Until ten years ago, the telecommunications and computer industries were almost entirely separate. Shortly they will be almost completely fused. Most of today's hackers operate largely in ignorance of what goes on in the lines and switching centres between the computer they own and the computer they wish to access. Increasingly, dedicated hackers are having to acquire knowledge and experience of data networks, a task made more interesting, but not easier, by the fact that the world's leading telecommunications organisations are pushing through an unprecedented rate of innovation, both technical and commercial. Apart from purely local lowspeed working, computer communications are now almost exclusively found on separate high-speed data networks, separate that is from the two traditional telecommunications systems telegraphy and telephone. Telex lines operate typically at 50 or 75 baud with an upper limit of 110 baud.
The highest efficient speed for telephone-line-based data is 1200 baud. All of these are pitifully slow compared with the internal speed of even the most sluggish computer. When system designers first came to evaluate what sort of facilities and performance would be needed for data communications, it became obvious that relatively few lessons would be drawn from the solutions already worked out in voice communications.
In voicegrade networks, the challenge had been to squeeze as many analogue signals down limited-size cables as possible. One of the earlier solutions, still very widely used, is frequency division multiplexing (FDM): each of the original speech paths is modulated onto one of a specific series of radio frequency carrier waves; each such rf wave is then suppressed at the transmitting source and reinserted close to the receiving position so that only one of the sidebands (the lower), the part that actually contains the intelligence of the transmission, is actually sent over the main data path. This is similar to ssb transmission in radio.
The entire series of suppressed carrier waves are then modulated onto a further carrier wave, which then becomes the main vehicle for taking the bundle of channels from one end of a line to the other.
Typically, a small coaxial cable can handle 60 to 120 channels in this way, but large cables (the type dropped on the beds of oceans and employing several stages of modulation) can carry 2700 analogue channels. Changing audio channels (as they leave the telephone instrument and enter the local exchange) into rf channels, as well as making frequency division multiplexing possible, also brings benefits in that over long circuits it is easier to amplify rf signals to overcome losses in the cable.
Just before World War II, the first theoretical work was carried out to find further ways of economising on cable usage; what was then developed is called Pulse Code Modulation (PCM).
There are several stages. In the first, an analogue signal is sampled at specific intervals to produce a series of pulses; this is called Pulse Amplitude Modulation, and takes advantage of the characteristic of the human ear that if such pulses are sent down a line with only a very small interval between them, the brain smoothes over the gaps and reconstitutes the entire original signal.
In the second stage, the levels of amplitude are sampled and translated into a binary code. The process of dividing an analogue signal into digital form and then reassembling it in analogue form is called quantization. Most PCM systems use 128 quantizing levels, each pulse being coded into 7 binary digits, with an eighth added for supervisory purposes.OPERATION OF A CHARACTER TDM +-----+-----+-----+-----+-----+-----+-----+-- <------| SYN | CH1 | CH2 | CH3 | CH4 | SYN | CH1 | +-----+-----+-----+-----+-----+-----+-----+-- +-----------------+ +-----------------+ 1 | | | |1 --+ | +---+ +---+ | +-- 2 | | | | | | | |2 --+ MULTIPLEXER |==+ M +--\/\/--+ M +==--+ MULTIPLEXER +-- 3 | | | | | | | |3 --+ | +---+ +---+ | +-- 4 | | | |4 --+-----------------+ +-----------------+-- --+-----+-----+-----+-----+-----+-----+----+ | CH1 | SYN | CH4 | CH3 | CH2 | CH1 |SYN |-------> --+-----+-----+-----+-----+-----+-----+----+ <----------------------------> ONE DATA FRAME
By interleaving coded characters in a highspeed digital stream it is possible to send several separate voice channels along one physical link. This process is called Time Division Multiplexing (TDM) and together with FDM still forms the basis of most of the globe's voicegrade communications.
