Title : A Little About Dialcom
Author : Herd Beast
==Phrack Magazine==
Volume Five, Issue Forty-Six, File 14 of 28
****************************************************************************
A L I T T L E A B O U T D I A L C O M
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
by
Herd Beast
([email protected])
Introduction
~~~~~~~~~~~
Dialcom is an interesting system for hackers for two reasons:
First, it is used by business people, reporters and many other world
wide, and it offers a variety of information services, from a
bulletin board to stock market updates and news services. Second,
Dialcom runs on Prime machines, so using Dialcom is a good way to
learn Prime. True, it's not the best, as access is generally restricted,
but it's better than, say, learning VMS from Information America.
In these days, where everyone seems to be so centered about the
Internet and the latest Unix holes, it's important to remember that the
information super-highway is not quite here, and many interesting things
are out there and not on the Internet. Phrack has always been a good place
to find out more about these things and places, and I wrote this article
after reading the Dialog articles in Phrack.
Well, gentle reader, I guess that my meaning-of-life crap quota is full,
so let's move on.
Accessing Dialcom and Logging In
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Dialcom is accessible world-wide. It offers connection to Tymnet, Sprintnet,
and other networks as well as dialin modems. Since I am not writing to
Washington people only, I will specify only the easiest methods -- Tymnet
and Sprintnet -- and some of the more interesting access methods.
Dialcom is basically a Primecom network. Each user has an account on
one or more of the systems connected to that network. To access Dialcom,
the user needs to access the machine his account is on. First, he logs
into a public data network and follows the steps required to connect to
a remote note. On Tymnet, this means getting to the "please log in:"
prompt, and on Sprintnet it's the famous '@' prompt.
For Tymnet, you must enter at the prompt: DIALCOM;<system number>
(eg, DIALCOM;57). The same goes for TYMUSA connection from outside
the USA.
For Sprintnet or other PADs, you must enter the correct NUA:
System # Sprintnet NUA Tymnet NUA
======== ============= =============
XX 3110 301003XX 3106 004551XX
(32, 34,
41 - 46,
50, 52,
57, 61,
63, 64)
It should be noted that Dialcom keeps its own X.25 network, Dialnet,
and the NUAs on it are those of the systems (connect to address "57"
for system 57).
Dialcom has other access methods, meant to be used from outside the
USA, but sometimes available from within as well.
One is a COMCO card, which is inserted into a reader connected to the
computer and the modem through a serial link. The user then calls a
special dial-up number, and can connect to Dialcom (or any other NUA).
The card contains a number of "tax units" which are deducted as the
connection goes through, until they are exhausted and the card is useless.
The user calls the dial-up and types in ".<CR>". The amount of tax units
on the card will then appear on the screen, and the user can connect to a
host. COMCO dial-ups:
Location Number
======================= ==============
Australia +61-02-2813511
Belgium +32-02-5141710
France +33-1-40264075
West Germany +49-069-290255
Hong Kong +852-5-8611655
Netherlands +31-020-6624661
Switzerland +41-022-865507
United Kingdom +45-01-4077077
USA (Toll Free) +1-800-777-4445
USA +1-212-747-9051
The other way is through Infonet. I will not turn this into an Infonet
guide, save to write the logon sequence needed to access Dialcom.
At the '#' prompt, enter 'C'. At the "Center:" prompt, enter "DC".
Dialcom NUAs are 31370093060XX, where XX is the system number.
Once the connection to a Dialcom system has been established, you will
be greeted by the Prime header:
Primecom Network 19.4Q.111 System 666
Please Sign On
>
And the '>' prompt. This is a limited prompt as most commands cannot
be issued at it, so you need to login.
Dialcom user id's are typically 3 alphabetic characters followed by
several digits. The password may contain any character except for
",;/*" or spaces, and my experience shows that they tend to be of
intermediate complexity (most will not be found in a dictionary, but
could be cracked).
