Return-Path: Received: by massis.lcs.mit.edu (8.7.4/NSCS-1.0S) id JAA00653; Tue, 2 Dec 1997 09:28:42 -0500 (EST) Date: Tue, 2 Dec 1997 09:28:42 -0500 (EST) From: editor@telecom-digest.org Message-Id: <199712021428.JAA00653@massis.lcs.mit.edu> To: ptownson Subject: TELECOM Digest V17 #339 TELECOM Digest Tue, 2 Dec 97 09:28:00 EST Volume 17 : Issue 339 Inside This Issue: Editor: Patrick A. Townson Re: FCC Payphone Surcharge: Revenge of the Liberals (Nils Andersson) Re: FCC Payphone Surcharge: Revenge of the Liberals (Mike Fox) Re: New York City's New AC Also an Exchange in Neighboring 201 (L Madison) Re: New York City's New AC Also an Exchange in Neighboring 201 (B Goudreau) Re: Digital TV Towers (Art Walker) Re: Digital TV Towers (Chris Farrar) Re: Digital TV Towers (Tony Pelliccio) Re: Intranet Security (Louis Raphael) Re: Intranet Security (Eric Ewanco) Re: Intranet Security (Jeff Vinocur) Re: Competition Heats Up in Canada For PCS (Mike Federchuk) TELECOM Digest is an electronic journal devoted mostly but not exclusively to telecommunications topics. It is circulated anywhere there is email, in addition to various telecom forums on a variety of public service systems and networks including Compuserve and America On Line. It is also gatewayed to Usenet where it appears as the moderated newsgroup 'comp.dcom.telecom'. Subscriptions are available to qualified organizations and individual readers. Write and tell us how you qualify: * telecom-request@telecom-digest.org * The Digest is edited, published and compilation-copyrighted by Patrick Townson of Skokie, Illinois USA. You can reach us by postal mail, fax or phone at: Post Office Box 4621 Skokie, IL USA 60076 Phone: 847-727-5427 Fax: 773-539-4630 ** Article submission address: editor@telecom-digest.org ** Our archives are available for your review/research. The URL is: http://telecom-digest.org They can also be accessed using anonymous ftp: ftp hyperarchive.lcs.mit.edu/telecom-archives/archives (or use our mirror site: ftp ftp.epix.net/pub/telecom-archives) A third method is the Telecom Email Information Service: Send a note to archives@telecom-digest.org to receive a help file for using this method or write me and ask for a copy of the help file for the Telecom Archives. ************************************************************************* * TELECOM Digest is partially funded by a grant from the * * International Telecommunication Union (ITU) in Geneva, Switzerland * * under the aegis of its Telecom Information Exchange Services (TIES) * * project. Views expressed herein should not be construed as represent-* * ing views of the ITU. * ************************************************************************* In addition, a gift from Mike Sandman, Chicago's Telecom Expert has enabled me to replace some obsolete computer equipment and enter the 21st century sort of on schedule. His mail order telephone parts/supplies service based in the Chicago area has been widely recognized by Digest readers as a reliable and very inexpensive source of telecom-related equipment. Please request a free catalog today at http://www.sandman.com --------------------------------------------------------------- Finally, the Digest is funded by gifts from generous readers such as yourself who provide funding in amounts deemed appropriate. Your help is important and appreciated. A suggested donation of twenty dollars per year per reader is considered appropriate. See our address above. Please make at least a single donation to cover the cost of processing your name to the mailing list. All opinions expressed herein are deemed to be those of the author. Any organizations listed are for identification purposes only and messages should not be considered any official expression by the organization. ---------------------------------------------------------------------- Date: Mon, 1 Dec 1997 15:45:25 -0500 From: nilsphone@aol.com (Nils Andersson) Organization: AOL http://www.aol.com Subject: Re: FCC Payphone Surcharge: Revenge of the Liberals In article , Eli Mantel writes: > the big, bad, businesses who are stuck paying the wages of these > employees who are causing the wages of their own minimum-wage > employees to be increased. > And before long, payphone operators generating income for themselves > through this technique will be testifying before the FCC that any > changes to the regulations would unfairly impact their industry, an > industry which is making very significant contributions to the U.S. > economy. > [TELECOM Digest Editor's Note: This is a very interesting proposal. > Anyone want to try installing phones in the