Elegant though these solutions are, though, they are rapidly being replaced by totally digital schemes. Analogue systems would be very wasteful when all that is being transmitted are the discrete audio tones of the output of a modem. In a speech circuit, the technology has to be able to 'hear', receive, digitize and reassemble the entire audio spectrum between 100 Hz and 3000 Hz, which is the usual passband of what we have come to expect from the audio quality of the telephone. Moreover, the technology must be sensitive to a wide range of amplitude; speech is made up of pitch and associated loudness. In a digital network, however, all one really wants to transmit are the digits, and it doesn't matter whether they are signified by audio tones, radio frequency values, voltage conditions or light pulses, just so long as there is circuitry at either end which can encode and decode.
There are other problems with voice transmission: once two parties have made a connection with each other (by the one dialling a number and the other lifting a handset), good sense has suggested that it was desirable to keep a total physical path open between them, it not being practical to close down the path during silences and re-open it when someone speaks. In any case the electromechanical nature of most of today's phone exchanges would make such turning off and on very cumbersome and noisy.
But with a purely digital transmission, routing of a 'call' doesn't have to be physical--individual blocks merely have to bear an electronic label of their originating and destination addresses, such addresses being 'read' in digital switching exchanges using chips, rather than electromechanical ones. Two benefits are thus simultaneously obtained: the valuable physical path (the cable or satellite link) is only in use when some intelligence is actually being transmitted and is not in use during 'silence'; secondly, switching can be much faster and more reliable.
These ideas were synthesised into creating what has now become packet switching. The methods were first described in the mid-1960's but it was not until a decade later that suitable cheap technology existed to create a viable commercial service.
The British Telecom product is called Packet SwitchStream (PSS) and notable comparable US services are Compuserve, Telenet and Tymnet. Many other countries have their own services and international packet switching is entirely possible--the UK service is called, unsurprisingly, IPSS.
International Packet Switched Services and DNICs
Datacalls can be made to hosts on any listed International Networks. The NIC (Data Network Identification Code) must precede the international host's NUA. Charges quoted are for duration (per hour) and volume (per Ksegment) and are raised in steps of 1 minute and 10 segments respectively.
Country Network DNIC Australia Midas 5053 8elgium Euronet 2062 Belgium Euronet 2063 Canada Datapac 3020 Canada Globedat 3025 Canada Infoswitch 3029 Denmark Euronet 2383 France Transpac 2080 French Antilles Euronet 3400 Germany (FDR) Datex P 2624 Germany (FDR) Euronet 2623 Hong Kong IDAS 4542 Irish Republic Euronet 2723 Italy Euronet 2223 Japan DDX-P 4401 Japan Venus-P 4408 Luxembourg Euronet 2703 Netherlands Euronet 2043 Country Network DNIC Norway Norpak 2422 Portugal N/A 2682 Singapore Telepac 5252 South Africa Saponet 6550 Spain TIDA 2141 Sweden Telepak 2405 Switzerland Datalink 2289 Switzerland Euronet 2283 U.S.A. Autonet 3126 U.S.A. Compuserve 3132 U.S.A. ITT (UDTS) 3103 U.S.A. RCA (LSDS) 3113 U.S.A. Telenet 3110 U.S.A. Tymnet 3106 U.S.A. Uninet 3125 U.S.A. WUI (DBS) 3104
Additionally, Datacalls to the U.K. may be initiated from:
Bahrain, Barbados, Bermuda, Israel, New Zealand and the United Arabs Emirates.
Up to date Information can be obtained from IPSS Marketing on 01-9362743
In essence, the service operates at 48kbits/sec full duplex (both directions simultaneously) and uses an extension of time division multiplexing Transmission streams are separated in convenient- sized blocks or packets, each one of which contains a head and tail signifying origination and destination. The packets are assembled either by the originating computer or by a special facility supplied by the packet switch system. The packets in a single transmission stream may all follow the same physical path or may use alternate routes depending on congestion. The packets from one 'conversation' are very likely to be interleaved with packets from many Other 'conversations'. The originating and receiving computers see none of this. At the receiving end, the various packets are stripped of their routing information, and re-assembled in the correct order before presentation to the computer's VDU or applications program.
