Networks

Until ten years ago, the telecommunications and computer industries were almost entirely separate. Shortly they will be almost completely fused. Most of today's hackers operate largely in ignorance of what goes on in the lines and switching centres between the computer they own and the computer they wish to access. Increasingly, dedicated hackers are having to acquire knowledge and experience of data networks, a task made more interesting, but not easier, by the fact that the world's leading telecommunications organisations are pushing through an unprecedented rate of innovation, both technical and commercial. Apart from purely local lowspeed working, computer communications are now almost exclusively found on separate high-speed data networks, separate that is from the two traditional telecommunications systems telegraphy and telephone. Telex lines operate typically at 50 or 75 baud with an upper limit of 110 baud.

The highest efficient speed for telephone-line-based data is 1200 baud. All of these are pitifully slow compared with the internal speed of even the most sluggish computer. When system designers first came to evaluate what sort of facilities and performance would be needed for data communications, it became obvious that relatively few lessons would be drawn from the solutions already worked out in voice communications.

Analogue Networks

In voicegrade networks, the challenge had been to squeeze as many analogue signals down limited-size cables as possible. One of the earlier solutions, still very widely used, is frequency division multiplexing (FDM): each of the original speech paths is modulated onto one of a specific series of radio frequency carrier waves; each such rf wave is then suppressed at the transmitting source and reinserted close to the receiving position so that only one of the sidebands (the lower), the part that actually contains the intelligence of the transmission, is actually sent over the main data path. This is similar to ssb transmission in radio.

The entire series of suppressed carrier waves are then modulated onto a further carrier wave, which then becomes the main vehicle for taking the bundle of channels from one end of a line to the other.

Typically, a small coaxial cable can handle 60 to 120 channels in this way, but large cables (the type dropped on the beds of oceans and employing several stages of modulation) can carry 2700 analogue channels. Changing audio channels (as they leave the telephone instrument and enter the local exchange) into rf channels, as well as making frequency division multiplexing possible, also brings benefits in that over long circuits it is easier to amplify rf signals to overcome losses in the cable.

Just before World War II, the first theoretical work was carried out to find further ways of economising on cable usage; what was then developed is called Pulse Code Modulation (PCM).

There are several stages. In the first, an analogue signal is sampled at specific intervals to produce a series of pulses; this is called Pulse Amplitude Modulation, and takes advantage of the characteristic of the human ear that if such pulses are sent down a line with only a very small interval between them, the brain smoothes over the gaps and reconstitutes the entire original signal.

In the second stage, the levels of amplitude are sampled and translated into a binary code. The process of dividing an analogue signal into digital form and then reassembling it in analogue form is called quantization. Most PCM systems use 128 quantizing levels, each pulse being coded into 7 binary digits, with an eighth added for supervisory purposes.
OPERATION OF A CHARACTER TDM

          +-----+-----+-----+-----+-----+-----+-----+--
   <------| SYN | CH1 | CH2 | CH3 | CH4 | SYN | CH1 |
          +-----+-----+-----+-----+-----+-----+-----+--

   +-----------------+                        +-----------------+
 1 |                 |                        |                 |1
 --+                 |  +---+        +---+    |                 +--
 2 |                 |  |   |        |   |    |                 |2
 --+   MULTIPLEXER   |==+ M +--\/\/--+ M +==--+   MULTIPLEXER   +--
 3 |                 |  |   |        |   |    |                 |3
 --+                 |  +---+        +---+    |                 +--
 4 |                 |                        |                 |4
 --+-----------------+                        +-----------------+--

          --+-----+-----+-----+-----+-----+-----+----+
            | CH1 | SYN | CH4 | CH3 | CH2 | CH1 |SYN |------->
          --+-----+-----+-----+-----+-----+-----+----+

                 <---------------------------->
                         ONE DATA FRAME


By interleaving coded characters in a highspeed digital stream it is possible to send several separate voice channels along one physical link. This process is called Time Division Multiplexing (TDM) and together with FDM still forms the basis of most of the globe's voicegrade communications.