manner desribed and see if > it actually works? PAT] Actually, this kind of use of an 800 number is quite illegal, in much the same way that robocalling even a spammer is illegal. If it becomes widespread, most 800 numbers will be blocked from payphones, with the probable exception of those that can be billed back, such as the prepaid and long distance company 800 numbers. And a large volume of incomplete calls, i.e. calling the 800 without giving out an account number, will by itself alert the owners of those 800s that something fishy is going on. The loss of 800 service from payphones would be a loss to most people, but most particularly poor people. Liberals or anybody else ought NOT to encourage the above described kind of abuse, which in the long run would harm many and benefit no one. Regards, Nils Andersson [TELECOM Digest Editor's Note: We know it is illegal to generate traffic just for the sake of generating traffic. There has to be some legitimate and legal reason for the call. Harassment is not a legal reason to call someone. Now on the other hand, if I were conducting surveys ... a different survey question every week with the results reported to the media for publication ... or even a single survey with the questions, "Do you find your 800/888 toll- free service to be useful? What carrier do you use?" I'd have established a legitimate reason to call a few million 800/888 numbers at 30 cents each wouldn't I? Understandably I might have quite a few competitors out there in the survey business also, many of them asking the same questions. :) Or is this simply too transparent; is the BS too thinly-veiled here? I'll bet you though that carefully thought out and planned someone might get away with this, at least for awhile. After all, don't all survey and marketing-inquiry services require their employee survey-takers to use payphones installed at their desks? :) PAT] ------------------------------ Date: Mon, 01 Dec 1997 11:01:10 -0500 From: Mike Fox Reply-To: mikefox@ibm.net Subject: Re: FCC Payphone Surcharge: Revenge of the Liberals Stanley Cline wrote: > Several LECs and COCOT owners have had to *raise* their local coin > rates, even if they don't otherwise want to -- in order to compete for > or keep LOCATIONS. In other words, a 25c payphone can't pay as much > to the location provider as a 35c payphone, so in order to keep the > payphone in the desired location, the payphone owner has had to > increase rates. Also, from what I understand, some COCOT owners sign > "exclusive" contracts with location providers, preventing the location > provider for installing competing phones, even if they want to. The > money often doesn't flow to the PAYPHONE OWNER -- it flows to the > LOCATION OWNER. > [snip] > It's not just payphones, though ... > The same things -- competition for property rights (not customers) and > exclusive contracts -- are also issues in the cable business; various > apartment owners and condo associations are bringing in "private > cable" companies (most of which, aside from RCN in the Northeast and > some RBOC/LEC-owned systems, provide far fewer channels and services > than traditional local cable companies or mini-dish services) on > exclusive contracts which provide "kickbacks" to the property owner, > [snip] > Private payphone owners and location owners, by the same token, have > financial incentives to deny alternatives (including competitive > payphones, or access to other long distance carriers and to 800/888 > numbers). Some locations where payphones are installed have even > tried to ban use of wireless phones, simply to increase the payphone > revenue. Compensating payphone owners for 800/888/10(1x)xxx calls > seems to address part of the problem on the surface, but the fact > remains that the public will probably see very little benefit (more > payphones, lower local call prices, etc.), and much of the payphone > industry will remain as sleazy as ever. > Simply put: The FCC and Congress need to get a clue. Competition for > property rights, instead of customers, enriches property owners at the > expense of the general public. It's already been seen in private > cable, and now payphones are headed down the same road. Very fascinating, and very true. Also, it's spreading beyond telecommunications. I know this is a little off-topic, but the payphone operators pioneered it and now it's spreading to other fields. The latest is ATM machines. Those new "foreign ATM" fees that we all hate are also going the way of private cable and payphone commissions. A recent Wall Street Journal article revealed that property owners hosting