Password security may become useless at this point, because the Dialcom
Prime systems allow ID to take both user id and password as arguments
(which some other Primes do not) and in fact, Dialcom tutorials tell
users to log on like this --
>ID HBT007 IMEL8
-- which makes ``shoulder surfing'' easier.
One you log on, you will see:
Dialcom Computer Services 19.4Q.111(666)
On At 14:44 07/32/94 EDT
Last On At 4:09 06/44/94 EDT
>
And again, the '>' prompt.
>off
Off At 14:45 07/32/94 EDT
Time used: 00h 00m connect, 00m 01s CPU, 00m 00s I/O.
Security at Dialcom
~~~~~~~~~~~~~~~~~~
As mentioned, while passwords are relatively secure, the manner in
which they are entered is usually not.
As for the accounts themselves, it's important to understand the
general way accounts exist on Dialcom. Dialcom users are usually
part of a business that has an ``account group'' on Dialcom. Each
user gets an account from that group (HBT027, HBT054). Each group
also has a group administrator, who controls what each account can
access. The administrator determines which programs (provided by Dialcom)
each user can access. A foreign correspondent for a magazine might
have access to the news services while other users might not. The
administrator also determines how much the user can interface with
the Prime OS itself. Each user can run a few basic commands (list
files, delete, sign off) but above that, it's up to the administrator.
The administrator may opt to remove a user from the controlling menuing
system -- in which case, the user has no restrictions forced upon him.
Group administrators, however, handle only their groups, and not the
Dialcom system. They need, for example, to notify Dialcom staff if
they want an account removed from the system.
Another (different yet combined) part of the account/group security
are accounts' ``security levels'' (seclevs). Seclevs range from 3
to 7, and determine the access an account has to various places.
Seclev 4 users, for example, are not restricted to seeing only users
of their group on the system, and can delete accounts from the menuing
system.
User accounts own their directories and files within (but high seclevs
can read other users' files). Each account's security is left in some
extent to its owner, in that the user sets his own password. When
setting a password, a user can set a secondary password. Any user wishing
to access that user's directory will need that password. Furthermore,
the user can allow other users to attach as owners to his directory if
they know his password (come to think of it, couldn't they just login
as him?). This is all controlled by the PASSWD program (see ``Common
Commands'', below).
Dialcom also allows for login attempt security using the NET_LOCK
program. NET_LOCK blocks login attempts from addresses that have
registered too many login failures over a period of time (the default
being blocking for 10 minutes of addresses that have registered more
than 10 failed login within 5 minutes). NET_LOCK -DISPLAY is accessible
to users of Seclev 5 and shows addresses currently blocked and general
information. Other options are accessible to Seclev 7 and are:
-ON, -OFF, -ATTEMPTS (number of attempts so that NET_LOCK will block
an address), -LOCK_PERIOD (the period in which these attempts must
occur), -LOCK_TIME (time to block), -WINDOW (a time window in which the
lockout feature is disabled).
A little unrelated is the network reconnect feature of the Prime
computers. When a user gets disconnected from the system because
of a network failure, or for any other reason which is not the
system's fault, he can log back in and reconnect into the disconnected
job. When this happens, the user sees, upon logging on:
You Have a Disconnected Job:
HBT007 d09 1 109 NT NETLINK 989898989 6 3
Do You Want to Reconnect?
Which means user's HBT007 job #9 (a NETLINK command) is waiting for
a reconnection. At this point, the user can continue, leaving the
job to hang until the system signs it off when a certain amount of
time expires; sign the job off himself; or reconnect to that job.
(Try "HELP" at the prompt.) This wouldn't be important, but experience
shows that many disconnections occur when someone logs into Dialcom
over a network, and then uses NETLINK (or another program) to connect
to another site over a network, and somewhere, some time, he issues
a control sequence (let's say to tell NETLINK to do something) that
gets processed by the first network, which logs him off. So there
is potential to log into the middle of people's sessions (yeah, like
detached ttys).
Common Commands
~~~~~~~~~~~~~~
Common commands are in reality the basic Prime commands that every
account has access to. Here they are, in alphabetical order.
