💾 Archived View for spam.works › mirrors › textfiles › hacking › tcsb.05 captured on 2023-11-14 at 09:58:42.

View Raw

More Information

⬅️ Previous capture (2023-06-14)

-=-=-=-=-=-=-


_______________________________________________________________________________

              An Introduction to Packet Switched Networks Part I
                      Written by Blade Runner on 08/20/88

                   A Telecom Computer Security Bulletin File
_______________________________________________________________________________


   1. GENERALITIES

      The  growth of data transmission  services present  more problems due to
   several  types of  protocols, either in asyncronous or syncronous ways, and
   it needs higher speeds that can allow a faster service.

      To guarantee a service with  these characteristics it is helpful to work
   on lines, making them less afflicted from line noise, and on data, with the
   adding of redundancy codes for data correction procedures;  we also have to
   find a solution that can allow the use of all protocols, either asyncronous
   or syncronous, on the same physical media in order to use the same line for
   both means.

      At  that, we  must allow  the capability  to optimize  data transmission
   systems,  by arise  the connections wires between two points, so the safety
   of the system,  in it's  globality from  computer  to  terminals,  will  be
   augmented and made as best is possible.

      The  International Standard  Organization (ISO)  has studied  a way that
   works  with all  connection needs between  computers and terminals, building
   a model to refer that can be used as common mind to develop branch reagles.

      The  ISO's model  is OSI  Architecture  (Open  System  Interconnection),
   where  "Open"  means  that system is  open to other systems  that have well
   fixed standards.

      In that architecture a data transmission system, meant as globality from
   computer  to transmission line, is sub-divided into seven levels,  each one
   is doing a colloquial  protocol  with  an  analogous  level  that look  for
   interconnection  between the  two, following  a logical  wire equal to this
   which is shown in the following scheme:

            A                                     B

       +----------+                          +----------+
       |    7     |< ---------------------- >|    7     |
       |----------|                          |----------|
       |    6     |< ---------------------- >|    6     |
       |----------|                          |----------|
       |    5     |< ---------------------- >|    5     |
       |----------|                          |----------|
       |    4     |< ----------------------->|    4     |
       |----------|       +----------+       |----------|
       |    3     |< --- >|          |< --- >|    3     |
       |----------|       |----------|       |----------|
       |    2     |< --- >|          |< --- >|    2     |
       |----------|       |----------|       |----------|
       |    1     |< --- >|          |< --- >|    1     |
       +----------+       +----------+       +----------+
                               |
                               V

                Physical device of interconnection

      The seven levels are called:

          Application Level    -   7
          Greeting Level       -   6
          Session Level        -   5
          Carrying Level       -   4
          Network Level        -   3
          Line Level           -   2
          Physical Level       -   1

      The higher levels are strictly wired to the computer world and intellig- 
   ent terminals  (levels 5,6 and 7)  while lower levels are wired  to network
   interconnection problems, about transmitting devices and error correction.

      The  physical device  of interconnection  between two  OSI systems  will
   provide a three-level structure,  making able the structurization of a net,
   e.g., that of following figure:

             users                             users
    +-----+  | | |                             | | |
    | OP1 |  | | |                             | | |
    +-----+ +------+                         +------+
       |____| city |<----------------------->| city |
        ____|  A   |                         |  B   |____
       /    +------+                         +------+    \
       |        |    \                       /   |       |
       |        |      \                   /     |       |
       |        |        \               /       |       |
       |        |          \           /         |       |
       |        |            \       /           |       |
       |        |              \   /             |       |
       |        |                X               |       |
       |        |              /   \             |       |
       |        |            /       \           |       |
       |        |          /           \         |       |
       |        |        /               \       |       |
       |        |      /                   \     |       |
       |        |    /                       \   |       |
       |    +------+                         +------+    |
       |    | city |<----------------------->| city |    |
       |    |  C   |                         |  D   |    |
       |    +------+                         +------+    |
       |             \                     /             |
       |                \               /                |
       |                    \         /                  |
       |                      +------+                   |
       \--------------------->| city |<-----------------/
                              |  E   |----\
                              +------+  +------+
                               | | |    | OP2  |
                               | | |    +------+
                               users


      We can make the following assumptions about the above structure:

      a)  The net  is composed by a certain number of devices (in table: A, B,
   C,  D, E), called nodes, connected between themselves at high speed so that
   operator "1" can connect to operator "2" by  several ways,  following  more
   than  1  directive  (e.g. "A, C, E"  or "A, C, D, E"  or "A, B, D, E")  and
   following traditional system he can use only one way, the "A,E" connection;

      b) The user doesn't need more than one physical line in his "possession"
   when connecting (e.g. OP1 with OP2), but only of links to network (in table
   1 links to the "A and E" nodes) with short wiring, that are possible with a
   modem at base band then at low prices.

