Rss

    Archives for : broadcast

    Ham Radio Links

    Amateur Packet Radio Australian

    Aussiewide Packet Radio Network http://www.ampr.org.au/

    AAPRA  http://members.optusnet.com.au/aapra

    Queensland APRS Users Group http://www.tech-software.net/

    VK2KFJ’s Packet Radio Links page http://www.qsl.net/vk2kfj/pacradio.html

    VK4ZU http://www.users.on.net/~trevorb/

    VK5 AX25 Packet Network Map (VK5AH) http://homepages.picknowl.com.au/wavetel/vk5pack.htm

    Winlink

    Winpack

    International

    Amateur Packet Radio Gateways http://www.ampr-gates.net/frame_e.htm

    Amateur Packet Radio, net 44, and AMPR.ORG `http://www.ampr.org/

    American Febo Enterprises http://www.febo.com/index.html

    BayCom http://www.baycom.org/

    FUNET http://www.funet.fi/pub/ham/packet/

    FUNET ftp://ftp.funet.fi/pub/ham/packet/

    F4DAY http://perso.wanadoo.fr/jf.fourcadier/index_e.htm

    F6FBB http://www.f6fbb.org/

    GB7DIP TNOS/PBBS http://www.qsl.net/gb7dip/access.html

    G4JKQ TCP/IP Telnet listing http://www.qsl.net/g4jkq/tcp.htm

    G7JJF TNC Driver Support (WINTNC) http://www.g7jjf.demon.co.uk/

    High speed packet http://hydra.carleton.ca/articles/hispeed.html

    High Speed Packet radio http://www.lmrgroup.com/ke3ht/hspr.html

    High-speed Packet Radio http://cacofonix.nt.tuwien.ac.at/~oe1kib/Radio/

    KE5FX http://www.qsl.net/ke5fx/

    K4ABT (home page) http://www.packetradio.com/

    Linux® / Amateur Radio Information http://delbert.matlock.com/linux-radio.htm

    Linux AX25-HOWTO http://tldp.org/HOWTO/AX25-HOWTO/

    PA3CGO http://www.qsl.net/pa3gco/

    Packet Info and Downloads http://www.packetradio.com/

    Packet Links http://www.stack.serpukhov.su/~victor/hamradio/packet/packet.html

    Packet Net (VK5 packet map) http://www.packetnet.org/

    Packet Net (FBB software) http://www.packetnet.org/fbb.htm

    PAcket Digital Amateur Network (PADAN) http://www.weaksignals.com/

    Radio-TNC Wiring Diagrams http://users3.ev1.net/~medcalf/ztx/wire/

    RST http://www.qsl.net/on1blu/

    Slovenian ATV/Packet http://lea.hamradio.si/~s51kq/

    Sound Card Packet http://www.qsl.net/soundcardpacket/index.html

    TAPR http://www.tapr.org/

    TNC-X http://www.tnc-x.com/

    TPK http://www.f6fbb.org/f1ebn/index.htm

    TNOS Central http://www.lantz.com/tnos/

    TVIPUG http://www.tvipug.org

    WA4DSY 56k RF Modem http://www.wa4dsy.net/

    Yet Another 9k6 Modem http://www.microlet.com/yam/

     

    Sound Card Packet

    ILINKBOARDS.com http://www.ilinkboards.com/

    Sound Card Buddy http://www.sparetimegizmos.com/Hardware/SoundBuddy.htm

    Soundcard Interfacing http://www.qsl.net/wm2u/interface.html

    Sound Card Packet AGWPE (KC2RLM) http://www.patmedia.net/ralphmilnes/soundcardpacket/

    Sound Card Interface with Tone Keyer (WA8LMF) http://members.aol.com/wa8lmf/ham/tonekeyer.htm

    QDG sound card interface

    Return to Top


    Winlink

    Winlink! 2000 http://winlink.org/

    Aussie Winlink http://www.aussiewinlink.org

    Pactor Communications Australia http://www.pca.cc/


    Winpack

    Winpack home page http://www.peaksys.co.uk/

    Winpack info http://www2.tpg.com.au/users/peteglo/winpack.htm

     

    TNC information

    General

    Setting Your TNC’s Audio Drive Level http://www.febo.com/packet/layer-one/transmit.html

    TNC and Radio mods http://www.johnmather.free-online.co.uk/tnc.htm

    MFJ

    MFJ-1278B Care and maintenance http://www.qsl.net/ke4mob/

    AEA

    AEA radio and TNC mods http://www.k7on.com/mods/aea/mods/aeamod.txt

    Other suppliers

    BYONICS http://byonics.com/

    Fox Delta http://www.foxdelta.com/

    Kantronics http://www.kantronics.com/

    PacComm http://www.paccomm.com/

    The DXZone Digital and Packet Radio http://www.dxzone.com/catalog/Manufacturers/Digital_and_Packet_Radio/

    Tigertronics http://www.tigertronics.com/

    Timewave http://www.timewave.com/amprods.html

    TNC-X – The Expandable TNC  http://www.tnc-x.com/


    Gateways

    Amateur Packet Radio Gateways http://www.ampr-gates.net

    G4JKQ http://www.g4jkq.co.uk/

    The Gateways Home Page http://www.ampr-gateways.org/

     

    High-Speed Digital Networks and Multimedia (Amateur)

    North Texas High Speed MultiMedia group http://groups.yahoo.com/group/ntms-hsmm/

    Also take a look at the wireless LAN pages


    APRS

    Aus APRS http://www.radio-active.net.au/vk2_aprs.html

    APRS http://www.radio-active.net.au/web/gpsaprs/aprsrept.html

    APRS http://aprs.rutgers.edu/

    APRS http://www.cave.org/aprs/

    APRS in Adelaide http://vk5.aprs.net.au/

    AVR-Microcontroller http://www.qsl.net/dk5jg/aprs_karten/index.html

    APRS in the UK http://www.aprsuk.net/

    aprsworld http://www.aprsworld.net

    APRS.DE http://www.aprs.de/

    APRS-Berlin http://www.aprs-berlin.de/

    APRS-Frankfurt http://www.aprs-frankfurt.de/

    BYONICS (Electronics Projects for Amateur Radio) http://www.byonics.com/

    CanAPRS http://www.canaprs.net/

    Dansk APRS Gruppe http://www.aprs.dk/

    findU.com http://www.findu.com/

    France APRS http://www.franceaprs.net/

    Kansas City APRS Working Group http://www.kcaprs.org/

    KD4RDB http://wes.johnston.net/aprs/

    Live Australian APRS data maps http://www.aprs.net.au/japrs_live.html

    NIAN http://nian.aprs.org/

    Queensland APRS Users Group http://www.tech-software.net/

    Tri-State APRS Working Group http://www.tawg.org/


    Other Digital Modes

    General

    HF-FAX http://www.hffax.de/index.html

    ZL1BPU http://www.qsl.net/zl1bpu/

    Morse Code

    CW Operators’ QRP Club Inc. http://www.users.on.net/~zietz/qrp/club.htm

    Fists Down Under http://fistsdownunder.morsekeys.com

    LEARN MORSE CODE in one minute ! http://www.learnmorsecode.com/

    MRX morse code http://www.mrx.com.au/

    Not Morse Code, Slow Scan , Packet or APRS

    HamDream by HB9TLK (digital radio) http://www.qslnet.de/member/hb9tlk/

    JE3HHT, Makoto (Mako) Mori http://www.qsl.net/mmhamsoft/

    PSK31 and other PC Magic http://www.psk31.com/

    WSJT ACTIVITY IN AU (follow link) http://www.tased.edu.au/tasonline/vk7wia/


    Amateur Digital Radio

    AR Digital Voice Communications http://www.hamradio-dv.org/

    Australian National D-Star http://www.dstar.org.au/

    Ham Radio digital info http://www.hamradio.com/pdf/dstar.pdf

    ICOM America digital http://www.icomamerica.com/amateur/dstar/

    Temple University Digital Voice Project http://www.temple.edu/k3tu/digital_voice.htm

    Temple University Vocoder Redux http://www.temple.edu/k3tu/VocoderRedux.pdf

    WinDRM – HF Digital Radio Mondiale http://n1su.com/windrm/

     

    D-Star

    Australian D-Star information http://www.dstar.org.au/

    D-Star wikipedia http://en.wikipedia.org/wiki/D-STAR

    ICOM America D-Star Forums http://www.icomamerica.com/en/support/forums/tt.asp?forumid=2

     

    Software Defined Radio

    FlexRadio Systems Software Defined Radios http://www.flex-radio.com/

    Rocky software for SoftRock-40 hardware http://www.dxatlas.com/rocky/

    SDRadio – a Software Defined Radio http://digilander.libero.it/i2phd/sdradio/

    SoftRock-40 Software Defined Radio http://www.amqrp.org/kits/softrock40/index.html

    The Weaksignals pages og Alberto I2PHD (software)  http://www.weaksignals.com/


    Digital Radio

    BBC digital Radio http://www.bbc.co.uk/digitalradio/

    Digital Audio Broadcasting http://www.digitalradio.ca/

    Digital Radio Broadcasting http://happy.emu.id.au/lab/info/digradio/index.html

    Digital Radio http://www.magi.com/~moted/dr/

    DRDB http://www.drdb.org/

    DRM – Digitaler Rundfunk unter 30 MHz http://www.b-kainka.de/drm.htm#dritte

     

    Amateur Radio Direction Finding

    Amateur Radio Direction Finding and Orienteering http://vkradio.com/ardf.html

    Amateur Radio Direction Finding Webring http://www.qsl.net/vk3zpf/webring1.htm

    Homing In http://members.aol.com/homingin/

    RON GRAHAM ELECTRONICS (ARDF and more) http://users.mackay.net.au/~ron/

    Victorian ARDF Group Inc. http://www.ardf.org.au/


    Repeater Linking

    There are currently There are 5 internet linking projects that I know of :-

    IRLP,  iPHONE, iLINK, eCHOLINK and WIN SYSTEM (May 2005)

    EchoLink http://www.echolink.org/

    Hamlink (K1RFD) http://www.hamlink.net/

    KWARC (live audio) http://www.kwarc.org/listen/

    Internet Linking http://www.qsl.net/g3zhi/index2.html

    IRLP http://www.irlp.net/

    IRLP status http://status.irlp.net

    WIN SYSTEM http://www.winsystem.org/

    iLINK

    G4CDY-L Internet Gateway http://www.g4cdy.co.uk/

    iLink http://www.aacnet.net./

    VA3TO iLINK INTERFACE http://www.ilinkca.com/

    VK2JTP iLINK gateway http://www.qsl.net/vk2jtp/

    WB2REM & G4CDY’S  iLINK boards http://www.ilinkboards.com/

    WB4FAY http://www.wb4fay.com/ilink_FAQ.html

    INTERFACES

    ILINKBOARDS.com http://www.ilinkboards.com/


    laser diodes

    A R Laser Communications http://www.qsl.net/wb9ajz/laser/laser.htm

    Australian Optical DX Group http://groups.yahoo.com/group/Optical_DX/

    Driver Enhancements http://www.misty.com/people/don/laserdps.htm#dpsdepm

    European Laser Communications http://www.emn.org.uk/laser.htm

    Ronja http://atrey.karlin.mff.cuni.cz/~clock/twibright/ronja/


    Amateur Radio Licence

    radiofun http://www.alphalink.com.au/~parkerp/gateway.htm

    Worldwide Information on Licensing for Radio Amateurs by OH2MCN http://www.qsl.net/oh2mcn/license.htm


    Amateur Radio Clubs and Organisations

    Also see ATV link page

    and VHF link page

    Australian

    Adelaide Hills Amateur Radio Society http://www.qsl.net/vk5bar/

    Amateur Radio Victoria http://www.amateurradio.com.au/

    Barossa Amateur Radio Club VK5BRC http://www.qsl.net/vk5brc/

    Brisbane Amateur Radio Club http://www.qsl.net/vk4ba/index.html

    Brisbane VHF Group

    Central Coast Amateur Radio Club http://www.ccarc.org.au/

    Central Goldfields A R Club http://www.cgfar.com/

    CHIFLEY A R CLUB http://chifley.radiocorner.net/

    Coffs Harbour & District Amateur Radio Club http://www.qsl.net/vk2ep/index.html

    CW Operators’ QRP Club Inc. http://www.users.on.net/~zietz/qrp/club.htm

    Eastern and Mountain District Radio Club http://www.emdrc.com.au

    Gold Coast AR Society http://www.gcars.com.au/

    Healesville Amateur Radio Group http://www.harg.org.au/

    Historical Wireless Society of South East Queensland http://www.hws.org.au/

    Ipswich Metro Radio Group http://imrg.ips-mesh.net/

    Lockyer Valley Radio and Electronic Club Inc http://www.qsl.net/vk4wil/

    Manly-Warringah Radio Society http://www.qsl.net/vk2mb/

    NWTARIG http://vk7ax.tassie.net.au/nwtarig/

    QRP Amateur Radio Club International http://www.qrparci.org/

    Queensland APRS Users Group http://www.tech-software.net/

    RADAR Club Inc http://radarclub.tripod.com

    Radio Amateurs Old Timers Club Australia Inc http://www.raotc.org.au/

    Radio Sport http://www.uq.net.au/radiosport/

    Radio and Electronics Association of Southern Tasmania http://reast.asn.au/

    Riverland Amateur Radio Club http://www.rrc.org.au/

    South Australian Packet User Group Inc. (SAPUG) http://www.sapug.ampr.org/

    SERG http://serg.mountgambier.org

    South Coast AMATEUR RADIO Club http://www.scarc.org.au/

    SOUTHSIDE AMATEUR RADIO SOCIETY http://www.qsl.net/vk4wss/

    Sunshine Coast Amateur Radio Club http://vk4wis.org/

    VK Young Amateur Radio Operator’s Net http://www.geocities.com/vk_ya/

    VK3APC http://www.mdrc.org.au/

    VK3BEZ (WIA Eastern Zone Amateur Radio Club) http://www.qsl.net/vk3bez/

    VK4WIL http://www.qsl.net/vk4wil/

    West Australia Repeater Group http://www.warg.org.au

    WESTLAKES AR Club http://www.westlakesarc.org.au/

    WIA VK4 Qld http://www.wiaq.com/

    WIA VK4 QNEWS NEWSROOM http://www.wiaq.com/qnews/upload/qnews.htm

    WIA http://www.wia.org.au/

    WICEN Australia http://www.wicen.org.au/

    WICEN Brisbane Qld

    New Zealand

    NZART http://www.nzart.org.nz/nzart/

    Papakura Radio Club http://www.qsl.net/zl1vk/

    Wanganui Amateur Radio Society Inc. http://www.zl2ja.org.nz/

    Wellington VHF Group http://www.vhf.org.nz/

    International

    American QRP Club http://www.amqrp.org/index.html

    ARRL http://www.arrl.org/

    Clear Lake Amateur Radio Club http://www.clarc.org/

    FRARS http://www.frars.org.uk/

    HKAR http://www.hkra.org/

    HRDXA http://www.qsl.net/vr2dxa/

    KIDSHAMRADIO http://www.kidshamradio.com/

    K2MFF Amateur Radio club http://www-ec.njit.edu/~k2mff/

    North TeXas Repeater Association http://www.ntxra.com/main_page.htm

    N0WGE http://www.sckans.edu/~sireland/radio/

    The Repeater Builders Technical Information Page http://www.repeater-builder.com/rbtip/index.html#main-index