PACKET ASSEMBLY/DISASSEMBLY+------------------------- | | PSS +-----+ o> o> o> o> o> o> o> o> o> o> | | O> O> O> Terminal D================================-+ PAD +-==========
CHARACTERS O> PACKETS \
All public data networks using packet switching seek to be compatible with each other, at least to a considerable degree. The international standard they have to implement is called CCITT X.25. This is a multi-layered protocol covering (potentially) everything from electrical connections to the user interface.
The levels work like this:
7 APPLICATION User interface
6 PRESENTATION Data formatting & code conversion
5 SESSION Co-ordination between processes
4 TRANSPORT Control of quality service
3 NETWORK Set up and maintenance of connections
2 DATA LINK Reliable transfer between terminal and network
PHYSICAL Transfer of bitstream between terminal and network
At the moment international agreement has only been reached on the lowest three levels, Physical, Data Link and Network. Above that, there is a battle in progress between IBM, which has solutions to the problems under the name SNA (Systems Network Architecture) and most of the remainder of the principal main- frame manufacturers, whose solution is called OSI (Open Systems Interconnection).
Packet Switching and the Single User
So much for the background explanation. How does this affect the user? Single users can access packet switching in one of two principal ways. They can use special terminals able to create the data packets in an appropriate form--called Packet Terminals, in the
(In the original book there is a diagram showing Dial-up termials and single users connecting to a PAD system and Packet Terminals directly connected to the PSS. Note added by Electronic Images)
jargon--and these sit on the packet switch circuit, accessing it via the nearest PSS exchange using a permanent dataline and modems operating at speeds of 2400, 4800, 9600 or 48K baud, depending on level of traffic. Alternatively, the customer can use an ordinary asynchronous terminal without packet-creating capabilities, and connect into a special PSS facility which handles the packet assembly for him. Such devices are called Packet Assembler/ Disassemblers, or PADs. In the jargon, such users are said to have Character Terminals. PADs are accessed either via leased line at 300 or 1200, or via dial-up at those speeds, but also at 110 and 1200/75.
Most readers of this book, if they have used packet switching at all, will have done so using their own computers as character terminals and by dialling into a PAD. The phone numbers of UK PADs can be found in the PSS directory, published by Telecom National Networks. In order to use PSS, you as an individual need a Network User Identity (NUI), which is registered at your local Packet Switch Exchange (PSE). The PAD at the PSE will throw you off if you don't give it a recognisable NUI. PADs are extremely flexible devices; they will configure their ports to suit your equipment, both as to speed and screen addressing, rather like a bulletin board (though to be accurate, it is the bulletin board which mimics the PAD).
Phone numbers to access PSS PADs
Terminal operating speed: PSE (STD) 110 OR 300 1200/75 1200 Duplex Aberdeen (0224) 642242 642484 642644 Birmingham (021) 2145139 2146191 241 3061 Bristol (0272) 216411 216511 216611 Cambridge (0223) 82511 82411 82111 Edinburgh (031) 337 9141 337 9121 337 9393 Glasgow (041) 204 2011 204 2031 204 2051 Leeds (0532) 470711 470611 470811 Liverpool (051) 211 0000 212 5127 213 6327 London (01) 825 9421 407 8344 928 2333 or (01) 928 9111 928 3399 928 1737 Luton (0582) 8181 8191 8101 Manchester (061) 833 0242 833 0091 833 0631 Newcastle/Tyne (0632) 314171 314181 314161 Nottingham (0602) 881311 881411 881511 Portsmouth (0705) 53011 53911 53811 Reading (0734) 389111 380111 384111 (*)Slough (0753) 6141 6131 6171 (*)Local area code access to Slough is not available. Switch the modem/dataphone to 'data' on receipt of data tone.
Next, you need the Network User Address (NUA) of the host you are calling. These are also available from the same directory: Cambridge University Computing Services's NUA is 234 222339399, BLAISE is 234 219200222, Istel is 234 252724241, and so on. The first four numbers are known as the DNIC (Data Network Identification Code); of these the first three are the country ('234' is the UK identifier), and the last one the specific service in that country, '2' signifying PSS. You can also get into Prestel via PSS, though for UK purposes it is an academic exercise: A9 234 1100 2018 gives you Prestel without the graphics (A9 indicates to the system that you have a teletype terminal).