ATMs, especially in Malls, Convention Centers, etc., are demanding and getting 20-50% of the ATM fees as commission for allowing the ATMs to be sited on their property. Look for "foreign ATM" fees to quickly rise over the next few years as banks bid higher commissions to malls and other property owners. The basic principle at work here is that the payphone operators, private cable companies, and now ATM owners, have realized that their real customers are not the people who pay for their services, it's the people who own the property. That's who they want and need to please, not the users who pay for the services. Mike, I'm glad I have a cell phone and bank at a credit union :) ------------------------------ From: Telecom@LincMad.NOSPAM (Linc Madison) Subject: Re: New York City's New AC Also an Exchange in Neighboring 201 Date: Sun, 30 Nov 1997 23:42:03 -0800 Organization: LincMad Consulting; change NOSPAM to COM In article , wa2ise@netcom.com (Robert Casey) wrote: > Turns out new nanp 646 for New York City is an exchange in immediately > adjacent 201's 646 exchange in Hackensack NJ. I thought the phone > system wants to avoid using an area code number that is the same as an > exchange in the new area code or in immediately adjacent area codes. > Of course, maybe no number exists like that in the New York City area. > My brother works for the county government of Bergen County, and > almost all their office lines are in exchange 646. He wonders how > many wrong numbers they're gonna get from people forgetting the > leading "1" when dialing New York's new 646 area code. Also means we > can't have 1 + 7D dialing for same area code toll calls. You haven't had 1 + 7D for same area code toll calls anywhere in North America since January 1, 1995. It's absolutely prohibited. How many of these exchanges exist in 201? 228 240 242 246 248 250 253 254 264 268 281 284 320 330 334 336 340 345 352 360 423 425 435 440 441 443 473 520 530 540 541 561 562 573 580 626 630 649 650 660 664 670 671 724 732 734 740 757 758 760 765 767 770 773 781 785 787 830 847 850 860 864 867 868 869 870 876 920 931 937 940 941 954 956 970 972 973 978 The existence of ANY ONE of those exchanges makes 1 + 7D impossible, and the list is growing almost every month. Also, you're very unlikely to have any one forgetting to dial the "1+" to area code 646, since it will be required on EVERY call into that area code. In any case, the only problem would be with callers in 201 dialing 646-nxx-xxxx, and they would quite likely realize as soon as the phone began to ring before they finished dialing that something was wrong. On the more general question of avoiding assigning an area code numeric that exists as an exchange code in an adjacent area, that's just not possible in New York City. The adjacent area codes are just too full. ** Do not send me unsolicited commercial e-mail spam of any kind ** Linc Madison * San Francisco, California * Telecom@LincMad-com URL:< http://www.lincmad.com > * North American Area Codes & Splits >> NOTE: if you autoreply, you must change "NOSPAM" to "com" << ------------------------------ Date: Mon, 1 Dec 1997 13:13:27 -0500 From: goudreau@dg-rtp.dg.com (Bob Goudreau) Subject: Re: New York City's New AC Also an Exchange in Neighboring 201 wa2ise@netcom.com (Robert Casey) wrote: > Turns out new nanp 646 for New York City is an exchange in immediately > adjacent 201's 646 exchange in Hackensack NJ. I thought the phone > system wants to avoid using an area code number that is the same as an > exchange in the new area code or in immediately adjacent area codes. But that only matters if *local* calls cross that NPA boundary and can be dialed without a leading "1" (i.e., as ten digits, or even as just seven digits). I don't think that NY City or northern New Jersey have any inter-NPA local calls dialable with ten or seven digits. And anyway, is Hackensack-NYC (or vice versa) even a local call? > Of course, maybe no number exists like that in the New York City area. > My brother works for the county government of Bergen County, and > almost all their office lines are in exchange 646. He wonders how > many wrong numbers they're gonna get from people forgetting the > leading "1" when dialing New York's new 646 area code. Also means we > can't have 1 + 7D dialing for same area code toll calls. Um, 'scuse me, but are you claiming that your area still allows 1+7D for intra-NPA toll calls? This dialing plan was supposed to have been eradicated from the NANP almost three years ago (when NNX-style NPAs were introduced), in favor of either 7D or 1+10D dialing. New Jersey apparently accepts