      The  structure that is nearest to the OSI model is called "PSS"  (Packet
   Switching  Network) and was analyzed from CCITT (International Consultative
   Commitee for Telephonist and Telegraphy) with the X25 recommendation.  This
   recommendation defines the interface  between DTE (Data Terminal Equipment)
   and DCE  (Data Circuit Terminating Equipment) for  terminals that work with
   the PSS net.

      The  DTE is strictly known as the source (or the receiver) of data pack-
   ets to (or from) the network and physically can be a Host computer, a Front
   End Processor or an Intelligent terminal.

      The  DCE, strictly talking, as common consent, is the device that  maybe
   converts these packet-signals received from  DTE in  a way  that  might  be
   transmitted  on lines  (e.g. the modem, the TDM, the line couplers), but in
   the sense used  by X25, it can be assumed the means of node access or swit-
   ching node to which DTE is connected.

      The  X25 recomendation  is therefore  the local  interface between a DTE
   and a DCE (see next table).

      +----------------+    +------------------+    +-----------------+
      | Computer       |<-->| network          |<-->| Intelligent     |
      |                |    |                  |    |  terminal       |
              |                  |         |               |
              |                  |         |               |
              |                  |         |               |
              |     X.25         |  X.75   |   X.25        |

      The above table is composed by several blocks, which we can observe as:

      |   Host      |  FEP       |
      |<----------->|<---------->|    .
      |             |            |    .
      +-------------+------------+    . +---------------------------------+
      |             |            |    . |            modem        --------|
      | characters  |  X.25      |====.======|----> -----z----<---|       |
      |  generator  |  generator |    . |                         | node  |
      |             |            |    . |                         |_______|
      |-------------+------------+    . +---------------------------------|
                    |                 .                                   |
                    |     DTE         .                                   |
                    |<--------------->.<--------------------------------->|
                    |                                                     |
                    |<--------------------------------------------------->|
                    |                                                     |

      We can see in "table 2" wires in the network domain are marked as  X.75.
   The CCITT has  issued  this  X.75  recomendation  (control  procedures  for
   transit  calls or  terminals and  data transfer  systems  on  international
   calls  between PSS  networks) that  usually is used  only for international
   calls but can be used in country calls for interconnection between nodes.

      The  X.25 recomendation  is not  valid to  simple terminals (start-stop)
   and  ACPs (Packet  Adapter-Concentrator or  PAD) that  can be  connected to
   public data networks.  Standards for  these  devices are  regulated by  X.3
   recommendation (Protocol converters/adapters),  X.28 (DTE/DCE Interface for
   start-stop  terminals who logon to  ACP on a structured network in national
   places) and X.29  (exchange procedure  for  information  control  and  data
   between ACP and X.25 terminal or other ACP).

   2. X.25 STRUCTURE

      In the "X.25 Interface", three levels are defined.  Each level procedure
   uses functions offered by the other level as soon under, but they dont care
   how the  lowest level is to be  implemented.  This is so  that a particular
   can be implemented in any of several levels,  so long as it will obtain the
   final results.

      In addition,  the X.25 recommendation  will specify protocols  and rules
   that will decide the information exchange between  simiar levels in DTE and
   DCE, which can be understood from the next table:

              |           DTE            |
              |<------------------------>|
              |                          |
      --------+-------+-------+-------+  |        +-------+-------+-------+
      .       | level | level | level |  |        | level | level | level |
      .       |   3   |   2   |   1   |--|->==<---|   1   |   2   |   3   |
      --------+-------+-------+-------+  |        +-------+-------+-------+
          |       |       |       | X.21 |                    |       |
          |       |       |       | bis  |                    |       |
          |       |       |       |<---->|                    |       |
          |       |       |<--------------------------------->|       |
          |       |                 HLDC Connection                   |
          |       |<------------------------------------------------->|
          |                    Packet level X.25
          |<------------------------------------------------------------...
                             Talking protocol

      Every level will accumulate information from the lower level and it will
   add a header with eventual redundancy codes before to  make the information
   transmitted  through present  the  interface from the  lowest level using a
   step by step structure as shown in the next table (block 1 is inserted into
   block 1 and so on).