`CLEAR' Clear the screen.
`DATE' Shows the date at which a command was entered. Output:
>DATE
Proceed to next command
>BAH
Friday, June 38, 1994 10:01:00 AM EDT
`DEL' Deletes a file.
`DELP' Deletes several files based on wildcards. Can verify deletion
of every file, and delete only file modified before, after, or
between certain dates.
`ED' Is the default and simplest file editor on Dialcom (some of its
brothers are JED and FED). Once invoked, ED enters INPUT mode,
in which the user just types text. To enter EDIT mode, where
you can issue commands, you need to press <CR> on a blank line
(the same thing will get you from EDIT mode back to INPUT mode).
The EDIT mode uses a pointer to a line. All commands are carried
on the line that the pointer points to. "T" will bring the
pointer to the top of the text, "B" to the bottom, "N" to the
next line down, "U" to the next line up, and "L <word>" to
the line containing <word>. ED commands include:
P: PRINT the pointer line. P<number> will print <number>
of lines.
C: Change words. The format is "C/old word/new word".
A: Appends words. The format is "A <words>".
R: Retype pointer line. The format is "R <new line>".
SP: Check the spelling of the text, and then point to
the top of the text.
SAVE: Will save the text and exit ED.
Q: Will quit/abort editing and exit ED.
`F' List all file info. Output:
DIALCOM.TXT 001 13/30/94 13:50 ASC D W R
Which means file name "DIALCOM.TXT", size of 1 file blocks,
lat modified on 13/30/94 at 13:50, is an ASC type file, and
the account has the permissions to D(elete), W(rite), and
R(ead) it.
`HELP' (`?') Displays a nicely formatted menu of available commands.
`INFO' System info. INFO <info-file-name> displays an information
file, for example, INFO NETLINK.
"INFO ?" lists info files.
"INFO BRIEF" lists info files grouped by application
"INFO INFO" lists info files with their descriptions.
`L' List all file names. Output:
<S666-6>HBT007 (Owner)
DIALCOM.TXT
`LS' Display information about available segments and the account's
access to them. Output:
2 Private static segments.
segment access
--------------
4000 RWX
4001 RWX
11 Private dynamic segments.
segment access
--------------
4365 RX
4366 RX
4367 RWX
4370 RWX
4371 RX
4372 RWX
4373 RX
4374 RWX
4375 RX
4376 RX
4377 RWX
`NAME' Changes UFD name. Output:
>NAME
Old Name: John Gacy
UFD Name: Herd Beast
All done
>WHO
Herd Beast <S666-6>HBT007
`NETWORK' Accesses a database that contains dial-up number for Sprintnet,
Tymnet, Datapac and Dialcom's Dialnet by State/City.
`OFF' Sign off the system.
`ONLINE' Who's online? The amount of data displayed depends on the
account's seclev. Seclevs below 4 are restricted to seeing
only users of their group. Output:
HBT007 PRK017 MJR
`PAD' Allows you to send commands to an X.29 PAD, these commands
being the SET/SET?/PAR? commands and their parameter/value
pairs.
`PASSWD' Change your password. PASSWD has two forms: a short one,
which just changes the user's password, and a long form,
invoked by PASSWD -LONG, which allows the user to set
a second password for other users accessing his directory,
and also to determine if they can have owner access to
the directory.
`PROTECT' Protects a file (removes permissions from it).
"PROTECT DIALCOM.TXT" will remove all three (D, W, R)
attributes from it. This will result in:
>DEL DIALCOM.TXT
Insufficient access rights. DIALCOM.TXT (DEL:10)
But --
>DELETE DIALCOM.TXT
"DIALCOM.TXT" protected, ok to force delete? y
`SECLEV' Your security level. Output:
Seclev=5
`SIZE' Size information about a file. Output:
1 Block, 404 Words
`STORAGE' Shows storage information.
`SY' Show users on system. (Same restrictions as for ONLINE apply.)