both of those forms for any intra-NPA calls (long distance or local). Bob Goudreau Data General Corporation goudreau@dg-rtp.dg.com 62 Alexander Drive +1 919 248 6231 Research Triangle Park, NC 27709, USA ------------------------------ From: walker@cx60550-a.omhaw1.ne.home.com (Art Walker) Subject: Re: Digital TV Towers Date: 30 Nov 1997 20:35:17 GMT Organization: OneSource Technologies - Omaha, NE Reply-To: walker@phantom.onesourcetech.com > [TELECOM Digest Editor's Note: Of course if most television programming > was sent to a bit bucket somewhere, then we could free up a big chunk > of the cable, to say nothing of freeing up our minds for more construc- > tive purposes. :) PAT] Not so much to a 'bit bucket', but an alternate distribution medium. Which raises a serious question: What percentage of television viewers receive broadcasts via cable or direct-broadcast satellite compared to 'over-the-air'? If the majority of viewers get their feed via cable, will we see television networks deciding that, rather than spending money for new digital broadcast facilities, it would be cheaper to subsidize 'migrating' the remaining viewers over to cable or DBS? (Especially if it would allow the networks to bypass local affiliates and get a new revenue stream in the process.) Art Walker | Internet: Art.Walker@onesourcetech.com Network Analyst | Snail Mail: 5020 Leavenworth St. OneSource Technologies | Omaha, NE 68106 (402) 575-3400 F:(402) 575-2011 | ------------------------------ From: Chris Farrar Subject: Re: Digital TV Towers Date: Sun, 30 Nov 1997 16:02:03 -0500 Organization: Bell Solutions Reply-To: cfarrar@sympatico.ca Art Walker wrote: > Wouldn't it make a lot more sense to just require all television > programming to go direct to cable or direct-broadcast satellite? And are you going to legislate that cable companies are required to provide a FREE service with channels that the person could previously receive over the air? Or do you intend to provide DSS "pizza dishes" to every dwelling with a similar free service. Chris Farrar | cfarrar@sympatico.ca | Amateur Radio, a VE3CFX | fax +1-905-457-8236 | national resource PGPkey Fingerprint = 3B 64 28 7A 8C F8 4E 71 AE E8 85 31 35 B9 44 B2 ------------------------------ From: nospam.tonypo@nospam.ultranet.com (Tony Pelliccio) Subject: Re: Digital TV Towers Date: Sun, 30 Nov 1997 22:25:09 -0500 Organization: The Cesspool In article , walker@cx60550- a.omhaw1.ne.home.com spews forth... > Wouldn't it make a lot more sense to just require all television > programming to go direct to cable or direct-broadcast satellite? As a radio amateur, it sure would be nice to open up some more spectrum and protect that which we already have. But there's one major problem with your proposal. Everyone would have to subscribe via a cable system or satellite operator. At that point I'd demand commercial free if I have to pay for what should have gone over the airwaves. > Then we could free up a big chunk of spectrum for far more constructive > purposes. I'm curious about what constructive purposes you have in mind. Right now I think there's far too much junk out there. > [TELECOM Digest Editor's Note: Of course if most television programming > was sent to a bit bucket somewhere, then we could free up a big chunk > of the cable, to say nothing of freeing up our minds for more construc- > tive purposes. :) PAT] That's an understatement if I've ever seen one. Tony ------------------------------ From: raphael@willy.cs.mcgill.ca (Louis Raphael) Subject: Re: Intranet Security Date: 1 Dec 1997 15:14:38 GMT Organization: McGill University Computing Centre Felix Leung (felixleung@technologist.com) wrote: > However, I am confused on the first one; what is standard port and > what is it for? If selecting non-standard ports has the security > functions, why not everybody using different port number instead of > using standard port 80? By convention, certain ports are used for certain purposes ... for example, sendmail usually listens on port 25, telnet to login is port 23, time server is port 13 (try "telnet willy.cs.mcgill.ca" 13 to get local Montreal time, for example), and so on. So, most hackers will try the default ports. By using a non-standard port, you're unlikely to have a hacker find it. Of course, that will mean having to reconfigure all your local software from the defaults, but it does provide a degree of security through obscurity. Louis ------------------------------ From: Eric Ewanco Subject: Re: Intranet Security Date: Mon, 01 Dec 1997 13:55:49 -0500 Organization: 3Com Felix Leung wrote: > I read a book and it mentions some