    Richardson Wireless Klub http://www.k5rwk.org/

    RADARS http://www.mbc.co.uk/RADARS/

    RSGB http://www.rsgb.org/

    SARL http://www.sarl.org.za/

    Submarine Veterans Amateur Radio http://w0oog.50megs.com/

    Southgate AR club http://www.southgatearc.org/index.htm

    TEARA http://www.teara.org/

    The 500 KC Experimental Group for Amateur Radio http://www.500kc.com/

    Tucson Amateur Packet Radio http://www.tapr.org/

    W6DEK 435 Los Angeles http://www.w6dek.com/


    Amateur Radio

    Australian

    Australian AR Repeater Map http://vkham.com/australimaps.html

    AMATEUR RADIO WIKI http://www.amateur-radio-wiki.net

    HAM SHACK COMPUTERS http://www4.tpgi.com.au/users/vk6pg/

    Ham Radio in Australia with VK1DA http://members.ozemail.com.au/~andrewd/hamradio/

    HF Radio Antenna Tuners http://www.users.bigpond.net.au/eagle33/elect/ant_tuner.htm

    Queensland AR Repeater listings http://vkham.com/Repeater/vk4map.html

    Radioactive Networks: Ham http://www.radio-active.net.au/web/ham/

    Tony Hunt VK5AH (Home of Adelaides 10m Repeater) http://homepages.picknowl.com.au/wavetel/default.htm

    VK1DA’s Amateur Radio Web Directory vk1da.net/radlink.html

    VK1KEP http://www.pcug.org.au/~prellis/amateur/

    VK1OD owenduffy.net

    VK2BA (AM radio) http://www.macnaughtonart.com/default.htm

    VK3PA http://www.vk3pa.com/home.asp

    VK3UKF http://members.fortunecity.co.uk/vk3ukf/index.html

    VK3XPD http://www.users.bigpond.com/alandevlin/index.html

    VK3YE’s Gateway to AR http://www.alphalink.com.au/~parkerp/gateway.htm

    VK3ZQB http://members.datafast.net.au/vk3zqb/

    VK4CEJ http://www.hfradio.org/vk4cej/hamlinks.html

    VK4TEC http://www.tech-software.net/

    VK4TUB http://www.vk4tub.org/

    VK4ZGB http://members.optusnet.com.au/jamieb/index.html

    VK4ZU http://www.users.on.net/~trevorb/

    VK5BR http://users.tpg.com.au/users/ldbutler/

    VK5KK http://www.ozemail.com.au/~tecknolt/index.html

    VK8JJ http://www.qsl.net/vk8jj/

    New Zealand

    Micro Controller Projects for Radio Amateurs and Hobbyists http://www.qsl.net/zl1bpu/micro/index.htm

    Precision Frequency Transmission and Reception http://www.qsl.net/zl1bpu/micro/Precision/index.htm

    ZL3TMB http://www.hamradio.co.nz/

    International

    AC6V’s AR & DX Reference http://www.ac6v.com/

    Amateur radio with Knoppix http://www.afu-knoppix.de/

    Amateur Radio Soundblaster Software Collection http://www.muenster.de/~welp/sb.htm

    AM fone.net http://www.amfone.net

    AMRAD Low Frequency Web Page http://www.amrad.org/projects/lf/index.html

    DL4YHF http://www.qsl.net/dl4yhf/

    Direction finding http://members.aol.com/homingin/

    DSP Links http://users.iafrica.com/k/ku/kurient/dsp/links.html

    Electric-web.org www.electric-web.org

    EI4HQ http://www.4c.ucc.ie/~cjgebruers/index.htm

    EI8IC http://www.qsl.net/ei8ic/

    EHAM http://www.eham.net/

    eQSL (electronic QSL) http://www.eqsl.cc/qslcard/

    HamInfoBar http://www.haminfobar.co.uk/

    Felix Meyer http://home.datacomm.ch/hb9abx/

    FUNET http://www.funet.fi/pub/ham/

    F4DAY http://perso.wanadoo.fr/jf.fourcadier/index_e.htm

    Gateway to Amateur Radio http://www.alphalink.net.au/~parkerp/gabra.htm

    Grid Square Locator http://www.arrl.org/locate/grid.html

    G3PTO http://www.qsl.net/g3pto/

    G4KLX (The [ON/]G4KLX Page) http://www.qslnet.de/member/g4klx/

    HAM RADIO EQUIPMENT & ACCESSORIES http://www.area-ham.org/library/equip/equip.htm

    Ham-Links http://www.k1dwu.net/ham-links/

    HAMUNIVERSE.COM http://www.hamuniverse.com/

    Hamview DSP software http://www.qsl.net/k3pgp/Hamview/hamview.htm

    Homebrew RF Test Equipment And Software http://www.qsl.net/n9zia/wireless/appendixF.html#10

    KB4VOL   link site http://pages.prodigy.com/kb4vol/

    KE5FX http://www.qsl.net/ke5fx/

    KF6VTA & KG4TBJ http://www.geocities.com/silensiosham/index.html

    KU4AY ham radio directory http://www.ku4ay.net/

    K1DWU http://www.k1dwu.net/

    K1TTT http://www.k1ttt.net/

    K1TTT Technical Reference http://www.k1ttt.net/technote/techref.html

    K3PGP http://www.k3pgp.org/

    K3TZ Ham Radio Experimentation http://www.qsl.net/k3tz/

    K6XC (links) http://home.earthlink.net/~rluttringer/

    Lighthouses (International Lighthouse/ Lightship Weekend) http://illw.net

    Links2go http://www.links2go.net/more/www.ampr.org/

    Mels AMATEUR RADIO LINK’S http://www.users.zetnet.co.uk/melspage/amlinks.htm

    Michael Todd Computers & Communications http://www.arcompanion.com/

    MoDTS http://www.m0dts.co.uk/

    NT8N http://www.qsl.net/nt8n

    NW7US   (Amateur and Shortwave Radio) http://hfradio.org/

    N3EYR’s Radio Links http://www.isrv.com/~joel/radio.html

    PD0RKC http://www.qsl.net/pd0rkc/

    PI6ATV (ATV, Antenna, software, info) http://members.tripod.lycos.nl/PI6ATV/software.htm

    Radio Links http://www.angelfire.com/ri/theboss1/

    Radio Corner (forum) http://www.radiocorner.net

    Ray Vaughan http://rayvaughan.com/

    Reference http://www.panix.com/~clay/ham/

    streaming radio programs http://live365.com/home/index.live

    The Elmer HAMlet (information) http://www.qth.com/antenna/index.htm

    VE1XYL and VE1ALQ http://www.qsl.net/ve1alq/downloads/tetrode-ps/pwrsup.htm

    WB6VUB (links) http://www.mpicomputers.com/ham/

    WL7LP http://www.geocities.com/TimesSquare/Castle/3782/wl7lp.html

    W2XO http://www.w2xo.pgh.pa.us/

    XE1BEF  (DX, mods, links and more) http://www.geocities.com/xe1bef/


    Communications Equipment

    Australian

    Andrews Communication Systems http://www.andrewscom.com.au/

    AUSTRALIAN ENTERPRISE INDUSTRIAL http://www.spin.net.au/~aeitower/

    BENELEC www.benelec.com.au

    Bushcomm www.bushcomm.com.au

    G. & C. COMMUNICATIONS www.gccomm.com.au

    Hamak (RM Products Italy) http://www.hamak.com.au/

    Hamshack http://www.hamshack.com.au

    KENWOOD Australia http://www.kenwood.com.au/

    Kyle Communications http://www.kyle.com.au/

    ICOM Australia http://www.icom.net.au

    Mini-kits http://www.minikits.com.au/

    OZGEAR http://www.ozgear.com.au/

    Radio-Data (links) http://www.radio-data.net/

    Radio Specialists (equipment connectors and antenna) http://www.radiospecialists.com.au

    STRICTLY HAM http://www.strictlyham.com.au/

    TET-EMTRON www.tet-emtron.com

    Townsville CB& Communications http://www.vk4tub.org/tcb/tcb.html

    TTS Systems http://www.ttssystems.com.au/

    VK4-ICE Communications http://www.vk4ice.com

    WiNRADiO (PC based receivers) http://www.winradio.com.au

    International

    MFJ http://www.mfjenterprises.com/index.php

    Vertex Standard http://www.vxstd.com/en/index.html

    W7FG VINTAGE MANUALS CATALOGUE http://www.w7fg.com/index.html

    Z Communications Company (repair of old radio equipment) http://home.comcast.net/~zcomco/

    See also Kits and components


    Radio mods, cables, connection info

    batlabs (Motorola radio connection, cable info) http://www.batlabs.com/

    Hall Electronics http://www.hallelectronics.com/getech/proglink.htm

    Radio Mods http://www.mods.dk/

    WWW.ham.dmz.ro (mods info and more) http://www.ham.dmz.ro/

    W4RP IC-2720H Page http://www.w4rp.com/ic2720/

    XE1BEF  (DX, mods, links and more) http://www.geocities.com/xe1bef/

    Please also look at manufacture’s sites


    Lightning Protection

    www.DaStrike.com (video and links) http://www.dastrike.com/

    K9WK Amateur Radio http://www.k9wk.com/litenin.html

    Lightning Protection Institute http://www.lightning.org/

    Marine Grounding Systems http://www.sailmail.com/grounds.htm

    Moonraker boat lightning information http://www.moonraker.com.au/techni/lightning-marine.htm

    NLSI http://www.lightningsafety.com/nlsi_lhm/effect.html

    PolyPhaser http://www.polyphaser.com/

    RFI Lightning protection http://www.rfindustries.com.au/rfiproducts/lightning/lightning.htm

     

    Amateur Spread Spectrum

    Spread Spectrum Scene http://www.sss-mag.com/map.html

    Spread spectrum http://www.amrad.org/projects/ss/

    SS Info http://www.ictp.trieste.it/~radionet/1997_workshop/wireless/notes/index.htm


    Call-sign finders

    The DX Notebook http://www.dxer.org/callbook.html

    QRZ http://www.qrz.com/

    QSL.NET http://www.qsl.net/


    Equipment suppliers and manufacturers

    Easy-radio (your DNS server may have problems finding this site) http://www.easy-radio.co.uk/


    Kits and Components

    Australian and selected international suppliers

    ACRES ELECTRONICS http://www.acreselectronics.co.nz/product.htm

    Allthings http://www.allthings.com.au/

    Altronics http://www.altronics.com.au/

    Antique Electronic Supply http://www.tubesandmore.com/

    Antenna Systems and Supplies Inc. (sm) http://www.antennasystems.com/

    Av-COMM http://www.avcomm.com.au/

    BYONICS http://www.byonics.com/

    Clarke & Severn Electronics http://www.clarke.com.au

    Cliff Electronics (Aus) Pty. Ltd http://www.cliff.com.au/

    Computronics http://www.computronics.com.au/tools/

    David Hall Electronics http://www.dhe.com.au

    Dick Smith Electronics http://www.dse.com.au/cgi-bin/dse.storefront

    Digi-Key http://www.digikey.com/

    Dominion Electronics http://www.dominion.net.au/

    Electronics http://www.michelletroutman.com/index.htm

    Elliott Sound Products http://sound.westhost.com/index2.html

    Farnell http://www.farnell.com/

    Fox Delta http://www.foxdelta.com/

    G1MFG.com (ATV and more) http://www.g1mfg.com/index.html

    Hammond Mfg http://www.hammondmfg.com/

    Hy-Q International http://www.hy-q.com.au

    IRH Components http://www.irh.com.au/index.htm

    Jaycar http://www.jaycar.com.au/

    Microwave Dynamics http://www.microwave-dynamics.com/

    MicroZed Computers http://www.microzed.com.au/

    Mini-Circuits http://www.minicircuits.com/

    Mini-kits http://www.minikits.com.au/

    Mouser Electronics http://www.mouser.com/

    NEWTEK ELECTRONICS http://www.newtek.com.au/

    Oatley electronics http://www.oatleyelectronics.com/

    Ocean State Electronics http://www.oselectronics.com/

    Ozitronics http://www.ozitronics.com/

    pacific DATACOM http://www.pacificdatacom.com.au

    Picaxe http://www.Picaxe.com.au

    Prime Electronics http://www.prime-electronics.com.au/

    Radio Parts http://www.radioparts.com.au/

    R.C.S. Radio (circuit boards) http://www.rcsradio.com.au/

    RF Modules Australia (ZigBee) http:\www.rfmodules.com.au

    RFShop (Brisbane) http://www.rfshop.com.au/

    Rockby Electronics and Computers http://www.rockby.com.au/

    RS Components http://www.rsaustralia.com/

    Semtronics http://www.semtronics.com.au/

    Sicom http://www.sircom.co.nz

    Silvertone Electronics http://www.silvertone.com.au/

    South Island Component Centre (New Zealand) http://www.sicom.co.nz/

    Surplus Sales of Nebraska http://www.surplussales.com/

    Surplustronics (New Zealand) http://www.surplustronics.co.nz/

    Tandy (Australia) http://www.tandy.com.au/

    Teckics http://www.techniks.com/

    TTS Systems http://www.ttssystems.com.au/

    WB9ANQ’s Surplus Store http://www.qsl.net/wb9anq/

    Wiltronics http://www.wiltronics.com.au/

    Worldwide Electronic Components http:/www.iinet.net.au/~worcom

    13cm.co.uk http://www.13cm.co.uk/

    Also look at the ATV links



    PCB layout and schematic programs baas electronics LAYo1 PCB http://www.baas.nl/layo1pcb/uk/index.html

    Easytrax http://www.cia.com.au/rcsradio/

    Electronics WORKBENCH http://www.ewbeurope.com/Franklin Industries http://www.franklin-industries.com/Eagle/starteagle.html McCAD http://www.mccad.com/ OrCAD http://www.orcad.com/downloads.aspx TARGET 3001! http://www.ibfriedrich.com/english/engl_vordownload.htm Tech5 http://www.tech5.nl/eda/pcblayout TinyCAD http://tinycad.sourceforge.net/ VEGO ABACOM http://www.vego.nl/abacom/download/download.htm