Will show user name, time on, idle time, devices used, current
jobs and state, etc. Output:
41 Users on sys 666
Names use idle mem State command object devs
HBT007 *11 0 155 R1 SY 6 3 from Tymnet via X.25
`SYS' Displays account information and system number. Output:
<S666-6>HBT007 on system 666.
`TERM' Used to tell the Dialcom computer what terminal the user is
using. A list of supported terminals is generated by "TERM
TERMINALS". TERM options are:
TYPE <terminal type> (TYPE VT100)
WIDTH <width> (Terminal width, if different
than default)
TOP (Start listings at top of screen)
PAUSE (Pause listings when screen is
full)
-ERASE, -KILL <char> (Sets the erase or kill character)
-BREAK <ON|OFF> (Enables or disables BREAKs)
-HALF or -FULL (Half duplex of full duplex)
-DISPLAY (Output current terminal information)
`WHO' Displays account information. Output:
<S666-6>HBT007
Which means user HBT007 on system 666 on device 6.
Communicating on Dialcom
~~~~~~~~~~~~~~~~~~~~~~~
Users who want to communicate on Dialcom have two choices, basically.
These are the Dialcom bulletin board and electronic mail. The Dialcom
bulletin board has two versions. The first consists of several message
bases (called ``categories'') which are shared between some Dialcom
systems (and mostly used by bored employees, it seems); there are also
private bulletin boards, which are not shared between the systems. They
belong to account groups, and only users in an account group can access
that group's bulletin board system. These version of the Dialcom board
are often empty (they have no categories defined and hence are unusable).
This is accessed by the command POST (PRPOST for the private board).
Once POST is activated, it will display a prompt:
Send, Read or Purge:
If the answer is READ, POST will ask for a category (a list of categories
will be displayed if you type HELP at that prompt). Once a category
has been joined, you will be able to read through the messages there:
Subject: ?
From: HBT007 Posted: Sat 32-July-94 16:47 Sys 666
quit
/q
/quit
Continue to Next Item?
Answering SEND at the first prompt will allow you to send a message in a
category.
Answering PURGE will allow you to delete messages post by your account.
When you enter PURGE and the category to purge message from, the system
will show you any posts that you are allowed to purge, followed by a
"Disposition:" prompt. Enter DELETE to delete the message.
The second way to communicate is the Dialcom MAIL system. MAIL allows
sending and receiving messages, it allows for mailing lists, filing
mail into categories, holding mail to read later and so on. MAIL is
invoked by entering, uh... oh, yes, MAIL.
It works along similar lines to those of POST, and will display the following
prompt:
Send, Read or Scan:
SEND: Allows you to send a message. It will prompt with "To:",
"Subject:" and "Text:" (where you enter the actual message, followed
by ".SEND" on a blank line to end). After a message is sent, the
"To:" prompt will appear again -- use "QUIT" to leave it.
A word about the "To:" prompt. There are two configuration files which
make its use easier. First the MAIL.REF file, which is really a mailing
list file. It contains entries in the format of --
<Nick> <Accounts>
DOODZ DVR014 ABC0013 XYZ053
-- and at the "To:" prompt, you can just enter "DOODZ" and the message
will be sent to all three accounts. When you enter a name, MAIL searches
through your MAIL.REF, and then through the account administrator's, and
only then parses it as an account name. Second is the mail directory,
which contains the names and account IDs of many users the account is
in contact with. To display it, type "DIS DIR" at the first prompt.
You'll get something like this:
HERD-BEAST 6666:HBT007 WE'RE BAD AND WE'RE KRAD
Which means you can type "HERD-BEAST" at the prompt, and not just
HBT007. Also, there are special options for the "To:" prompt, most
notable are: CC to send a carbon copy; EX to send the message with
``express priority''; DAR to request that if the message is sent
to a user on another Dialcom system, POSTMASTER will send you a
message verifying that your message has been sent; and NOSHOW,
to keep the receiver from seeing everybody else on the "To:" list.
