STATION ID - 7047/3.12 9x Datakit Network FOR OFFICIAL USE ONLY This is a 9x system, restricted to authorized persons and for official 9x business only. Anyone using this system, network or data is subject to being monitored at any time for system administration and for identifying unauthorized users or system misuse. Anyone using this system expressly consents to such monitoring and is advised that any evidence of criminal activity revealed through such monitoring may be provided to law enforcement for prosecution. Building a Modem Diverter and x.25 routes. by Deads0u| -A 9x release.- Introduction. This article is to explain some methods of making your routes through the networks, less traceable(specifically through x.25 networks, as most people only think of going through systems on the internet). Logically, the more networks and systems you pass through, before connecting with your target, uh.., i mean host, the harder it will be for the admin of the host to follow you back through. So, let's begin. Contents. Part 1:The diverter. i. -supplies ii. -instructions iii. -terminal commands iv. -schematics v. -definitions Part 2: x.25 routes i. -Explanation ii. -where to? iii. -DNIC's and systems iv. -examples v. -sources ============================================================================= Part 1:The diverter. A short note:The purpose of the modem diverter is, in essence, to create a homemade outdial. The point is, to phone the outdial, have a modem answer, that connect's you to a different line to phone out of, so they don't trace you to your home line. This won't be the only precaution we will take, it will be much more complex. i. -Supplies. You will need the following parts to properly construct your modem diverter: 1)Two modems(These can be any speed at all, i used a 2400 baud and a 9600 baud that my school through out. But, since the slowest modem is 2400, that is the fastest you will be able to connect, and then dial out of.) 2)A serial cable you will use to connect the two modems together. 3)You need two phone lines, I will go into this later as you cas use pay phones, your neighbors phone, boxes, etc.. 4)Some phone cable probably, you may not need this. 5)Recomended, but not needed, is a beige box. This is to test the lines you will be using to make sure they will work. And also alligator clips, get them at your local rat shack. ii. -Instructions. 1)Hook the serial cable to the ports of each modem. 2)Get a couple feet of phone cable and hook either end into each modem, there should still be an empty port on each modem for another plug as well. 3)Switch one of the modem to dumb mode, and one to smart mode, you will phone the one in dumb mode, which will transfer you to the smart modem to dial out of. 4)You must now find a place to set this up. Here some locations you could choose. If you're in canada, then the phone company is probably ripping out the old centuriums, and putting in the new millenium payphones. If this is happening in your city, you are in luck. Becuase of the phone companys lazyness, they have ripped out 2 old payphones in my town, and have not put in the new ones, so the phone line is still sticking up out of the dirt. I recomend comming back at night, with your modem diverter wrapped up in plastic bags, or a container with some holes for the wires. Now, dig a hole about a foot deep and put the container in, attach one of the phone cord to the wire protruding from the ground, you may need solder for this. But wait, first hook your beige box up to the line, if there's a dial tone you're in business. Phone your home, get some there to be waiting, and pickup, then when you hang up, they press *69 to get the number of the line, you will need this later. Ok, this is but one of the place you can hook it up, you can attach it to your neighbors phone, however they may get a little suspicious. You might try your schools fax line, becuase it's not used as much, it could go months without being noticed. You could open up one of those "green towers", or brown in some areas, and hook the phone line up to one of the screws inside. This is the usual place you would beige box from. 5)Now go home, start up your terminal program, and dial the number of the line you hooked up the diverter to. iii. -Terminal Commands. A short note:Yes you probably know many a terminal commands, but this is for the people who ripped thier modem out of the box, and through out the manual in the excitment of dialing out at 56k. Commands. ATDT555-6789 -this dials the number 555-6789 +++ -disconnects you from the computer you dialed A -answer incoming call H1 -take phone off hook L2 -medium