Digital Networks

Elegant though these solutions are, though, they are rapidly being replaced by totally digital schemes. Analogue systems would be very wasteful when all that is being transmitted are the discrete audio tones of the output of a modem. In a speech circuit, the technology has to be able to 'hear', receive, digitize and reassemble the entire audio spectrum between 100 Hz and 3000 Hz, which is the usual passband of what we have come to expect from the audio quality of the telephone. Moreover, the technology must be sensitive to a wide range of amplitude; speech is made up of pitch and associated loudness. In a digital network, however, all one really wants to transmit are the digits, and it doesn't matter whether they are signified by audio tones, radio frequency values, voltage conditions or light pulses, just so long as there is circuitry at either end which can encode and decode.

There are other problems with voice transmission: once two parties have made a connection with each other (by the one dialling a number and the other lifting a handset), good sense has suggested that it was desirable to keep a total physical path open between them, it not being practical to close down the path during silences and re-open it when someone speaks. In any case the electromechanical nature of most of today's phone exchanges would make such turning off and on very cumbersome and noisy.

But with a purely digital transmission, routing of a 'call' doesn't have to be physical--individual blocks merely have to bear an electronic label of their originating and destination addresses, such addresses being 'read' in digital switching exchanges using chips, rather than electromechanical ones. Two benefits are thus simultaneously obtained: the valuable physical path (the cable or satellite link) is only in use when some intelligence is actually being transmitted and is not in use during 'silence'; secondly, switching can be much faster and more reliable.

Packet Switching

These ideas were synthesised into creating what has now become packet switching. The methods were first described in the mid-1960's but it was not until a decade later that suitable cheap technology existed to create a viable commercial service.

The British Telecom product is called Packet SwitchStream (PSS) and notable comparable US services are Compuserve, Telenet and Tymnet. Many other countries have their own services and international packet switching is entirely possible--the UK service is called, unsurprisingly, IPSS.

International Packet Switched Services and DNICs

INTERNATIONAL NETWORKS

Datacalls can be made to hosts on any listed International Networks. The NIC (Data Network Identification Code) must precede the international host's NUA. Charges quoted are for duration (per hour) and volume (per Ksegment) and are raised in steps of 1 minute and 10 segments respectively.

Country Network DNIC Australia Midas 5053 8elgium Euronet 2062 Belgium Euronet 2063 Canada Datapac 3020 Canada Globedat 3025 Canada Infoswitch 3029 Denmark Euronet 2383 France Transpac 2080 French Antilles Euronet 3400 Germany (FDR) Datex P 2624 Germany (FDR) Euronet 2623 Hong Kong IDAS 4542 Irish Republic Euronet 2723 Italy Euronet 2223 Japan DDX-P 4401 Japan Venus-P 4408 Luxembourg Euronet 2703 Netherlands Euronet 2043 Country Network DNIC Norway Norpak 2422 Portugal N/A 2682 Singapore Telepac 5252 South Africa Saponet 6550 Spain TIDA 2141 Sweden Telepak 2405 Switzerland Datalink 2289 Switzerland Euronet 2283 U.S.A. Autonet 3126 U.S.A. Compuserve 3132 U.S.A. ITT (UDTS) 3103 U.S.A. RCA (LSDS) 3113 U.S.A. Telenet 3110 U.S.A. Tymnet 3106 U.S.A. Uninet 3125 U.S.A. WUI (DBS) 3104

Additionally, Datacalls to the U.K. may be initiated from:

Bahrain, Barbados, Bermuda, Israel, New Zealand and the United Arabs Emirates.

Up to date Information can be obtained from IPSS Marketing on 01-9362743

In essence, the service operates at 48kbits/sec full duplex (both directions simultaneously) and uses an extension of time division multiplexing Transmission streams are separated in convenient- sized blocks or packets, each one of which contains a head and tail signifying origination and destination. The packets are assembled either by the originating computer or by a special facility supplied by the packet switch system. The packets in a single transmission stream may all follow the same physical path or may use alternate routes depending on congestion. The packets from one 'conversation' are very likely to be interleaved with packets from many Other 'conversations'. The originating and receiving computers see none of this. At the receiving end, the various packets are stripped of their routing information, and re-assembled in the correct order before presentation to the computer's VDU or applications program.

PACKET ASSEMBLY/DISASSEMBLY
                                           +-------------------------
                                           |
                                           |            PSS
                                           +-----+
            o> o> o> o> o> o> o> o> o> o>    |     | O> O> O>
Terminal D================================-+ PAD +-==========
             CHARACTERS     O> PACKETS
\

All public data networks using packet switching seek to be compatible with each other, at least to a considerable degree. The international standard they have to implement is called CCITT X.25. This is a multi-layered protocol covering (potentially) everything from electrical connections to the user interface.

