The Yaj Computers Portal

Post Top Ad

Post Top Ad

Monday, June 4, 2012

9:52 PM

An Introductory Guide To TeleNet Commands

                 
     I don't know how many of you use TeleNet to call this system (or other
systems) but I thought this might come in handy for those that do.
     Some basic info about TeleNet commands.  To enter a TeleNet you must be at
the TeleNet prompt "@".  You can get there two ways:
1)  When you first dial TeleNet you will be at the prompt
2)  When connected to a system via TeleNet you can return to TeleNet
    command mode by typing "<CR>@<CR>" (See note A.)
     Once you get to the prompt here are some of the commands available to you
and a brief description of what they do.
 Command           Function
-------------------------------------------------------------------------
 C xxxxxxx<CR>     Connects you to a specific host or terminal.
 STAT<CR>          Display network port address.
 FULL<CR>          Set full duplex
 HALF<CR>          Set half duplex
 DTAPE<CR>         Prepares the network for bulk file transfers.
 CONT<CR>          Return to transfer mode from command mode.
 BYE<CR> or D<CR>  Disconnects you from the currently connected host.
 HANGUP<CR>        Tells TeleNet to hang up the phone....
 TERM xx<CR>       Changes your terminal type.  xx can be one of the
                   following:
                             D1  =  CRT's and Personal Computers
                             B3  =  Bi-directional printers
                             A2  =  Uni-directional printers
                             A5  =  Slow printing terminal which
                                    loses data on the left side
                                    at another setting.
                             A9  =  same as A5
                            <CR> =  Unknown
 MAIL or           Requests connection to Telemail.
 TELEMAIL<CR>
 TEST CHAR<CR>     Used to test the system if you are receiving
                   garbled output.  Use this and look for garbled
                   characters or patern breaks.  If you do try
                   adjusting your parity or contact TeleNet.
 TEST ECHO<CR>     If you feel your input to the system is being
                   garbled by your parity or contact TeleNet.
 TEST ECHO<CR>     If you feel your input to the system is being
9:12 PM

An Introduction to the Computer Underground

    


The Computer Underground consists of mainly two forms of media, printed
and electronic, both will be discussed in this file.  I use the word
underground because some of the contents of this file are not the types of
titles you would run across at your local bookstore or newsstand.  The kind of
information that makes up underground publications is mainly technical in
nature, but, definitely not limited to that.  One can also find tidbits about
off-the-wall political views, drugs, weapons, and other topics that are not
normally in the mainstream of our society.

The Computer Underground...

Com-put-er Un-der-ground   \kem-`py t-er\  \`en-der-`gra nd\ (1970's)

  A group organized in secrecy, hidden behind aliases, to promote the free
  exchange of information regarding anything and everything including but
  not limited to Computers, Telephones, Radios, Chemicals, and ideas.


The CU is made up of men and women all over the globe and of all ages.  Most
of those involved in the CU consider it a hobby, but, there are those that
are involved strictly for illegal purposes, i.e. Selling Pirated Software.  I,
like most people involved enjoy the information that can be obtained through
all of the different avenues in the CU, i.e. Bulletin Boards, Underground
Periodicals, Network Digests, and General Discussions between members.

The most common way members communicate is through Bulletin Boards.  If you are
reading this you know what a BBS is because this will not be released in
printed form.  There are thousands of BBSes around the world run by people for
many reasons including: legitimate businesses, Software Technical Support,
Hobby related, Pirated Software, Message Centers, etc...Some of the more common
ones are RIPCO, Face-2-Face, Exec-PC, The Well, etc...

Currently there are many regular electronic magazines that are being published
and there have been many that have discontinued for one reason or another.
Some current ones include: PHRACK, NIA, PHANTASY, CUD, etc...Some discontinued
ones include: PIRATE, PHUN, NARC, etc...

There is a current debate about whether or not an electronic media has the same
constitutional rights as the printed one.  That is for our congressmen to
decide, but you could voice your opinion.  I personally can't see the differ-
-ence.  Now, don't get me wrong I do not support the publishing of Long-
distance codes or anything of that nature, but, I do support the exchange of
other information, i.e. how to unprotect a game, how to make a smoke bomb,
etc...

There are also "Underground Publications" like TAP, 2600, Cybertek, etc.
These magazines are published in hard copy and deal with every considerable
topic regarding the CU.  Most of these magazines publish completely legal
information that is obtained from public sources and is available to anyone
and everyone.

I doubt that any of the following sources of information would mind if you use
an alias to order any of their material, so I would recommend that you do
just in case!  You might even want to get yourself a private mail box for all
of this "underground" information.  I would also advise you to use a money
order when purchasing anything also.  They usually cost an extra 50 cents at
the post office. Don't worry about using money orders with these people because
I have personally made purchases from many of them without trouble.

The following information is provided to enable you to become more familiar
with the CU and unusual information in general.  Have fun and try not to
get yourself in trouble.

Now for the meat of this Article!!!!

E L E C T R O N I C   M A G A Z I N E S

PHRACK  Predecessor to Phrack Classic
        Author:  Knight Lightning & Taran King
        Network Address:c483307@umcvmb.missouri.edu
        Other Address:
        BBS: None
        Last Issue: Phrack #30

PHRACK CLASSIC
        Author:  Doc Holiday, Crimson Death & Various Contributors
        Network Address: pc@well.uucp or cdeath@stormking.com
        Other Address:
        BBS:  None
        Last Issue: Phrack Classic #32 11/90

LOD     Legion Of Doom Technical Journals
        Author:  Eric Bloodaxe, Lex Luthor, Prime Suspect, Phase Jitter,
                 Professor Phalken, Skinny Puppy.
        Network Address: None
        Other Address:
        BBS:
        Last Issue:  LOD Tech Journal #4   May 20, 1990

PHUN    Phreakers/Hackers Underground Network
        Author:  Red Knight
        Network Address: N/A
        Other Address:
        BBS:
        Last Issue: P/HUN #5 05/07/90

ATI     Activist Times, Incorporated
        Author:  Ground Zero
        Network Address: gzero@tronsbox.xei.com
        Other Address:  ATI P.O. Box 2501  Bloomfield, NJ 07003
        BBS:
        Last Issue: ATI #53 12/05/90

NIA     Network Information Access
        Author: Guardian Of Time & Judge Dredd
        Network Address:  elisem@nuchat.sccsi.com
        Other Address:
        BBS:
        Last Issue: NIA #70  02/91





PHANTASY
        Author: The Mercenary
        Network Address: None
        Other Address: The I.I.R.G. 862 Farmington Ave, Suite-306,
                       Bristol, Ct 06010
        BBS:  Rune Stone  203-485-0088
        Last Issue: Phantasy V1N4 1/20/91

PIRATE
        Author: Various Authors
        Network Address: N/A
        Other Address:
        BBS: N/A
        Last Issue:  V1 #5 April 1990

ANE     Anarchy 'N' Explosives
        Author: Various Authors
        Network Address: N/A
        Other Address:
        BBS: N/A
        Last Issue:  #7 06/16/89

NARC    Nuclear Phreakers/Hackers/Carders
        Author: The Oxidizer
        Network Address: N/A
        Other Address:
        BBS:
        Last Issue: NARC #7 Fall 1989

SYNDICATE REPORTS
        Author:  The Sensei
        Network Address:
        Other Address:
        BBS:
        Last Issue:


This is not an attempt to list all of the known magazines but just some of the
more popular ones.  If I left a particular one out that you feel should of been
included I apologize.

All of the above magazines can be found in the CUD archives and at many of the
Bulletin Board Systems listed at the end of this file.

P R I N T E D    M A G A Z I N E S

Author: Emmanuel Goldstein
Network Address: 2600@well.sf.ca.us
Other Address:   2600 Magazine, P.O. Box 752, Middle Island, NY 11953

2600 Magazine is published quarterly, 48 pages per issue.
Subscriptions are $18 U.S. for a year in the U.S. and Canada,
$30 overseas.  Corporate subscriptions are $45 and $65 respectively.
Back issues are available for $25 per year, $30 per year overseas
and they go back to 1984.

Phone 516-751-2600
Fax   516-751-2608






TAP/YIPL  Formerly YIPL "Youth International Party Line"
          Now TAP "Technical Assistance Party"

TAP Magazine
P.O. Box 20264
Louisville, KY 40250
Most all issues will cost $1.00 for US Citizens and $2.00
for overseas.  Terms are CASH, postal money order,
or regular money order with the payee left blank.
BBS: 502-499-8933

Cybertek Magazine
Published by OCL/Magnitude
P.O. Box 64
Brewster NY 10509
$2.50 for sample issue
$15 year for 6 issues


Mondo 2000  (Formerly Reality Hackers Magazine / High Frontiers)
P.O. Box 10171
Berkley, CA 94709-5171
Phone 415-845-9018
Fax   415-649-9630
$24 for five issues
Frank Zappa subscribes to Mondo 2000!!!

Fact Sheet Five
6 Arizona Ave
Rensselaer, NY 12144-4502
$3.50 for a sample issue.
$33 a year for 8 issues
Phone 518-479-3707

Fact Sheet Five reviews any independent news media, i.e. 2600, TAP,
Books, Music, Software, etc.

Full Disclosure  by Glen Roberts
P.O. Box 903-C
Libertyville, Illinois 60048
Free sample issue
$18 for 12 issues

Deals with Privacy, electronic surveillance and related topics.

Anvil
P.O. Box 640383f
El Paso, TX 79904

Computer Security Digest
150 N. Main Street
Plymouth, MI 48170
Phone 313-459-8787
Fax   313-459-2720
$125 U.S. per year.
Overseas $155 U.S. per year.


HAC-TIC Dutch Hacking Magazine
Network Address: ropg@ooc.uva.nl
Other Address:  Hack-Tic P.O. Box 22953  1100 DL Amsterdam
Phone: +31 20 6001480



Privacy Journal
P.O. Box 15300
Washington D.C. 20003
Phone  202-547-2865

Monitoring Times
140 Dog Branch Road
Brasstown, North Carolina 28902


B O O K S

Anarchist Cookbook???

Poor Man's James Bond by Kurt Saxon

Big Secrets by William Poundstone

Bigger Secrets by William Poundstone

How to get anything on anybody by Lee Lapin

Signal--Communication Tools for the Information Age  A Whole Earth Catalog
  (Highly Recommended!!!)

Neuromancer by William Gibson

Out of The Inner Circle by Bill Laundreth

Hackers by Steven Levy

The Cookoo's Egg by Clifford Stoll

The Shockwave Rider

Information for sale by John H. Everett

Hackers Handbook III  by Hugo Cornwall

Datatheft by Hugo Cornwall

The International Handbook on Computer Crime by U. Sieber

Fighting Computer Crime by D. Parker

Foiling the System Breakers by J. Lobel

Privacy in America by D. Linowes

Spectacular Computer Crimes by Buck BloomBecker

Steal This Book by Abbie Hoffman

M I S C E L L A N E O U S    C A T A L O G S

Loompanics LTD
P.O. Box 1197
Port Townsend, WA 98368

Paladin Press
????


Consumertronics
2011 Crescent DR.
P.O. Drawer 537
Alamogordo, NM 88310
Phone 505-434-0234
Fax   500-434-0234(Orders Only)

Consumertronics sells manuals on many different hacking/phreaking related
topics, i.e. "Voice Mail Box Hacking", "Computer Phreaking", etc.

Eden Press Privacy Catalog
11623 Slater "E"
P.O. Box 8410
Fountain Valley, CA 92728
Phone 1-800-338-8484  24hrs, 7 days a week.

Here is the opening paragraph from their catalog:

Welcome to the Privacy Catalog, Over 300 publications explore every aspect of
privacy in ways that are not only unique, but also provocative.  Some books may
seem "controversial", but that results only from the fact that people can enjoy
many different views of the same subject.  We endeavor to offer views that will
prove both helpful and thoughtful in the many areas where privacy may be a
concern.

Criminal Research Products
206-218 East Hector Street
Conshocken,PA 19428

Investigative equipment and electronic surveillance items.

Ross Engineering Associates
68 Vestry Street
New York,NY 10013

Surveillance items

Edmund Scientific CO.
101 E. Gloucester Pike
Barrington, NJ 08007

Catalog of gadgets and devices including items which are useful to the
surveillance craft.

Diptronics
P.O. BOX 80
Lake Hiawatha, NJ 07034

Microwave TV Systems
Catalog costs $3

Garrison
P.O. BOX 128
Kew Gardens, NY 11415

Locksmithing tools and electronic security gadgets.
Catalog costs $2.