speaker volume here is a chart that helps you set your modem speed: Command | Baud rate | Bell CCITT Mode --------------------------------------------------------- BO 300 v.21 1200 v.22 2400 v.22bis/v.22/bell 212A 4800,9600 v.32 14400 v.32bis 19200,28800,38400 v,FC* 57600,115200 B1 300 Bell 103 1200 Bell 212A iv. -Schematics. Searial Cable----------------| | |-------------------------------| | | |----------| |---------| |_| |_| | | | | |_| |_| <-phone ports ---------------------- ------------------------ | | | | | | | | | | | | | | | | | ---------------- | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------ | | |---------------| | | | 2400 baud | | | | 9600 baud | | | |----------------| | | |---------------| | | | | | | | \----------------------/ \ / / Phone ports \____________________/ / \ / \ /9600 baud -------------------------------------------------- / | |_| |_| _____________ | / | \___________/ |/ | <> | /2400 baud |________________________________________________| / -------------------------------------------------- / | |_| |_| _____________ | / | \___________/ |/ | <> | |________________________________________________| |`_'| __|__ BEWARE:Watch out for mister lineman.-----> | | _/ \_ (He knows what you are up to) v. -Definitions Baud;a measurement of the speed of data transmission. Carrier;a signal whose properties can be altered to transmit data CCITT;"Consultive Committee for International Telephone and Telegraph" a committee that specifes internation telecomm. standards DCD; Data Carrier Detect DSR; Data Set Ready DTR;Data Terminal Ready Duplex;a char of data trasnmission. full-duplex permits two-way communication.half-duplex permits only one side to transmit at a time. ITU;International Telephone Union Modem;Modulater-demodulter Parity; a form of error checking Serial port;a port on a computer for attacging devices such as modem,printer, cables, etc. Start/stop bits;a signal that defines the beginning and end of a data packet. PSN;Packet Switched Network ----------------------------------------------------------------------------- Part 2:x.25 routes i. -Explanations. The purpose of going through at least two x.25 networks is to become untraceable. While it is impossible to become 100% untraceable, this will help you out. There are many x.25 networks out there, SpirntNet, Tymnet, and datapac to name a few, almost every country has them, and they are easy to use. The point is to not only use x.25 networks, but the modem diverter, shell accounts, andonymous wingates, or guest account that you can telnet out of. ii. -Where to? Depending on where the system is you are targeting, you may use a different route each time. Let's say, you want to connect to this system:1302033401455. This is a Dynix system on datapac.3020 is the DNIC for datapac. And 33401455 is the NUA. Ok, let's assume you have a dial-up shell account. First, dial the number for your modem diverter, this should connect you to your out dialing modem, dial the number for your shell, once you have logged in, telnet to dialout.psu.edu. This is a outdial on the internet. From there dial the local sprintnet access number that's nearest to Pennsylvania State University. When you get one sprint, connect to the NUA mentioned earlier and that's it. There should also be a Datapac number near you as well, even though you're in the US. There are about 6 sprintnet access numbers in canada, so there must be some datapac access numbers for the states. For those of you in canada, here are the sprintnet numbers for canada: (They all support up to 14400 bps) Calgary 403 262-7887 Halifax 902 492-0036 Montreal 514 392-0202 Ottawa 613 235-6481 Toronto 416 594-1121 Vancouver 604 684-4696 iii. -DNIC's and systems. There are many more gateways from the internet to x.25 networks, here are some datapac ones. Host DNIC Format NUA ---- ---- ------ --- hermes.merit.edu 3110 sprintnet-##### * datapac.uwo.ca 3020 *1 31500076% datapac.dal.ca 3020 *1 76100256 datapac.uoguelph.ca 3020 *1 34200024% datapac.nstn.ca 3020 *1 76700314 pacx96.ccs.uwo.ca 3020 *2 31500076 ,pacx24,pacx12 pacx.queensu.ca 3020 *3 22100088% pacx.si.usherb.ca 3020 *2 57600454% pacx.ci.umoncton.ca 3020 datapac * . d1 ... ######## sytek.uwaterloo.ca 3020 call 17 33500195% ,sytek.mfcf.uwaterloo r ######## develnet.ucalgary.ca 3020 datapac ? ######## pacxnet1.rug.nl ???? surf ? ,pacxnet3 pacx1.mcc.ac.uk ???? pad ? ,pacx2 pacx1.lut.ac.uk ???? net ? ,pacx2 ---------------------------------------------------- If you want to find some systems, you can get a sprintnet nua scanner from http://www2.dope.org/9x So, If you aren't in north america, then you need the DNIC of the PSN in