    Amateur Satellites and space

    AMSAT http://www.amsat.org/

    AMSAT-DL http://www.amsat-dl.org/

    AMSAT-ZL (kiwisat) http://www.amsat-zl.org.nz/

    CSXT Civilian Space eXploration Team http://www.civilianspace.com/

    electric-web.org http://www.electric-web.org

    esa http://www.esa.int/esaCP

    Heavens-above http://www.heavens-above.com/

    ISS fan club http://www.issfanclub.com

    SATSCAPE   (free satellite tracking program) http://www.satscape.co.uk/

    Satellite tracking software http://perso.club-internet.fr/f1orl/index.html

    Satsignal http://www.satsignal.net/

    Space.com http://www.space.com/

    UHF-Satcom.com http://www.uhf-satcom.com

     

    Propagation

    NOAA http://www.sec.noaa.gov/

    IPS Radio and Space Services http://www.ips.gov.au/

    ITS http://www.its.bldrdoc.gov/

    Near-Real-Time MUF Map http://www.spacew.com/www/realtime.php

    Radio Mobile (path prediction) http://www.cplus.org/rmw/english1.html

    VK4ZU (Propagation) http://www.users.on.net/~trevorb/

     

    Satellite TV

    AV-COMM http://www.avcomm.com.au/

    KANSAT http://www.kansat.com.au/

    KRISTAL electronics http://www.kristal.com.au/index.html

    Lyngsat http://lyngsat.com/

    Nationwide Antenna Systems http://www.uq.net.au/~zznation/index.html

    Satcure http://www.satcure.com/

    SAT TV http://www.sattv.com.au/


     

    Radio and Scanning

    Australian

    Brisbane Radio Scanner http://www.angelfire.com/id/samjohnson/

    Extreme Worldwide Scanner Radio http://members.optushome.com.au/extremescan/scanning.html

    Newcastle Area Radio Frequency Guide http://scanhunter.tripod.com/index.html

    RADIO FREQUENCIES AND INFORMATION http://www.qsl.net/vk1zmc/information.html

    New Zealand

    Kiwi Radio http://kiwiradio.blakjak.net/

    NZscanners http://www.nzscanners.org.nz/

    Wellington Scanner Frequencies http://wsf2003.tripod.com/

    ZLScanner http://homepages.paradise.net.nz/lovegrov/

    ZL3TMB (Christchurch NZ) http://www.hamradio.co.nz/

    International

    Frequency guide http://www.panix.com/~clay/scanning/

    Incident Broadcast Network (including Australian feeds) http://www.incidentbroadcast.com

    Radio H.F.  (some ham stuff) http://www3.sympatico.ca/radiohf/

    RadioReference.com http://www.radioreference.com/index.php


    Amateur Radio DX and Contest

    DX Cluster

    AA1V’s DX Info-Page http://www.goldtel.net/aa1v/

    AC6V’s AR & DX Reference http://www.ac6v.com/

    Australian contesting http://www.vkham.com/index.html

    Buckmaster callsign database http://www.buck.com/cgi-bin/do_hamcall

    DX Greyline http://www.fourmilab.ch/cgi-bin/uncgi/Earth/action?opt=-p

    DX Summit http://oh2aq.kolumbus.com/dxs/

    DX 425 News http://www.425dxn.org/

    EHAM http://www.eham.net/

    EI8IC Global Overlay Mapper http://www.mapability.com/ei8ic/

    eQSL (electronic QSL) http://www.eqsl.cc/qslcard/

    German DX Foundation-GDXF http://www.gdxf.de/

    GlobalTuners (provides access to remotely controlled radio receivers all over the world) http://www.globaltuners.com/

    Ham Atlas by SP6NVK http://www.hamatlas.eu/

    Kiwi DX List http://groups.yahoo.com/group/kiwidxlist/

    Oceania Amateur Radio DX Group Incorporated http://odxg.org/

    Oceania DX Contest http://www.oceaniadxcontest.com/

    QRZ.COM http://www.qrz.com/site.html

    The AM Window http://www.amwindow.org/index.htm

    The Daily DX http://www.dailydx.com

    IARU QSL Bureaus http://www.iaru.org/iaruqsl.html

    International DX Association http://www.indexa.org/

    Internet Ham Atlas http://www.hamatlas.eu/

    IOTA http://www.425dxn.org/iota/

    IOTA groups and Reference http://www.logiciel.co.uk/iota/shtlist.html

    IOTA RSGB http://rsgbiota.org

    IOTA 425 http://www.425dxn.org/iota

    Island Radio Expedition Fondation http://www.islandradio.org/

    LA9HW HF Contest page http://home.online.no/~janalme/hammain.html

    NG3K Contest/DX Page http://www.cpcug.org/user/wfeidt/

    Northern California DX Foundation http://www.ncdxf.org

    Simple phrases in European Languages http://web.onetel.com/~stephenseabrook/

    SUMMITS on the AIR http://www.sota.org.uk/

    Telnet Access to DX Packet Clusters http://cpcug.org/user/wfeidt/Misc/cluster.html

    The DX Notebook http://www.dxer.org/

    VE6OA’s DX Links http://www.compusmart.ab.ca/agirard/dxlinks.htmVK Contest Club http://www.vkcc.com

    World of DK4KQ http://www.dl4kq.de/

    XE1BEF  DX and links http://www.geocities.com/xe1bef/

    Logging Software

    VK Contest Log (VKCL) http://web.aanet.com.au/mnds/

    VK/ZL Logger http://www.vklogger.com

    WinRD+ logging program http://www.rjmb.net/rd/index.htm


    Cluster

    AR-Technology AB5K.net http://www.ab5k.net/Home.aspx

    Clusse http://he.fi/clusse/

    CLX Home page http://clx.muc.de/

    DX CLUSTER programs http://pages.cthome.net/n1mm/html/English/DXClusters.htm

    DXCluster http://www.dxcluster.org/

    DXCluster.Info http://www.dxcluster.info/

    DxNet http://www.dxnet.free.fr/

    DX PacketCluster Sites on the Internet http://www.n4gn.com/cluster.html

    DXSpider – DX cluster system is written in perl http://linux.maruhn.com/sec/dxspider.html

    Packet Cluster user manual http://www.yccc.org/Resources/ysa/manual/

    The DXSpider User Manual http://www.dxcluster.org/main/usermanual_en.html

    VE7CC-1 Dx Spider Cluster http://www.ve7cc.net/

     

    Short Wave DX

    AUSTRALIAN RADIO DX CLUB http://www.ardxc.info/

    Electronic DX Press (HF, MW and VHF) http://members.tripod.com/~bpadula/edxp.html

    Contesting.com http://www.contesting.com/

    CQ World Wide DX Contest http://www.cqww.com/

    K6XX http://www.k6xx.com/

    Longwave Club of America (also Ham) http://www.lwca.org

    NIST time stations http://www.boulder.nist.gov/timefreq/stations/wwvb.htm

    OK1RR DX & Contesting Page http://www.qsl.net/ok1rr/

    Prime Time Shortwave http://www.primetimeshortwave.com/

    Radio Interval Signals http://www.intervalsignals.org/

    shortWWWave http://swww.dwerryhouse.com.au/

    SM3CER Contest Service http://www.sk3bg.se/contest/index.htm

    The British DX Club http://www.bdxc.org.uk/

    Yankee Clipper Contest Club http://www.yccc.org/

     

    Radio Scouting

    Scouts Australia JOTA/JOTI http://www.international.scouts.com.au/main.asp?iMenuID=9071085

    The history of the Jamboree On The Air http://home.tiscali.nl/worldscout/Jota/jota history.htm

    World Organization of the Scout Movement http://www.scout.org/jota/


    Australian Regulator

    ACMA http://www.acma.gov.au/

    International Regulator

    ITU http://www.itu.int/home/index.html



    Electronic Information and technical reference

    AC6V’s Technical Reference http://www.ac6v.com/techref.htm

    Chip directory http://www.embeddedlinks.com/chipdir/abc/s.htm#simm

    Circuit Sage http://www.circuitsage.com/

    CommLinx Solutions Pty Ltd http://www.commlinx.com.au/default.htm

    Computer Power Supply Mods http://www.qsl.net/vk4ba/projects/index.html

    Discover Circuits http://www.discovercircuits.com/

    Electronic Information http://www.beyondlogic.org/

    Electronics Links and Resources http://yallara.cs.rmit.edu.au/~pleelave/electronics1.html

    Epanorama (lots of links) http://www.epanorama.net/

    Electronics Tutorials http://www.electronics-tutorials.com/

    Electronic Theory http://www.electronicstheory.com/

    Fox Delta http://www.foxdelta.com/

    GREG’S DOWNLOAD PAGE http://www.rfcascade.com/index.html

    Hobby Projects (electronic resource) http://www.hobbyprojects.com/tutorial.html

    Hittite http://www.hittite.com

    Information site http://www.epanorama.net/

    ISO Date / Time http://wwp.greenwichmeantime.com/info/iso.htm

    Latitude/Longitude Conversion utility – 3 formats http://www.directionsmag.com/latlong.php

    New Wave Instruments (check out SS Resources) http://www.newwaveinstruments.com/index.htm

    Paul Falstad (how electronic circuits work) http://www.falstad.com/circuit/

    PINOUTS.RU (Handbook of hardware pinouts) http://pinouts.ru/

    PUFF http://www.cco.caltech.edu/~mmic/puffindex/puffE/puffE.htm

    RadioReference http://www.radioreference.com/

    RF Cafe http://www.rfcafe.com/

    RF Globalnet http://www.rfglobalnet.com

    RHR Laboratories http://www.rhrlaboratories.com/#Software

    rfshop http://www.rfshop.com.au/page7.htm

    RS232 Connections, and wiring up serial devices http://www.airborn.com.au/rs232.html

    RF Power Table

    Science Lobby (electronic links) http://www.sciencelobby.com/

    Tech FAQ http://www.tech-faq.com/

    The12volt.com (technical information for mobile electronics installers) http://www.the12volt.com/

    Electronic service

    Repair of TV Sets http://www.repairfaq.org/sam/tvfaq.htm

    Sci.Electrinic.Repair FAQ http://www.repairfaq.org/sam/tvfaq.htm

    Service engineers Forum http://www.e-repair.co.uk/index.htm

     

    Cable Data

    Andrews http://www.andrew.com/default.aspx

    Belden http://www.belden.com/

    CO-AX CABLE DATA http://www.electric-web.org/coax.htm

    Coaxial cable data http://www.qsl.net/kc6uut/coax.html

    Coaxial Cable Page http://www.cdi2.com/build_it/coaxloss.htm

    HB9ABX http://home.datacomm.ch/hb9abx/coaxdat.htm

    HB9HD http://www.hb9hd.ch/PDF/coaxcable.pdf

    KC6UUT http://www.qsl.net/kc6uut/coax.html

    NESS Engineering http://www.nessengr.com/techdata/coaxdata.html

    RF Industries cables http://www.rfindustries.com.au/rfiproducts/cablesConnectors/coaxialCables.htm

    THERFC http://www.therfc.com/coax.htm

    Times Microwave http://www.timesmicrowave.com/

    VK3KHB http://www.gak.net.au/vk3khb/atv/coaxchrt.html

    W4ZT http://w4zt.com/coax.html

    X.net Antenna cable chart http://www.x.net.au/antenna_cable.html

    50 W Coaxial Cable Information http://www.dma.org/~millersg/coax50.html

    75 W Coaxial Cable Information http://www.dma.org/~millersg/coax75.html



    Antique Radio

    Antique Electronic Supply http://www.tubesandmore.com/

    Alan Lord http://www.dundeecoll.ac.uk/sections/cs/staff/al_radio/

    Antique Radio http://antiqueradios.com/

    Apex Jr http://www.apexjr.com/

    Archives of Boatanchors http://www.tempe.gov/archives/boatanchors.html

    Australian Vintage Radio MK II http://www.southcom.com.au/~pauledgr/

    Australian Wireless (OZ-Wireless) Email List http://www.clarion.org.au/wireless/

    AWA and Fisk Radiola http://203.44.53.131/Radiola/AWA1b.htm

    Crystal Radio http://www.crystalradio.net/

    Glowbugs http://www.mines.uidaho.edu/~glowbugs/

    Hammond Museum of Radio http://www.hammondmuseumofradio.org/

    Historical Radio Society of Australia Inc. http://www.hrsa.asn.au/

    JMH’s Virtual Valve Museum http://www.tubecollector.org/numbers.htm

    John Rose’s Vintage Radio Home http://personal.nbnet.nb.ca/jrose/radios/radiomain.htm

    Klausmobile Russian Tube Directory http://klausmobile.narod.ru/td/indexe.htm

    KK7TV http://www.kk7tv.com/kk7tv.html

    Kurrajong Radio Museum http://www.vk2bv.org/museum/

    Links to Vintage Radios (Amateur) http://www.qsl.net/ka4pnv/vrlinks.htm

    Mike’s Electric Stuff http://www.netcomuk.co.uk/~wwl/electric.html

    Nostalgiar Air http://www.nostalgiaair.org/

    Phil’s Old Radios http://antiqueradio.org/

    Radio A’s Vintage Radio Page http://www.mnsi.net/~radioa/radioa.htm

    Radio Era http://www.radioera.com/

    Rap ‘n Tap http://www.midnightscience.com/rapntap/

    Replacing Capacitors http://antiqueradio.org/recap.htm

    Savoy Hill Publications http://www.valvesunlimited.demon.co.uk/Noframes/savoy_hill_publications.htm

    South East Qld Group of the HRSA http://seqg.tripod.com

    SEQG of the HRSA Crystal comp http://www.clarion.org.au/crystalset/

    SEQG One Tube Radio comp http://seqg.tripod.com/onetube/onetube.html

    TEARA’S VINTAGE RADIO LINK PAGE http://www.ipass.net/~teara/vin.html

    The Vintage Radio Emporium http://www.vintageradio.info/

    The Wireless Works http://www.wirelessworks.co.uk/

    Triode Tube Data http://www.triodeel.com/tubedata.htm Tubesworld  (Valve Audio and Valve data) http://www.tubesworld.com/

    Vintage Radio http://www.vintage-radio.com/index.shtml

    Vintage Radio Times http://www.vintageradiotimes.com/Page_1x.html

    Vintage Radios and programs http://www.compusmart.ab.ca/agirard/VINTAGE.HTM

    Vintage Radios UK http://www.valve.demon.co.uk/

    Vintage Radio and Test Equipment Site http://www.geocities.com/eb5agv/

    Vintage Radio World http://www.burdaleclose.freeserve.co.uk/

    Vintage Radio and Audio Pages http://www.mcallister.simplenet.com/

    VMARS http://www.vmars.org.uk/

    W7FG VINTAGE MANUALS CATALOGUE http://www.w7fg.com/index.html

    Ye Olde Hurdy Gurdy Museum of Vintage Radio http://ei5em.110mb.com/museum.html



    Valve Audio and Valve data Ake’e Tube Data http://w1.871.telia.com/~u87127076/index.htm CVC http://www.chelmervalve.com/index.html