The levels work like this:

7 APPLICATION User interface

6 PRESENTATION Data formatting & code conversion

5 SESSION Co-ordination between processes

4 TRANSPORT Control of quality service

3 NETWORK Set up and maintenance of connections

2 DATA LINK Reliable transfer between terminal and network

PHYSICAL Transfer of bitstream between terminal and network

At the moment international agreement has only been reached on the lowest three levels, Physical, Data Link and Network. Above that, there is a battle in progress between IBM, which has solutions to the problems under the name SNA (Systems Network Architecture) and most of the remainder of the principal main- frame manufacturers, whose solution is called OSI (Open Systems Interconnection).

Packet Switching and the Single User

So much for the background explanation. How does this affect the user? Single users can access packet switching in one of two principal ways. They can use special terminals able to create the data packets in an appropriate form--called Packet Terminals, in the

(In the original book there is a diagram showing Dial-up termials and single users connecting to a PAD system and Packet Terminals directly connected to the PSS. Note added by Electronic Images)

jargon--and these sit on the packet switch circuit, accessing it via the nearest PSS exchange using a permanent dataline and modems operating at speeds of 2400, 4800, 9600 or 48K baud, depending on level of traffic. Alternatively, the customer can use an ordinary asynchronous terminal without packet-creating capabilities, and connect into a special PSS facility which handles the packet assembly for him. Such devices are called Packet Assembler/ Disassemblers, or PADs. In the jargon, such users are said to have Character Terminals. PADs are accessed either via leased line at 300 or 1200, or via dial-up at those speeds, but also at 110 and 1200/75.

Most readers of this book, if they have used packet switching at all, will have done so using their own computers as character terminals and by dialling into a PAD. The phone numbers of UK PADs can be found in the PSS directory, published by Telecom National Networks. In order to use PSS, you as an individual need a Network User Identity (NUI), which is registered at your local Packet Switch Exchange (PSE). The PAD at the PSE will throw you off if you don't give it a recognisable NUI. PADs are extremely flexible devices; they will configure their ports to suit your equipment, both as to speed and screen addressing, rather like a bulletin board (though to be accurate, it is the bulletin board which mimics the PAD).

Phone numbers to access PSS PADs

                       Terminal operating speed:
PSE              (STD)     110 OR 300  1200/75      1200 Duplex

Aberdeen         (0224)    642242      642484       642644
Birmingham       (021)     2145139     2146191      241 3061
Bristol          (0272)    216411      216511       216611
Cambridge        (0223)    82511       82411        82111
Edinburgh        (031)     337 9141    337 9121     337 9393
Glasgow          (041)     204 2011    204 2031     204 2051
Leeds            (0532)    470711      470611       470811
Liverpool        (051)     211 0000    212 5127     213 6327
London           (01)      825 9421    407 8344     928 2333
   or            (01)      928 9111    928 3399     928 1737
Luton            (0582)    8181        8191         8101
Manchester       (061)     833 0242    833 0091     833 0631
Newcastle/Tyne   (0632)    314171      314181       314161
Nottingham       (0602)    881311      881411       881511
Portsmouth       (0705)    53011       53911        53811
Reading          (0734)    389111      380111       384111
(*)Slough        (0753)    6141        6131         6171

(*)Local area code access to Slough is not available.
Switch the modem/dataphone to 'data' on receipt of data tone.



Next, you need the Network User Address (NUA) of the host you are calling. These are also available from the same directory: Cambridge University Computing Services's NUA is 234 222339399, BLAISE is 234 219200222, Istel is 234 252724241, and so on. The first four numbers are known as the DNIC (Data Network Identification Code); of these the first three are the country ('234' is the UK identifier), and the last one the specific service in that country, '2' signifying PSS. You can also get into Prestel via PSS, though for UK purposes it is an academic exercise: A9 234 1100 2018 gives you Prestel without the graphics (A9 indicates to the system that you have a teletype terminal).