your contry. Here is a list of SOME. There a lot more extensive lists out there. Datapac.....3020 Sprintnet...3110 Tymnet......3106 Infogram....3028 GlobeDat....3025 InfoSwitch..3029 IntelPak....4542 ADP Autonet.3126 Bell South..3143 Nynex.......3144 Austpac.....5052 Dataex-P....2624 Remeber, yo will probably need to get yourself and NUI to connect to some of these, and put a 1 before the DNIC, it's the same as a long distance call. Also, I'm not sure about those networks accepting collect calls or not, but, here is a list of networks that DO accept collect calls, ==================================================== COUNTRY NETWORK DNIC ------- ------- ----- ALASKA ALASCOM 3135 CANADA DATAPAC 3020 CHILE ECOM 7302, 3104 COSTA RICA RACSA 7120, 7122, 7128, 7129 DOMINICAN REPUBLIC CODETEL ??? ISRAEL ISRANET 4251 MEXICO TELEPAC-SCT 3340 PANAMA INTEL 7141, 7142 PHILIPPINES ETPI 5156 PUERTO RICO PRTC 3300, 3301 Also, here are some outdials on datapac, i've been told they have international capabilities, but you do need an NUI to connect, i won't get into how to get yourself an NUI, that's you job.. NPA City (PROVINCE) SPEED NUA ADDRESS --- --------------- ----- ------------- 403 Calgary (ALTA) 300 0302063300900 1200 0302063300901 416 Clarkson (ONT) 300 0302091900900 1200 0302091900901 403 Edmonton (ALTA) 300 0302058700900 1200 0302058700901 902 Halifax (NS) 300 0302076101900 1200 0302076101901 905 Hamilton (ONT) 300 0302038500900 1200 0302038500901 902 Halifax (NS) 300 0302076101900 1200 0302076101901 905 Hamilton (ONT) 300 0302038500900 1200 0302038500901 519 Kitchener (ONT) 300 0302033400900 1200 0302033400901 519 London (ONT) 300 0302035600900 1200 0302035600901 514 Montreal (QUE) 300 0302082700902 1200 0302082700903 613 Ottawa (ONT) 300 0302085700901 1200 0302085700902 418 Quebec City (QUE) 300 0302048400900 1200 0302048400901 306 Regina (SASK) 300 0302072100900 1200 0302072100901 506 St-John's (NB) 300 0302074600900 1200 0302074600901 306 Saskatoon (SASK) 300 0302071100900 1200 0302071100901 709 St. John (NFLD) 300 0302078100900 1200 0302078100901 416 Toronto (ONT) 300 0302091600901 1200 0302091600902 604 Vancouver (BC) 300 0302067100900 1200 0302067100901 519 Windsor (ONT) 300 0302029500900 1200 0302029500901 204 Winnipeg (MAN) 300 0302069200902 1200 0302069200901 iv. -Examples Ok here is a diagram of some systems you could route your signal through. your------>--->---Modem------>----->----ISP---->--shell account---->-------- computer diverter ---telnet:dialout.psu.edu------->--------->--1(800).555.4401 .this would connect you to the computer sitting on 1-800-555-4401. This may seem complicated, but for the truly paranoid hacker, it works. Let's say, i wanted to connect to a h/p board in the .uk: your------->---->--ISP---->--->-dialout.psu.edu--->atdt82311510(sprintnet)--- computer -->--NUI:xxx,xxx-----1302063300900(datapac outdial)-->011-44-xxx-xxx-xxx(BBS) So far, we've been connecting to the internet, and then into the x.25 network, here's a different example: your computer----->----->xxx-xxx-xxxx(datapacdial-up)--->NUA:1302039400100(iNET 2000 gateway)---->internet----dialout.psu.edu--atdt82311510 Explanation:You dial into datapac, connect to 1302039400100, which is a internet gateway from datapac, (this was in a scan i found some where on the web,so i don't take credit for it)if you can get an account, it will take you back out to the internet, where you connect to dialout.psu.edu, from there dialing back into sprintnet, from there you can target a sprintnet system. This probably seems complicated, and i suggest you read some basic Sprintnet and Datapac guides before you try it. v. -Sources Here are some websites that contain valuable information on x.25 and old school h/p. http://www.geocities.com/SiliconValley/Peaks/7081/index.html http://ww2.dope.org/9x http://www.geocities.com/Pipeline/Dropzone/2400 http://www.hackcanada.com/datapac http://www.darkcyde.8m.com http://www.textfiles.com/hacking http://www.textfiles.com/phreak _____________________________________________________________________________ Closing. That's it for this article. Look for more of my stuff at www.limelighttech.com or from 9x's webpage. Contact. I can be reached at deads0ul@lucidx.com, on irc in #limelight or #x25 and on by bbs at:darkminds bbs. 1.[9o2].xxx.xxxx You can email me for account info. Greets to #9x doctor_x, binjinx, bmajik, phaceman, commport5,hybr1d,d4rkcyde. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ dARKMiNDS bbs 1.[9o2].xxx.xxxx ³ ³ sysop:Deads0u| ³ ³ 19200 baud/2 nodes ³ ³ online 24 hours/7 days/3000+ files³ ³ h/p only! ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ *EOF*