    Data Sheet Locator http://www.duncanamps.co.uk/cgi-bin/tdsl3.exe/

    Eimac http://www.cpii.com/eimac/index.html

    Frank’s Electron tube Pages http://home.wxs.nl/~frank.philipse/frank/frank.html

    Hammond  Manufacturing http://www.hammondmfg.com/

    House of Tubes http://www.house-of-tubes.com/home/Library.asp

    High Voltage Tube Archive http://www.funet.fi/pub/sci/electrical/tesla/tubes/

    Kiewavly http://home.mira.net/~kiewavly/audio1.html

    Industrial Valve Data http://www.netcomuk.co.uk/~wwl/data.html

    Machmat http://www.machmat.com/

    NJ7P Tube Data Search http://hereford.ampr.org/cgi-bin/tube?index=1

    RCA-R10 Data http://www.nmr.mgh.harvard.edu/~reese/RC10/

    SAS Audio Labs http://www.sasaudiolabs.com/

    Sowter Audio Transformers http://www.sowter.co.uk/

    Spice Valves http://www.duncanamps.com/spicevalves.html

    Tubetec http://www.tubetec.freeserve.co.uk/

    TUBEWORLD INC. http://www.tubeworld.com/

    Tube datasheets http://www.wps.com/archives/tube-datasheets/index.html

    Vacuum Tube Links http://www.michelletroutman.com/tubes.htm

    Valves and Tubes http://www.euramcom.freeserve.co.uk/tubes.html

    Valve Data Links http://www.thevalvepage.com/links/valvdata.htm

    Valve Data http://www.arrakis.es/~igapop/referenc.htm

    Valves Unlimited http://www.valvesunlimited.demon.co.uk/Noframes/links.htm

    Valve and Tube Supplies http://www.valves.uk.com/

    Valveamps.com http://www.valveamps.com/



    Audio

    Audio Calculators and Links http://www.audioscientific.com/Audio Calculators & References Links.htm

    BKC GROUP http://www.bkcgroup.fsnet.co.uk/

    Car Audio Australia http://www.caraudioaustralia.com/

    DIY Audio http://www.diyaudio.com/

    Duncan’s Amp Pages http://www.duncanamps.com/

    Elliott Sound Products http://sound.westhost.com/audiolink.htm

    GM ARTS http://users.chariot.net.au/~gmarts/

    Norman Koren http://www.normankoren.com/Audio/

    Rane http://www.rane.com/

    The Self Site http://www.dself.demon.co.uk/

    The Class-A Amplifier Site http://www.gmweb.btinternet.co.uk/



    Magazines

    DUBUS (VHF magazine) http://www.dubus.org/

    Elektor Electronics http://www.elektor-electronics.co.uk/

    Harlan Technologies (Amateur Television Quarterly) http://www.hampubs.com/

    Radio & Communications Monitoring Monthly http://www.monitoringmonthly.co.uk/

    SILICON CHIP http://www.siliconchip.com.au/

    VHF Communications Mag http://www.vhfcomm.co.uk/



    SETI

    SETI http://www.setileague.org/homepg.htm

    SETI Australia http://www.seti.org.au/

    How To Hijack Fast Food Drive-Thru Frequencies

    This is an article I found on the Phone Losers site I thought I would copy here so I can give it a go at some stage.

    How To Hijack Fast Food Drive-Thru Frequencies

    A few years back, some friends and I were messing around with a Taco Bell’s drive-thru frequencies. RijilV and isotek showed me how easy it was to hijack the frequencies of just about any fast food restaurant with a very simple mod to a ham radio. The radios they used were Yaesu VX-5 and VX-7 models. We had a few weeks of occasional fun, sitting a few parking lots away and saying all kinds of horrible things to potential fast food customers. For the most part, I didn’t record any of it. But you can find a few clips of our fast food hijinks if you scroll down on the PLA Sound Clips Archive page.

    Finally we decided to capture a bit of our FCC violations on video. But instead of capturing actual customers being harassed by us as they placed an order, I drove through the Taco Bell drive-thru myself with a video camera sitting on the dashboard. As I attempted to place my order, RijilV informed me of some crazy new Taco Bell policies and a manager immediately rushed out to explain to me that I wasn’t actually talking to an employee. Here is that video:

    After spending several years on Google Video and YouTube, it’s been watched approximately 20,000 times. And of those 20,000 people who have viewed it, approximately all of them have emailed me and asked me what kind of radio we used and how can they use a radio to do the same thing. So in the spirit of April 1st and in order to quell the number of emails sent to me and posts on the PLA Forums asking the same thing, I’ve decided to write this tutorial to help those people out.

    But I’m not going to explain how to modify a Yaesu VX5 or a Yaesu VX7. A simple Google search will show you how to modify these ham radios. The problem with these mods is that, even though they’re fairly simple, you have to buy the radios which could cost you anywhere from $200 – $400. Then, after removing a couple solder points, you have to learn how to use it, you have to look up fast food frequency lists, you have to understand the difference between the transmit frequencies and the receive frequencies and you have to scroll through PL tones using trial and error to find the correct one.

    Or how about we do this a different way. A way that uses a couple items that you might already have in your home. You can easily modify most old CB radios in a way that will allow them to transmit directly to drive-thru frequencies. You won’t have to scroll through hundreds of possible drive-thru frequencies, because a CB radio’s channels line up in exactly the same way as most drive-thru’s channels, only at a higher frequency. How do you get your CB radio to run at a higher frequency? A simple replacement of the crystal inside, with a 6.5536 MHz crystal. This triples the megahertz that are broadcast on and there is no learning required. You just take the modified CB radio to a fast food restaurant and start broadcasting to the customers.

    “But RBCP, I don’t have a 6.5536 MHz crystal lying around my house,” you might be whining at this point. But this isn’t true. Just about any house has several 6.5536 MHz crystals in them if you know where to look. This just happens to be the exact same crystal that you can find in electric heaters, hair dryers, electric stoves, curling irons, electric hot water heaters, irons, and toasters. These crystals are in just about any item that has heated coils and are used to control the frequency of the heating elements so that they don’t burn your house down.

    So for this modification you need…

    • 1 CB radio. It has to be a 40 channel CB radio with a digital display, which includes just about any CB radio manufactured after the mid 1980’s. The old 23 channel CBs from the 1970’s will not work. It can even be a walkie talkie CB radio. If you don’t have one, you can find one at Goodwill or a yard sale for probably less than $10.
    • 1 toaster. (Or other item with heating elements inside.) A toaster is the most ideal to use, because it’s almost guaranteed to have the crystal inside of it. It’s more common to find curling irons and hair dryers that don’t. Again, it should be a toaster manufactured within the past 20 years or so. Before that they didn’t have crystal requirements for toaster manufacturers. (And incidentally, there were a lot more electrical house fires back then.) Goodwill will probably have a toaster for less than $10.
    • 1 soldering iron and solder. Don’t worry if you don’t have soldering experience. It’s actually pretty easy. Click here for a soldering tutorial. You can purchase a soldering iron at Radio Shack or Sears for about $10.
    • A few screwdrivers

    Even if you have to buy all these materials, you’re only out $30. That’s a lot better than the $300 you might end up spending on a Yaesu radio. And some of you might already have all these items so you don’t have to pay anything. Ask a friend or a relative if they’ve got an old toaster or CB radio lying around that they don’t need.

    First you’ll want to take apart your toaster. This isn’t too hard. Just flip it upside down and start removing the screws. You’ll probably need to pull off the plastic lever and knobs before you remove the top of the toaster. Once you have the top off, you’ll see a green or brown circuit board inside.

    Flip the circuit board down and you’ll see all the components on the other side, including the 6.5536 MHz crystal. The crystal is silver and will have 6.5 stamped on the side of it. In the picture below, I’ve used an arrow to show you where it’s located.

    The crystal is likely in a different spot in other toasters, but it’s hard to mistake for any other electronic component. The crystal will have some form of 6.5 stamped on the side of it. In my toaster, it showed 6.55-12. While the official frequency needed is 6.5536 MHz, anything within 1.6 megahertz will work. So don’t worry if your crystal just says 6.5 or 6.50 – it’s all the same for our purposes.

    It’s kind of hard to see what I’m doing in the picture above, but I’m heating up the leads on the crystal from underneath with my soldering iron to melt the solder, and I’m pulling on the crystal from above with a pair of needle nose pliers. It only takes a few seconds to get the crystal out of the toaster.

    Now that the crystal is out of your toaster, throw your toaster away! Do not attempt to use it once the crystal is removed. Remember, the crystal is in there for safety and using your toaster without the crystal could burn your toast and/or start a kitchen fire. It’s likely your toaster won’t even turn on with the missing crystal, but please don’t even try. Just throw it away.

    As I mentioned before, just about any brand and model of CB radio will work, as long as it has the digital display on it. Which means, just about any CB radio manufactured after the mid 1980’s. These are the kinds of CB radios whose frequencies are controlled by a single crystal inside of them. For my mod, I used a Radio Shack TRC-207 walkie talkie CB radio, which is pictured above. I prefer using a walkie talkie CB radio because it doesn’t requiring sticking a huge CB antenna on the roof of my car which might be noticed if a fast food employee starts looking around the parking lot for the culprits.

    Taking apart your CB radio is just as easy as taking apart the toaster. Remove the screws and pop it open. You may or may not have to lift up the circuit board inside to find the crystal inside. In my particular model, the crystal actually plugged into a socket so I didn’t need to even desolder the old crystal. I just pulled it out with my fingers and then plugged in the new 6.55 MHz crystal. I don’t know how common this is, because in other CB radios that I’ve modified the crystal was soldered to the circuit board, just like in the toaster.

    Put your CB back together and test it to make sure it’s working. You’re finished! Obviously, you won’t be able to talk on normal CB channels anymore since your CB is transmitting and receiving at a much higher frequency now. But who cares, CB channels are lame anyway. Let’s hop in the car and drive to our nearest fast food establishment to test it out.

    Sit near the drive-thru and wait for a customer to pull up. While the customer is talking to the drive-thru speaker, start flipping through your channels until you hear them talking. I’ve found that most drive thrus end up being somewhere in the 16 – 25 channel range. I’ve never found one above channel 30 and only a few on channels 1 through 15. It all depends on how their drive-thru is set up and what frequencies they’re using. Anyway, push down your talk button and start talking to the customer.

    The cool thing about using a CB radio to transmit on drive-thru frequencies is that a CB is designed to work for several miles. The headsets that those fast food people wear are only designed to work for about 100 feet. So you can easily overpower the employees, even if you’re several parking lots away. In fact, you may be inadvertently screwing with several other drive-thrus in town without even knowing it. This is more likely when you’re using the kind of CB radio that’s supposed to be installed in a car. Those usually run on 5 watts and can cover an entire city. This is another reason I like to use my walkie talkie. It’s lucky if it will work for even a mile, so I’m only harassing one restaurant at a time.

    If you found this tutorial useful, you might also enjoy the video I’ve made on the same subject. It includes much of the same information in this tutorial, but also includes actual footage of us messing with a drive-thru with this CB mod. Enjoy!

    You might also enjoy our original Taco Bell Takeover video, our Happy Birthday drive-thru video and our Drive-Thru Shenanigans video.

    icon for podpress PLA TV: Hijacking Fast Food Frequencies [9:12m]: Download (4913)

    Local Copy

    Amateur Radio and Radhaz

    Something I have been very wary about for some year had begun to be better understood over the last few years.

    I remember a doctor from an Adelaide hospital who presented at an IEEE meeting saying “on the record there hasn’t been enough research performed to prove that electromagnetic radiation causes cancer, but off the record I have seen enough cases where I am convinces it does”.

    This simple statement and other examples provided during the presentation really drove home that we must be wary and respectful when using an existing near electromagnetic emitting devices.

    This article came from the local South Australia Amature Radio Experimentes Group Website – Thanks for allthe great work. See link http://www.areg.org.au/info/radhaz/radhaz.html

    General Background Information

    The question of Radhaz has to be considered when you are constructing an Amateur Radio station that will operate near members of the general public as well as your self.

    The responsibility for ensuring that the operation of an Amateur Radio transmitting station is operating with in the ARPANSA and ACMA guidelines is souly the responsibility of the amateur radio operator in control of the radio transmitter.

    As the standard for Radiation Protection Standard for Maximum Exposure Levels to Radiofrequency Fields – 3 kHz to 300 GHz changes from time to time. The information on this web site will become out of date. AREG accepts no responsibility for the information presented on this page, the relative orginsations should be consolted for the latest up to date information.

    For complete appraisal of your situation, you should consult one of the many orginsations that are NATA certified.

    As of March 1st 2003, the Australian Communications & Media Authority (ACMA) introduced new limits for human exposure to electromagnetic radiation (EMR) covering all mobile transmitters such as remote controlled toys, walkie-talkies and hand held two-way radios as well as radio communications installations such as broadcast towers and amateur radio stations.

    Under the new regulations, mandatory limits are set by the Australian Radiation Protection and Nuclear Safety Agency (ARPANSA) and people who hold a licence for a radiocommunications facility will have to comply, and in certain cases, hold records demonstrating compliance with the limits.

    For a complete details on the ARPANSA standard, please refer to the link below and the ARPANSA web site.

    http://www.arpansa.gov.au

    maximum-exposure-levels-to-radiofrequency-fields

    The RPS No:3 Standard is known as, Radiation Protection Standard for Maximum Exposure Levels to Radiofrequency Fields — 3 kHz to 300 GHz (2002).

    This Standard specifies limits of human exposure to radiofrequency (RF) fields in the frequency range 3 kHz to 300 GHz, to prevent adverse health effects. These limits are defined in terms of basic restrictions for exposure of all or a part of the human body. Relevant derived reference levels are also provided as a practical means of showing compliance with the basic restrictions. In particular, this Standard specifies the following:

    (a) Basic restrictions for occupational exposure with corresponding derived reference levels as a function of frequency.


    (b) Basic restrictions for general public exposure, with corresponding derived reference levels as a function of frequency.


    (c) Equipment and usage parameters in order to assist in the determination of compliance with this Standard.
    The limits specified in this Standard are intended to be used as a basis for planning work procedures, designing protective facilities, the assessment of the efficacy of protective measures and practices, and guidance on health surveillance

    IDEAS page is all about putting up design and other general ideas. These may include part circuits or drawings of things that we have thought other people may be interested in. In general don’t expect a complete package, as this page is only meant to give you some ideas on what we have done. So you can further your own experimentation.

    Cisco Command Cheat Sheet

    I found a list of useful Cisco commands which I though I would post here.