   LEVEL 1

      Physical   Interface:   this   defines   the   electric   and   physical
   characteristics of  the interface going on  the used  line or switched line
   into  network.  Voltage tensions, connectors used, and transmission methods
   are defined in level 1.  The most important characteristic of this level is
   that it supplies a point-to-point  transmission,  full-duplex,  for digital
   transmission.

   LEVEL 2

      Access  to connection  procedure: (LAP = Link Access Procedure or LAPB =
   Line  Access  Procedure  Balanced).  This  level  will  specify  a  control
   procedure on data to correct mistakes  due to  physical level.  It includes
   control methods of Network Congestions during the DTE and DCE exchange.

      This uses the media known as HDLC protocol (High Level Data Link Control
   defined  from ISO as the header building as an  activation procedure of the
   connection.

                                 +---------------+
                                 | message with  |
                                 | destination   |
                                 +---------------+
                                         |
                                         |  packet level
                                         |
                                         V
                        +-------+----------------+
                        | packet|                |
                        | header|                |
                        | start |                |
                        +-------+----------------+
                                         |
                                         |  connection level
                                         |
                                         V
               +--------+------------------------+---------+
               | HLDC   |                        .  CRC    |
               | header |    information         .         |
               | start  |                        .         |
               +--------+------------------------+---------+
                                         |
                                         |
                                         |
                                         V
      +--------+-------------------------------------------+------+........
      |        |                                           |      | next
      |  flag  |                                           | flag | header
      |        |                                           |      |
      +--------+-------------------------------------------+------+........
                                                 |
                                                 |
                                                 |
                                                 V
      +-------------------------------------------------------------------+
      |                                                                   |
      |         bit string                                                |
      |                                                                   |
      +-------------------------------------------------------------------+

   LEVEL 3

      Packet  Level:  this  level is  the  higest  and  specifies the way that
   information  are packet  structured and the  procedure in  which to proceed
   with connections.  It has the function to Concentrator because it can mult-
   iplex a number of logical channels  into a unique physical channel,  mixing
   packets  coming from  differents channels.  Each  logical  channel  has  an
   independent control regarding packets and has a CRC for each channel.

   Virtual circuits

      The Third level has virtual channels, that are bi-directional associat-
   ions between two DTE; via these associations packets are exchanged.

      It is like, via the several nodes in the network, a dedicated link betw-
   ween the two DTE.  These virtual circuits maybe temporary, and in this case
   they  are  called  "switched  Virtual  Circuits"  (SVC)  or  fixed,  called
   "Permanent Switched Circuits" (PVC).

   3. LEVEL 1 - Physical interfacing

      This  level is  specified from  physical characteristics  of CCITT  X.21
   recommendation  (physical interface  between  DTE and  DCE; for asychronous
   operations  on data) and X.21bis (data network usage for designed terminals
   to  interface with  syncronous modems  of series V) used in a provisory way
   to afford to use modems  actually on market.  Upon mentioned recomandations
   are  not depending on the  transmission device  as they  provide  that  DCE
   (modem  or line  coupler) will  be the  part  that takes  care  of the line
   technology.

      The X.21 CCITT recomandation declares:

      -  Physical characteristics  about the interface, the type of connectors
   and the wire assignment (X.24, 8 ways, 15 pin);

      -   electrical  characteristics   of  signals   (X.26  and   X.27  CCITT
   characteristics as EIA RS 423 and RS 422 respectively);

      - the serial asyncronous transmission;

      -  wires that  must be point-to-point, working in full-duplex (from that
   we can understand we cannot work in a multi-point structure);

      - the necessary procedures to afford a switched connection;

      - the necessary procedures to afford a dedicated connection.

      The  level 1  will consider  only first  4 points  suggested from  X.21,
   all others are of level 3.

      Table 6 shows the circuitry,  for functions exchange,  provided from the
   X.24 recommendation of CCITT.

      This  interface is  absolutely transparent  to data  transfers thanks to
   special  C and  I lines  that are used to  determine if the data on T and R
   lines are controls signals or data signals.

      The  X.21 recommendation  is supplied  for interfacing devices at digital
   level,  so it is difficult  to use  for moment,  the temporarly  is used the
   X.21bis  recommendation that is compatible with actual series V modems.