technique that for keeping out some > people to accessing the Intranet, the techniques are included: > 1)Using non-standard ports. The standard port is 80. Using a different > port will make it harder to find. > 2) Using hard to guess names. Most companies use WWW for the Web server > machine name. Using something different can make it harder to find. > 3) Hiding your server's name. This can be done by not listing it in the > DNS tables for your site, and not using it to browse the Web, send > e-mail, or post to Usenet. > However, I am confused on the first one; what is standard port and > what is it for? If selecting non-standard ports has the security > functions, why not everybody using different port number instead of > using standard port 80? The purpose of using the well-known (or standard) port number 80 is so that when you want people to find a service, they can easily find it. Without a well-known port number, the port number would have to be included in the web address, which would make it harder to remember. The reason why everyone doesn't use a different port number is because first of all, not everyone wants to hide their servers (most want the general public to easily find their servers), and those that do want to protect their servers, use a much more reliable means called "firewalls". The techniques you listed rely on the concept of security through obscurity; i.e., the less obvious you make something, the harder it will be for people to access it without being told. This is not an effective means of security. It's a bit like protecting your valuables by burying them in a hidden location instead of locking them up. These techniques will work if you are lazy, or don't have a budget, and don't have something really valuable to protect. One problem with these techniques is that all of them can be breached by a sufficiently clever or industrious hacker; another is that once you tell someone the secret of accessing it, you cannot revoke their access, nor can you prevent them from betraying that information to a third party. The best way to protect your intranet is to invest in a firewall. In fact most routers have firewall features built in. A firewall protects your network by allowing internal users to connect outside, but prohibits outside machines from connecting inside. It does this by overseeing every incoming connection, like an eletronic security guard. Or think of a building with with a latching, one-way exit door (i.e. without handles on the outside): occupants can exit through the door, but no one on the outside can successfully enter, because there is no means from the outside of opening the door (ignore the possibility that someone can slip in as someone exits). > For the second one, does the author suggest that I should use > www.very_private_name.com insteal of using www.microsoft.com? No, he's suggesting you use a machine name like obfuscated-name. microsoft.com instead of www.microsoft.com. Again, security through obscurity. > For the third one, where is the place for keeping the DNS tables? And > will someone know the existence of Intranet when browsing the Web, etc? The "DNS tables" refer to your name server. In order to connect your network to the Internet you must have your domain name served by a name server, either one you run or one you pay your ISP to run on your behalf. If you have a UNIX system, or some other way of doing a WHOIS lookup, if you type whois 'dom domain-name.com' where domain-name.com is the domain of interest, it will tell you what machines serve as its domain servers (name servers). As to your second question, "intranet" is an abstraction. It basically refers to the IP network on the customer's side of their Internet connection. You may assume that any customer connected directly to the Internet with more than one machine has an intranet. Whether there's anything interesting (i.e. worth hacking) on it is another question. In any case, it's fairly trivial to determine if a site is a good candidate for having an intranet. All you have to do is poke around the public Internet records and see which machines are listed as mail and DNS servers. Or you can start doing translations on adjacent IP addresses and see if there are other machines in the same domain. ------------------------------ From: chip76@ix.netcom.com (Jeff Vinocur) Subject: Re: Intranet Security Date: Mon, 01 Dec 1997 22:24:43 GMT Organization: WWWHHS Reply-To: chip76@ix.netcom.com (Jeff Vinocur) On Sat, 29 Nov 1997 00:11:47 -0600, Felix Leung wrote: > I read a book and it mentions some technique that for keeping out some > people to accessing