Once you have been routed to the host computer of your choice, then it is exactly if you were entering by direct dial; your password and so on will be requested. Costs of using PSS are governed by the number of packets exchanged, rather than the distance between two computers or the actual time of the call. A typical PSS session will thus contain the following running costs: local phone call to PAD (on regular phone bill, time-related), PSS charges (dependent on number of packets sent) and host computer bills (which could be time-related or be per record accessed or on fixed subscription).

Packet switching techniques are not confined to public data networks Prestel uses them for its own mini-network between the various Retrieval Computers (the ones the public dial into) and the Update and Mailbox Computers, and also to handle Gateway connections. Most newer private networks are packet switched.

Valued Added Networks (VANs) are basic telecoms networks or facilities to which some additional service--data processing or hosting of publishing ventures, for example--has been added.

Public Packet Switching, by offering easier and cheaper access, is a boon to the hacker. No longer does the hacker have to worry about the protocols that the host computer normally expects to see from its users. The X.25 protocol and the adaptability of the PAD mean that the hacker with even lowest quality asynchronous comms can talk to anything on the network. The tariff structure, favouring packets exchanged and not distance, means that any computer anywhere in the world can be a target.

Austin and Poulsen, the ARPAnet hackers, made dramatic use of a private packet-switched net; the Milwaukee 414s ran around GTE's Telenet service, one of the biggest public systems in the US. Their self-adopted name comes from the telephone area code for Milwaukee, a city chiefly known hitherto as a centre of the American beer industry. During the Spring and Summer of 1983, using publicly published directories, and the usual guessing games about pass-numbers and pass-words, the 414s dropped into the Security Pacific Bank in Los Angeles, the Sloan-Kettering Cancer Clinic in New York (it is still not clear to me if they actually altered patients records or merely looked at them), a Canadian cement company and the Los Alamos research laboratory in New Mexico, home of the atomic bomb, and where work on nuclear weapons continues to this day. It is believed that they saw there 'sensitive' but not 'classified' files.

Commenting about their activities, one prominent computer security consultant, Joesph Coates, said: 'The Milwaukee babies are great, the kind of kids anyone would like their own to - ~be...There's nothing wrong with those kids. The problem is with the idiots who sold the system and the ignorant people who bought it. Nobody should buy a computer without knowing how much ~ . security is built in....You have the timid dealing with the foolish.'

During the first couple of months of 1984, British hackers carried out a thorough exploration of SERCNET, the private packet-switched network sponsored by the Science and Engineering Research Council and centred on the Rutherford Appleton Laboratory in Cambridge. It links together all the science and technology universities and polytechnics in the United Kingdom and has gateways to PSS and CERN (European Nuclear Research).

Almost every type of mainframe and large mini-computer can be discovered hanging on to the system, IBM 3032 and 370 at Rutherford itself, Prime 400s, 550s and 750s all over the place, VAX 11/780s at Oxford, Daresbury, other VAXs at Durham, Cambridge, York, East Anglia and Newcastle, large numbers of GEC 4000 family members, and the odd PDP11 running Unix.

Penetration was first achieved when a telephone number appeared on a popular hobbyist bulletin board, together with the suggestion that the instruction 'CALL 40' might give results. It was soon discovered that if the hacker typed DEMO when asked for name and establishment, things started to happen. For several days hackers left each other messages on the hobbyist bulletin board, reporting progress, or the lack of it. Eventually, it became obvious that DEMO was supposed, as its name suggests, to be a limited facilities demonstration for casual users, but that it had been insecurely set up.

I can remember the night I pulled down the system manual, which had been left in an electronic file, watching page after page scroll down my VDU at 300 baud. All I had had to do was type the word 'GUIDE'. I remember also fetching down lists of addresses and mnemonics of SERCNET members. Included in the manual were extensive descriptions of the network protocols and their relation to 'standard' PSS-style networks.

As I complete this chapter I know that certain forms of access to SERCNET have been shut off, but that hacker exploration appears to continue. Some of the best hacker stories do not have a definite ending. I offer some brief extracts from captured SERCNET sessions.

03EOEHaae NODE 3.
Which Service?
PAD
COM
FAD>CALL 40
Welcome to SERCNET-PSS Gateway. Type HELP for help.