    ROUTER COMMANDS :

    • Config# terminal editing – allows for enhanced editing commands
    • Config# terminal monitor – shows output on telnet session
    • Config# terminal ip netmask-format hexadecimal|bit-count|decimal – changes the format of subnet masks

    HOST NAME:

    • Config# hostname ROUTER_NAME

    BANNER:

    • Config# banner motd # TYPE MESSAGE HERE # – # can be substituted for any character, must start and finish the message

    DESCRIPTIONS:

    • Config# description THIS IS THE SOUTH ROUTER – can be entered at the Config-if level

    CLOCK:

    • Config# clock timezone Central -6
      # clock set hh:mm:ss dd month yyyy – Example: clock set 14:13:00 25 August 2003

    CHANGING THE REGISTER:

    • Config# config-register 0x2100 – ROM Monitor Mode
    • Config# config-register 0x2101 – ROM boot
    • Config# config-register 0x2102 – Boot from NVRAM

    BOOT SYSTEM:

    • Config# boot system tftp FILENAME SERVER_IP – Example: boot system tftp 2600_ios.bin 192.168.14.2
    • Config# boot system ROM
    • Config# boot system flash – Then – Config# reload

    CDP:

    • Config# cdp run – Turns CDP on
    • Config# cdp holdtime 180 – Sets the time that a device remains. Default is 180
    • Config# cdp timer 30 – Sets the update timer.The default is 60
    • Config# int Ethernet 0
    • Config-if# cdp enable – Enables cdp on the interface
    • Config-if# no cdp enable – Disables CDP on the interface
    • Config# no cdp run – Turns CDP off

    HOST TABLE:

    • Config# ip host ROUTER_NAME INT_Address – Example: ip host lab-a 192.168.5.1
      -or-
    • Config# ip host RTR_NAME INT_ADD1 INT_ADD2 INT_ADD3 – Example: ip host lab-a 192.168.5.1 203.23.4.2 199.2.3.2 – (for e0, s0, s1)

    DOMAIN NAME SERVICES:

    • Config# ip domain-lookup – Tell router to lookup domain names
    • Config# ip name-server 122.22.2.2 – Location of DNS server
    • Config# ip domain-name cisco.com – Domain to append to end of names

    CLEARING COUNTERS:

    • # clear interface Ethernet 0 – Clears counters on the specified interface
    • # clear counters – Clears all interface counters
    • # clear cdp counters – Clears CDP counters

    STATIC ROUTES:

    • Config# ip route Net_Add SN_Mask Next_Hop_Add – Example: ip route 192.168.15.0 255.255.255.0 205.5.5.2
    • Config# ip route 0.0.0.0 0.0.0.0 Next_Hop_Add – Default route
      -or-
    • Config# ip default-network Net_Add – Gateway LAN network

    IP ROUTING:

    • Config# ip routing – Enabled by default
    • Config# router rip
      -or-
    • Config# router igrp 100
    • Config# interface Ethernet 0
    • Config-if# ip address 122.2.3.2 255.255.255.0
    • Config-if# no shutdown

    IPX ROUTING:

    • Config# ipx routing
    • Config# interface Ethernet 0
    • Config# ipx maximum-paths 2 – Maximum equal metric paths used
    • Config-if# ipx network 222 encapsulation sap – Also Novell-Ether, SNAP, ARPA on Ethernet. Encapsulation HDLC on serial
    • Config-if# no shutdown

    ACCESS LISTS:

    IP Standard1-99
    IP Extended100-199
    IPX Standard800-899
    IPX Extended900-999
    IPX SAP Filters1000-1099

    IP STANDARD:

    • Config# access-list 10 permit 133.2.2.0 0.0.0.255 – allow all src ip’s on network 133.2.2.0
      -or-
    • Config# access-list 10 permit host 133.2.2.2 – specifies a specific host
      -or-
    • Config# access-list 10 permit any – allows any address
    • Config# int Ethernet 0
    • Config-if# ip access-group 10 in – also available: out

    IP EXTENDED:

    • Config# access-list 101 permit tcp 133.12.0.0 0.0.255.255 122.3.2.0 0.0.0.255 eq telnet
      -protocols: tcp, udp, icmp, ip (no sockets then), among others
      -source then destination address
      -eq, gt, lt for comparison
      -sockets can be numeric or name (23 or telnet, 21 or ftp, etc)
      -or-
    • Config# access-list 101 deny tcp any host 133.2.23.3 eq www

    -or-

    • Config# access-list 101 permit ip any any
    • Config# interface Ethernet 0
    • Config-if# ip access-group 101 outIPX STANDARD:
    • Config# access-list 801 permit 233 AA3 – source network/host then destination network/host

    -or-

    • Config# access-list 801 permit -1 -1 – “-1” is the same as “any” with network/host addresses
    • Config# interface Ethernet 0
    • Config-if# ipx access-group 801 outIPX EXTENDED:
    • Config# access-list 901 permit sap 4AA all 4BB all
      – Permit protocol src_add socket dest_add socket
      -“all” includes all sockets, or can use socket numbers

    -or-

    • Config# access-list 901 permit any any all any all
      -Permits any protocol with any address on any socket to go anywhere
    • Config# interface Ethernet 0
    • Config-if# ipx access-group 901 inIPX SAP FILTER:
    • Config# access-list 1000 permit 4aa 3 – “3” is the service type

    -or-

    • Config# access-list 1000 permit 4aa 0 – service type of “0” matches all services
    • Config# interface Ethernet 0
    • Config-if# ipx input-sap-filter 1000 – filter applied to incoming packets

    -or-

    • Config-if# ipx output-sap-filter 1000 – filter applied to outgoing packets

    NAMED ACCESS LISTS:

    • Config# ip access-list standard LISTNAME
      -can be ip or ipx, standard or extended
      -followed by the permit or deny list
    • Config# permit any
    • Config-if# ip access-group LISTNAME in
      -use the list name instead of a list number
      -allows for a larger amount of access-lists

    PPP SETUP:

    • Config-if# encapsulation ppp
    • Config-if# ppp authentication chap pap
      -order in which they will be used
      -only attempted with the authentification listed
      -if one fails, then connection is terminated
    • Config-if# exit
    • Config# username Lab-b password 123456
      -username is the router that will be connecting to this one
      -only specified routers can connect

    -or-

    • Config-if# ppp chap hostname ROUTER
    • Config-if# ppp chap password 123456
      -if this is set on all routers, then any of them can connect to any other
      -set same on all for easy configuration

    ISDN SETUP:

    • Config# isdn switch-type basic-5ess – determined by telecom
    • Config# interface serial 0
    • Config-if# isdn spid1 2705554564 – isdn “phonenumber” of line 1
    • Config-if# isdn spid2 2705554565 – isdn “phonenumber” of line 2
    • Config-if# encapsulation PPP – or HDLC, LAPD

    DDR – 4 Steps to setting up ISDN with DDR Configure switch type

    1. Config# isdn switch-type basic-5ess – can be done at interface config

    2. Configure static routes
    Config# ip route 123.4.35.0 255.255.255.0 192.3.5.5 – sends traffic destined for 123.4.35.0 to 192.3.5.5
    Config# ip route 192.3.5.5 255.255.255.255 bri0 – specifies how to get to network 192.3.5.5 (through bri0)

    3. Configure Interface
    Config-if# ip address 192.3.5.5 255.255.255.0
    Config-if# no shutdown
    Config-if# encapsulation ppp
    Config-if# dialer-group 1 – applies dialer-list to this interface
    Config-if# dialer map ip 192.3.5.6 name Lab-b 5551212
    connect to lab-b at 5551212 with ip 192.3.5.6 if there is interesting traffic
    can also use “dialer string 5551212” instead if there is only one router to connect to

    4. Specify interesting traffic
    Config# dialer-list 1 ip permit any
    -or-
    Config# dialer-list 1 ip list 101 – use the access-list 101 as the dialer list

    5. Other Options
    Config-if# hold-queue 75 – queue 75 packets before dialing
    Config-if# dialer load-threshold 125 either
    -load needed before second line is brought up
    -“125” is any number 1-255, where % load is x/255 (ie 125/255 is about 50%)
    -can check by in, out, or either

    Config-if# dialer idle-timeout 180
    -determines how long to stay idle before terminating the session
    -default is 120

    FRAME RELAY SETUP:

    • Config# interface serial 0
    • Config-if# encapsulation frame-relay – cisco by default, can change to ietf
    • Config-if# frame-relay lmi-type cisco – cisco by default, also ansi, q933a
    • Config-if# bandwidth 56
    • Config-if# interface serial 0.100 point-to-point – subinterface
    • Config-if# ip address 122.1.1.1 255.255.255.0
    • Config-if# frame-relay interface-dlci 100
      -maps the dlci to the interface
      -can add BROADCAST and/or IETF at the end
    • Config-if# interface serial 1.100 multipoint
    • Config-if# no inverse-arp – turns IARP off; good to do
    • Config-if# frame-relay map ip 122.1.1.2 48 ietf broadcast
      -maps an IP to a dlci (48 in this case)
      -required if IARP is turned off
      -ietf and broadcast are optional
    • Config-if# frame-relay map ip 122.1.1.3 54 broadcast

    SHOW COMMANDS

    • Show access-lists – all access lists on the router
    • Show cdp – cdp timer and holdtime frequency
    • Show cdp entry * – same as next
    • Show cdp neighbors detail – details of neighbor with ip add and ios version
    • Show cdp neighbors – id, local interface, holdtime, capability, platform portid
    • Show cdp interface – int’s running cdp and their encapsulation
    • Show cdp traffic – cdp packets sent and received
    • Show controllers serial 0 – DTE or DCE status
    • Show dialer – number of times dialer string has been reached, other stats
    • Show flash – files in flash
    • Show frame-relay lmi – lmi stats
    • Show frame-relay map – static and dynamic maps for PVC’s
    • Show frame-relay pvc – pvc’s and dlci’s
    • Show history – commands entered
    • Show hosts – contents of host table
    • Show int f0/26 – stats of f0/26
    • Show interface Ethernet 0 – show stats of Ethernet 0
    • Show ip – ip config of switch
    • Show ip access-lists – ip access-lists on switch
    • Show ip interface – ip config of interface
    • Show ip protocols – routing protocols and timers
    • Show ip route – Displays IP routing table
    • Show ipx access-lists – same, only ipx
    • Show ipx interfaces – RIP and SAP info being sent and received, IPX addresses
    • Show ipx route – ipx routes in the table
    • Show ipx servers – SAP table
    • Show ipx traffic – RIP and SAP info
    • Show isdn active – number with active status
    • Show isdn status – shows if SPIDs are valid, if connected
    • Show mac-address-table – contents of the dynamic table
    • Show protocols – routed protocols and net_addresses of interfaces
    • Show running-config – dram config file
    • Show sessions – connections via telnet to remote device
    • Show startup-config – nvram config file
    • Show terminal – shows history size
    • Show trunk a/b – trunk stat of port 26/27
    • Show version – ios info, uptime, address of switch
    • Show vlan – all configured vlan’s
    • Show vlan-membership – vlan assignments
    • Show vtp – vtp configs

    CATALYST COMMANDS
    For Native IOS – Not CatOS

    SWITCH ADDRESS:

    • Config# ip address 192.168.10.2 255.255.255.0
    • Config# ip default-gateway 192.168.10.1DUPLEX MODE:
    • Config# interface Ethernet 0/5 – “fastethernet” for 100 Mbps ports
    • Config-if# duplex full – also, half | auto | full-flow-control

    SWITCHING MODE:

    • Config# switching-mode store-and-forward – also, fragment-free

    MAC ADDRESS CONFIGS:

    • Config# mac-address-table permanent aaab.000f.ffef e0/2 – only this mac will work on this port
    • Config# mac-address-table restricted static aaab.000f.ffef e0/2 e0/3
      -port 3 can only send data out port 2 with that mac
      -very restrictive security
    • Config-if# port secure max-mac-count 5 – allows only 5 mac addresses mapped to this port

    VLANS:

    • Config# vlan 10 name FINANCE
    • Config# interface Ethernet 0/3
    • Config-if# vlan-membership static 10TRUNK LINKS:
    • Config-if# trunk on – also, off | auto | desirable | nonegotiate
    • Config-if# no trunk-vlan 2
      -removes vlan 2 from the trunk port
      -by default, all vlans are set on a trunk port

       

      CONFIGURING VTP:

    • Config# delete vtp – should be done prior to adding to a network
    • Config# vtp server – the default is server, also client and transparent
    • Config# vtp domain Camp – name doesn’t matter, just so all switches use the same
    • Config# vtp password 1234 – limited security
    • Config# vtp pruning enable – limits vtp broadcasts to only switches affected
    • Config# vtp pruning disableFLASH UPGRADE:
    • Config# copy tftp://192.168.5.5/configname.ios opcode – “opcode” for ios upgrade, “nvram” for startup config

    DELETE STARTUP CONFIG:

    • Config# delete nvram

    BGP:

    • show ip bgp – Displays entries in the BGP routing table.
    • show ip bgp injected-paths – Displays paths in the BGP routing table that were conditionally injected.
    • show ip bgp neighbors – Displays information about the TCP and BGP connections to neighbors.

    BGP Conditional Route Injection:

    Step 1 Router(config)# router bgp as-number
    -  Places the router in router configuration mode, and configures the router to run a BGP process.

    Step 2 Router(config-router)# bgp inject-map ORIGINATE exist-map LEARNED_PATH
    -  Configures the inject-map named ORIGINATE and the exist-map named LEARNED_PATH for conditional route injection.

    Step 3 Router(config-router)# exit
    -Exits router configuration mode, and enters global configuration mode.

    Step 4 Router(config)# route-map LEARNED_PATH permit sequence-number
    – Configures the route map named LEARNED_PATH.

    Step 5 Router(config-route-map)# match ip address prefix-list ROUTE
    – Specifies the aggregate route to which a more specific route will be injected.

    Step 6 Router(config-route-map# match ip route-source prefix-list ROUTE_SOURCE
    – Configures the prefix list named ROUTE_SOURCE to redistribute the source of the route.
    Note The route source is the neighbor address that is configured with the neighbor remote-as command. The tracked prefix must come from this neighbor in order for conditional route injection to occur.

    Step 7 Router(config-route-map)# exit
    – Exits route-map configuration mode, and enters global configuration mode.

    Step 8
    Router(config)# route-map ORIGINATE permit 10
    – Configures the route map named ORIGINATE.

    Step 9 Router(config-route-map)# set ip address prefix-list ORIGINATED_ROUTES
    – Specifies the routes to be injected.

    Step 10 Router(config-route-map)# set community community-attribute additive
    – Configures the community attribute of the injected routes.

    Step 11 Router(config-route-map)# exit
    – Exits route-map configuration mode, and enters global configuration mode.

    Step 12
    Router(config)# ip prefix-list ROUTE permit 10.1.1.0/24
    – Configures the prefix list named ROUTE to permit routes from network 10.1.1.0/24.