Bnf Enterprises
P.O. BOX 3357
Peabody, MA 01960

General electronics supplier.

Mouser Electronics
11433 Woodside avenue
Santee, CA 92071

Sells most electronic components parts and equipment.

Benchmark Knives
P.O. BOX 998
Gastonia, NC 28052

Call for a free catalog. (704-449-2222).

Excalibur Enterprises
P.O. BOX 266
Emmans, PA 18049

Night vision devices.
Catalog costs $5

DECO INDUSTRIES
BOX 607
Bedford Hills, NY 10157

Sells mimiture Electronic Kits

Matthews Cutlery
38450-A N. Druid Hills RD.
Decatur, GA 30033

Their catalog contains over 1000 knives and costs $1.50.

U.S. Cavalry Store
1375 N. Wilson Road
Radcliff, KY 40160

Military & paramilitary clothing & gear.
Catalog costs $3.

The Intelligence Group
1324 West Waters Avenue
Lighthouse Point, FL 33064

Sells video equipment used for investigative purposes.

Columbia Pacific University
1415 Third Street
San Rafael, CA 94901

Bachelors, Masters, and Doctorate degrees

Video & Satellite Marketeer
P.O. BOX 21026
Columbus, OH 43221

Newsletter containing video, vcr, satellite dishes, etc.

Santa Fe Distributors
14400 W. 97'TH Terrace
Lenexa, KS 66215

Radar detectors and microwave tv systems.
(913-492-8288)


Alumni Arts
BOX 553
Grant's Pass, OR 97526

Reproductions of college diplomas.
Catalog costs $3

Merrell Scientific CO.
1665 Buffalo Road
Rochester, NY 14624

Chemical suppliers
Catalog costs $3.

K Products
P.O. BOX 27507
San Antonio, TX 78227

I.D. Documents.
Catalog costs $1.

City News Service
P.O. BOX 86
Willow Springs, MO 65793

Press I.D. cards.
Catalog costs $3.

Matthews Police Supply CO.
P.O. BOX 1754
Matthews, NC 28105

Brass knuckles etc.

Taylor
P.O. BOX 15391
W. Palm Beach, FL 33416

Drivers license, student I.D. cards, etc.

Capri Electronics
ROUTE 1
Canon, GA 30250

Scanner accessories

Liberty Industries
BOX 279  RD 4
Quakertown, PA 18951

Pyrotechnic components
Catalog costs $1

DE VOE
P.O. BOX 32
BERLIN  PA  15530

Sells information on making electronic detonators.

Scanner World USA
10 New Scotland Avenue
Albany, NY 12208

Cheap scanner receivers.

H & W
P.O. BOX 4
Whitehall, PA 18052

Human Skulls, arms, legs, etc.
A complete list is available for $1 and Self Addressed Stamped Envelope.


Abbie-Yo Yo Inc.
P.O. Box 15
Worcester MA 01613

This is an old address that I could not verify but, they used to sell the book
"Steal This Book".



For most of these catalogs you could probably play dumb and just send them a
letter asking for a catalog or brochure without paying a cent.  Pretending not
to know that their catalogs cost anything.


M I S C E L L A N E O U S     R E P O R T S   &   P A P E R S

Crime & Puzzlement by John Perry Barlow

The Baudy World of the Byte Bandit  A Postmodernist Interpretation of the
Computer Underground by Gordon Meyer & Jim Thomas

Concerning Hackers Who Break into Computer Systems by Dorothy E. Denning

The Social Organization of the Computer Underground by Gordon R. Meyer

Computer Security  "Virus Highlights Need for Improved Internet Management"
                   By the United States General Accounting Office.  GAO/IMTEC-
                   89-57
                   Call 202-275-6241 for up to 5 free copies.

N E T W O R K     D I G E S T S

Telecom Digest
        Moderator:  Patrick Townson
        Network Address:  telecom@eecs.nwu.edu

Risks Digest
        Moderator: Peter G. Neumann
        Network Address:  Risks@csl.sri.com


Virus-l Digest
        Moderator:  Kenneth R. Van Wyk
        Network Address:  krvw@cert.sei.cmu.edu

Telecom Privacy Digest
        Moderator:  Dennis G. Rears
        Network Address: telecom-priv@pica.army.mil

EFF News  Electronic Frontier Foundation
        Network Address:  effnews@eff.org
        Other Address:  155 Second Street  Cambridge, MA 02141
        Phone:  617-864-0665


Computer Underground Digest
        Moderators: Jim Thomas & Gordon Meyer
        Network Address:  tk0jut2@niu

F T P   S I T E S  C O N T A I N I N G    C  U   M A T E R I A L


192.55.239.132
128.95.136.2
128.237.253.5
130.160.20.80
130.18.64.2
128.214.5.6  "MARS Bulletin Board" Login "bbs"
128.82.8.1
128.32.152.11
128.135.12.60

All of the above accept anonymous logins!

B U L L E T I N     B O A R D S

Ripco              312-528-5020
Face-2-Face        713-242-6853
Rune Stone         203-485-0088    Home of NIA
The Works          617-861-8976
The Well           415-332-6106
Blitzkrieg         502-499-8933    Home of TAP
Uncensored         914-761-6877
Manta Lair         206-454-0075    Home of Cybertek


I N D I V I D U A L    N E T W O R K   A D D R E S S E S

Aristotle                   Former Editor of TAP Magazine
                            uk05744@ukpr.uky.edu or uk05744@ukpr.bitnet

Dorthy Denning              Author of "Concerning Hackers Who Break into
                            Computer Systems"
                            denning@src.dec.com

Clifford Stoll              Author of "Cookoo's Egg"
                            cliff@cfa.harvard.edu

Craig Neidorf               Former Editor of Phrack Magazine
                            c483307@umcvmb.missouri.edu

Ground Zero                 Editor of ATI Inc.
                            gzero@tronsbox.xei.com


M I S C    S O F T W A R E

SPAudit  Self-Audit-Kit
1101 Connecticut Avenue
Northwest Suite 901
Washington DC 20036
Phone 202-452-1600
Fax   202-223-8756

Free!!!


I would like to thank everyone who gave me permission to use their information
in this file.

The information provided here is for informational purposes only.  What you
choose to do with it is your responsibility and no one else's.  That means not
me, and not the BBS you downloaded this from!

To my knowledge this is the most comprehensive and upto date list of
underground books, catalogs, magazines, electronic newsletters, and network
addresses available.  If there are any additions or corrections to this list
please contact me via the Ripco BBS.




9:10 PM

INTRODUCTION TO DENIAL OF SERVICE

         
===================================                   
=INTRODUCTION TO DENIAL OF SERVICE=
===================================

.0. FOREWORD

.A. INTRODUCTION
    .A.1. WHAT IS A DENIAL OF SERVICE ATTACK?
    .A.2. WHY WOULD SOMEONE CRASH A SYSTEM?
        .A.2.1. INTRODUCTION
        .A.2.2. SUB-CULTURAL STATUS
        .A.2.3. TO GAIN ACCESS
        .A.2.4. REVENGE
        .A.2.5. POLITICAL REASONS
        .A.2.6. ECONOMICAL REASONS
        .A.2.7. NASTINESS
    .A.3. ARE SOME OPERATING SYSTEMS MORE SECURE?

.B. SOME BASIC TARGETS FOR AN ATTACK
    .B.1. SWAP SPACE
    .B.2. BANDWIDTH
    .B.3. KERNEL TABLES
    .B.4. RAM
    .B.5. DISKS
    .B.6. CACHES
    .B.7. INETD

.C. ATTACKING FROM THE OUTSIDE
    .C.1. TAKING ADVANTAGE OF FINGER
    .C.2. UDP AND SUNOS 4.1.3.
    .C.3. FREEZING UP X-WINDOWS
    .C.4. MALICIOUS USE OF UDP SERVICES
        .C.5. ATTACKING WITH LYNX CLIENTS
    .C.6. MALICIOUS USE OF telnet
    .C.7. MALICIOUS USE OF telnet UNDER SOLARIS 2.4
    .C.8. HOW TO DISABLE ACCOUNTS
    .C.9. LINUX AND TCP TIME, DAYTIME
    .C.10. HOW TO DISABLE SERVICES
    .C.11. PARAGON OS BETA R1.4
    .C.12. NOVELLS NETWARE FTP
    .C.13. ICMP REDIRECT ATTACKS
    .C.14. BROADCAST STORMS
    .C.15. EMAIL BOMBING AND SPAMMING
    .C.16. TIME AND KERBEROS
    .C.17. THE DOT DOT BUG
    .C.18. SUNOS KERNEL PANIC
    .C.19. HOSTILE APPLETS
    .C.20. VIRUS
    .C.21. ANONYMOUS FTP ABUSE
    .C.22. SYN FLOODING
    .C.23. PING FLOODING
    .C.24. CRASHING SYSTEMS WITH PING FROM WINDOWS 95 MACHINES
    .C.25. MALICIOUS USE OF SUBNET MASK REPLY MESSAGE
    .C.26. FLEXlm
    .C.27. BOOTING WITH TRIVIAL FTP

.D. ATTACKING FROM THE INSIDE
    .D.1. KERNEL PANIC UNDER SOLARIS 2.3
    .D.2. CRASHING THE X-SERVER
    .D.3. FILLING UP THE HARD DISK
    .D.4. MALICIOUS USE OF eval
    .D.5. MALICIOUS USE OF fork()
    .D.6. CREATING FILES THAT IS HARD TO REMOVE
    .D.7. DIRECTORY NAME LOOKUPCACHE
    .D.8. CSH ATTACK
    .D.9. CREATING FILES IN /tmp
    .D.10. USING RESOLV_HOST_CONF
    .D.11. SUN 4.X AND BACKGROUND JOBS   
    .D.12. CRASHING DG/UX WITH ULIMIT
    .D.13. NETTUNE AND HP-UX
    .D.14. SOLARIS 2.X AND NFS
    .D.15. SYSTEM STABILITY COMPROMISE VIA MOUNT_UNION
    .D.16. trap_mon CAUSES KERNEL PANIC UNDER SUNOS 4.1.X

.E. DUMPING CORE
    .E.1. SHORT COMMENT
    .E.2. MALICIOUS USE OF NETSCAPE
    .E.3. CORE DUMPED UNDER WUFTPD
    .E.4. ld UNDER SOLARIS/X86

.F. HOW DO I PROTECT A SYSTEM AGAINST DENIAL OF SERVICE ATTACKS?
    .F.1. BASIC SECURITY PROTECTION
        .F.1.1. INTRODUCTION
        .F.1.2. PORT SCANNING
        .F.1.3. CHECK THE OUTSIDE ATTACKS DESCRIBED IN THIS PAPER
        .F.1.4. CHECK THE INSIDE ATTACKS DESCRIBED IN THIS PAPER
        .F.1.5. EXTRA SECURITY SYSTEMS
        .F.1.6. MONITORING SECURITY
        .F.1.7. KEEPING UP TO DATE
        .F.1.8. READ SOMETHING BETTER
    .F.2. MONITORING PERFORMANCE
        .F.2.1. INTRODUCTION
        .F.2.2. COMMANDS AND SERVICES                     
        .F.2.3. PROGRAMS
        .F.2.4. ACCOUNTING

.G. SUGGESTED READING
    .G.1. INFORMATION FOR DEEPER KNOWLEDGE
    .G.2. KEEPING UP TO DATE INFORMATION
    .G.3. BASIC INFORMATION

.H. COPYRIGHT

.I. DISCLAIMER

.0. FOREWORD
------------

In this paper I have tried to answer the following questions:

    - What is a denial of service attack?
    - Why would someone crash a system?
    - How can someone crash a system.
    - How do I protect a system against denial of service attacks?
   
I also have a section called SUGGESTED READING were you can find
information about good free information that can give you a deeper
understanding about something.

Note that I have a very limited experience with Macintosh, OS/2 and
Windows and most of the material are therefore for Unix use.

