line by a request from the system you are connected to. Occasionally using a subaddress will get by this, and proceed to the subaddressed system. Try it occasionally or when you suspect a system is present. COLLECT CALL REFUSED: To understand this you must know that every system you call that you DO NOT receive this message on you are calling collect, charging the call to the system. But, some systems DO NOT want to pay for collect calls, and will not accept them. These are called "reverse-charging systems", as that is exactly what they will do, reverse the charges back to you. But, you are not set up to pay for these charges, so you do not accept them and every thing cancels out and you're back to the Datapac prompt. There is, however, a common way to get past this dilemna. Use a NUI(Network User Identifier). NUI's are the packet-switching network's equivalent to a Phone Calling Card. This is a personal account that when invoked will automatically accept all charges, regardless of whether the system is reverse-charging or not. This is the best way to get past reverse-charging systems. The regular joe can get themselves a NUI, but unfortunely, they won't be much good to you for hacking if the system knows your real name, and by a request to Telco. authorities your address and phone number as well! So what you need is someone else's NUI! Unfortunely, these are pretty hard to come by. A large amount of trashing, or a B&E might net you one or two, its hard to say. It's also hard to say how much usage you will get out of it before the NUI goes down. NUI's are 6-8 character alphanumeric codes that should be entered before making your call request. Along with each NUI comes a password(what did you expect). Datapac claims that the NUI format is different from system to system, so if the following format does not work for you, experiment until it does(unless your NUI is no longer valid). Type NUI followed by your 6-8 character code. Datapac will prompt for a password(which is shadowed), then after that Datapac will tell you the NUI is active and you have NUI status, and then you are ready to go. Example: (user) NUI XXXXXXXX (Datapac) Password: (user) XXXXXXXX (not sure on length requirements) (Datapac) DATAPAC : Network User Identifier XXXXXXXX active NUI Status So you found a system... Now, after all this preparation and work, you finally have some connects! Some of these may be blank or useless, but you should probably have a few decent ones with at least a prompt. In another upcoming [RoT] g-phile i'll give you the ways to identify most systems, defaults for those systems, and tips on brute forcing, etc. But for now, if you find a UNIX try root/root (unlikely, but hilarious if it works), guest/guest on a VAX/VMS(also unlikely nowadays, but you'll still find the occasional one), autolog1/autolog on VM's, prime/prime on Primos & mgr.telesup,pub/hponly on HP3000's and Autolog1/Autolog on VM/SP's. V. EXTRA Special Commands I have not toyed much with unlisted commands, but i've found a few: c | something to do with closed user groups f | it's a service option(it says "not subscribed") l | sets packet sizes somehow(i couldn't get 128 or 256 to work) n | some kind of NUA option(function unknown) p | a NUA option that sets packet size to 128 r | same as n, says n too t | something to do with RPOA's(Registered Private Operating Agencies) | which are the ID's of the online system. set | a weird one, it goes to about 3 line down and sits there | if you type a NUA it will go there. The NUA options are shown in the inital connect string that Datapac sends first upon connect. A usual connect string without options would read like (01) n,remote charging,256,XXXXXXXX where 01 is the node, remote charging, 256 is the packet size, XXXXXXXX is the NUA, and n is the NUA option(n = no service option??). But when you enter the 'p' NUA option where the 'n' is in the above illustration is now 'p'. I haven't experimented much, maybe some other time.. VI. CONCLUSION Wrapping it up Well, i suppose that is all for now, hope you have a phun time exploring Datapac, try not to get busted, and if you do, don't blame me. For questions comments, fan mail, hate mail, or just talk you can always find me at any [ R o T ] HQ or Dist. site. Seeya... Deicide [RoT] H/P coordinator RoT HQ's ------------ For all your H/P/A/C/V needs as well as all the RoT programs and G-Philes as soon as they are released call: [RoT] WHQ [RoT] USHQ -- 6 ???T ??D?R -- -- the Cellar -- [604] 824-0317 [401] PRI-VATE GREETZ: Ruskin, RT, K-Neon, Lint, B-Eagle, Ydiner, Kamikize, Case(what happened??), Shadow Hawk, Sandalwood, Phrack(i grew up on it), cDc(mental but cool), LOD/H(for old times sake) & Robin Hood(for giving me a chance).