    Step 13 Router(config)# ip prefix-list ORIGINATED_ROUTES permit 10.1.1.0/25
    – Configures the prefix list named ORIGINATED_ROUTES to permit routes from network 10.1.1.0/25.

    Step 14 Router(config)# ip prefix-list ORIGINATED_ROUTES permit 10.1.1.128/25
    – Configures the prefix list named ORIGINATED_ROUTES to permit routes from network 10.1.1.0/25.

    Step 15 Router(config)# ip prefix-list ROUTE_SOURCE permit 10.2.1.1/32
    – Configures the prefix list named ROUTE_SOURCE to permit routes from network 10.2.1.1/32.
    Note The route source prefix list must be configured with a /32 mask in order for conditional route injection to occur.

    DHCP

    Step 1 (config)# interface ethernet0/0
    (config-if)#ip address 1.1.1.1 255.0.0.0
    (config-if)# no shutdown
    – Configure an IP address on the router’s Ethernet port, and bring up the interface. (On an existing router, you would have already done this.)

    Step 2 (config)# ip dhcp pool mypool
    – Create a DHCP IP address pool for the IP addresses you want to use.

    Step 3 (dhcp-config)# network 1.1.1.0 /8
    – Specify the network and subnet for the addresses you want to use from the pool.

    Step 4 (dhcp-config)#domain-name mydomain.com
    – Specify the DNS domain name for the clients.

    Step 5 (dhcp-config)#dns-server 1.1.1.10 1.1.1.11
    – Specify the primary and secondary DNS servers.

    Step 6 (dhcp-config)#default-router 1.1.1.1
    – Specify the default router (i.e., default gateway).

    Step 7 (dhcp-config)#lease 7
    – Specify the lease duration for the addresses you’re using from the pool.

    Step 8 (dhcp-config)#exit
    – Exit Pool Configuration Mode.

    This takes you back to the global configuration prompt.

    Next, exclude any addresses in the pool range that you don’t want to hand out.

    For example, let’s say that you’ve decided that all IP addresses up to .100 will be for static IP devices such as servers and printers. All IP addresses above .100 will be available in the pool for DHCP clients.

    Here’s an example of how to exclude IP addresses .100 and below:

    Optional (config)#ip dhcp excluded-address 1.1.1.0 1.1.1.100

    The full DHCP reference can be found on the CISCO site.

    Common Commands and Troubleshooting

    • Set a password on the console line:
      • configure terminal
      • line console 0
      • password ‘cisco’
      • login
    • Passwords are case sensitive.
    • You must configure a password on the VTY lines, without one no one will be able to telnet to the switch/router.
    • The default mode when logging into a switch/router via telnet or SSH is user exec mode, which is indicated by the ‘>’ prompt.
    • To configure the switch/router you need to use the privileged EXEC mode. To do this you enter the enable command in user EXEC mode. The prompt is indicated with ‘#’.
    • If both enable secret and enable password are set, the enable secret will be used.
    • The enable secret is encrypted (by default) where as the enable password is in clear text.
    • In a config containing an enable secret 5 ‘hash’ the 5 refers to the level of encryption being used.
    • If no enable password/secret has been set when someone telnets to the device, they will get a ‘%No password set’ message. Someone with physical access must set the password.
    • To place all telnet users directly into enable mode:
      • configure terminal
      • line vty 0 4
      • privilege level 15
    • To put a specific user directly into privileged EXEC mode (enable mode)
      • username superman privilege 15 password louise
    • Telnet sends all data including passwords in clear text which can be intercepted.
    • SSH encrypts all data preventing an attacker from intercepting it.
    • Setting up a local user/password login database for use with telnet:
      • configure terminal
      • line vty 0 4
      • login local
      • exit
      • username telnetuser1 password secretpass
    • To set up SSH you need to create the local user database, the domain name must be specified with the ip domain-name command and a crypto key must be created with the crypto key generate rsa command. To enable SSH on the VTY lines, use the command transport input ssh.
    • If you connect two Cisco switches together and the lights don’t go amber then green, but instead stays off. A straight through cable has been used instead of a crossover cable.
    • The term ‘a switches management interface’ normally refers to VLAN1.
    • Assign a default gateway using the ip default-gateway ipaddress command.
    • You can use the command interface range fasterthernet 0/1 – 12 to select a range of interfaces to configure at once.
    • MOTD banner appears before login prompt.
    • The login banner appears before the login prompt but after the MOTD banner.
    • The banner exec appears after a successful logon.
    • line con 0 – configuring the logging synchronous on the console port stops the router from displaying messages (like an interface state change) until it detects no input from the keyboard and not other output from the router, such as a show commands output.
    • exec-timeout x y (x=minutes, y=seconds) – the default is 5 minutes. Can be disabled by setting x=0 y=0
    • Shortcut commands
      • Up Arrow – will show you the last command you entered. Control+P does the same thing.
      • Down Arrow – will bring you one command up in the command history. Control+N does the same thing.
      • CTRL+A takes the cursor to the start of the current command.
      • CTRL+E takes the cursor to the end of the current command.
      • Left arrow or CTRL+B moves backwards (towards the start) of the command one character at a time.
      • Right arrow or CTRL+P moves forwards (towards the end) of the command one character at a time.
      • CTRL+D deletes one character (the same as backspace).
      • ESC+B moves back one word in the current command.
      • ESC+F moves forward one word in the current command.
    • show history command will show the last 10 commands run by default.
    • the history size can be increased individually on the console port and on the VTY lines with the history size x command.
    • Config modes
      • config t R1<config> is the global configuration mode.
      • line vty 0 4 R1<config-line> is the line config mode.
      • interface fastethernet 0/1 R1<config-if> interface config mode.
    Troubleshooting
    • Cisco Discovery Protocol (CDP) runs by default on Cisco routers and switches. It runs globally and on a per-interface level.
    • CDP discovers basic information about neighboring switches and routers.
    • On media that supports multicasts at the data link layer, CDP uses multicast frames. on other media, CDP sends a copy of the CDP update to any known data-link addresses.
    • The show cdp command shows CDP settings.
    • CDP can be disabled globally using the command no cdp run and re-enable using cdp run.
    • CDP can be disabled at an interface level using the no cdp enable command at the sub-interface level.
    • The command show cdp neighbor – lists one summary line of information about each neighbor. Including:
      • Device ID – the remote devices hostname.
      • Local Interface – the local switch/router interface connected to the remote host.
      • Holdtime – is the number of seconds the local device will retain the contents of the last CDP advertisement received from the remote host.
      • Capability – shows you the type of device the remote host is.
      • Platform – is the remote devices hardware platform.
      • Port ID – is the remote interface on the direct connection.
    • The command show cdp neighbor detail – lists one large set (approx 15 lines) of information, one set for every neighbor. Including:
      • The IOS version.
      • VTP management domain.
      • Management addresses.
    • show cdp entry name – lists the same information as the show cdp neighbors detail command, but only for the named neighbor (case sensitive).
    • show cdp – states whether CDP is enabled globally, and lists the default update and holdtime timers.
    • show cdp traffic – lists global statistics for the number of CDP advertisements sent and received.
    • show cdp interface type number – states whether CDP is enabled on each interface or a single interface if the interface is listed, and states the update and holdtime timers on those interfaces.
    • CDP should be disabled on interfaces it is not needed to limit risk of an attacker learning details about each switch or router. Use the no cdp enable interface subcommand to disable CDP and the cdp enable interface subcommand to re-enable it.
    • The command show cdp interface shows the CDP settings for every interface.
    • Interface status messages:
      • Interface status is down/down – this indicates a physical problem, most likely a loose or unplugged cable.
      • Line protocol is down, up/down – this indicates a problem at the logical level, most likely an encapsulation mismatch or a missing clock rate.
      • Administratively down – this indicates the interface has been shutdown and needs to be manually opened with the sub interface command no shutdown.
    • The command show mac-address-table shows the mac address table. show mac-address-table dynamic sows the dynamically learned entries only.
    • Most problems on a switch are caused by human error – misconfiguration.
    • The command show debugging shows all the currently running debugs.
    • undebug all – will turn all debugging off.
    • The command show vlan brief shows a switches VLAN configuration.
    • If pinging 127.0.0.1 fails on a pc, there is a problem with the local PC, most likely a bad install of TCP/IP.
    • On a pc the command netstat -rn shows the pc’s routing table.
    • Additional Telnet commands:
      • show sessions shows information about each telnet session, the where command does the same thing.
      • resume x, x being the session number is used to resume a telnet session.
      • To suspend a session use the command CTRL+ALT+6.
      • To disconnect an open session use the command disconnect x, x being the session number.
    • Ping result codes:
      • !!!!! – IP connectivity to the destination is ok.
      • ….. – IP connectivity to the destination does not exist.
      • U.U.U – the local router has a route to the destination, but a downstream router does not.
    • debug ip packet – can help troubleshooting the above ping results.
    • When using traceroute or extended ping the Escape Sequence is: CTRL+SHIFT+6.
    • Extended ping can only be run from enable mode.
    • If a routing table contains multiple routes to the same destination with multiple next hops and the prefixes are different, the most specific (longest) prefix route will be used. If all of the prefix lengths are the same the Administrative Distance will be used. [AD/Metric].
    • Administrative Distance is a measure of a routes believability, with a lower AD being more believable than a route with a higher AD. AD only comes into play if the prefix lengths are the same.
    • You can set the Administrative Distance on a static route with the command ip route 55.55.55.0 255.255.255.0 192.168.1.2 150, you would do this to set a backup route if a dynamic route fails/is not available in the routing table.

    Cisco NX-OS/IOS BGP (Advanced) Comparison

    These may also assist: Undocumented Cisco Commands

    Bluetooth – Security

    Redirected from Bluetooth

     

    Source

    1 Bluetooth
    2 Wireless- History
    3 Wireless- Technologies
    4 Bluetooth- Technical Introduction
    5 Bluetooth- Advantages
    6 Bluetooth- Applications
    7 Bluetooth- Security Issues
    7.1 The SNARF attack
    7.2 The BACKDOOR attack
    7.3 The BLUEBUG attack
    7.4 Bluejacking
    7.5 Warnibbling
    8 Future of Bluetooth
    9 See also:
    10 Reference List

    Bluetooth

    Bluetooth is a new technology that utilises radio frequency waves as a way to communicate wirelessly between digital devices. It sets up personal area networks that incorporate all of a persons digital devices into one system for both convergence and convenience.

    Wireless- History

    Many people put the invention of [wireless] radio down to Guglielmo Marconi, who in 1895 sent the first radio telegraph transmission across the English Channel. Only twelve years later radio began being used in the public sphere. [Mathias, p.2] Up until then however, many wireless pioneers conducted trials across lakes where the antenna used to transmit the signal was longer than the distance across the lake. [Brodsky, p. 3] After its introduction the main use of wireless radio was for military communications where its first use was for the Boer War. [Flichy, p. 103] The invention of broadcast radio ensured the feasibility of wireless technologies. [Morrow, p. 2] By the 1920s, radio had become a well-recognised mass medium. [Flichy, p. 111] From the 1980s until now, wireless communications have been through several stages, from 1G (analogue signal), 2G (digital signal) and 3G (always on, faster data rate). [Lightman and Rojas, p. 3] The history of Bluetooth is a much more recent one, with the first Bluetooth-enabled products coming into existence in 2000. Named after Harald Blatand the first, king of Denmark around twelve hundred years ago, who joined the Danish and Norwegian kingdoms, Bluetooth technology is founded on this same unifying principle of being able to unite the computer and telecommunication industr[ies]. [Ganguli, p. 5] In 1994 the Ericsson Company began looking into the idea of replacing cables connecting accessories to mobile phones and computers with wireless links, and this became the main inspiration behind Bluetooth. [Morrow, p. 10]

    Wireless- Technologies

    Bluetooth is not the only wireless technology currently being developed and utilised. Other wireless technologies, including 802.11b, otherwise known as Wi-Fi, Infrared Data Association (IrDA), Ultra- Wideband Radio (UWB), and Home RF are being applied to similar technologies that Bluetooth use with mixed results. 802.11 is the most well known technology, excluding Bluetooth, and uses the same radio frequency, meaning that they are not compatible as they cause interference with each other. 802.11 is being implemented into universities in the US, Japan and China, as well as food and beverage shops where they are being used to identify students and customers. Even airports have taken up the 802.11 technology, with airports all over America, and three of Americas most prominent airlines promoting the use of it. [Lightman and Rojas, p. 202-3] Infrared Data Association is extremely inferior to that of Bluetooth. Its limitations include only being able to communicate point-to-point, needing a line of sight, and it has a speed of fifty- six kilobytes per second, whereas Bluetooth is one megabyte per second. [Ganguli, p. 17] The Ultra- Wideband Radio is superior to that of Bluetooth in that it can transmit at greater lengths (up to 70 metres), with only half of the power that Bluetooth uses. [Ganguli, p.17] HomeRF is a technology that is not very well known. It is used for data and voice communication and targeted for the residential market segment and does not serve enterprise- class WLANs, public access systems or fixed wireless Internet access. [Ganguli, p.17-18]

    Bluetooth- Technical Introduction

    Bluetooth is a short- range radio device that replaces cables with low power radio waves to connect electronic devices, whether they are portable or fixed. The Bluetooth device also uses frequency hopping to ensure a secure, quality link, and it uses ad hoc networks, meaning that it connects peer-to-peer. It can be operated worldwide and without a network because it uses the unlicensed Industrial- Scientific Medical (ISM) band for transmission that varies with a change in location. [Ganguli, p. 25-6] The Bluetooth user has the choice of point-to-point or point-to-multipoint links whereby communication can be held between two devices, or up to eight. [Ganguli, p. 96] When devices are communicating with each other they are known as piconets, and each device is designated as a master unit or slave unit, usually depending on who initiates the connection. However, both devices have the potential to be either a master or a slave. [Swaminatha and Elden, p. 49]

    Bluetooth- Advantages

    There are many advantages to using Bluetooth wireless technologies including the use of a radio frequency, the inexpensive cost of the device, replacing tedious cable connections, the low power use and implemented security measures. The use of an unlicensed radio frequency ensures that users do not need to gain a license in order to use it. Unlike Infrared which needs to have a line of sight in order to work, Bluetooth radio waves are omnidirectional and do not need a clear path. The device itself is relatively cheap and easy to use, one can be bought for around ten American dollars, and this price is currently decreasing. Compare this to the expensive cost of implementing hundreds of cables and wires into an office and there is no competition. Of course, this is the main reason for the take -up in Bluetooth -enabled devices; it does away with cables. Another of Bluetooths advantages is its low power use, ensuring that battery operated devices such as mobile phones and personal digital assistants wont have their battery life drained with the use of it. This low power consumption also guarantees minimal interruption from other radio operated and wireless devices that operate at a higher power. Bluetooth has several enabled security measures that ensures a level of privacy and security, including frequency hopping, whereby the device changes radio frequency sixteen hundred times per second. Also within the security tools are encryption and authentification mechanisms that guarantee little interference by unauthorised hackers. [Ganguli, p. 330] One of the best advantages of Bluetooth devices, especially the hands free device that connects to a mobile phone, is that it removes radiation from the brain region. [Tsang, p.1]