Gatew::~cInkging in
user HELP
ID last used Wednesday, 18 January 1984 16:53
Started - Wed 18 Jan 19a4 17:07:55
Please enter your name and establishment DEMO
Due to a local FTP problem messages entered via the HELP system
during the last month have been lost. Please resubmit if
problem/question is still outstanding 9/1/84

No authorisation is required for calls which do not incur charges at
the Gateway. There is now special support for TELEX. A TELEX service
may be announced shortlY.


Copies of the PSS Guide issue 4 are available on request to Program
Advisory Office at RAL, telephone 0235 44 6111 (direct dial in) or
0235 21900 Ext 6111. Requests for copies should no longer be placed
in this help system.

The following options are available:


NOTES GUIDE TITLES ERRORS EXAMPLES HELP QUIT
Which option do you require? GUIDE
The program 'VIEW' is used to display the Gateway guide
Commands available are:
 or N next page
p         previous page
n         list page n
+n or -n  go forward or back n pages
S         first page
E         last page
L/string  find line Containing string
F/string  find line beginning string
Q         exit from VIEW

VIEW Vn 6> Q
The following options are available:

NOTES GUIDE TITLES ERRORS EXAMPLES HELP OUIT
Which option do you require? HELP
NOTES replies to user queries & other notes
GUIDE Is the complete Gateway user guide (including the Appendices)
TITLES 1- a list of SERCNET L PSS addresses & mnemonics (Guide
Appendix 1)
ERRORS List of error codes you may receive EXAMPLES are ome examples
of use of the Gateway (Guide Appendix 2)
QUIT exits from this session

The following options are available:

NOTES GUIDE TITLES ERRORS EXAMPLES HELP QUIT
Which option do you require? TITLES

VIEW Vn o>

If you have any comments, please type them now, terminate with E
on a line on its own. Otherwise just type \

CPU used: 2 ieu, Elapsed: 14 mins, IO: 2380 units, Break: 114
Budgets: this period = 32.000 AUs, used = 0.015 AU, left - 29.161 AUs
User HELP   terminal   2 logged out Wed 18 Jan 1984 17:21:59

84/04/18. 18.47.00.
I.C.C.C. NETWORK OPERATING SYSTEM.         NOS 1.1-430.20A
USER NUMBER:
PASSWORD:
IMPROPER LOG IN, TRY AGAIN.
USER NUMBER:
PASSWORD:

>SCIENCE AND ENGINEERING RESEARCH COUNCIL

>RUTHERFORD APPLETON LABORATORY
COMPUTING DIVISION
>
>           ThE SERCNET - PSS Gateway

>                User's Guide

                                                A S Dunn

>Issue 4                                 16 February 1983


>Introduction



Frm 1; Next>
The SERCNET-PSS Gateway provides access from SERCNET to PSS and PSS
to SERCNET. It functions as a 'straight through' connection between
the networks, ie it is protocol transparant. It operates as a
Transport Level gateway, in accordance with the 'Yellow book'
Transport Service. However the present implementation does not have a
full Transport Service. and therefore there are some limitations in
the service provided. For X29 which is incompatible with the Yellow
book Transport Service. special facilities are provided for the input
of user identification and addresses.

No protocol conversion facilities are provided by the Gateway -
protocol conversion facilities (eg X29 - TS29) can be provided by
calling through a third party machine (usually on SERCNET).

The Transport Service addressing has been extended to include
authorisation fields, so that users can be billed for any charges
they incur.

The Gateway also provides facilities for users to inspect their
accounts and change their passwords, and also a limited HELP
facility.

User Interface

The interface which the user sees will depend on the local equipment
to
Frm 2; Next>

which he is attached. This may be a PAD in which case he will
probably be using the X29 protocol, or a HOST (DTE) in which case he
might be using FTP for example. The local equipment must have some
way of generating a Transport Service Called Address for the Gateway,
which also includes an authorisation field - the format of this is
described below. The documentation for the local system must
therefore be consulted in order to find out how to generate the
Transport Service Called Address. Some examples given in Appendix 2.

A facility is provided for the benefit of users without access to the
'Fast Select' facility, eg BT PAD users (but available to all X29
terminal users) whereby either a minimal address can be included in
the Call User Data Field or an X25 subaddress can be used and the
Call User Data Field left absent.

The authorisation and address can then be entered when prompted by
the Gateway.


Unauthorised Use
Frm 5: Next>

No unauthorised use of the Gateway is allowed regardless of whether
charges are Incurred at the Gateway or not.