the Intranet, the techniques are included: > 1)Using non-standard ports. The standard port is 80. Using a different > port will make it harder to find. > 2) Using hard to guess names. Most companies use WWW for the Web server > machine name. Using something different can make it harder to find. > 3) Hiding your server's name. This can be done by not listing it in the > DNS tables for your site, and not using it to browse the Web, send > e-mail, or post to Usenet. Note that this seems to be in regards to keeping a publicly accessible _web_ server from being used much. These are all things that need to be done by the network administrator. No one else can do them. > However, I am confused on the first one; what is standard port and > what is it for? If you type www.microsoft.com into your web browser, it gives back to you whatever is on port 80 (the standard) port, on the maching named www, at microsoft. If you type www.microsoft.com:79, it will give you whatever's on port 79, which is most likely a finger daemon that will confuse your web browser (so don't try it). Since there are tens of thousands of ports, picking one other than 80 for a web server makes it secure. > If selecting non-standard ports has the security > functions, why not everybody using different port number instead of > using standard port 80? Because if you want people to find a server, putting the extra port number on the end (because it is not the standard) is confusing. It's like a password -- if you don't change it, everyone knows it is 80, but if you do, they have to go through all of them one at a time to find it (of course, a computer can do this very quickly, so it's not a very good method of security). > For the second one, does the author suggest that I should use > www.very_private_name.com insteal of using www.microsoft.com? No, he means that if Microsoft had a web site that they only wanted their employees to see and no one else, they could name it 84729475271.microsoft.com instead of www.microsoft.com. Then no one would be able to reach it because they wouldn't know the name of the machine (unless someone told them, or they saw it somewhere else, which leads to #3) ... > For the third one, where is the place for keeping the DNS tables? And > will someone know the existence of Intranet when browsing the Web, etc? It's no good making a hard-to-guess name and location if you go around broadcasting it to people by using it for other stuff. Part 3 just explains this in more detail. The trouble with all of these things is that they just make your system obscure, or hard to find. They actually make it impossible for an outside person to access your web server, just unlikely and difficult. For things like DNS you need to contact your system administrator. Try sending email to root@whatever.com, admin@whatever.com, or sysop@whatever.com. Jeff Vinocur chip76@ix.netcom.com http://www.geocities.com/SiliconValley/3768/ ------------------------------ From: mike.federchuk@merisel.com (Mike Federchuk) Subject: Re: Competition Heats Up in Canada For PCS Date: Tue, 02 Dec 1997 12:56:16 GMT Organization: Merisel Canada Inc. In article , "[non-spam]jfmezei"@ videotron.ca wrote: > What I find interesting is that ATT/CANTEL stuck to its old > costly contracts at first, but has now had to backtrack to slowly > match FIDO's rates. Can we assume that ATT/CANTEL lost a lot of > market share because of this and have now been forced to take FIDO > seriously? I have no direct evidence, but offer the following > speculation. FIDO/Microcell is offering support for the Nokia 9000i > GSM phone. AT&T Canada cannot. For those of you that haven't seen one, the 9000i is part phone, part personal digital assistant, part web-browser. It was previewed in the movie, "The Saint". The Nokia 9000i would let me replace my cell phone, pager and PC notebook with one, compact device. I suspect that quite a few IS managers, field support managers and disaster recovery co-ordinators are evaluating this new phone. There are some very good reasons to switch. Seemsless remote access to Inter/intra-nets is just one. Besides, the 9000i is just _WAY_ too cool! :) My AT&T rep says that their network will not support Canada-wide GSM until December of 1998. A year is too long to wait. We are considering chaning out 20-30 analog phones for the new 9000i. AT&T will have to be _very_ price competitive to have us stay. Better products from Fido and better pricing may be what is driving AT&T to change their pricing structure. Just a thought, Mike ------------------------------ End of TELECOM Digest V17 #339 ******************************