    Bluetooth- Applications

    The applications that are in development or current use for the Bluetooth technology include such areas as automotive, medical, industrial equipment, output equipment, digital -still cameras, computers, and communications systems. [Lightman and Rojas, p. 201] Bluetooth is an ad hoc network user, and therefore it may be used for social networking, i.e. people can meet and share files or link their Bluetooth devices together to play games or other such activities. [Smyth, p. 70] Using Bluetooth, a mobile phone can become a three- way phone, where at home it connects to a landline for cheaper calls, on the move it acts as a mobile phone and when it comes in contact with another Bluetooth-enabled phone it acts as a walkie- talkie. This walkie- talkie option allows for free interaction and communication, as Bluetooth is not connected to any telecommunications network. [Gupta, p.1] Bluetooth also allows automatic synchronization of your desktop, mobile computer, notebook and your mobile phone for the user to have all of their data managed as one. [Gupta, p.1]

    Bluetooth- Security Issues

    Bluetooth has several threats which range in level of risk and how widespread the action is. These threats have the ability to provide criminals with sensitive information on both corporate and personal levels. The only way to avoid such threats is for manufacturers, distributors, and consumers to be provided with more information on how they are committed, current attack activity and how to combat them. This information can be used on a technical level for manufacturers, it can be used by distributors at retail levels to teach consumers the risks and it can be used directly by consumers to be aware of the threats. The outcome of such research will allow end users of Bluetooth products to have an upper hand in this wireless warfare. Bluetooth security is in early stages with regards to both the attackers, their techniques and consumers understanding of these attacks. Some research has been conducted into what the attackers are doing and how they do it. Adam Laurie of A.L Digital Ltd http://www.thebunker.net/release-bluestumbler.htm is leading the research race in Bluetooth security and is often linked to academic resources. Laurie’s research has uncovered the following capabilities of Bluetooth attacks:

    • Confidential data such as the entire phone book, calender and the phone’s IMEI.
    • Complete memory contents of some mobile phones can be accessed by a previously trusted (“paired”) device that has since been removed from the trusted list.
    • Access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging.

    Attacks on Bluetooth devices at this stage are relatively new to consumers, and therefore are not widely seen as a real threat. Attacks such as the Bluejack attack are probably more recognised by consumers due to its perceived humorous and novelty nature as well as the ease to Bluejack someone. Users who allow their phone to be Bluejacked open the door to more serious attacks, such as the Backdoor attack which have a low level of awareness amongst consumers as attackers can attach to the device with out the users knowledge. Corporations are starting to understand the risks Bluetooth devices pose, Michael Ciarochi (in Brewin 2004) stated that ‘Bluetooth radios were included in laptop PCs that were being configured by an IT Engineer. It raises the possibility of opening a wireless back door into data stored on the PCs. Such a security weakness would be extremely attractive to hackers. Although Bluetooth invites hackers to such attacks; Bluetooth Venders are playing down the risks, Brewin (2004) said that ‘Bluetooth advocates last week dismissed growing security fears about the short-range wireless technology, saying any flaws are limited to a few mobile-phone models. They also detailed steps that users can take to secure Bluetooth devices’. There are many methods of Bluetooth attacks, the Snarf, the Backdoor, Bluebug, Bluejack and Warnibbling attack are the only recognised attacks at this early stage. Below are explanations of such attacks.

    The SNARF attack

    It is possible for attackers to connect to the device without alerting the user, once in the system sensitive data can be retrieved, such as the phone book, business cards, images, messages and voice messages.

    http://www.salzburgresearch.at/research/gfx/bluesnarf_cebit2004.pdf

    Local Copy: BlueSnarf_CeBIT2004.pdf

    The BACKDOOR attack

    The backdoor attack is a higher concern for Bluetooth users; it allows attackers to establishing a trust relationship through the “pairing” mechanism, but ensuring that the user can not see the target’s register of paired devices. In doing this attackers have access to all the data on the device, as well as access to use the modem or internet; WAP and GPRS gateways may be accessed without the owner’s knowledge or consent.

    The BLUEBUG attack

    This attack gives access to the AT command set, in other words it allows the attacker to make premium priced phone calls, allows the use of SMS, or connection the internet. Attackers can not only use the device for such fraudulent exercises it also allows identity theft to impersonate the user.

    Bluejacking

    Dibble (2004) explained that ‘Just as SMS was spawned, there’s a new craze that’s spreading across parts of Europe. Reportedly, it’s more prominent in the UK, but popular elsewhere too’. Bluejacking allows attackers to send messages to strangers in public via Bluetooth. When the phones ‘pair’ the attacked can write a message to the user. Although it may seem harmless at first, there is a downside. Once connected the attacker may then have access to any data on the users Bluetooth device, which has obvious concerns. Powell (2004: 22) explained that ‘Users can refuse any incoming message or data, so Bluejackers change their username to a short barb or compliment to beat you to the punch. For example, you might receive something along the lines of “Incoming message from: Dude, you’ve been Bluejacked.” Or, “Incoming message from: ROI is overrated.” Bluejacking is regarded as a smaller threat to Bluetooth as users being attacked are aware they have been Bluejacked. This does not mean however that they are aware that sensitive information is being accessed and used in a malicious manner.

    http://www.bluejackq.com/

    Warnibbling

    Warnibbling is a hacking technique using Redfang, or similar software that allows hackers to reveal corporate or personal sensitive information. Redfang allows hackers to find Bluetooth devices in the area, once found, the software takes you through the process of accessing any data that is stored on that device. Redfang also allows non-discoverable devices to be found. Whitehouse explains when testing Redfang ‘One of the first obstacles we had to overcome was the discovery of non-discoverable devices (it was surprising to see the number of devices that dont by default implement this security measure)’. http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf

    Future of Bluetooth

    Further information, and somewhat speculation is required for consumers and Bluetooth stakeholders on the future of Bluetooth. Such information will provide a clearer understanding of why security of Bluetooth must be improved. Luo and Lee (2004) provide a short term prediction of where Bluetooth is heading, Europe and Asian countries already offer electronic newspapers, subway tickets, and car parking fees via wireless devices. Collins (2003) says that Bluetooth devices ‘appear to be more secure than 802.11 wireless LANs. However, this situation may not last, as the Bluetooth technology becomes more widespread and attracts greater interest from the hacking community’.

    http://www.arraydev.com/commerce/jibc/0402-10.htm

    See also:

    Reference List

    • Brodsky, I. (1995) Wireless: The Revolution in Personal Telecommunications, Massachussetts, USA: Artech House Inc, ISBN 0890067171 (Erin Watson)
    • Collins, G. (2003) Bluetooth Security. Byte.com [Online], Available: Academic Search Elite, ISSN:0360-5280 [Accessed 6/9/04]. (Ben Henzell)
    • Dibble, T (2003) ‘Bluejack city: a new wireless craze is spreading through Europe’ [Online]. Available: http://www.sys-con.com/Wireless/article.cfm?id=710 [Accessed 4/8/04. (Ben Henzell)
    • Finn, E. (2004) Be carefull when you cut the cord. Popular Science [Online], vol. 264, issue. 5, p30. Available: Ebsco Host: Academic Search Elite, ISSN:0161-7370 [Accessed 6/9/04]. (Ben Henzell)
    • Flichy, P. (1995) Dynamics of Modern Communication, London: Sage Publications, ISBN 0803978502 (Erin Watson)
    • Ganguli, M. (2002) Getting Started with Bluetooth, Ohio: Premier Press, ISBN 1931841837 (Erin Watson)
    • Gupta, P. 1999. Bluetooth Technology: What are the Applications?. http://www.mobileinfo.com/Bluetooth/applic.htm (accessed August 23, 2004). (Erin Watson)
    • Laurie, B & L (2003) Serious flaws in Bluetooth security lead to disclosure of personal data [Online]. Available: http://www.thebunker.net/release-bluestumbler.htm [Accessed 4th Aug 2004]. (Ben Henzell)
    • Lightman, A. and Rojas, W. (2002) Brave New Unwired World, New York, USA: John Wiley and Sons, Inc., ISBN 0471441104 (Erin Watson)
    • Luo, X. Lee, C. (2004). Micropayments in Wireless M-Commerce: Issues, Security, and Trend[Online]. Available: http://www.arraydev.com/commerce/jibc/0402-10.htm [Accessed 4/8/2004] (Ben Henzell)
    • Morrow, R. (2002) Bluetooth Operation and Use, New York, USA: The McGraw- Hill Companies, ISBN 007138779X (Erin Watson)
    • Powell, W. (2004) The Wild Wild Web T+D [Online], Vol. 58, issue. 1, p22. Available: Academic Search Elite, ISSN:1535-7740 [Accessed 6/9/04]. (Ben Henzell)
    • Smyth, P. (ed.)(2004) Mobile and Wireless Communications: Key Technologies and Future Applications, London, UK: The Institute of Electrical Engineers, ISBN 0863413684 (Erin Watson)
    • Swaminatha, T. and Elden, C. (2003) Wireless Security and Privacy: Best Practices and Design Techniques, Massachussetts, USA: Pearson Education, Inc., ISBN 0201760347 (Erin Watson)
    • Tsang, W. et al. Date unknown. Bluetooth Applications. http://ntrg.cs.tcd.ie/undergrad/4ba2.01/group3/applications.html (accessed August 23, 2004). (Erin Watson)
    • Whitehouse, O. (2003).’War Nibbling: Bluetooth Insecurity’ [Online]. Available: http://www.atstake.com/research/reports/acrobat/atstake_war_nibbling.pdf [Accessed 9/8/04] (Ben Henzell)

    Erin Watson 08:47, 8 Sep 2004 (EST) –nhenzell 12:30, 8 Sep 2004 (EST)

    Serious flaws in bluetooth security lead to disclosure of personal data

    source

     

     

    Summary
    In November 2003, Adam Laurie of A.L. Digital Ltd. discovered that there are serious flaws in the authentication and/or data transfer mechanisms on some bluetooth enabled devices. Specifically, three vulnerabilities have been found:

    Firstly, confidential data can be obtained, anonymously, and without the owner’s knowledge or consent, from some bluetooth enabled mobile phones. This data includes, at least, the entire phone book and calendar, and the phone’s IMEI.

    Secondly, it has been found that the complete memory contents of some mobile phones can be accessed by a previously trusted (“paired”) device that has since been removed from the trusted list. This data includes not only the phonebook and calendar, but media files such as pictures and text messages. In essence, the entire device can be “backed up” to an attacker’s own system.

    Thirdly, access can be gained to the AT command set of the device, giving full access to the higher level commands and channels, such as data, voice and messaging. This third vulnerability was identified by Martin Herfurt, and they have since started working together on finding additional possible exploits resulting from this vulnerability.

    Finally, the current trend for “Bluejacking” is promoting an environment which puts consumer devices at greater risk from the above attacks.
    Vulnerabilities

    The SNARF attack:
    It is possible, on some makes of device, to connect to the device without alerting the owner of the target device of the request, and gain access to restricted portions of the stored data therein, including the entire phonebook (and any images or other data associated with the entries), calendar, real-time clock, business card, properties, change log, IMEI (International Mobile Equipment Identity [6], which uniquely identifies the phone to the mobile network, and is used in illegal phone ‘cloning’). This is normally only possible if the device is in “discoverable” or “visible” mode, but there are tools available on the Internet that allow even this safety net to be bypassed[4]. Further details will not be released at this time (see below for more on this), but the attack can and will be demonstrated to manufacturers and press if required.

    The BACKDOOR attack:
    The backdoor attack involves establishing a trust relationship through the “pairing” mechanism, but ensuring that it no longer appears in the target’s register of paired devices. In this way, unless the owner is actually observing their device at the precise moment a connection is established, they are unlikely to notice anything untoward, and the attacker may be free to continue to use any resource that a trusted relationship with that device grants access to (but note that so far we have only tested file transfers). This means that not only can data be retrieved from the phone, but other services, such as modems or Internet, WAP and GPRS gateways may be accessed without the owner’s knowledge or consent. Indications are that once the backdoor is installed, the above SNARF attack will function on devices that previously denied access, and without the restrictions of a plain SNARF attack, so we strongly suspect that the other services will prove to be available also.

    The BLUEBUG attack:
    The bluebug attack creates a serial profile connection to the device, thereby giving full access to the AT command set, which can then be exploited using standard off the shelf tools, such as PPP for networking and gnokii for messaging, contact management, diverts and initiating calls. With this facility, it is possible to use the phone to initiate calls to premium rate numbers, send sms messages, read sms messages, connect to data services such as the Internet, and even monitor conversations in the vicinity of the phone. This latter is done via a voice call over the GSM network, so the listening post can be anywhere in the world. Bluetooth access is only required for a few seconds in order to set up the call. Call forwarding diverts can be set up, allowing the owner’s incoming calls to be intercepted, either to provide a channel for calls to more expensive destinations, or for identity theft by impersonation of the victim.

    Bluejacking:
    Although known to the technical community and early adopters for some time, the process now known as “Bluejacking”[1] has recently come to the fore in the consumer arena, and is becoming a popular mechanism for exchanging anonymous messages in public places. The technique involves abusing the bluetooth “pairing”[2] protocol, the system by which bluetooth devices authenticate each other, to pass a message during the initial “handshake” phase. This is possible because the “name” of the initiating bluetooth device is displayed on the target device as part of the handshake exchange, and, as the protocal allows a large user defined name field – up to 248 characters – the field itself can be used to pass the message. This is all well and good, and, on the face of it, fairly harmless, but, unfortunately, there is a down side. There is a potential security problem with this, and the more the practice grows and is accepted by the user community, and leveraged as a marketing tool by the vendors, the worse it will get. The problem lies in the fact that the protocol being abused is designed for information exchange. The ability to interface with other devices and exchange, update and synchronise data, is the raison d’être of bluetooth. The bluejacking technique is using the first part of a process that allows that exchange to take place, and is therefore open to further abuse if the handshake completes and the “bluejacker” successfully pairs with the target device. If such an event occurs, then all data on the target device becomes available to the initiator, including such things as phone books, calendars, pictures and text messages. As the current wave of PDA and telephony integration progresses, the volume and quality of such data will increase with the devices’ capabilities, leading to far more serious potential compromise. Given the furore that irrupted when a second-hand Blackberry PDA was sold without the previous owner’s data having been wiped[3], it is alarming to think of the consequences of a single bluejacker gathering an entire corporate staff’s contact details by simply attending a conference or camping outside their building or in their foyer with a bluetooth capable device and evil intent. Of course, corporates are not the only potential targets – a bluejacking expedition to, say, The House of Commons, or The US Senate, could provide some interesting, valuable and, who’s to say, potentially damaging or compromising data.<<<

     

    The above may sound alarmist and far fetched, and the general reaction would probably be that most users would not be duped into allowing the connection to complete, so the risk is small. However, in today’s society of instant messaging, the average consumer is under a constant barrage of unsolicited messages in one form or another, whether it be by SPAM email, or “You have won!” style SMS text messages, and do not tend to treat them with much suspicion (although they may well be sceptical about the veracity of the offers). Another message popping up on their ‘phone saying something along the lines of “You have won 10,000 pounds! Enter this 4 digit PIN number and then dial 0900-SUCKER to collect your prize!” is unlikely to cause much alarm, and is more than likely to succeed in many cases.