      Electrical  characteristics about iterfacing circuitery  for speeds less
   than  20 kbit/s  are conform  to V.28  recomandation of CCITT that use a 25
   pins  connector with  pins as  standard from ISO with scheme # 2110 or with
   X.26  recomandation that  provide a  37 pins  connector with  ISO  standard
   scheme  at # 4902.  It is up to the local administrators to choose the con-
   nector types and the interfacing type to offer as part of their service.

                        user                                Network
             |<--------------------------------------->|<--------------->
      +-------------+                 +--------------+ |  +---------------+
      |             |<-(T) xmit data->|              | |  |               |
      |             |<-(C) control--->|              |-|->|               |
      |   DTE       |<-(R) rec'd data>|   DCE        | |  |    node       |
      |             |<-(I) info------>|              | |  |               |
      |             |<-(S) time base->|              |<|--|               |
      |             |                 |              | |  |               |
      +-------------+       |         +--------------+ |  +---------------+
                            |
                   ---------------------
                     Interfacing point

      To obtain speeds in exceess of 20 kbit/s the electrical characteristics
   are following what is provided by the V.35 recommendation that uses 34 pin
   connectors as ISO standard draw #2593.  The table's indicating interfacing
   circuits considered by X.21bis recommendation.


      Interface Circuit              Description

            102                           Signal ground
            103                           Send data
            104                           Received data
            105                           Transmission request
            106                           Ready to transmit
            107                           DCE Ready
            108/2                         DTE Ready
            109                           Carrier detector
            114                           Time base for transmission
            115                           Time base for receiving
            140                           Loop remote probe
            141                           Local loop probe
            142                           Running test

   4. LEVEL 2 - Link procedures

      This level is a "point-to-point" link, and is normally known as the
   "frame level" or "header level".

      It follows terminologies and is under options specified from ISO HLDC
   protocol.

   4.1 Level 2 functions

      Level 2 transforms to a  physical circuit than can be affected by errors
   in a logical connection between  DTE and the network, a link  that  can  be
   understood as released from an error happening: this  defines a  correction
   level  based on  automatic request  about echoing as data is not considered
   as  transmitted since  an error  is  received  or  a  receive  confirm  has
   been received.  Only fully completed data are accepted from receiver.

      In addition, this level will provide the  ways for the  recognizing of a
   start  and end  header,  the error  recognizes  about  a  bit  (via  a  CRC
   computation) and the loss of header (by count headers).

      Basic directives of the system will provide:

      -  the "bit oriented" and  no "char oriented" structure: this means that
   information may be contained also in only one bit, and we are released from
   a  certain bit  multiple as  in the  "character oriented  way" in which the
   information (character is linked to a table (e.g. ASCII 7 bit).

      -  the existence  of CRC  ad each end of header and sequential numbering
   of headers.

      - the correction of error by the re-transmition of data.

      -  the primary  and secondary  station definition without any particular
   priority of the start of transmission.

      - complete full duplex.

      The wire specific at level 2 are the point-longs :

      1)  the structure  of header: meant as format of header, then as length,
   as CRC computation point, as sincronicity character;

      2)  procedure elements:  allowed commands, answers and actions that must
   be taken following the cases: these operations follow the HDLC;

      3)  class of  long procedure:  the HDLC will provide a certain number of
   cases about the classes and procedures of link following the  configuration
   type  and operating  way; the  X.25 recomandation uses two classes  of link
   procedures (see table 7):

         - simmetric, usually called LAP (link access procedure),

         - balanced, usually called LAPB (link access procedure balanced).

      +----------------+                          +-------------------+
      | primary source |                          | receiver          |
      |        A       |-->OO                OO-->|         A       |
      +----------------+< >OO----------------OO   +-------------------+
                         X                     \ /
                        / \                     X
      +----------------+   OO----------------OO< >+-------------------+
      | receiver       |   OO                OO<_ | primary source    |
      |         B      |<_/                      \|        B          |
      +----------------+                          +-------------------+

                            Simmetric LAP configuration


                  DTE                                 DCE
      +----------------------------+     +-----------------------------+
      |    source   |              |     |             |  receiver     |
      |             |  primary or  |     |  primary or |               |
      |             |   secondary  |====>|   secondary |               |
      |-------------|   combinator |     |   combinator|---------------|
      |  receiver   |              |     |             |  source       |
      |             |              |<====|             |               |
      +----------------------------+     +-----------------------------+

                            Balanced LAPB configuration

      In  the first case the running can be compared with half-duplex running,
   in  the mean  that initialization  is done  before in a way and then in the
   other,  before an  error the  channel can  be re-initialized  without other
   aid. This can cause, in some operating conditions, malfunctioning phenomena
   (see table 8).