Once you have been routed to the host computer of your choice, then it is exactly if you were entering by direct dial; your password and so on will be requested. Costs of using PSS are governed by the number of packets exchanged, rather than the distance between two computers or the actual time of the call. A typical PSS session will thus contain the following running costs: local phone call to PAD (on regular phone bill, time-related), PSS charges (dependent on number of packets sent) and host computer bills (which could be time-related or be per record accessed or on fixed subscription).
Packet switching techniques are not confined to public data networks Prestel uses them for its own mini-network between the various Retrieval Computers (the ones the public dial into) and the Update and Mailbox Computers, and also to handle Gateway connections. Most newer private networks are packet switched.
Valued Added Networks (VANs) are basic telecoms networks or facilities to which some additional service--data processing or hosting of publishing ventures, for example--has been added.
Public Packet Switching, by offering easier and cheaper access, is a boon to the hacker. No longer does the hacker have to worry about the protocols that the host computer normally expects to see from its users. The X.25 protocol and the adaptability of the PAD mean that the hacker with even lowest quality asynchronous comms can talk to anything on the network. The tariff structure, favouring packets exchanged and not distance, means that any computer anywhere in the world can be a target.
Austin and Poulsen, the ARPAnet hackers, made dramatic use of a private packet-switched net; the Milwaukee 414s ran around GTE's Telenet service, one of the biggest public systems in the US. Their self-adopted name comes from the telephone area code for Milwaukee, a city chiefly known hitherto as a centre of the American beer industry. During the Spring and Summer of 1983, using publicly published directories, and the usual guessing games about pass-numbers and pass-words, the 414s dropped into the Security Pacific Bank in Los Angeles, the Sloan-Kettering Cancer Clinic in New York (it is still not clear to me if they actually altered patients records or merely looked at them), a Canadian cement company and the Los Alamos research laboratory in New Mexico, home of the atomic bomb, and where work on nuclear weapons continues to this day. It is believed that they saw there 'sensitive' but not 'classified' files.
Commenting about their activities, one prominent computer security consultant, Joesph Coates, said: 'The Milwaukee babies are great, the kind of kids anyone would like their own to - ~be...There's nothing wrong with those kids. The problem is with the idiots who sold the system and the ignorant people who bought it. Nobody should buy a computer without knowing how much ~ . security is built in....You have the timid dealing with the foolish.'
During the first couple of months of 1984, British hackers carried out a thorough exploration of SERCNET, the private packet-switched network sponsored by the Science and Engineering Research Council and centred on the Rutherford Appleton Laboratory in Cambridge. It links together all the science and technology universities and polytechnics in the United Kingdom and has gateways to PSS and CERN (European Nuclear Research).
Almost every type of mainframe and large mini-computer can be discovered hanging on to the system, IBM 3032 and 370 at Rutherford itself, Prime 400s, 550s and 750s all over the place, VAX 11/780s at Oxford, Daresbury, other VAXs at Durham, Cambridge, York, East Anglia and Newcastle, large numbers of GEC 4000 family members, and the odd PDP11 running Unix.
Penetration was first achieved when a telephone number appeared on a popular hobbyist bulletin board, together with the suggestion that the instruction 'CALL 40' might give results. It was soon discovered that if the hacker typed DEMO when asked for name and establishment, things started to happen. For several days hackers left each other messages on the hobbyist bulletin board, reporting progress, or the lack of it. Eventually, it became obvious that DEMO was supposed, as its name suggests, to be a limited facilities demonstration for casual users, but that it had been insecurely set up.
I can remember the night I pulled down the system manual, which had been left in an electronic file, watching page after page scroll down my VDU at 300 baud. All I had had to do was type the word 'GUIDE'. I remember also fetching down lists of addresses and mnemonics of SERCNET members. Included in the manual were extensive descriptions of the network protocols and their relation to 'standard' PSS-style networks.
As I complete this chapter I know that certain forms of access to SERCNET have been shut off, but that hacker exploration appears to continue. Some of the best hacker stories do not have a definite ending. I offer some brief extracts from captured SERCNET sessions.