You can always find the latest version at the following address:
http://www.student.tdb.uu.se/~t95hhu/secure/denial/DENIAL.TXT

Feel free to send comments, tips and so on to address:
t95hhu@student.tdb.uu.se

.A. INTRODUCTION
~~~~~~~~~~~~~~~~

.A.1. WHAT IS A DENIAL OF SERVICE ATTACK?
-----------------------------------------

Denial of service is about without permission knocking off
services, for example through crashing the whole system. This
kind of attacks are easy to launch and it is hard to protect
a system against them. The basic problem is that Unix
assumes that users on the system or on other systems will be
well behaved.

.A.2. WHY WOULD SOMEONE CRASH A SYSTEM?
---------------------------------------

.A.2.1. INTRODUCTION
--------------------

Why would someone crash a system? I can think of several reasons
that I have presentated more precisely in a section for each reason,
but for short:

    .1. Sub-cultural status.
    .2. To gain access.
    .3. Revenge.
    .4. Political reasons.
    .5. Economical reasons.
    .6. Nastiness.

I think that number one and six are the more common today, but that
number four and five will be the more common ones in the future.

.A.2.2. SUB-CULTURAL STATUS
---------------------------

After all information about syn flooding a bunch of such attacks
were launched around Sweden. The very most of these attacks were
not a part of a IP-spoof attack, it was "only" a denial of service
attack. Why?

I think that hackers attack systems as a sub-cultural pseudo career
and I think that many denial of service attacks, and here in the
example syn flooding, were performed for these reasons. I also think
that many hackers begin their carrer with denial of service attacks.

.A.2.3. TO GAIN ACCESS
----------------------

Sometimes could a denial of service attack be a part of an attack to
gain access at a system. At the moment I can think of these reasons
and specific holes:

    .1. Some older X-lock versions could be crashed with a
    method from the denial of service family leaving the system
    open. Physical access was needed to use the work space after.

    .2. Syn flooding could be a part of a IP-spoof attack method.

    .3. Some program systems could have holes under the startup,
    that could be used to gain root, for example SSH (secure shell).

    .4. Under an attack it could be usable to crash other machines
    in the network or to deny certain persons the ability to access
    the system.     

    .5. Also could a system being booted sometimes be subverted,
    especially rarp-boots. If we know which port the machine listen
    to (69 could be a good guess) under the boot we can send false
    packets to it and almost totally control the boot.

.A.2.4. REVENGE
---------------

A denial of service attack could be a part of a revenge against a user
or an administrator.

.A.2.5. POLITICAL REASONS
-------------------------

Sooner or later will new or old organizations understand the potential
of destroying computer systems and find tools to do it.

For example imaginate the Bank A loaning company B money to build a
factory threating the environment. The organization C therefor crash A:s
computer system, maybe with help from an employee. The attack could cost
A a great deal of money if the timing is right.

.A.2.6. ECONOMICAL REASONS
--------------------------

Imaginate the small company A moving into a business totally dominated by
company B. A and B customers make the orders by computers and depends
heavily on that the order is done in a specific time (A and B could be
stock trading companies). If A and B can't perform the order the customers
lose money and change company.

As a part of a business strategy A pays a computer expert a sum of money to
get him to crash B:s computer systems a number of times. A year later A
is the dominating company.

.A.2.7. NASTINESS
-----------------

I know a person that found a workstation where the user had forgotten to
logout. He sat down and wrote a program that made a kill -9 -1 at a
random time at least 30 minutes after the login time and placed a call to
the program from the profile file. That is nastiness.

.A.3. ARE SOME OPERATING SYSTEMS MORE SECURE?
---------------------------------------------

This is a hard question to answer and I don't think that it will
give anything to compare different Unix platforms. You can't say that
one Unix is more secure against denial of service, it is all up to the
administrator.

A comparison between Windows 95 and NT on one side and Unix on the
other could however be interesting.

Unix systems are much more complex and have hundreds of built in programs,
services... This always open up many ways to crash the system from
the inside.

In the normal Windows NT and 95 network were is few ways to crash
the system. Although were is methods that always will work.

That gives us that no big different between Microsoft and Unix can
be seen regardning the inside attacks. But there is a couple of
points left:

    - Unix have much more tools and programs to discover an
    attack and monitoring the users. To watch what another user
    is up to under windows is very hard.

    - The average Unix administrator probably also have much more
    experience than the average Microsoft administrator.

The two last points gives that Unix is more secure against inside
denial of service attacks.

A comparison between Microsoft and Unix regarding outside attacks
are much more difficult. However I would like to say that the average
Microsoft system on the Internet are more secure against outside
attacks, because they normally have much less services.

.B. SOME BASIC TARGETS FOR AN ATTACK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.B.1. SWAP SPACE
----------------

Most systems have several hundred Mbytes of swap space to
service client requests. The swap space is typical used
for forked child processes which have a short life time.
The swap space will therefore almost never in a normal
cause be used heavily. A denial of service could be based
on a method that tries to fill up the swap space.

.B.2. BANDWIDTH
---------------

If the bandwidth is to high the network will be useless. Most
denial of service attack influence the bandwidth in some way.

.B.3. KERNEL TABLES
-------------------

It is trivial to overflow the kernel tables which will cause
serious problems on the system. Systems with write through
caches and small write buffers is especially sensitive.

Kernel memory allocation is also a target that is sensitive.
The kernel have a kernelmap limit, if the system reach this
limit it can not allocate more kernel memory and must be rebooted.
The kernel memory is not only used for RAM, CPU:s, screens and so
on, it it also used for ordinaries processes. Meaning that any system
can be crashed and with a mean (or in some sense good) algorithm pretty
fast.

For Solaris 2.X it is measured and reported with the sar command
how much kernel memory the system is using, but for SunOS 4.X there
is no such command. Meaning that under SunOS 4.X you don't even can
get a warning. If you do use Solaris you should write sar -k 1 to
get the information. netstat -k can also be used and shows how much
memory the kernel have allocated in the subpaging.

.B.4. RAM
---------

A denial of service attack that allocates a large amount of RAM
can make a great deal of problems. NFS and mail servers are
actually extremely sensitive because they do not need much
RAM and therefore often don't have much RAM. An attack at
a NFS server is trivial. The normal NFS client will do a
great deal of caching, but a NFS client can be anything
including the program you wrote yourself...

.B.5. DISKS
-----------

A classic attack is to fill up the hard disk, but an attack at
the disks can be so much more. For example can an overloaded disk
be misused in many ways.

.B.6. CACHES
-------------

A denial of service attack involving caches can be based on a method
to block the cache or to avoid the cache.

These caches are found on Solaris 2.X:

Directory name lookup cache: Associates the name of a file with a vnode.

Inode cache: Cache information read from disk in case it is needed
again.

Rnode cache: Holds information about the NFS filesystem.

Buffer cache: Cache inode indirect blocks and cylinders to realed disk
I/O.

.B.7. INETD
-----------

Well once inetd crashed all other services running through inetd no
longer will work.


.C. ATTACKING FROM THE OUTSIDE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


.C.1. TAKING ADVANTAGE OF FINGER
--------------------------------

Most fingerd installations support redirections to an other host.

Ex:

    $finger @system.two.com@system.one.com

finger will in the example go through system.one.com and on to
system.two.com. As far as system.two.com knows it is system.one.com
who is fingering. So this method can be used for hiding, but also
for a very dirty denial of service attack. Lock at this:

    $ finger @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@host.we.attack

All those @ signs will get finger to finger host.we.attack again and
again and again... The effect on host.we.attack is powerful and
the result is high bandwidth, short free memory and a hard disk with
less free space, due to all child processes (compare with .D.5.).

The solution is to install a fingerd which don't support redirections,
for example GNU finger. You could also turn the finger service off,
but I think that is just a bit to much.

.C.2. UDP AND SUNOS 4.1.3.
--------------------------

SunOS 4.1.3. is known to boot if a packet with incorrect information
in the header is sent to it. This is the cause if the ip_options
indicate a wrong size of the packet.

The solution is to install the proper patch.

.C.3. FREEZING UP X-WINDOWS
---------------------------

If a host accepts a telnet session to the X-Windows port (generally
somewhere between 6000 and 6025. In most cases 6000) could that
be used to freeze up the X-Windows system. This can be made with
multiple telnet connections to the port or with a program which
sends multiple XOpenDisplay() to the port.

The same thing can happen to Motif or Open Windows.

The solution is to deny connections to the X-Windows port.

.C.4. MALICIOUS USE OF UDP SERVICES
-----------------------------------

It is simple to get UDP services (echo, time, daytime, chargen) to
loop, due to trivial IP-spoofing. The effect can be high bandwidth
that causes the network to become useless. In the example the header
claim that the packet came from 127.0.0.1 (loopback) and the target
is the echo port at system.we.attack. As far as system.we.attack knows
is 127.0.0.1 system.we.attack and the loop has been establish.

Ex:

    from-IP=127.0.0.1
    to-IP=system.we.attack
    Packet type:UDP
    from UDP port 7
    to UDP port 7

Note that the name system.we.attack looks like a DNS-name, but the
target should always be represented by the IP-number.

Quoted from proberts@clark.net (Paul D. Robertson) comment on
comp.security.firewalls on matter of "Introduction to denial of service"

    " A great deal of systems don't put loopback on the wire, and simply
    emulate it.  Therefore, this attack will only effect that machine
    in some cases.  It's much better to use the address of a different
    machine on the same network.  Again, the default services should
    be disabled in inetd.conf.  Other than some hacks for mainframe IP
    stacks that don't support ICMP, the echo service isn't used by many
    legitimate programs, and TCP echo should be used instead of UDP
    where it is necessary. "

.C.5. ATTACKING WITH LYNX CLIENTS
---------------------------------

A World Wide Web server will fork an httpd process as a respond
to a request from a client, typical Netscape or Mosaic. The process
lasts for less than one second and the load will therefore never
show up if someone uses ps. In most causes it is therefore very
safe to launch a denial of service attack that makes use of
multiple W3 clients, typical lynx clients. But note that the netstat
command could be used to detect the attack (thanks to Paul D. Robertson).

Some httpd:s (for example http-gw) will have problems besides the normal
high bandwidth, low memory... And the attack can in those causes get
the server to loop (compare with .C.6.)

.C.6. MALICIOUS USE OF telnet
-----------------------------

Study this little script:

Ex:

    while : ; do
    telnet system.we.attack &
    done

An attack using this script might eat some bandwidth, but it is
nothing compared to the finger method or most other methods. Well
the point is that some pretty common firewalls and httpd:s thinks
that the attack is a loop and turn them self down, until the
administrator sends kill -HUP.

This is a simple high risk vulnerability that should be checked
and if present fixed.

.C.7. MALICIOUS USE OF telnet UNDER SOLARIS 2.4
-----------------------------------------------

If the attacker makes a telnet connections to the Solaris 2.4 host and
quits using:

Ex:

    Control-}
    quit

then will inetd keep going "forever". Well a couple of hundred...

The solution is to install the proper patch.

.C.8. HOW TO DISABLE ACCOUNTS
-----------------------------

Some systems disable an account after N number of bad logins, or waits
N seconds. You can use this feature to lock out specific users from
the system.

.C.9. LINUX AND TCP TIME, DAYTIME
----------------------------------

Inetd under Linux is known to crash if to many SYN packets sends to
daytime (port 13) and/or time (port 37).

The solution is to install the proper patch.

.C.10. HOW TO DISABLE SERVICES
------------------------------

Most Unix systems disable a service after N sessions have been
open in a given time. Well most systems have a reasonable default
(lets say 800 - 1000), but not some SunOS systems that have the
default set to 48...

The solutions is to set the number to something reasonable.

.C.11. PARAGON OS BETA R1.4
---------------------------

If someone redirects an ICMP (Internet Control Message Protocol) packet
to a paragon OS beta R1.4 will the machine freeze up and must be
rebooted. An ICMP redirect tells the system to override routing
tables. Routers use this to tell the host that it is sending
to the wrong router.

The solution is to install the proper patch.

.C.12. NOVELLS NETWARE FTP
--------------------------

Novells Netware FTP server is known to get short of memory if multiple
ftp sessions connects to it.

.C.13. ICMP REDIRECT ATTACKS
----------------------------

Gateways uses ICMP redirect to tell the system to override routing
tables, that is telling the system to take a better way. To be able
to misuse ICMP redirection we must know an existing connection
(well we could make one for ourself, but there is not much use for that).