      The  LAPB procedure will  have  none of these  malfunctions because only
   with a command will these do the re-initialization to both sides.

      The B station will re-initialize, but primary station A can not perceive
   therefore  it  has  not requested  no one  correct recognizing of secondary
   station.  In this way we obtain a reset of counters only in one way.

   Instant 1,2                                         Normal Running
   /----------                                         ---------------\
   |                                                                  |
   |  +-----------+             Information           +------------+  |
   |  | Primary A |---------------------------------->| Secondary  |  |
   |--|           |<----------------------------------|        A   |--|
   |  +-----------+         Correct receiving         +------------+  |
   |                                                                  |
   |                                                                  |
   |                                                                  |
   |                                                                  |
   |  +-----------+             Information           +------------+  |
   |  | Secondary |---------------------------------->| Primary B  |  |
   \--|        B  |<----------------------------------|            |--/
      +-----------+         Correct receiving         +------------+



   Instant 3,4                                       Abnormal Running
   /----------                                       -----------------\
   |                                                                  |
   |  +-----------+         Don't transmit            +------------+  |
   |  | Primary A |---------------------------------->| Secondary  |  |
   |--|           |<----------------------------------|        A   |--|
   |  +-----------+                                   +------------+  |
   |                                                                  |
   |                                                                  |
   |                                                                  |
   |                                                                  |
   |  +-----------+    Reset (due to line error)      +------------+  |
   |  | Secondary |---------------------------------->| Primary B  |  |
   \--|        B  |<----------------------------------|            |--/
      +-----------+           Confirm                 +------------+


   4.2 Header Structure

      In the next table his supplies the Header structure.


        8 bit      8 bit     8 bit     variable => 0    16 bit      8 bit
   +----------+----------+----------+-------......---+-----------+----------+
   |  Flag    | Address  | Control  | Information    | CRC Code  | Flag     |
   | 01111110 |          |          | (data or ctrl) |           | 01111110 |
   +----------+----------+----------+-------......---+-----------+----------+
              |   Header start      |                            |
              |<------------------->|                            |
              |                                                  |
              |            Stored bits                           |
              |<------------------------------------------------>|
              |                                                  |

      The above table  shows that the  information field  provides  a variable
   length but that length can't be a 8 multiple.

      The  Flag sequence  (01111110)  defines header boundaries and it  can be
   used to close a header and open another.

      The  same is also used as a syncro  character and  can be put a  on line
   when no one information header is yet present.

      A header is not recognized it  it does not have at its  start and at its
   end flag sequence, and if within there are not at least 32 bits present  (8
   for address, 8 for control and 16 as CRC).

      The  address was originally used from HLDC  as an addressing function in
   case  of "multiple-point" wiring.  The X.25 recomandation will provide that
   the  address function  is used only to  be able to distinguish commands and
   replies in both  ways.  Its function  is rendondancy,  because there exists
   some control bits to that specific function,  but it can be used for addit-
   ional  researching  of errors.  Therefore it can  distinguish data  flow in
   both ways and it can then recognize immediately some line loops.

      Two are recognized addresses

                                   A = 00000011

      will  determine commands  header from DCE to DTE and answer headers from
   DTE to DCE.

                                   B = 00000001

      will  determine commands  header from DTE to DCE and answer headers from
   DCE to DTE.

      The CONTROL field will identify headers and contain the count of them.
      Three header types can be sended in line:

      1) Information headers (I): are there who contains usefull data;

      2)  Supervision headers  (S): are  there only  for control, used e.g. to
   confirm a right receive, or for temporary hold of transmission;

      3)  Numbered headers  (N): used  e.g. as initialization of connection or
   as  closer ot  connection:  they  have  not  CRC  sequences,  because  they
   transfer a know information, and did not provide neither an header count.

      The  format about  control field  will identify  these three  headers as
   shown in next table:


     Thus concludes the Part 1 of the TCSB Introduction to Packet Switched
          Networks.  Now go grab a hold of Part 2 and learn something.

_______________________________________________________________________________
$