03EOEHaae NODE 3. Which Service? PAD COM FAD>CALL 40 Welcome to SERCNET-PSS Gateway. Type HELP for help. Gatew::~cInkging in user HELP ID last used Wednesday, 18 January 1984 16:53 Started - Wed 18 Jan 19a4 17:07:55 Please enter your name and establishment DEMO Due to a local FTP problem messages entered via the HELP system during the last month have been lost. Please resubmit if problem/question is still outstanding 9/1/84 No authorisation is required for calls which do not incur charges at the Gateway. There is now special support for TELEX. A TELEX service may be announced shortlY. Copies of the PSS Guide issue 4 are available on request to Program Advisory Office at RAL, telephone 0235 44 6111 (direct dial in) or 0235 21900 Ext 6111. Requests for copies should no longer be placed in this help system. The following options are available: NOTES GUIDE TITLES ERRORS EXAMPLES HELP QUIT Which option do you require? GUIDE The program 'VIEW' is used to display the Gateway guide Commands available are:
or N next page p previous page n list page n +n or -n go forward or back n pages S first page E last page L/string find line Containing string F/string find line beginning string Q exit from VIEW VIEW Vn 6> Q The following options are available: NOTES GUIDE TITLES ERRORS EXAMPLES HELP OUIT Which option do you require? HELP NOTES replies to user queries & other notes GUIDE Is the complete Gateway user guide (including the Appendices) TITLES 1- a list of SERCNET L PSS addresses & mnemonics (Guide Appendix 1) ERRORS List of error codes you may receive EXAMPLES are ome examples of use of the Gateway (Guide Appendix 2) QUIT exits from this session The following options are available: NOTES GUIDE TITLES ERRORS EXAMPLES HELP QUIT Which option do you require? TITLES VIEW Vn o> If you have any comments, please type them now, terminate with E on a line on its own. Otherwise just type \ CPU used: 2 ieu, Elapsed: 14 mins, IO: 2380 units, Break: 114 Budgets: this period = 32.000 AUs, used = 0.015 AU, left - 29.161 AUs User HELP terminal 2 logged out Wed 18 Jan 1984 17:21:59 84/04/18. 18.47.00. I.C.C.C. NETWORK OPERATING SYSTEM. NOS 1.1-430.20A USER NUMBER: PASSWORD: IMPROPER LOG IN, TRY AGAIN. USER NUMBER: PASSWORD: >SCIENCE AND ENGINEERING RESEARCH COUNCIL >RUTHERFORD APPLETON LABORATORY COMPUTING DIVISION > > ThE SERCNET - PSS Gateway > User's Guide A S Dunn >Issue 4 16 February 1983 >Introduction Frm 1; Next> The SERCNET-PSS Gateway provides access from SERCNET to PSS and PSS to SERCNET. It functions as a 'straight through' connection between the networks, ie it is protocol transparant. It operates as a Transport Level gateway, in accordance with the 'Yellow book' Transport Service. However the present implementation does not have a full Transport Service. and therefore there are some limitations in the service provided. For X29 which is incompatible with the Yellow book Transport Service. special facilities are provided for the input of user identification and addresses. No protocol conversion facilities are provided by the Gateway - protocol conversion facilities (eg X29 - TS29) can be provided by calling through a third party machine (usually on SERCNET). The Transport Service addressing has been extended to include authorisation fields, so that users can be billed for any charges they incur. The Gateway also provides facilities for users to inspect their accounts and change their passwords, and also a limited HELP facility. User Interface The interface which the user sees will depend on the local equipment to Frm 2; Next> which he is attached. This may be a PAD in which case he will probably be using the X29 protocol, or a HOST (DTE) in which case he might be using FTP for example. The local equipment must have some way of generating a Transport Service Called Address for the Gateway, which also includes an authorisation field - the format of this is described below. The documentation for the local system must therefore be consulted in order to find out how to generate the Transport Service Called Address. Some examples given in Appendix 2. A facility is provided for the benefit of users without access to the 'Fast Select' facility, eg BT PAD users (but available to all X29 terminal users) whereby either a minimal address can be included in the Call User Data Field or an X25 subaddress can be used and the Call User Data Field left absent. The authorisation and address can then be entered when prompted by the Gateway. Unauthorised Use Frm 5: Next> No unauthorised use of the Gateway is allowed regardless of whether charges are Incurred at the Gateway or not. However, there is an account DEMO (password will be supplied on request) With a small allocation which is available for users to try out the Gateway but it should be noted that excessive use of this account will soon exhaust the allocation thus depriving others of its use. Prospective users of the Gateway should first contact User Interface Group In the Computing Division of the Rutherford Appleton Laboratory. Addressing To connect a call through the Gateway the following information is required in the Transport Service Called Address: 1) The name of the called network 2) Authorisation. consisting of a USERID, PASSWORD and ACCOUNT, and optionally, a reverse charging request 3) The address of the target host on the called network The format is as follows: \ (\ ).