If we have found a connection we can send a route that
loses it connectivity or we could send false messages to the host
if the connection we have found don't use cryptation. 

Ex: (false messages to send)

    DESTINATION UNREACHABLE
    TIME TO LIVE EXCEEDED
    PARAMETER PROBLEM
    PACKET TOO BIG

The effect of such messages is a reset of the connection.

The solution could be to turn ICMP redirects off, not much proper use
of the service.

.C.14. BROADCAST STORMS
-----------------------

This is a very popular method in networks there all of the hosts are
acting as gateways.

There are many versions of the attack, but the basic method is to
send a lot of packets to all hosts in the network with a destination
that don't exist. Each host will try to forward each packet so
the packets will bounce around for a long time. And if new packets
keep coming the network will soon be in trouble.

Services that can be misused as tools in this kind of attack is for
example ping, finger and sendmail. But most services can be misused
in some way or another.

.C.15. EMAIL BOMBING AND SPAMMING
---------------------------------

In a email bombing attack the attacker will repeatedly send identical
email messages to an address. The effect on the target is high bandwidth,
a hard disk with less space and so on... Email spamming is about sending
mail to all (or rather many) of the users of a system. The point of
using spamming instead of bombing is that some users will try to
send a replay and if the address is false will the mail bounce back. In
that cause have one mail transformed to three mails. The effect on the
bandwidth is obvious.

There is no way to prevent email bombing or spamming. However have
a look at CERT:s paper "Email bombing and spamming".

.C.16. TIME AND KERBEROS
------------------------

If not the the source and target machine is closely aligned will the
ticket be rejected, that means that if not the protocol that set the
time is protected it will be possible to set a kerberos server of
function.

.C.17. THE DOT DOT BUG
----------------------

Windows NT file sharing system is vulnerable to the under Windows 95
famous dot dot bug (dot dot like ..). Meaning that anyone can crash
the system. If someone sends a "DIR ..\" to the workstation will a
STOP messages appear on the screen on the Windows NT computer. Note that
it applies to version 3.50 and 3.51 for both workstation and server
version.

The solution is to install the proper patch.

.C.18. SUNOS KERNEL PANIC
-------------------------

Some SunOS systems (running TIS?) will get a kernel panic if a
getsockopt() is done after that a connection has been reset.

The solution could be to install Sun patch 100804.

.C.19. HOSTILE APPLETS
----------------------

A hostile applet is any applet that attempts to use your system
in an inappropriate manner. The problems in the java language
could be sorted in two main groups:

    1) Problems due to bugs.
    2) Problems due to features in the language.

In group one we have for example the java bytecode verifier bug, which
makes is possible for an applet to execute any command that the user
can execute. Meaning that all the attack methods described in .D.X.
could be executed through an applet. The java bytecode verifier bug
was discovered in late March 1996 and no patch have yet been available
(correct me if I'am wrong!!!).

Note that two other bugs could be found in group one, but they
are both fixed in Netscape 2.01 and JDK 1.0.1.

Group two are more interesting and one large problem found is the
fact that java can connect to the ports. Meaning that all the methods
described in .C.X. can be performed by an applet. More information
and examples could be found at address:
   
    http://www.math.gatech.edu/~mladue/HostileArticle.html

If you need a high level of security you should use some sort of
firewall for protection against java. As a user you could have
java disable.

.C.20. VIRUS
------------

Computer virus is written for the purpose of spreading and
destroying systems. Virus is still the most common and famous
denial of service attack method.

It is a misunderstanding that virus writing is hard. If you know
assembly language and have source code for a couple of virus it
is easy. Several automatic toolkits for virus construction could
also be found, for example:
   
    * Genvir.
    * VCS (Virus Construction Set).
    * VCL (Virus Construction Laboratory).
    * PS-MPC (Phalcon/Skism - Mass Produced Code Generator).
    * IVP (Instant Virus Production Kit).
    * G2 (G Squared).

PS-MPC and VCL is known to be the best and can help the novice programmer
to learn how to write virus.

An automatic tool called MtE could also be found. MtE will transform
virus to a polymorphic virus. The polymorphic engine of MtE is well
known and should easily be catch by any scanner.

.C.21. ANONYMOUS FTP ABUSE
--------------------------

If an anonymous FTP archive have a writable area it could be misused
for a denial of service attack similar with with .D.3. That is we can
fill up the hard disk.

Also can a host get temporarily unusable by massive numbers of
FTP requests.

For more information on how to protect an anonymous FTP site could
CERT:s "Anonymous FTP Abuses" be a good start.

.C.22. SYN FLOODING
-------------------

Both 2600 and Phrack have posted information about the syn flooding attack.
2600 have also posted exploit code for the attack.

As we know the syn packet is used in the 3-way handshake. The syn flooding
attack is based on an incomplete handshake. That is the attacker host
will send a flood of syn packet but will not respond with an ACK packet.
The TCP/IP stack will wait a certain amount of time before dropping
the connection, a syn flooding attack will therefore keep the syn_received
connection queue of the target machine filled.

The syn flooding attack is very hot and it is easy to find more information
about it, for example:

    [.1.] http://www.eecs.nwu.edu/~jmyers/bugtraq/1354.html
    Article by Christopher Klaus, including a "solution".
   
    [.2.] http://jya.com/floodd.txt
    2600, Summer, 1996, pp. 6-11. FLOOD WARNING by Jason Fairlane

    [.3.] http://www.fc.net/phrack/files/p48/p48-14.html
    IP-spoofing Demystified by daemon9 / route / infinity
         for Phrack Magazine

.C.23. PING FLOODING
--------------------

I haven't tested how big the impact of a ping flooding attack is, but
it might be quite big.

Under Unix we could try something like: ping -s host
to send 64 bytes packets.

If you have Windows 95, click the start button, select RUN, then type
in: PING -T -L 256 xxx.xxx.xxx.xx. Start about 15 sessions.

.C.24. CRASHING SYSTEMS WITH PING FROM WINDOWS 95 MACHINES
----------------------------------------------------------

If someone can ping your machine from a Windows 95 machine he or she might
reboot or freeze your machine. The attacker simply writes:

ping -l 65510 address.to.the.machine

And the machine will freeze or reboot.

Works for kernel 2.0.7 up to version 2.0.20. and 2.1.1. for Linux (crash).
AIX4, OSF, HPUX 10.1, DUnix 4.0 (crash).
OSF/1, 3.2C, Solaris 2.4 x86 (reboot).

.C.25. MALICIOUS USE OF SUBNET MASK REPLY MESSAGE
--------------------------------------------------

The subnet mask reply message is used under the reboot, but some
hosts are known to accept the message any time without any check.
If so all communication to or from the host us turned off, it's dead.

The host should not accept the message any time but under the reboot.

.C.26. FLEXlm
-------------

Any host running FLEXlm can get the FLEXlm license manager daemon
on any network to shutdown using the FLEXlm lmdown command.

# lmdown -c /etc/licence.dat
lmdown - Copyright (C) 1989, 1991 Highland Software, Inc.

Shutting down FLEXlm on nodes: xxx
Are you sure? [y/n]: y
Shut down node xxx
#

.C.27. BOOTING WITH TRIVIAL FTP
-------------------------------

To boot diskless workstations one often use trivial ftp with rarp or
bootp. If not protected an attacker can use tftp to boot the host.


.D. ATTACKING FROM THE INSIDE
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.D.1. KERNEL PANIC UNDER SOLARIS 2.3
------------------------------------

Solaris 2.3 will get a kernel panic if this
is executed:

EX:
   
    $ndd /dev/udp udp_status

The solution is to install the proper patch.

.D.2. CRASHING THE X-SERVER
---------------------------

If stickybit is not set in /tmp then can the file /tmp/.x11-unix/x0
be removed and the x-server will crash.

Ex:

    $ rm /tmp/.x11-unix/x0

.D.3. FILLING UP THE HARD DISK
-----------------------------

If your hard disk space is not limited by a quota or if you can use
/tmp then it`s possible for you to fill up the file system.

Ex:

    while : ;
    mkdir .xxx
    cd .xxx
    done

.D.4. MALICIOUS USE OF eval
---------------------------

Some older systems will crash if eval '\!\!' is executed in the
C-shell.

Ex:

    % eval '\!\!'
   
.D.5. MALICIOUS USE OF fork()
-----------------------------

If someone executes this C++ program the result will result in a crash
on most systems.

Ex:
   
    #include <sys/types.h>
    #include <unistd.h>
    #include <iostream.h>
   
    main()
    {
        int x;
        while(x=0;x<1000000;x++)
            {
                system("uptime");
                fork();
            }
    }

You can use any command you want, but uptime is nice
because it shows the workload.

To get a bigger and very ugly attack you should however replace uptime
(or fork them both) with sync. This is very bad.

If you are real mean you could also fork a child process for
every child process and we will get an exponential increase of
workload.

There is no good way to stop this attack and
similar attacks. A solution could be to place a limit
on time of execution and size of processes.

.D.6. CREATING FILES THAT IS HARD TO REMOVE
-------------------------------------------

Well all files can be removed, but here is some ideas:

Ex.I.

    $ cat > -xxx
    ^C
    $ ls
    -xxx
    $ rm -xxx
    rm: illegal option -- x
    rm: illegal option -- x
    rm: illegal option -- x
    usage: rm [-fiRr] file ...
    $

Ex.II.

    $ touch xxx!
    $ rm xxx!
    rm: remove xxx! (yes/no)? y
    $ touch xxxxxxxxx!
    $ rm xxxxxxxxx!
    bash: !": event not found
    $

    (You see the size do count!)

Other well know methods is files with odd characters or spaces
in the name.

These methods could be used in combination with ".D.3 FILLING UP THE
HARDDISK". If you do want to remove these files you must use some sort
of script or a graphical interface like OpenWindow:s File
Manager. You can also try to use: rm ./<filename>. It should work for
the first example if you have a shell.

.D.7. DIRECTORY NAME LOOKUPCACHE
--------------------------------

Directory name lookupcache (DNLC) is used whenever a file is opened.
DNLC associates the name of the file to a vnode. But DNLC can only
operate on files with names that has less than N characters (for SunOS 4.x
up to 14 character, for Solaris 2.x up 30 characters). This means
that it's dead easy to launch a pretty discreet denial of service attack.

Create lets say 20 directories (for a start) and put 10 empty files in
every directory. Let every name have over 30 characters and execute a
script that makes a lot of ls -al on the directories.

If the impact is not big enough you should create more files or launch
more processes.

.D.8. CSH ATTACK
----------------

Just start this under /bin/csh (after proper modification)
and the load level will get very high (that is 100% of the cpu time)
in a very short time.

Ex:

    |I /bin/csh
    nodename : **************b

.D.9. CREATING FILES IN /tmp
----------------------------

Many programs creates files in /tmp, but are unable to deal with the problem
if the file already exist. In some cases this could be used for a
denial of service attack.

.D.10. USING RESOLV_HOST_CONF
-----------------------------

Some systems have a little security hole in the way they use the
RESOLV_HOST_CONF variable. That is we can put things in it and
through ping access confidential data like /etc/shadow or
crash the system. Most systems will crash if /proc/kcore is
read in the variable and access through ping.

Ex:
   
    $ export RESOLV_HOST_CONF="/proc/kcore" ; ping asdf

.D.11. SUN 4.X AND BACKGROUND JOBS   
----------------------------------

Thanks to Mr David Honig <honig@amada.net> for the following:

" Put the string "a&" in a file called "a" and perform "chmod +x a".
Running "a" will quickly disable a Sun 4.x machine, even disallowing
(counter to specs) root login as the kernel process table fills."

" The cute thing is the size of the
script, and how few keystrokes it takes to bring down a Sun
as a regular user."

.D.12. CRASHING DG/UX WITH ULIMIT
---------------------------------

ulimit is used to set a limit on the system resources available to the
shell. If ulimit 0 is called before /etc/passwd, under DG/UX, will the
passwd file be set to zero.

.D.13. NETTUNE AND HP-UX
------------------------

/usr/contrib/bin/nettune is SETUID root on HP-UX meaning
that any user can reset all ICMP, IP and TCP kernel
parameters, for example the following parameters:

    - arp_killcomplete
    - arp_killincomplete
    - arp_unicast
    - arp_rebroadcast
    - icmp_mask_agent
    - ip_defaultttl
    - ip_forwarding
    - ip_intrqmax
    - pmtu_defaulttime
    - tcp_localsubnets
    - tcp_receive
    - tcp_send
    - tcp_defaultttl
    - tcp_keepstart
    - tcp_keepfreq
    - tcp_keepstop
    - tcp_maxretrans
    - tcp_urgent_data_ptr
    - udp_cksum
    - udp_defaultttl
    - udp_newbcastenable
    - udp_pmtu
    - tcp_pmtu
    - tcp_random_seq

The solution could be to set the proper permission on
/sbin/mount_union:

#chmod u-s /sbin/mount_union

.D.14. SOLARIS 2.X AND NFS
--------------------------

If a process is writing over NFS and the user goes over the disk
quota will the process go into an infinite loop.

.D.15. SYSTEM STABILITY COMPROMISE VIA MOUNT_UNION
--------------------------------------------------

By executing a sequence of mount_union commands any user
can cause a system reload on all FreeBSD version 2.X before
1996-05-18.

$ mkdir a
$ mkdir b
$ mount_union ~/a ~/b
$ mount_union -b ~/a ~/b

The solution could be to set the proper permission on
/sbin/mount_union:

#chmod u-s /sbin/mount_union

.D.16. trap_mon CAUSES KERNEL PANIC UNDER SUNOS 4.1.X
----------------------------------------------------

Executing the trap_mon instruction from user mode can cause
a kernel panic or a window underflow watchdog reset under
SunOS 4.1.x, sun4c architecture.


.E. DUMPING CORE
~~~~~~~~~~~~~~~~

.E.1. SHORT COMMENT
-------------------

The core dumps things don't really belongs in this paper but I have
put them here anyway.