However, there is an account DEMO (password will be supplied on
request) With a small allocation which is available for users to try
out the Gateway but it should be noted that excessive use of this
account will soon exhaust the allocation thus depriving others of its
use.

Prospective users of the Gateway should first contact User Interface
Group In the Computing Division of the Rutherford Appleton
Laboratory.

Addressing

To connect a call through the Gateway the following information is
required in the Transport Service Called Address:

1) The name of the called network
2) Authorisation. consisting of a USERID, PASSWORD and ACCOUNT, and
optionally, a reverse charging request
3) The address of the target host on the called network

The format is as follows:

\(\).\

1) \ is one of the following:


SERCNET   to connect to the SERC network
PSS       to connect to PSS
S         an alias for SERCNET
69        another alias for SERCNET

2)        \ is a list of positional or keyword
parameters or booleans as follows:

keyword   Meaning

US        User identifier
PW        User's password
AC        the account - not used at present - talen to be same as US
RF        'reply paid' request (see below)
R         reverse charging indicator (boolean)

keywords are separated from their values by '='.
keyword-value pairs positional parameters and booleans are separated
from each other by ','. The whole string is enclosed in parentheses:
().

Examples:

(FRED.XYZ R)
(US=FRED,PW=XYZ,R)
(R,PW=XYZ,US=FRED)

All the above have exactly the same meaning. The first form is the
most usual.

When using positionals, the order is: US,PW,AC,RP,R


3)\ is the address of the machine being called on the
target network. It may be a compound address, giving the service
within the target machine to be used. It may begin with a mnemonic
instead of a full DTE address. A list of current mnemonics for both
SERCNET and PSS is given in Appendix 1.

A restriction of using the Gateway is that where a Transport Service
address (service name) is required by the target machine to identify
the service to be used, then this must be included explicitly by the
user in the Transport Service Called Address, and not assumed from
the mnemonic, since the Gateway cannot Inow from the mnemonic. which
protocol is being used.

Examples:

RLGS.FTP
4.FTP

Both the above would refer to the FTP service on the GEC 'B' machine
at Rutherford.

RLGB alone would in fact connect to the X29 server, since no service
name is Frm 7; Next>
required for X29.

In order to enable subaddresses to be entered more easily with PSS
addresses, the delimiter '-' can be used to delimit a mnemonic. When
the mnemonic is translated to an address the delimiting '-' is
deleted so that the following string is combined with the address.
Eg:

SERC-99 is translated to 23422351919199

Putting the abovementioned three components together, a full
Transport Service Called Address might look like:

S(FRED,XYZ,R).RLGS.FTF


Of course a request for reverse charging on SERCNET is meaningless,
but not illegal.

Reply Paid Facility      (Omit at first reading)

In many circumstances it is necessary for temporary authorisation to
be passed to a third party. For example, the recipient of network
MAIL may not himself be authorised to use the Gateway, and therefore
the sender may wish to grant him temporary authorisation in order to
reply. With the Job Transfer and maniplulation protocol, there is a
requirement to return output documents from jobs which have been
executed on a remote site.

The reply paid facility is involved by including the RP keyword in the
authorisation. It can be used either as a boolean or as a
keyword-value pair. When used as a boolean, a default value of I is
assumed.

The value of the RP parameter indicates the number of reply paid
calls which are to be authorised. All calls which use the reply paid
authorisation will be charged to the account of the user who
initiated the reply paid authorisation.

Frm 9; Next:

The reply paid authorisation parameters are transmitted to the
destination address of a call as a temporary user name and password
in the Transport Service Calling Address. The temporary user name and
password are in a form available for use by automatic systems in
setting up a reply to the address which initiated the original call.

Each time a successful call is completed using the temporary user
name and password, the number of reply paid authorisations is reduced
by 1, until there are none left, when no further replies are allowed.
In addition there is an expiry date of I week, after which the
authorisations are cancelled.

In the event of call failures and error situations, it is important
that the effects are clearly defined. In the following definitions,
the term 'fail' is used to refer to any call which terminates with
either a non-zero clearing cause or diagnostic code or both,
regardless of whether data has been communicated or not. The rules
are defined as follows:

1) If a call which has requested reply paid authorisation fails for
any reason, then the reply paid authorisation is not set up.