\ 1) \ is one of the following: SERCNET to connect to the SERC network PSS to connect to PSS S an alias for SERCNET 69 another alias for SERCNET 2) \ is a list of positional or keyword parameters or booleans as follows: keyword Meaning US User identifier PW User's password AC the account - not used at present - talen to be same as US RF 'reply paid' request (see below) R reverse charging indicator (boolean) keywords are separated from their values by '='. keyword-value pairs positional parameters and booleans are separated from each other by ','. The whole string is enclosed in parentheses: (). Examples: (FRED.XYZ R) (US=FRED,PW=XYZ,R) (R,PW=XYZ,US=FRED) All the above have exactly the same meaning. The first form is the most usual. When using positionals, the order is: US,PW,AC,RP,R 3)\ is the address of the machine being called on the target network. It may be a compound address, giving the service within the target machine to be used. It may begin with a mnemonic instead of a full DTE address. A list of current mnemonics for both SERCNET and PSS is given in Appendix 1. A restriction of using the Gateway is that where a Transport Service address (service name) is required by the target machine to identify the service to be used, then this must be included explicitly by the user in the Transport Service Called Address, and not assumed from the mnemonic, since the Gateway cannot Inow from the mnemonic. which protocol is being used. Examples: RLGS.FTP 4.FTP Both the above would refer to the FTP service on the GEC 'B' machine at Rutherford. RLGB alone would in fact connect to the X29 server, since no service name is Frm 7; Next> required for X29. In order to enable subaddresses to be entered more easily with PSS addresses, the delimiter '-' can be used to delimit a mnemonic. When the mnemonic is translated to an address the delimiting '-' is deleted so that the following string is combined with the address. Eg: SERC-99 is translated to 23422351919199 Putting the abovementioned three components together, a full Transport Service Called Address might look like: S(FRED,XYZ,R).RLGS.FTF Of course a request for reverse charging on SERCNET is meaningless, but not illegal. Reply Paid Facility (Omit at first reading) In many circumstances it is necessary for temporary authorisation to be passed to a third party. For example, the recipient of network MAIL may not himself be authorised to use the Gateway, and therefore the sender may wish to grant him temporary authorisation in order to reply. With the Job Transfer and maniplulation protocol, there is a requirement to return output documents from jobs which have been executed on a remote site. The reply paid facility is involved by including the RP keyword in the authorisation. It can be used either as a boolean or as a keyword-value pair. When used as a boolean, a default value of I is assumed. The value of the RP parameter indicates the number of reply paid calls which are to be authorised. All calls which use the reply paid authorisation will be charged to the account of the user who initiated the reply paid authorisation. Frm 9; Next: The reply paid authorisation parameters are transmitted to the destination address of a call as a temporary user name and password in the Transport Service Calling Address. The temporary user name and password are in a form available for use by automatic systems in setting up a reply to the address which initiated the original call. Each time a successful call is completed using the temporary user name and password, the number of reply paid authorisations is reduced by 1, until there are none left, when no further replies are allowed. In addition there is an expiry date of I week, after which the authorisations are cancelled. In the event of call failures and error situations, it is important that the effects are clearly defined. In the following definitions, the term 'fail' is used to refer to any call which terminates with either a non-zero clearing cause or diagnostic code or both, regardless of whether data has been communicated or not. The rules are defined as follows: 1) If a call which has requested reply paid authorisation fails for any reason, then the reply paid authorisation is not set up. 2) If the Gateway is unable to set up the reply paid authorisation for any reason (eg insufficient space), then the call requesting the authorisation will be refused. 