.E.2. MALICIOUS USE OF NETSCAPE
-------------------------------

Under Netscape 1.1N this link will result in a segmentation fault and a
core dump.

Ex:

    <a name="http://xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.xxx.
    xxx.xxx.xxx.xxx.xxxxxx.xxx.xxx.xxx.xxx.xxx...>

.E.3. CORE DUMPED UNDER WUFTPD
------------------------------

A core dumped could be created under wuftp with two different
methods:

    (1) Then pasv is given (user not logged in (ftp -n)). Almost all
    versions of BSD:s ftpd.
    (2) More than 100 arguments is given with any executable
    command. Presents in all versions of BSD:sd ftpd.

.E.4. ld UNDER SOLARIS/X86
--------------------------

Under Solaris 2.4/X86 ld dumps core if given with the -s option.


.F. HOW DO I PROTECT A SYSTEM AGAINST DENIAL OF SERVICE ATTACKS?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

.F.1. BASIC SECURITY PROTECTION
-------------------------------

.F.1.1. INTRODUCTION
--------------------

You can not make your system totally secured against denial of service
attacks but for attacks from the outside you can do a lot. I put this
work list together and hope that it can be of some use.

.F.1.2. SECURITY PATCHES
------------------------

Always install the proper security patches. As for patch numbers
I don't want to put them out, but that doesn't matter because you
anyway want to check that you have all security patches installed,
so get a list and check! Also note that patches change over time and
that a solution suggested in security bulletins (i.e. CERT) often
is somewhat temporary.

.F.1.3. PORT SCANNING
---------------------

Check which services you have. Don't check with the manual
or some configuration file, instead scan the ports with sprobe
or some other port scanner. Actual you should do this regualy to see
that anyone don't have installed a service that you don't want on
the system (could for example be service used for a pirate site).

Disable every service that you don't need, could for example be rexd,
fingerd, systat, netstat, rusersd, sprayd, pop3, uucpd, echo, chargen,
tftp, exec, ufs, daytime, time... Any combination of echo, time, daytime
and chargen is possible to get to loop. There is however no need
to turn discard off. The discard service will just read a packet
and discard it, so if you turn off it you will get more sensitive to
denial of service and not the opposite.

Actual can services be found on many systems that can be used for
denial of service and brute force hacking without any logging. For
example Stock rexec never logs anything. Most popd:s also don't log
anything

.F.1.4. CHECK THE OUTSIDE ATTACKS DESCRIBED IN THIS PAPER
---------------------------------------------------------

Check that attacks described in this paper and look at the
solution. Some attacks you should perform yourself to see if they
apply to your system, for example:

    - Freezing up X-Windows.
    - Malicious use of telnet.
    - How to disable services.
    - SunOS kernel panic.
    - Attacking with lynx clients.
    - Crashing systems with ping from Windows 95 machines.
   
That is stress test your system with several services and look at
the effect.

Note that Solaris 2.4 and later have a limit on the number of ICMP
error messages (1 per 500 ms I think) that can cause problems then
you test your system for some of the holes described in this paper.
But you can easy solve this problem by executing this line:

$ /usr/sbin/ndd -set /dev/ip ip_icmp_err_interval 0
                                                           
.F.1.5. CHECK THE INSIDE ATTACKS DESCRIBED IN THIS PAPER
--------------------------------------------------------

Check the inside attacks, although it is always possibly to crash
the system from the inside you don't want it to be to easy. Also
have several of the attacks applications besides denial of service,
for example:

    - Crashing the X-Server:     If stickybit is not set in /tmp
                    a number of attacks to gain
                    access can be performed.

    - Using resolv_host_conf:    Could be used to expose
                    confidential data like
                    /etc/shadow.

    - Core dumped under wuftpd:    Could be used to extract
                    password-strings.

If I don't have put out a solution I might have recommended son other paper.
If not I don't know of a paper with a solution I feel that I can recommend.
You should in these causes check with your company.

.F.1.6. EXTRA SECURITY SYSTEMS
------------------------------

Also think about if you should install some extra security systems.
The basic that you always should install is a logdaemon  and a wrapper.
A firewall could also be very good, but expensive. Free tools that can
be found on the Internet is for example:

TYPE:        NAME:        URL:

LOGDAEMON    NETLOG        ftp://net.tamu.edu/pub/security/TAMU
WRAPPER        TCP WRAPPERS    ftp://cert.org/pub/tools/tcp_wrappers
FIREWALL    TIS         ftp://ftp.tis.com/pub/firewalls/toolkit

Note that you should be very careful if building your own firewall with
TIS or you might open up new and very bad security holes, but it is a very
good security packer if you have some basic knowledge.

It is also very good to replace services that you need, for example telnet,
rlogin, rsh or whatever, with a tool like ssh. Ssh is free and can be
found at URL:

    ftp://ftp.cs.hut.fi/pub/ssh

The addresses I have put out are the central sites for distributing
and I don't think that you should use any other except for CERT.

For a long list on free general security tools I recommend:
"FAQ: Computer Security Frequently Asked Questions".

.F.1.7. MONITORING SECURITY
---------------------------

Also monitor security regular, for example through examining system log
files, history files... Even in a system without any extra security systems
could several tools be found for monitoring, for example:

    - uptime
    - showmount
    - ps
    - netstat
    - finger

(see the man text for more information).

.F.1.8. KEEPING UP TO DATE
--------------------------

It is very important to keep up to date with security problems. Also
understand that then, for example CERT, warns for something it has often
been dark-side public for sometime, so don't wait. The following resources
that helps you keeping up to date can for example be found on the Internet:

    - CERT mailing list. Send an e-mail to cert@cert.org to be placed
    on the list.
   
    - Bugtraq mailing list. Send an e-mail to bugtraq-request@fc.net.

    - WWW-security mailing list. Send an e-mail to
    www-security@ns2.rutgers.edu.

.F.1.9. READ SOMETHING BIGGER AND BETTER
----------------------------------------

Let's start with papers on the Internet. I am sorry to say that it is not
very many good free papers that can be found, but here is a small collection
and I am sorry if have have over looked a paper.

(1) The Rainbow books is a long series of free books on computer security.
US citizens can get the books from:

    INFOSEC AWARENESS OFFICE
    National Computer Security Center
    9800 Savage Road
    Fort George G. Meader, MD 20755-600

We other just have to read the papers on the World Wide Web. Every
paper can not however be found on the Internet.

(2) "Improving the security of your Unix system" by Curry  is also very
nice if you need the very basic things. If you don't now anything about
computer security you can't find a better start.

(3) "The WWW security FAQ" by Stein is although it deal with W3-security
the very best better on the Internet about computer security.

(4) CERT have aklso published several good papers, for example:

    - Anonymous FTP Abuses.
    - Email Bombing and Spamming.
    - Spoofed/Forged Email.
    - Protecting yourself from password file attacks.

I think however that the last paper have overlooked several things.

(5) For a long list on papers I can recommend:
"FAQ: Computer Security Frequently Asked Questions".

(6) Also see section ".G. SUGGESTED READING"

You should also get some big good commercial book, but I don't want
to recommend any.

.F.2. MONITORING PERFORMANCE
----------------------------

.F.2.1. INTRODUCTION
--------------------

There is several commands and services that can be used for
monitoring performance. And at least two good free programs can
be found on Internet.

.F.2.2. COMMANDS AND SERVICES
-----------------------------

For more information read the man text.

netstat        Show network status.
nfsstat        Show NFS statistics.
sar        System activity reporter.
vmstat        Report virtual memory statistics.
timex        Time a command, report process data and system
        activity.
time         Time a simple command.
truss        Trace system calls and signals.
uptime        Show how long the system has been up.

Note that if a public netstat server can be found you might be able
to use netstat from the outside. netstat can also give information
like tcp sequence numbers and much more.

.F.2.3. PROGRAMS
----------------

Proctool: Proctool is a freely available tool for Solaris that monitors
and controls processes.
    ftp://opcom.sun.ca/pub/binaries/
   
Top: Top might be a more simple program than Proctool, but is
good enough.

.F.2.4. ACCOUNTING
------------------

To monitor performance you have to collect information over a long
period of time. All Unix systems have some sort of accounting logs
to identify how much CPU time, memory each program uses. You should
check your manual to see how to set this up.

You could also invent your own account system by using crontab and
a script with the commands you want to run. Let crontab run the script
every day and compare the information once a week. You could for
example let the script run the following commands:

    - netstat
    - iostat -D
    - vmstat


.G. SUGGESTED READING
~~~~~~~~~~~~~~~~~~~~~

.F.1. INFORMATION FOR DEEPER KNOWLEDGE
-------------------------------------

(1) Hedrick, C. Routing Information Protocol. RFC 1058, 1988.
(2) Mills, D.L. Exterior Gateway Protocol Formal Specification. RFC 904, 1984.
(3) Postel, J. Internet Control Message Protocol. RFC 792, 1981.
(4) Harrenstien, K. NAME/FINGER Protocol, RFC 742, 1977.
(5) Sollins, K.R. The TFTP Protocol, RFC 783, 1981.
(6) Croft, W.J. Bootstrap Protocol, RFC 951, 1985.

Many of the papers in this category was RFC-papers. A RFC-paper
is a paper that describes a protocol. The letters RCS stands for
Request For Comment. Hosts on the Internet are expected to understand
at least the common ones. If you want to learn more about a protocol
it is always good to read the proper RFC. You can find a nice sRFC
index search form at URL:

    http://pubweb.nexor.co.uk/public/rfc/index/rfc.html

.F.2. KEEPING UP TO DATE INFORMATION
------------------------------------

(1) CERT mailing list. Send an e-mail to cert@cert.org to be placed
on the list.
(2) Bugtraq mailinglist. Send an e-mail to bugtraq-request@fc.net.
(3) WWW-security mailinglist. Send an e-mail to www-security@ns2.rutgers.edu.
(4) Sun Microsystems Security Bulletins.
(5) Various articles from:         - comp.security.announce
                    - comp.security.unix
                    - comp.security.firewalls
(6) Varius 40Hex Issues.

.F.3. BASIC INFORMATION
-----------------------

(1) Husman, H. INTRODUKTION TILL DATASÄKERHET UNDER X-WINDOWS, 1995.
(2) Husman, H. INTRODUKTION TILL IP-SPOOFING, 1995.
(3) The following rainbow books:    - Teal Green Book (Glossary of
                    Computer Security Terms).
                    - Bright Orange Book( A Guide
                    to Understanding Security Testing
                    and Test Documentation in Trusted
                    Systems).
                    - C1 Technical Report-001
                    (Computer Viruses: Preventation,
                    Detection, and Treatment).
(4) Ranum, Marcus. Firewalls, 1993.
(5) Sun Microsystems, OpenWindows V3.0.1. User Commands, 1992.
(6) Husman, H. ATT SPÅRA ODOKUMENTERADE SÄKERHETSLUCKOR, 1996.
(7) Dark OverLord, Unix Cracking Tips, 1989.
(8) Shooting Shark, Unix Nasties, 1988.
(9) LaDue, Mark.D. Hostile Applets on the Horizone, 1996.
(10) Curry, D.A. Improving the security of your unix system, 1990.
(11) Stein, L.D. The World Wide Web security FAQ, 1995.
(12) Bellovin, S.M. Security Problems in the TCP/IP Protocol, 1989.

.H. COPYRIHT
------------

This paper is Copyright (c) 1996 by Hans Husman.

Permission is hereby granted to give away free copies electronically. You
may distribute, transfer, or spread this paper electronically. You may not
pretend that you wrote it. This copyright notice must be maintained in any
copy made. If you wish to reprint the whole or any part of this paper in any
other medium excluding electronic medium, please ask the author for
permission.

.I. DISCLAIMER
--------------

The information within this paper may change without notice. Use of this
information constitutes acceptance for use in an AS IS condition. There are
NO warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is at the
user's own risk.







   




9:10 PM

An Introduction into TeleScan

  The Ultimate Skip Tracing Weapon

INTRODUCTION
 Whats all the hoopla? Well I've been trying to find a good ANI demo ever
 since IIRG's went down at the first of the year [800-852-9932]. Well I
 finally got one from The Mortician. Here it is...
                           8 0 0 . 7 7 5 . 5 5 1 3
 This is an ANI demo provided by a security company called TEL-SCAN(tm). Now
 ANI is cool and useful and everything, but it isn't hardly worthy of one of
 my wonderful headers. But see, theres more at stake here. Call the demo and
 get the ANI info and all that, and if you're a lamer stop there. But if
 you're kK00l enough, stay on the line and find out more about TEL-SCAN(tm),
 the company providing the demo.
THE TEL-SCAN(tm) NETWORK
 TEL-SCAN(tm) is a Colorado based Security service that offers an improvised
 skip-tracing method to Private Investigators, (or anyone with money and a
 good MO). How it works is this: subscribers are provided with an 800
 "Identifier Line" which when called automatically identifies the incoming
 number and records it into a corresponding Voice Mail Box. The subscriber can
 then call the Mail Box and it will relay to him all incoming calls to the
 "Identifier Line". 2-o0 pH_ukYn /<eW/! The possibilities with ANI and VMBs at
 hand are endless!!!
 TEL-SCAN(tm) can be used as such: Get a bunch of business cards printed with
 the "Identifier Line" printed as your phone number. If you're looking for
 someone, leave your card around places where they're likely to get it. When
 they call, you've got the number they're calling from and possibly an
 important lead. Viola! Skip-Tracing improvised. No this of course is
 constitutes intended use. As far as underground use goes...well...you know.
TEL-SCAN(tm) GEOGRAPHICALS
 For more information on TEL-SCAN(tm) write or call::
                    TEL-SCAN(tm)
                    2641 North Taft
                    Loveland, CO  80538
                    Number: 303.663.1703
                       FAX: 303.663.1708
 By the way when you call, you will be asked where you heard about TEL-
 SCAN(tm). DO NOT say you heard it from me (duh)! Have a good one ready
 because they will hang up on you if they think something is funny.
TEL-SCAN(tm) PRICES
 This service has a one time activation fee of $67.00 dollars. Thereafter you
 are charged $5.00 dollars everytime the service identifies a number for you.
 You are billed monthly if applicable, but there are no mandatory monthly
 fees. Now here's the good part: you can subscribe to the service via FAXed
 licensing agreement at which time you will IMMEDIATLEY be issued a Mail Box
 and a "Line Identifier". They will bill you later for the activation fee. Not
 to shabby huh?
OUTRODUCTION
 Well thats it, and thanks again to The Mortician at Lies, Hate, and Deception
 (LHD·) for this one. Look for other oB files (with great headers) labeled as
 xxxxxxxx.oB. These files can be found at...
 .%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.
 .%   oleBuzzard's kn0wledge phreak   %.%   sUmthyn lykE 4000+ text fylez   %. 
 .%   AC 303.382.5968--NUP = NO NUP   %.%   hAck/phrEAk/AnArky/vIrII/cArd   %. 
 .%   24oo-14.4ooKiloBaud-Open 24/7   %.%   n0 phUckyn lAmEr wArEz do0dz!   %.
 .%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%.
8:59 PM

Hacking UNIX


  
       An Indepth Guide in Hacking UNIX and the             
           concept of Basic Networking Utility        /|\
            \|/        Phreakers/Hackers Underground Network          
Brief history on UNIX
----------------------
Its because of Ken Tompson that today were able to Hack Unix.He used to work
for Bell Labs in the 60s.Tompson started out using the MULTICS OS which was
later eliminated and Tompson was left without an operating system to work with.
Tompson had to come up with something real quick.He did some research and
and in 1969 UNIX came out,which was a single user and it didn't have
many capabilities.A combined effort with others he rewrote the version
in C and added some good features.This version was out in 1973 and was
available to the public.This was the first begining of UNIX as its known     
presently.The more refined version of UNIX,today know as UNIX system V     
developed by Berkley University has unique capabilities.
Various types of UNIXes are CPIX,Berkeley Ver 4.1,Berkeley 4.2,FOS,Genix,HP-UX,
IS/I,OSx,PC-IX,PERPOS,Sys3,Ultrix,Zeus,Xenix,UNITY,VENIX,UTS,Unisys,Uniplus+,
UNOS,Idris,QNIX,Coherent,Cromix,System III,System 7,Sixth edition.

The article it self:
--------------------
I believe that hacking into any system requires knowledge of the Operating
system itself.Basically what I will try to do is make you more familiar with
UNIX  operation ,its usefull commands that will be advantageous to you as a 
hacker.This article contains in depth explainations.                     

Error Messages that one may came across:[UNIX system V]
----------------------------------------
Login incorrect - An ivalid ID and/or pw was entered.This means nothing.
                  In UNIX there is no way guessing valid user IDs.You may    
                  come across this one when trying to get in.
No more logins - will happens when the system wont accept anymore logins
                 could be going down           
Unknown Id - will happen if an ivalid id is entered using (su) command
Unexpected eof in file - The file being stripped file has been damaged
Your password has expired - This is quiet rare although there have been cases
                            where it happened.Reading the etc/passwd will
                            show you at how many intervals it changes.
You may not change the password - The password has not yet aged enough.The
                                  Administrator set the quotas for the users
Unknown group [groups name] - occurs when chgrp is executed ,group doesn't
                              exist
Sorry - Indicated that you have typed in an invalid super user password(execu-
        tion of the su)
Permission denied!- Indicated you must be the owner or a super user to change
                    password.
Sorry <[# of weeks] since last change - This will happen when password has   
                                        has not aged enough and you tried to
                                        change it(passwd)
[directory name]:no permission - You are trying to remove a directory which
                                 you have no permission to.
[file name] not removed - trying to delete a file owned by another user
                          that you dont have write pemision for.
[dirname] not removed - ownership of the dir is not your that your trying to 
                        delete.
[dirname] not empty - the directory contains files so you must have to delete
                      the files before executing the rmdir
[command] not found - you have entered an ivalid command not know to UNIX
cant execute pwd - some thing wrong with the system cant execute pwd command
cannot chdir to .. -   (.. one level up) permision is required to execute pwd
                       above the current directory
cant open [file name] - defined wrong path,file name or you have no read
                        permission
cp:[file name] and [file name] are identical - self explanatory 
cannot locate parent directory - occurs when using mv
[file name] not found - file which your trying to move doesn't exsist
You have mail - Self explanatory

Basic Networking Utility error messages
---------------------------------------
cu:not found - networking not installed
login failed - invalid id/pw or wrong # specified
dial failed - the systen never answered due to a wrong #
uucp completely failed - did not specify file after -s
wrong time to call - you called at the time at a time not specified in the
                     Systems file
system not in systems - you called a remote not in the systems file

Logon format : first thing one must do is switch to lower case
--------------
Identifing a UNIX.Here is what you'll see:
Some times there will be no system identifer
                            
AT&T UNIX SysVR3.0 (eg of a system identifier)

login:
 or
Login:

Any of these is a UNIX.Here is where you will have to guess at a user valid
id.Here are some that I have come across eg( glr,glt,radgo,rml,chester,cat,
lom,cora,hlto,hwill,edcasey and also some containing numbers smith1,mitu6 or
special characters in it like bremer$,j#fox.Login names have to be 3 to 8
chracters in lenght lowercase and must start with a letter.In some XENIX
systems one may login as "guest"

User level accounts:(lower case)
--------------------
In Unix they have whats called accounts .These
accounts can be used at the "login:" prompt.
Here is a list:

sys
bin
trouble
daemon
uucp
nuucp 
rje
lp
adm
listen - if starlan is installed

Super-user accounts:
--------------------
And then there are super-user login which make UNIX worth hacking.  
The accounts are used for a specific job. In large systems these logins
are assingned to users who have a responsibilty to maintain subsystems.

They are as follows :(all lower case)

root       -  this is a must the system comes configured with it.It has no
              restriction.Has power over every other account.
unmountsys -  unmounts files
setup      -  system set up
makefsys   -  makes a new file
sysadm     -  allows useful S.A commands(doesn't need root login)
powerdown  -  powering system down
mountfsys  -  mounts files
checkfsys  -  checks file

These accounts will definitly have passwords assigned to them.These
accounts are also commands used by the system administrator.

Here are some examples of accounts I have seen:

cron         uuhelp     usenet
anonuccp     news       network
bellboy      lp         vector
guest        games      ninja
vote         warble     sysinfo



After the login prompt you will receive a password prompt:

password:
  or
Password:
   
Enter the password (it wont echo).The password rule is as follows:Each pw
has to contain at least 6 characters and maximum has to be 8 .Two of which are
to be alphabetic letters and at least one being a number or a special character
The alphabetic digits could be in upper case or lower case.Here are some of the
passwords that I have seen (eg.Ansuya1,PLAT00N6,uFo/78,ShAsHi..,Div417co)

The passwords for the super user accounts will be difficult to hack
try  the accounts interchangebly eg.login:sysadm password:makefsys or rje1,
sysop,sysop1,bin4 or they might contain letter,numbers,special chracters in
them.It could be anything.The user passwords are changed by an aging proccess
at successive intervals.The users are forced to changed it.The super-user
will pick a password that wont need changing for a long period of time.

You have made it!
-----------------
The hard part is over and hopefully you have hacked a super-user account.
Remember Control-d stops a process and also logs you off.
The next thing you'll probably see is the system news
eg.

login:john
password:hacker1       
System news                
There will be no networking offered to the users till
august 15,due to hardware problems.            
(just an example)

$

$ is the Unix prompt -waiting for a command to be entered.I will use this
                      throught the article to show outouts etc..(Its not
                      part of the command)
# - means your logged in as root(very good)

A word about the XENIX System III:(run on the tandy 6000)
---------------------------------                 
The largest weakness in the XENIX System III occurs after the installation
of the Profile-16 or more commonly know as the filepro-16.I have seen the    
filepro-16 installed in many systems.         
The installation process creates an entry in the password file for a user 
named \fBprofile\fR ,an account that who owns and administors the database.
The great thing about it is that when the account is created ,no password is
assigned to it.The database contains executable to maintain it.The database
creation programs perform a \fBsetuid\fR to boot up the \fBoot\fR  there by
giving a person the whole C Shell to gain Super User privilege same as root.
Intresting huh!
                    

* Note: First the article will inform you of how the Unix is made up

The Unix is made if three components-The shell,the kernal,file system.

The kernal:
-----------
You could say that the kernal is the heart of the Unix operating system.
The kernal is a low level language lower than the shell which maintains
