Assistance Program) Title: lmos HOW TO MONITOR A PHONE LINE (FROM A DIAL UP LINE) WITH LMOS by Monique (frm WORM 1,5) The Loop Maintenance Operations System (LMOS) is an operations system for Bell Operating Companies reppair bureaus. LMOS is a database containing the online information necessary for trouble- shooting and maintaining telephone service. Such information as: costomer trouble report, customer name and address for all numbers (including non-published), and telephone line histories are stored {Slam a key , You SCURVY DOG} here. Also present are maintenance functions which allow various tests to be performed on a customers line. This includes AUDIBLY MONITORING A LINE TO CHECK FOR TROUBLE. These functions are meant to be only accessible via dedicated terminals. An LMOS host consists of two major parts: a front-end, and a back-end. Although the back-end containes the database of information, the front-end is what's commonly targeted by hackers. A front-end is a mini-computer running a UNIX shell; in the older configurations PDP 11/70's were used.The new LMOS set-ups, called HICAP (short for HIgh CAPacity), are run on VAX 8600's or 8650's. In most cases these LMOS front-end hosts will have an async dial up port, this is there window of vulnerability. Computer {Slam a key , You SCURVY DOG} hackers can easily gain access to the UNIX operating system because of poor password choices by BOC employees. It is also through these dial-up ports that telephone lines can be remotely monitored. After gaining access to the UNIX shell, the fun begins. The main obstacle is that the the database is designed for synchronous operation only. However, through a terminal program used by system maintenance personnel to test the system, it is possable to use LMOS remotely. This program, under various names, is commonly located in either the /lmos/bin or /lmos/usr directories. Upon running the program a user is able to enter commands as if she was at a terminal within a telephone company office. The actual procedure to monitor a line is quite simple: {Slam a key , You SCURVY DOG} the command /FOR TV would be entered, thus bringing up a Trouble Verification mask. The user would then fill-in the fields, supplying such information as: telephone nuumber to monitor, test type and a callback number. The type of test we are interested in is the QUICK test. In order to monitor a line, a callback number must be specified in the CB field. This number will be used to esteblish a voice connection and must be in the same calling area. After a QUICK test begins the user will receive a report with test results and information about the customers line (CL) and the telephone companies equipment. If the CL is currently in use LMOS can then give a call to the number specified in the callback field. When the hacker picks up the phone {Slam a key , You SCURVY DOG} she will be hearing whatever is happening on the customer's line. Once the hacker is monitoring there are a few commands to make her job more enjoyable. By using the plus and minus (+/-) keys she may raise or lower the volume of the monitored call. If she has anything to add she can press "t" and the other parties will hear her. Keep in mind that two phone lines are necessary: one to monitor the line and one connecting to LMOS. ******************************************************************* COMMENTS: seems that some things are not being said here; "database is desighned for syncronous operation only...through a terminal program...poss. to use sys. remotely...prog. found under various names, located in..." - how used(connected), and what those various {Slam a key , You SCURVY DOG} names are, is not mentioned. "CB #, must be in same calling area"; seems like you could use call forwarding to get arround this. "two phones are necessary"; how about call waiting?... DISCUSION? /s [T.A.P. (Technical Assistance Program) #10] [80] Read (1-86,,T,Q,P,A,R,B,W,D) :