2) If the Gateway is unable to set up the reply paid authorisation
for any reason (eg insufficient space), then the call requesting the
authorisation will be refused.

3) A call which is using reply paid authorisation may not create
another reply paid authorisation.

4) If a call which is using reply paid authorisation fails due to a
network error (clearing cause non zero) then the reply paid count is
not reduced.

5) If a call which is using reply paid authorisation fails due to a
host clearing (clearing cause zero, diagnostic code non-zero) then
the reply paid count is reduced, except where the total number of
segments transferred on the call is zero (ie call setup was never
completed).

Frm 11; Next?

X29 Terminal Protocol

There is a problem in that X29 is incompatible with the Transport
Service.  For this reason, it is possible that some PAD
implementations will be unable to generate the Transport Service
Called Address. Also some PAD's, eg the British Telecom PAD, may be
unable to generate Fast Select calls - this means that the Call User
Data Field is only 12 bytes long - insufficient to hold the Transport
Service Address.

If a PAD is able to insert a text string into the Call User Data Field
beginning at the fifth byte, but is restricted to 12 characters
because of inability to generate Fast Select calls, then a partial
address can be included consisting of either the network name being
called, or the network name plus authorisation.

The first character is treated as a delimiter, and should be entered
as the character '7'. This is followed by the name of the called
network - SERCNET.

Alternatively, if the PAD is incapable of generating a Call User Data
Field, then the network name can be entered as an X25 subaddress. The
mechanism employed by the Gateway is to transcribe the X25 subaddress
to the beginning of the Transport Service Called Address, converting
the digits of the subaddress into ASCII characters in the process.
Note that this means only SERCNET can be called with this method at
present by using subaddress 69.

The response from the Gateway will be the following message:

Please enter your authorisation and address required in form:
(user,password).address

Reply with the appropriate response eg:

(FRED,XYZ).RLGB

There is a timeout of between 3 and 4 minutes for this response.
after which the call will be cleared. There is no limit to the number
of attempts which may be made within this time limit - if the
authorisation or address entered is invalid, the Gateway will request
it again. To abandon the attempt. the call should be cleared from the
local PAD.

A restriction of this method of use of the Gateway is that a call
must be correctly authorised by the Gateway before charging can
begin, thus reverse charge calls from PSS which do not contain
authorisation in the Call Request packet will be refused. However it
is possible to include the authorisation but not the address in the
Call Request packet. The authorisation must then be entered again
together with the address when requested by the Gateway.

The above also applies when using a subaddress to identify the called
network. In this case the Call User Data Field will contain only the
authorisation in parentheses (preceded by the delimiter '@')

                                   - 5 -

Due to the lack of a Transport Service ACCEPT primitive in X29 it will be
found, on some PADs, that a 'call connected' message will appear on the
terminal as soon as the call has been connected to the Gateway. The 'call
connected' message should not be taken to imply that contact has been made
With the ultimate destination. The Gateway will output a message 'Call
connected to remote address' when the connection has been established.

Frm 14; Next

ITP Terminal Protocol

The terminal protocol ITP is used extensively on SERCNET and some
hosts support only this terminal protocol. Thus it will not be
possible to make calls directly between these hosts on SERCNET and
addresses on PSS which support only X29 or TS29. In these cases it
will be necessary to go through an intermediate machine on SERCNET
which supports both x29 and ITP or TS29 and ITP, such as a GEC ITP.
This is done by first making a call to the GEC MUM, and then making
an outgoing call from there to the desired destination.

PTS29 Terminal Protocol

This is the ideal protocol to use through the Gateway. since there
should be no problem about entering the Transport Service address.
However, it is divisable first to ascertain that the machine to be
called will support

When using this protocol, the service name of the TS29 server should be
entered explicitly, eg:


S(FRED,XYZ).RLGB.TS29

Restrictions

Due to the present lack of a full Transport Service in the Gateway,
some primitives are not fully supported.

In particular, the ADRESS, DISCONNECT and RESET primitives are not
fully supported. Howerver this should not present serious problems,
since the ADDRESS and REASET primitives are not widely used, and the
DISCONNECT primitive can be carried in a Clear Request packet.

IPSS
Access to IPSS is through PSS. Just enter the IPSS address in place
of the PSS address.

................    and on and on for 17 pages