processes .The kernal handles memory usage ,maintains file system
the sofware and hardware devices.

The shell:
----------
The shell a higher level language. The shell had two important uses,
to act as command interpreture for example using commands like cat,who,      
ls the the shell is at work figuring out whether you have entered a command
correctly or not.The second most important reason for the shell is its ability
to be used as programing language.Suppose your performing some tasks     
repeatedly over and over again,You can program the shell to do this for you.
        
The file system:  
---------------
The file system in Unix is divede into 3 catagories:Directories,ordinary files
and special files.(d,-)
         
Basic stucture:       
(/)-this is abreviation for the root dirctory.
  root level                      root
                                  (/)                                  system
-------------------------------------|----------------------------------level
|      |        |         |                  |        |       |        |
/unix   /etc    /dev      /tmp               /lib     /usr    /usr2    /bin
        |                                        _____|_____
login passwd                                     |    |    |
level                                            /john  /cathy   
                             ________________________|_______________
                            |        |     |      |        |        |
                        .profile   /mail  /pers  /games   /bin     /michelle
*.profile - in case                        |    __|______  |      __|_______
 you wich to change your enviroment     capital |        | data   |         |
but after you log off.It sets to              othello  starwars letter letter1
default.                                    

the /unix-is the kernal
/etc - contains system administrators files,Most are not available to the
       regular user.(this directory contains the /passwd file)

    Here are some files under /etc directory:
    /etc/passwd
    /etc/utmp
    /etc/adm/sulog
    /etc/motd
    /etc/group
    /etc/conf
    /etc/profile
 
/dev - contains files for physical devices such as printer and the disk drives
/tmp - temporary file directory
/lib - dirctory that contains programs for high level languages
/usr - this directory contains dirctories for each user on the system

     Eg. of a list of files under /usr
    /usr/tmp
    /usr/lib
    /usr/docs
    /usr/news
    /usr/spool
    /usr/spool/lp
    /usr/lib/uucp

/bin - contain executable programs (commands)

The root also contains:                                                      
/bck - used to mount a back up file system.
/install - Used to install and remove utilities
/lost+found - This is where all the removed files go,This dir is used by fsck
              (1M)
/save -A utility used to save data
/mnt - Used for temporary mounting

**Now the fun part scouting around**

                 Local commands (Explained in details)
                 -------------------------------------
At the unix prompt type the pwd command-it will show you the current working
directory you are in.

$ pwd
$ /usr/admin - assuming that you have hacked into a super user acc checkfsys
$

This gives you the full login directory.The / before tell you the location
of the root directory                    

or

(REFER TO THE DIAGRAM ABOVE)
$ pwd
$ /usr/john  
$
Assuming you have hacked into johns acc.

Now lets say you wanted to move down to the michelle directory( you own this)
that contains letters.You would type in

$ cd michelle or cd usr/john/michelle
$ pwd
$ /usr/john/michelle
$

Going back one directory up type in:
$ cd ..
or going to your parent directory just type in "cd"
     
Listing file directories assuming you are in the parent directory:

$ ls /usr/john
mail
pers
games       
bin
michelle
This wont give you the .profile file .To view it type
$ cd
$ ls -a
:
:
.profile

To list file names in michelles directory type in:
$ ls michelle (that if your in the johns directory)
$ ls /usr/john/michelle(parent dir)

ls -l           
-----            
The ls -l is an an important command in unix.This command displays the whole
directory in long format :Run this in parent directory

$ ls -l
total 60
-rwxr-x---    5 john      bluebox    10 april 9  7:04  mail
drwx------    7 john      bluebox    30 april 2  4:09  pers
     :            :         :         :     :      :    :
     :            :         :         :     :      :    :
-rwxr-x---     6 cathy    bluebox    13 april 1  13:00 partys
     :            :         :         :     :      :    :
$
  
The total 60 tells one the ammount of disk space used in a directory.The    
-rwxr-x--- is read in triples of 3.The first chracter eg(-,d,b,c)-means as
follows: - is an ordinary file ,d is a directory,b is block file,c is a
chracter file.
The r stands for read permission,w is write permission,x is execute.The first
colum is read in 3 triples as stated above.The first group of 3 (in -rwxr-x---)
after the "-" specifies the permission for the owner of the file,the second
triple are for the groups (the fourth colum) and the last triple are the     
permissions for all other users.Therefore the -rwxr-x--- is read as follows.
The owner john has permission to read,write and execute anything in the bin
directory but the group has no write permission to it and the rest of the users
have no permission at all.The format of one of the lines in the above output
is as follows:

file type-permissions,links,usersname,group,bytes taken,date,time when last
renued,directory or file name.
**You will be able to read,execute cathys file named party due to the same
group***

chmod                   
-----            
The chmod command changes permission of a directory or a file.Format is
chmod who+,-,=r,w,x
The who is substituted by u-user,g-group,o-other users,a-all.
The + means add permission,- means remove permission,= - assign. 
Example :If you wanted all other users to read the file name mail ,type:  

$ chmod o+r mail

cat        
---         
Now suppose you wanted to read the file letter .There are teo ways to doing
this.First go to the michelle directory then type in:

$ cat letter
line one ...\
line two ... }the output of letter
line three../
$
   or
If you are in the parent directory type in:
$ cat /usr/john/michelle/letter
and you will have the same output.

Some cat options are  -s,-u,-v,-e,-t

Special Chracters in Unix:
-------------------------
*  - matches any number of single characters eg. ls john* will list
     all files that begin with john
[...] - matchs any one of the chracter in the [ ]
? - matches any single chracter
runs a process in the backgroung leaving your terminal free
$ - Values used for variables also $n - null argument
> - redirectes output
< - redirects input to come from a file
>> - redirects command to be added to the end of a file
| - pipe output (eg:who|wc-l tells us how many users are online)
"..." - Turn of meaning of special chracters excluding $,`
`...` - allows command output in to be used in a command line
'...' - turns of special meaning of all chracters

continuation of local commands...[     ] -contains the options used
-------------------------------
passwd
------
Password changing seems to be a big thing among the savants.Anyway to change
the password one would use the 'passwd' command as shown below:

   $passwd
   Changing password for john
   Old password:                             
   New password:                             
   Retype new password:
   $
 
This will only work when the password has aged enough

ps
--
Its sometimes necessary to see what command procesess you are running,this
command lets you see that.
ps [-a all processes except group leaders] [-e all processes] [-f the whole
   list]                                                          

   $ps
   PID   TTY  TIME   COMMAND
   200   tty09 14:20  ps

   The systems reports (PID - process idenetification number which is a #
   from 1-30,000 assigned to UNIX processes)
   It also reports the TTY,TIME and the COMMAND being executed at the time.
   To stop a process enter :   

   $kill [PID] (this case its 200)
   200 terminated
   $

grep
----
This comand is important when seaching for a word or words in large files.

grep [argument] [file name] - searchs for an file that contains the argument
                              for example:
   $ grep phone cathy
    phone   michelle  (718)5551234
    phone   cindy   (718)5553456

    What this did was to find the argument 'phone' in the file cathy.If the
    argument consists of two or more words then  it must be enclosed in single
    quotes.


mv
--
mv [file names(s)] [ dir name ] - renames a file or moves it to another    
                                  directory eg.     
   $mv letter letters
   $
   This renames the file letter to letters thereby deleting letter
                  or if you want to move files then
   $mv /usr/john/pers/capital /usr/john/michelle/capital
   $  
   This moves the file capital to the directory named michelle

diff
----
diff [file name] [ file name] - show diffrence between two files.Output of this
                                will have something like 4,5c4,5 then the it
                                will display both sets of files on the screen
                                The 4,5c4,5 means that you must change "c"
                                lines 4 to 5 in one file to line 4 to 5 in  
                                another.
      Option for using this command are :
       -b  -  it ignores blank spaces
       -h  - compares it quickly
       -s  - reports files that are the same
       -S[file] - this is when you want to compare a directory starting at a
                  specific file
      

       There is also a command to compare 3 files which is :  

       diff3 [options] [file1] [file2] [file3]

cp
--
cp [file name] [file name] - makes a copy of a file

   $ cp letter letters
   $
   The file letters is a dupilcate copy of letter.In this case the original
   is not erased like in the mv command



.... more UNIX commands:
--------------------

man [command] or [c/r] -will give you a list of commands explainations

help - available on some UNIX systems
                 
mkdir [dir name(s)] - makes a directory     

rmdir [dir name(s)] - removes directory.You wont be able to remove the
                      directory if it contains files in them

rm [file name(s)] - removes files. rm * will erase all files in the current
                    dir.Be carefull you!!.Some options are :               
                    [-f unconditional removal] [-i Prompts user for y or n]
                       
write [login name ] - to write to other logged in users.Sort of a chat

mesg [-n] [-y] - doesn't allow others to send you messages using the write
                 command.Wall used by system adm overrides it.

$ [file name] - to execute any file

wc [file name] - Counts words,chracters,lines in a file

stty [modes] - Set terminal I/O for the current devices

sort [filename] - Sorts and merges files many options

spell [file name] > [file name] - The second file is where the misspelt words
                                  are entered

date [+%m%d%y*] [+%H%%M%S] - Displays date acoording to options

at [-r] [-l] [job] - Does a specified job at a specified time.The -r Removes
                     all previously scheduled jobs.The -l reports the job #
                     and status of all jobs scheduled

write [login] [tty] - Sends message to the login name.Chat!



su [login name]
---------------
The su command allows one to switch user to a super user to a user.Very
important could be used to switch to super user accounts.
Usage:                                               

$ su sysadm
password:

This su command will be monitored in /usr/adm/sulog and this file of all files
is carefully monitered by the system administrator.Suppose you hacked in johns
account and then switched to the sysadm account (ABOVE) your /usr/adm/sulog
entry would look like:

SU  04/19/88  21:00 + tty 12 john-sysadm

Therfore the S.A(system administrator) would know that john swithed to sysadm
account on 4/19/88 at 21:00 hours

Searching for valid login names:  
-------------------------------
Type in-
$ who  ( command informs the user of other users on the system)
cathy  tty1  april 19  2:30
john   tty2  april 19  2:19
dipal  tty3  april 19  2:31
:
:
tty is the users terminal,date,time each logged on.dipal,john are valid
logins.  

Files worth concatenating(cat)
/etc/passwd file:                   
-----------------                    
The etc/passwd is a vital file to cat.For it contains login names of all
users including super user accounts and there passwords.In the newer         
SVR3 releases they are tighting their security by moving the encrypted
passwords from /etc/passwd to /etc/shadow making it only readable by root.
This is optional offcourse.

$ cat /etc/passwd
root:D943/sys34:0:1:0000:/:
sysadm:k54doPerate:0:0:administration:usr/admin:/bin/rsh
checkfsys:Locked;:0:0:check file system:/usr/admin:/bin/rsh
:
other super user accs.
:
john:chips11:34:3:john scezerend:/usr/john:
:
other users
:
$
If you have reached this far capture this file as soon as posible.
This is a typical output etc/passwd file.The entries are seperated
by a ":".There made be up to 7 fields in each line.
Eg.sysadm account.
The first is the login name in this case sysadm.The second field contains the
password.The third field contains the user id."0 is the root".Then comes the
group id then the account which contains the user full name etc .The sixth
field is the login directory defines the full path name of the the particlar
account and the last is the program to be executed.         
Now one can switch to other super user account using su command descibed above.
The password entry in the field of the checkfsys account in the above example
is "Locked;". This doesn't mean thats its a password but the account
checkfsys cannot be accessed remotely.The ";" acts as an unused encryption
chracter.A space is also used for the same purpose.You will find this in many
UNIX systems that are small systems where the system administrator handles
all maintaince. 

Password aging: 
---------------
If password aging is active the user is forced to change the password at   
regular intervals.One may be able to tell just by looking at the /etc/passwd
file when the password is allowed to be changed and when it is compulsory to
change it.
For example the entry:

john:chips11,43:34:3:John Scezerend:/usr/john:

The password contains an extension of (,43) which mean that john can change has
to change the password atleast evert 6 weeks and can keep it for atleast 3
week.The format used is [password],Mmww.The M is the maxiumum number of weeks
password has to be change and m is the minimum interval password can be changed
and the ww is indicates when the password was last changed.

    Aging chart:
---------|-----------
Character|# of weeks
    .    |  0
    /    |  1
 0-9     | 2-11
 A-Z     | 12-37
 a-z     | 38-63
---------|-----------

From the above anyone can determine the number of weeks one can chnage the   
password.        

The (ww) is automatically added as to when the password was last changed .  

IF SHAWDOWING IS ACTIVE:
------------------------

If the shawdowing is active the /etc/passwd would look like this:

root:x:0:1:0000:/:
sysadm:x:0:0:administration:/usr/admin:/bin/rsh

The password filed is substituted by "x".

The /etc/shawdow file only readable by root will look similar to
this:

root:D943/sys34:5288::
:
super user accounts
:
Cathy:masai1:5055:7:120
:
all other users


The first field contains users id:the second contains the password(The pw will
be NONE if logining in remotely is deactivated):the third contains a code of