For example (all these people are in the mail directory),
To: DUNKIN D.DREW CC FOLEY NOSHOW EX
You enter the message about to be sent at the "Text:" prompt. That
mode accepts several commands (like .SEND), all of which begin with a
dot. Any command available at the "To:" prompt is available here.
For example, you can add or remove names from to "To:" field using
".TO <ids>" or ".TO -<ids>", and add a CC using ".CC <id>".
You also have a display command, ".DIS". ".DIS" alone shows the text
entered so far; ".DIS TO" shows the "To:" field; ".DIS HE" shows
the entire header; etc. Finally, you have editing option. ".ED" will
load editing mode, so you can change the text you entered. ".LOAD
<filename>" will load <filename> into the text of the message. ".SP"
will check the spelling of text in the message, and there are other
commands.
READ: Allows you to read mail in your mailbox. Once you enter READ,
MAIL will display the header of the first message in your mailbox
(or "No mail at this time") followed by a "--More--" prompt. To
read the message, press <CR>; otherwise, enter NO. After you are done
reading a message, you will be prompted with the "Disposition:" prompt,
where you must determine what to do with the message. There you can enter
several commands: AGAIN to read the message again; AG HE to read the
header again; AP REPLY to reply to the message and append the original
message to the reply; AP FO to forward the message to someone and add
your comments to it; REPLY to reply to the sender of the message; REPLY
ALL to reply to everybody on the "To:" field; FILE to file the message;
SA to save the message into a text file; NEXT to read the next message
in your mailbox; and D to delete the message.
SCAN: Allows you see a summary of the messages in the mailbox. Both
READ and SCAN have options that allow you to filter the messages you
want to read: FR <ids> to get only messages from <ids>; TO <ids> to
get only messages sent to <ids>; 'string' to get only messages containing
``string'' in the "Subject:" field; "string" to get only messages
containing ``string'' in the message itself; FILE CATEGORY to get only
messages filed into ``CATEGORY''; and DA Month/Day/Year to get only messages
in that date (adding a '-' before or after the date will get you everything
before or after that date, and it's also possible to specify two dates
separated by a '-' to get everything between those dates. For example,
to get all of Al Gore's messages about Clipper before August 13th:
READ FILE CLIPPER FR GOR 'Great stuff' DA -8/13/94
There is also a QS (QuickScan) command that behaves the same as SCAN,
only SCAN shows the entire header, and QS just shows the "From:" field.
However, there is more to do here than just send, read or scan.
Some of it was mentioned when explaining these commands. Both sent
and received messages can be saved into a plain text file or into
a special mailbox file, called MAIL.FILE. Messages filed into the
MAIL.FILE can be grouped into categories in that file.
SAVING MESSAGES: Messages are saved by entering "SA filename" at a
prompt. For sent message, it's the "Text:" prompt, while entering the
message, and the command is ".SA", not "SA". For received message, it's
either the "--More--" or the "Disposition:" prompt.
FILING MESSAGES: Messages are filed in two cases. First, the user
can file any message into any directory, and second, the system files
read messages that lay in the mailbox for over 30 days. Received messages
are filed by entering "FILE" at the "Disposition:" prompt. This files
the message into a miscellaneous category called BOX. If an optional
<category-name> is added after "FILE", the message will be filed into
that category. If <category-name> doesn't exist, MAIL can create it
for you. After a message has been filed, it's not removed from the
mailbox -- that's up to the user to do. Sent messages behaved the same
way, but the command is ".FILE" from the "Text:" prompt.
To display categories of filed mail, enter DIS FILES at a prompt. To
read or scan messages in filed, just add "FILE <category-name> after
the command (READ, SCAN, etc). To delete a category, enter D FILE
<category-name>. To delete a single message in a category, just use
D as you would on any other message, after you read it from the
MAIL.FILE.
Connecting via Dialcom
~~~~~~~~~~~~~~~~~~~~~
Dialcom allows its customers to access other systems through it.