3) A call which is using reply paid authorisation may not create another reply paid authorisation. 4) If a call which is using reply paid authorisation fails due to a network error (clearing cause non zero) then the reply paid count is not reduced. 5) If a call which is using reply paid authorisation fails due to a host clearing (clearing cause zero, diagnostic code non-zero) then the reply paid count is reduced, except where the total number of segments transferred on the call is zero (ie call setup was never completed). Frm 11; Next? X29 Terminal Protocol There is a problem in that X29 is incompatible with the Transport Service. For this reason, it is possible that some PAD implementations will be unable to generate the Transport Service Called Address. Also some PAD's, eg the British Telecom PAD, may be unable to generate Fast Select calls - this means that the Call User Data Field is only 12 bytes long - insufficient to hold the Transport Service Address. If a PAD is able to insert a text string into the Call User Data Field beginning at the fifth byte, but is restricted to 12 characters because of inability to generate Fast Select calls, then a partial address can be included consisting of either the network name being called, or the network name plus authorisation. The first character is treated as a delimiter, and should be entered as the character '7'. This is followed by the name of the called network - SERCNET. Alternatively, if the PAD is incapable of generating a Call User Data Field, then the network name can be entered as an X25 subaddress. The mechanism employed by the Gateway is to transcribe the X25 subaddress to the beginning of the Transport Service Called Address, converting the digits of the subaddress into ASCII characters in the process. Note that this means only SERCNET can be called with this method at present by using subaddress 69. The response from the Gateway will be the following message: Please enter your authorisation and address required in form: (user,password).address Reply with the appropriate response eg: (FRED,XYZ).RLGB There is a timeout of between 3 and 4 minutes for this response. after which the call will be cleared. There is no limit to the number of attempts which may be made within this time limit - if the authorisation or address entered is invalid, the Gateway will request it again. To abandon the attempt. the call should be cleared from the local PAD. A restriction of this method of use of the Gateway is that a call must be correctly authorised by the Gateway before charging can begin, thus reverse charge calls from PSS which do not contain authorisation in the Call Request packet will be refused. However it is possible to include the authorisation but not the address in the Call Request packet. The authorisation must then be entered again together with the address when requested by the Gateway. The above also applies when using a subaddress to identify the called network. In this case the Call User Data Field will contain only the authorisation in parentheses (preceded by the delimiter '@') - 5 - Due to the lack of a Transport Service ACCEPT primitive in X29 it will be found, on some PADs, that a 'call connected' message will appear on the terminal as soon as the call has been connected to the Gateway. The 'call connected' message should not be taken to imply that contact has been made With the ultimate destination. The Gateway will output a message 'Call connected to remote address' when the connection has been established. Frm 14; Next ITP Terminal Protocol The terminal protocol ITP is used extensively on SERCNET and some hosts support only this terminal protocol. Thus it will not be possible to make calls directly between these hosts on SERCNET and addresses on PSS which support only X29 or TS29. In these cases it will be necessary to go through an intermediate machine on SERCNET which supports both x29 and ITP or TS29 and ITP, such as a GEC ITP. This is done by first making a call to the GEC MUM, and then making an outgoing call from there to the desired destination. PTS29 Terminal Protocol This is the ideal protocol to use through the Gateway. since there should be no problem about entering the Transport Service address. However, it is divisable first to ascertain that the machine to be called will support When using this protocol, the service name of the TS29 server should be entered explicitly, eg: S(FRED,XYZ).RLGB.TS29 Restrictions Due to the present lack of a full Transport Service in the Gateway, some primitives are not fully supported. In particular, the ADRESS, DISCONNECT and RESET primitives are not fully supported. Howerver this should not present serious problems, since the ADDRESS and REASET primitives are not widely used, and the DISCONNECT primitive can be carried in a Clear Request packet. IPSS Access to IPSS is through PSS. Just enter the IPSS address in place of the PSS address. ................ and on and on for 17 pages