when the password was last changed:the fourth and the fifth contains the
minimum and the maximum numbers of days for pw changes(Its rare that you will
find this in the super user logins due to there hard to guess passwords)

 
/etc/options directory
-----------------------
The etc/options dir will consists of utilities available in the system.
Example:                 
-rwxr-xr-x   1 root  sys   40 april  1:00  uucp.name               
uucp standing for BNU

/etc/group
-----------
The file has each group on the system.Each line will have 4 entries separated
by a ":" . Example of concatenated /etc/group:

root::0:root
adm::2:adm,root
bluebox::70:

Group name:password:group id:login names
** It very unlikely that groups will have passwords assigned to them **
The id "0" is assigned to /

Sending and recieving messages:
-------------------------------
Two programs are used to manage this.They are mail & mailx.The difference
between them is that mailx is more fancier thereby giving you many choices
like replying message ,using editors etc.
Sending:
-------- 
The basic format for using this command is:

$mail [login(s)]
(now one would enter the text
after finishing enter "." a period
on the next blank line)
$
This command is also used to send mail to remote systems.Suppose you wanted
to send mail to john on a remote called ATT01
you would type in:

$mail ATT01!john

Mail can be sent to several users,just by entering more login name after
issuing the mail command

Using mailx is the same format:(This I'll describe very briefly)
$mailx john
subject:(this lets you enter the subject)
(line #1)
(line #2)
(After you finish enter (~.) not the brackets offcourse ,more commands are
available like ~p,~r,~v,~m,~h,~b etc.)

Receiving:
----------
After you log on to the system you will the account may have mail waiting.
You will be notified "you have mail".  
To read this enter:      
$mail
(line #1)
(line #2)
(line #3)
?      
$
After the message you will be prompted with a question mark.Here you have a
choice to delete it by entering d,saving it to view it later s,or just press
enter to view the next message.
(DONT BE A SAVANT AND DELETE THE POOR GUYS MAIL)

Super user commands:
--------------------
$sysadm adduser - will take you through a routine to add a user
                 (may not last long)

Enter this:

$ sysadm adduser
password:
(this is what you will see)
/--------------------------------------------------------------------------\
  Process running succommmand `adduser`    
  USER MANAGMENT

  Anytime you want to quit, type "q".
  If you are not sure how to answer any prompt, type "?" for help

  If a default appears in the question,press <RETURN> for the default.

  Enter users full name [?,q]: (enter the name you want)               
  Enter users login ID [?,q]:(the id you want to use)
  Enter users ID number (default 50000) [?,q) [?,q]:( press return )
  Enter group ID number or group name:(any name from /etc/group)
  Enter users login home directory:(enter /usr/name)
   
  This is the information for the new login:
  Users name: (name)
  login ID:(id)
  users ID:50000
  group ID or name:    
  home directory:/usr/name
 Do you want to install,edit,skip [i,e,s,q]? (enter your choice if "i" then)
 Login installed
 Do you want to give the user a password?[y,n] (its better to enter one)
 New password:
 Re-enter password:  

 Do you want to add another login?
\----------------------------------------------------------------------------/

This is the proccess to add a user.Since you hacked into a super user account
you can make a super user account by doing the following by entering 0 as an
user and a group ID and enter the home directory as /usr/admin.This will give
you as much access as the account sysadm
**Caution** - Do not use login names like Hacker,Cracker,Phreak etc .This is
a total give away.                                                          
The process of adding a user wont last very long the S.A will know when he
checks out the /etc/passwd file

$sysadm moduser - This utility allows one to modify users.DO NOT ABUSE!!!
Password:

This is what you'll see:

/----------------------------------------------------------------------------\
MODIFYING USER'S LOGIN

1)chgloginid  (This is to change the login ID)
2)chgpassword (Changing password)
3)chgshell (Changing directory DEFAULT = /bin/sh)

ENTER A NUMBER,NAME,INITIAL PART OF OF NAME,OR ? OR <NUMBER>? FOR HELP,
Q TO QUIT ?
\----------------------------------------------------------------------------/

Try every one of them out.Do not change someones password.It creates a havoc.
If you do decide to change it.Please write the original one down somewhere
and change back.Try not to leave to many traces after you had your fun.
In choice number 1 you will be asked for the login and then the new one.
In choice number 2 you will asked for the login and then supplied by it correct
password and enter a new one.
In choice 3 this is used to a pchange the login shell ** Use full **
The above utilites can be used separatly for eg( To change a password one
coulfd enter: $sysadm chgpasswd not chapassword ,The rest are same)

$sysadm deluser - This is an obviously to delete a user
password:
  
This will be the screen output:
/---------------------------------------------------------------------------\
Running subcommand 'deluser' from menu 'usermgmt'
USER MANAGEMENT 
This fuction completely removes the user,their mail file,home directory
and all files below their home directory from the machine.

Enter login ID you wish to remove[q]:      (eg.cathy)
'cathy' belongs to 'Cathy Franklin'
whose home directory is /usr/cathy
Do you want to remove this login ID 'cathy' ? [y,n,?,q] :

/usr/cathy and all files under it have been deleted.

Enter login ID you wish to remove [q]:
\--------------------------------------------------------------------------/
This command deletes everthing owned by the user.Dont use it even if you have
access to it.



other super user commands:
--------------------------
wall [text] control-d  - to send an anouncement to users logged in(will
                          override mesg -n command).Execute only from /    
/etc/newgrp - is used to become a member of a group

sysadm [program name]
        delgroup - delets groups
        whoson - self explanatory
        lsgroup - Lists group
        mklineset -hunts various sequences
        lsuser -lists all the users & their logins names

Other commands may require file system to be mounted.
 

                       Basic Networking utility(BNU)
                       -----------------------------

The BNU is a unique feature in UNIX.Some systems may not have this installed.
What BNU does is allow other remote UNIXes communicate with yours without
logging off the present one.BNU also allowes file transfer between computers.
Most UNIX systems V will have this feature installed.

The user program like cu,uux etc are located in the /usr/bin directory

Basic Networking Files:
-----------------------
/usr/lib/uucp/[file name]
 [file name]
 systems - cu command to establishes link.Contains info on remote computers
           name,time it can be reached,login Id,password,telephone numbers
 devices - inter connected with systems files(Automatic call unit same in two
           entries)also cantains baud rate,port tty1 etc.
               
 dialers - where asscii converation must be made before file tranfers etc.
 dialcodes - contains abreiviations for phone numbers that can be used in
             systems file

 other files are sysfiles,permissions,poll,devconfig

B.N.U Aministrative files:
--------------------------
There are 5 admnistrative files present.These are files are created in the
/usr/spool directory .These A.Files are responsible for various BNU procceses
like kepping records data ,files tranfers bettwenn remote and local and also
usefull to lock devices.

TM - This file used to hold temporary data .When tranfering the files from a 
     remote to local the /usr/spool/uucp/[name of the remote computer ] creates
     this in the format of as of below:
      
     TM[Process Identification Number].[ddd]

     The ddd is the a 3 digit number (sequential) starting with "0"
     Here a typical eg: TM322.012
     Then this file is moved into the path defined by the C.sysnxxx file

X.[Execute files] - Created in the /usr/spool before you execute the commands
                    in remote.
                    The format used to name this file is X.sysnxxx
                    where sys stand for the remote name and n is the priority
                    level the xxxx is a sequence assingned by the uucp.These
                    files always contain the Name of the file ,Comuter & file
                    name to recieve,Persons login & computer name and the
                    command string.

LCK - The lock file created in the /usr/spool/locks directory.The is used when
      devices are being used.Prevent usage of the same calling device.
     
     Format used: LCK.str wher the str is a device name.The Lock file contains
     the PID needed to lock

C.sysnxxx - created in the usr/spool directory.These are the work files.Used 
            when work is in line,remote execeutions.Format is same as the    
            X.sysnxxxx.The works files contain the full path name of the file
            to be sent,path name of the destination (TM Transfers),Remote login
            name to be notified after the file transmision is complete,Users
            login name and the name of the programs used eg.uucp,uupick etc.
         
D - The data files.Format used is  D.systmxxxxyyy.These files are created when
    specified in a command to copy to the spool directory.Eg. By the usage of
    uucp -C this will be true.      
    The systm is the remote name,xxxx is the the 4 digits seq assingned by
    the uucp.The yyy is a sub sequence number.

Logining on to remote and sending+receiving files
-------------------------------------------------
 cu - This command allows one to log on to the local as well as the remote
      Unix (or a non unix)without haveing to hang up so you can transfer files.
      Usage:[options]

  $ cu [-s baud rate][-o odd parity][-e even parity][-l name of comm line]
       telephone number | systemname

  To view system names that you can communicate with use the 'unname' command:
  Eg. of output of names:

  ATT01
  ATT02
  ATT03
  ATT04


$ cu -s300 3=9872344 (9872344 is the tel#)
 connected
 login:
 password:

local strings:
--------------
<~.> - will log you off the remote terminal but not the local
~! - out you on the local withiout disconnecting the line from remote
<control-d> - puts you back on the remote unix
~%take [file name] - takes a copy of the file name and copies it to the
                     local(the directory which you are in)
"%put [file name] - reverse of above
~$[command] - allows the execution of a command to the local from remote

ct        
--        
ct allows local to connect to remote.Initiates a getty on a remote terminal.
Usefull when using a remote terminal.BNU has call back feature that allows
the user on the remote who can execute a call back meaning the local can call
the remote.[   ] are options

$ ct [-h prevent automatic hang up][-s bps rate][-wt set a time to call back
     abbrieviated t mins] telephone number

uux         
---       
To execute commands on a remote (unix to unix)      
usage:[  ] are options

$ uux [- use standard output][-n prevent mail notification][-p also use
      standard output] command-string                       

uucp                             
----            
uucp copies files from ones computer to the home directory
of a user in remote system.This also works when copying files from one
directory to another in the remote.The remote user will be notified by mail.
This command becomes use full when copying files from a remote to your local
system.
The uucp requires the uucico daemon will call up the remote and will perform
file login sequence,file transfer and notify the user by mail.
Daemons are programs runining in the background.The 3 daemons in a Unix are
uucico,uusched,uuxqt.

 Daemons Explained:[nows a good time to explain the 3 daemons]
 ------------------

 uuxqt - Remote execution.This daemon is executed by uudemon.hour started by
         cron.UUXQT searchs in the spool directory for executable file
         named X.file sent from the remote system.When it finds a file X.file
         where it obtains process which are to be executed.The next step is
         to find weather the processes are available at the time.The if    
         available it checks permission and if everthing is o.k it proceeds
         the background proccess.

 uucico - This Daemon is very immportant for it is responsible in establishing
          a connection to the remote also checks permission,performs login
          procedures,transfers + executes files and also notifies the user
          by mail.This daemon is called upon by uucp,uuto,uux commands.

 uusched - This is executed by the shell script called uudemon.hour
           This daemons acts as a randomizer before the UUCICO daemon is
           called.


Usage of uucp command:

$ uucp [options] [first full path name!] file [destination path!] file
example:
$ uucp -m -s bbss hackers unix2!/usr/todd/hackers

What this would do is send the file hackers from your computer to the remotes
/usr/todd/hackers making hackers offcourse as file.todd would mail that
a file has been sent to him.The unix2 is the name of the remote.
Options for uucp:(Dont forget to type in remotes name unix2 in case)        
-c  dont copy files to spool directory
-C  copy to spool
-s[file name] - this file will contain the file status(above is bbss)
-r  Dont start the comm program(uucico) yet
-j  print job number(for above eg.unix2e9o3)
-m  send mail when file file is complete

Now suppose you wanted to receive file called kenya which is in the usr/dan/usa
 to your home directory /usr/john assuming that the local systems name is
ATT01 and you are currently working in /usr/dan/usa,you would type in:

$uucp kenya ATT01!/usr/john/kenya

uuto        
----         
The uuto command allows one to send file to remote user and can also be used
to send files locally.
Usage:
$ uuto [file name] [system!login name]( omit systen name if local)



Conclusion:
-----------
Theres always more one can say about the UNIX but its time to stop.
I hope you have enjoyed the article.I apologize for the lenght. I hope I
made the UNIX operating system more familiar.
Remember do not abuse any systems you hack into for a true hacker doesn't like
to reck but to learn.
I can be reached at (718)358/9209 - Hackers Den88 [2600 BBS #5]

Watch for my new article on using PANAMAC airline computers coming soon.


                           Red Knight
                             P/HUN! 
                           <<T.S.A.N>>

Leached off SSC (713) 497-2312

[13] [UNIX system specifics (all versions)]
(98) Minutes Remaining
(G-Files Menu) Command <?-Help>: [

X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X
 Another file downloaded from:                     The NIRVANAnet(tm) Seven

 & the Temple of the Screaming Electron   Taipan Enigma        510/935-5845
 Burn This Flag                           Zardoz               408/363-9766
 realitycheck                             Poindexter Fortran   510/527-1662
 Lies Unlimited                           Mick Freen           801/278-2699
 The New Dork Sublime                     Biffnix              415/864-DORK
 The Shrine                               Rif Raf              206/794-6674
 Planet Mirth                             Simon Jester         510/786-6560

                          "Raw Data for Raw Nerves"
X-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-X

You May Like to Read:

You May Like to Read:

Popular Posts