There are some services offered specifically through Dialcom, such as
the BRS/MENUS service, which is an electronic library with databases
about many subjects, Telebase's Cyclopean Gateway Service, which offers
access to many online database services (like Newsnet, Dialog and even BRS)
and more. These services have a direct connection to Dialcom and software
that maps Dialcom user ids to their own ids (it's not usually possible for
someone to access one of these services without first connecting to Dialcom).
Another method is general connection to X.25 addresses. Since Dialcom
is connected to X.25, and it allows users to use the Prime NETLINK
commands, it's possible to PAD out of Dialcom!!#!
NETLINK is invoked by entering NETLINK. NETLINK then displays its own,
'@' prompt. The commands available there are QUIT, to quit back to
the OS; CONTINUE, to return to an open connection; CALL, to call an
address; and D, to disconnect an open connection.
CALL takes addresses in several formats. A system name, to connect to
a Dialcom system, or an address in the format of DNIC:NUA. For example,
@ CALL :666
Circuit #1
666 Connected
[...]
@ CALL 3110:21300023
Circuit #2
21300023 Connected
[...]
NETLINK establishes connections in the form of circuits. A circuit can
be broken out of into command mode (the '@' prompt), using "<CR>@<CR>",
and another can be opened, or parameters can be changed, etc.
NETLINK has other commands, to log connections into a file, or set PAD
parameters (SET, PAR), or turn on connection debugging, or change
the default '@' prompt, and more.
Things to Do on Dialcom
~~~~~~~~~~~~~~~~~~~~~~
Much of what Dialcom offers was not covered until now and will not
be covered. That's because most the services could use a file each,
and because many account groups have things enabled or disabled
just for them. Instead, I will write shortly about two of the more
interesting things online, the news service and clipping service,
and add pointers to some interesting commands to try out.
The news service, accessed with the NEWS command, is a database of
newswires from AP, Business Wire, UPI, Reuters and PR Newswire.
The user enters the database, and can search for news by keywords.
After entering NEWS, you will see a menu of all the news agencies.
Once you choose an agency, you will enter its menu, which sometimes
contains a copyright warning and terms of usage and also the list
of news categories available from that agency (National, North America,
Business, Sports, etc). Once you choose the category, you will be
asked for the keyword to search for. If a story (or several stories) was
found containing your desired keyword, you can read through the
stories in the order of time, or the order they appear, or reverse
order and so on, and finally mail a story to yourself, or enter new
search keywords, or jump to another story, or simply quit.
The news clipping service, available with the command NEWSTAB, allows
the user to define keyword-based rules for selecting news clippings.
The system then checks every newswire that passes through it, and if
it matches the rules, mails the newswire to the user.
After entering NEWSTAB, you are presented with a menu that allows you
to show, add, delete, and alter your rules for choosing news. The rules
are made using words or phrases, logical operators, wildcards and
minimal punctuation. A rule can be as simple as "HACKING", which will
get every newswire with the word "hacking" in it mailed to you, or
if you want to be more selective, "NASA HACKING". Logical operators
are either AND or OR. For example, "HACKING AND INTERNET". Wildcards
are either '*' or '?' (both function as the same). They simple replace
any number of letters. Punctuation is permitted for initials,
abbreviations, apostrophes or hyphens, but not for question marks and
similar. All of this is explained in the NEWSTAB service itself.
For the file hungry, Dialcom offers several file transfer programs,
including KERMIT and Dialcom's FT, which implements most popular
protocols, like Zmodem, Xmodem, etc.
A small number of other fun things to try:
NET-TALK The ``interactive computer conferencing system'' -- build
your private IRC!
CRYPTO Dialcom's encryption program. Something they're probably
going to love on sci.crypt.
NUSAGE By far one of the better things to do on Dialcom, it was
left out of this file because it is simply huge. This
program allows the user (typically an administrator) to
monitor network usage, sort the data, store it, peek
into all the little details (virtual connection types,
remote/local addresses, actions, time, commands, etc).
Unfortunately, it's completely beyond the scope of this
file, as there are tons of switches and options to use
in order to put this program to effective use.