    Workarounds and fixes
    We are not aware of any workarounds for the SNARF or BLUEBUG attacks at this time, other than to switch off bluetooth. For permanent fixes, see the ‘Fixes’ section at the bottom of the page.

    To permanently remove a pairing, and protect against future BACKDOOR attacks, it seems you must perform a factory reset, but this will, of course, erase all your personal data.

    To avoid Bluejacking, “just say no”. :)

    The above methods work to the best of our knowledge, but, as the devices affected are running closed-source proprietary software, it not possible to verify that without the collaboration of the manufacturers. We therefore make no claims as to the level of protection they provide, and you must continue to use bluetooth at your own risk.

    Who’s Vulnerable
    To date the quantity of devices tested is not great. However, due to the fact that they are amongst the most popular brands, we still consider the affected group to be large. It is also assumed that there are shared implementations of the bluetooth stack, so what affects one model is likely to affect others. This table is accurate to the best of our knowledge, but without the cooperation of the manufacturers (which we currently do not have), it is not possible to conduct more extensive validation.

    The devices known to be vulnerable at this time are:

    Vulnerability Matrix (* = NOT Vulnerable)
    MakeModelFirmware RevBACKDOORSNARF when VisibleSNARF when NOT VisibleBUG
    EricssonT6820R1B
    20R2A013
    20R2B013
    20R2F004
    20R5C001
    ?YesNoNo
    Sony EricssonR520m20R2G?YesNo?
    Sony EricssonT68i20R1B
    20R2A013
    20R2B013
    20R2F004
    20R5C001
    ?Yes??
    Sony EricssonT61020R1A081
    20R1L013
    20R3C002
    20R4C003
    20R4D001
    ?YesNo?
    Sony EricssonT61020R1A081???Yes
    Sony EricssonZ1010??Yes??
    Sony EricssonZ60020R2C007
    20R2F002
    20R5B001
    ?Yes??
    Nokia631004.10
    04.20
    4.07
    4.80
    5.22
    5.50
    ?YesYes?
    Nokia6310i4.06
    4.07
    4.80
    5.10
    5.22
    5.50
    5.51
    NoYesYesYes
    Nokia7650?YesNo (+)?No
    Nokia8910??YesYes?
    Nokia8910i??YesYes?
    * SiemensS55?NoNoNoNo
    * SiemensSX1?NoNoNoNo
    MotorolaV600 (++)?NoNoNoYes
    MotorolaV80 (++)?NoNoNoYes

    + We now believe the 7650 is only vulnerable to SNARF if it has already been BACKDOORed.
    ++ The V600 and V80 are discoverable for only 60 seconds, when first powered on or when this feature is user selected, and the window for BDADDR discovery is therefore very small. Motorola have stated that they will correct the vulnerability in current firmware.

    Disclosure
    What is the Philosophy of Full Disclosure, and why are we providing the tools and detailing the methods that allow this to be done? The reasoning is simple – by exposing the problem we are achieving two goals: firstly, to alert users that the dangers exist, in order that they can take their own precautions against compromise, and secondly, to put pressure on manufacturers to rectify the situation. Consumers have a right to expect that their confidential data is treated as such, and is not subject to simple compromise by poorly implemented protocols on consumer devices. Manufacturers have a duty of care to ensure that such protection is provided, but, in practice, commercial considerations will often take precedence, and, given the choice, they may choose to simply supress or hide the problem, or, even worse, push for laws that prevent the discovery and/or disclosure of such flaws[5]. In our humble opinion, laws provide scant consumer protection against the lawless.

    After 13 months, and in consideration of the fact that affected manufacturers had acknowledged the issues and made updated firmware available, Full Disclosure took place at the Chaos Computer Club’s annual congress – 21C3, in Berlin, 2004.

    Slides from the disclosure talk can be found here: http://trifinite.org/Downloads/21c3_Bluetooth_Hacking.pdf

    Tools
    Proof of concept utilities have been developed, but are not yet available in the wild. They are:

    • bluestumbler – Monitor and log all visible bluetooth devices (name, MAC, signal strength, capabilities), and identify manufacturer from MAC address lookup.
    • bluebrowse – Display available services on a selected device (FAX, Voice, OBEX etc).
    • bluejack – Send anoymous message to a target device (and optionally broadcast to all visible devices).
    • bluesnarf – Copy data from target device (everything if pairing succeeds, or a subset in other cases, including phonebook and calendar. In the latter case, user will not be alerted by any bluejack message).
    • bluebug – Set up covert serial channel to device.
      Tools will not be released at this time, so please do not ask. However, if you are a bona-fide manufacturer of bluetooth devices that we have been otherwise unable to contact, please feel free to get in touch for more details on how you can identify your device status.

    Credits
    The above vulnerabilities were discovered by Adam Laurie, during the course of his work with A.L. Digital, in November 2003, and this announcement was prepared thereafter by Adam and Ben Laurie for immediate release.

    Adam Laurie is Managing Director and Chief Security Officer of A.L. Digital Ltd.

    Ben Laurie is Technical Director of A.L. Digital, and author of Apache-SSL and contributor to many other open source projects, too numerous to expand on here.

    A.L. Digital Ltd. are the owner operators of The Bunker, the world’s most secure data centre(s).
    e: adam@algroup.co.uk
    w: http://www.aldigital.co.uk

    e: ben@algroup.co.uk
    w: http://www.apache-ssl.org/ben.html

    Further information relating to this disclosure will be updated at http://www.bluestumbler.org

    References:
    [1]

    [2]

    [3]

    • www.outlaw.com

    [4]

    • bluesniff
    • btscanner
    • redfang

    [5]

    [6]

    Bluetooth Wireless Specification

    Source

    This article is about the Bluetooth wireless specification. For King Harold Bluetooth, see Harold I of Denmark

    Bluetooth is an industrial specification for wireless personal area networks (PANs).

    Bluetooth provides a way to connect and exchange information between devices like personal digital assistants (PDAs), mobile phones, laptops, PCs, printers and digital cameras via a secure, low-cost, globally available short range radio frequency.

    Bluetooth lets these devices talk to each other when they come in range, even if they’re not in the same room, as long as they are within 10 metres (32 feet) of each other.

    The spec was first developed by Ericsson, later formalised by the Bluetooth Special Interest Group (SIG). The SIG was formally announced on May 20, 1999. It was established by Sony Ericsson, IBM, Intel, Toshiba and Nokia, and later joined by many other companies as Associate or Adopter members.

    Table of contents

    * 1 About the name
    * 2 General information
    o 2.1 Embedded Bluetooth
    * 3 Features by version
    o 3.1 Bluetooth 1.0 and 1.0B
    o 3.2 Bluetooth 1.1
    o 3.3 Bluetooth 1.2
    o 3.4 Bluetooth 2.0
    * 4 Future Bluetooth uses
    * 5 Security concerns
    * 6 Bluetooth profiles
    * 7 See also
    * 8 External links

    About the name

    The system is named after a Danish king Harald Blåtand (<arold Bluetooth in English), King of Denmark and Norway from 935 and 936 respectively, to 940 known for his unification of previously warring tribes from Denmark, Norway and Sweden. Bluetooth likewise was intended to unify different technologies like computers and mobile phones. The Bluetooth logo merges the Nordic runes for H and B.

    General information

     

    A typical Bluetooth mobile phone headset

    The latest version currently available to consumers is 2.0, but few manufacturers have started shipping any products yet. Apple Computer, Inc. offered the first products supporting version 2.0 to end customers in January 2005. The core chips have been available to OEMs (from November 2004), so there will be an influx of 2.0 devices in mid-2005. The previous version, on which all earlier commercial devices are based, is called 1.2.

    Bluetooth is a wireless radio standard primarily designed for low power consumption, with a short range (up to 10 meters [1], ) and with a low-cost transceiver microchip in each device.

    It can be used to wirelessly connect peripherals like printers or keyboards to computers, or to have PDAs communicate with other nearby PDAs or computers.

    Cell phones with integrated Bluetooth technology have also been sold in large numbers, and are able to connect to computers, PDAs and, specifically, to handsfree devices. BMW was the first motor vehicle manufacturer to install handsfree Bluetooth technology in its cars, adding it as an option on its 3 Series, 5 Series and X5 vehicles. Since then, other manufacturers have followed suit, with many vehicles, including the 2004 Toyota Prius and the 2004 Lexus LS 430. The Bluetooth car kits allow users with Bluetooth-equipped cell phones to make use of some of the phone’s features, such as making calls, while the phone itself can be left in a suitcase or in the boot/trunk, for instance.

    The standard also includes support for more powerful, longer-range devices suitable for constructing wireless LANs.

    A Bluetooth device playing the role of “master” can communicate with up to 7 devices playing the role of “slave”. At any given instant in time, data can be transferred between the master and one slave; but the master switches rapidly from slave to slave in a round-robin fashion. (Simultaneous transmission from the master to multiple slaves is possible, but not used much in practice). These groups of up to 8 devices (1 master and 7 slaves) are called piconets.

    The Bluetooth specification also allows connecting two or more piconets together to form a scatternet, with some devices acting as a bridge by simultaneously playing the master role in one piconet and the slave role in another piconet. These devices have yet to come, though are supposed to appear within the next two years.

    Any device may perform an “inquiry” to find other devices to which to connect, and any device can be configured to respond to such inquiries.

    Pairs of devices may establish a trusted relationship by learning (by user input) a shared secret known as a “passkey”. A device that wants to communicate only with a trusted device can cryptographically authenticate the identity of the other device. Trusted devices may also encrypt the data that they exchange over the air so that no one can listen in.

    The protocol operates in the license-free ISM band at 2.45 GHz. In order to avoid interfering with other protocols which use the 2.45 GHz band, the Bluetooth protocol divides the band into 79 channels (each 1 MHz wide) and changes channels up to 1600 times per second. Implementations with versions 1.1 and 1.2 reach speeds of 723.1 kbit/s. Version 2.0 implementations feature Bluetooth Enhanced Data Rate (EDR), and thus reach 2.1 Mbit/s. Technically version 2.0 devices have a higher power consumption, but the three times faster rate reduces the transmission times, effectively reducing consumption to half that of 1.x devices (assuming equal traffic load).

    Bluetooth differs from Wi-Fi in that the latter provides higher throughput and covers greater distances but requires more expensive hardware and higher power consumption. They use the same frequency range, but employ different multiplexing schemes. While Bluetooth is a cable replacement for a variety of applications, Wi-Fi is a cable replacement only for local area network access. A glib summary is that Bluetooth is wireless USB whereas Wi-Fi is wireless Ethernet.

    Many USB Bluetooth adapters are available, some of which also include an IrDA adapter.

    Embedded Bluetooth

    Bluetooth devices and modules are increasingly being made available which come with an embedded stack and a standard UART port. The UART protocol can be as simple as the industry standard AT protocol, which allows the device to be configured to cable replacement mode. This means it now only takes a matter of hours (instead of weeks) to enable legacy wireless products that communicate via UART port.

    Features by version

    Bluetooth 1.0 and 1.0B

    Versions 1.0 and 1.0B had numerous problems and the various manufacturers had great difficulties in making their products interoperable. 1.0 and 1.0B also had mandatory Bluetooth Hardware Device Address (BD_ADDR) transmission in the handshaking process, rendering anonymity impossible at a protocol level, which was a major set-back for services planned to be used in Bluetooth environments, such as Consumerism.

    Bluetooth 1.1

    In version 1.1 many errata found in the 1.0B specifications were fixed. There was added support for non-encrypted channels.

    Bluetooth 1.2

    This version is backwards compatible with 1.1 and the major enhancements include

    • Adaptive Frequency Hopping (AFH), which improves resistance to radio interference by avoiding using crowded frequencies in the hopping sequence
    • Higher transmission speeds in practice
    • extended Synchronous Connections (eSCO), which improves voice quality of audio links by allowing retransmissions of corrupted packets.
    • Received Signal Strength Indicator (RSSI)
    • Host Controller Interface (HCI) support for 3-wire UART
    • HCI access to timing information for Bluetooth applications.

    Bluetooth 2.0

    This version is backwards compatible with 1.x and the major enhancements include

    • Non-hopping narrowband channel(s) introduced. These are faster but have been criticised as defeating a built-in security mechanism of earlier versions; however frequency hopping is hardly a reliable security mechanism by today’s standards. Rather, Bluetooth security is based mostly on cryptography.
    • Broadcast/multicast support. Non-hopping channels are used for advertising Bluetooth service profiles offered by various devices to high volumes of Bluetooth devices simultaneously, since there is no need to perform handshaking with every device. (In previous versions the handshaking process takes a bit over one second.)
    • Enhanced Data Rate (EDR) of 2.1 Mbit/s.
    • Built-in quality of service.
    • Distributed media-access control protocols.
    • Faster response times.
    • Halved power consumption due to shorter duty cycles.

    Future Bluetooth uses

    One of the ways Bluetooth technology may become useful is in Voice over IP. When VOIP becomes more widespread, companies may find it unnecessary to employ telephones physically similar to today’s analogue telephone hardware. Bluetooth may then end up being used for communication between a cordless phone and a computer listening for VOIP and with an infrared PCI card acting as a base for the cordless phone. The cordless phone would then just require a cradle for charging. Bluetooth would naturally be used here to allow the cordless phone to remain operational for a reasonably long period.

    Security concerns

    In November 2003, Ben and Adam Laurie from A.L. Digital Ltd. discovered that serious flaws in Bluetooth security lead to disclosure of personal data (see http://bluestumbler.org). It should be noted however that the reported security problems concerned some poor implementations of Bluetooth, rather than the protocol itself.

    In a subsequent experiment, Martin Herfurt from the trifinite.group was able to do a field-trial at the CeBIT fairgrounds showing the importance of the problem to the world. A new attack called BlueBug was used for this experiment.

    In April 2004, security consultants @Stake revealed a security flaw that makes it possible to crack into conversations on Bluetooth based wireless headsets by reverse engineering the PIN.

    This is one of a number of concerns that have been raised over the security of Bluetooth communications. In 2004 the first purported virus using Bluetooth to spread itself among mobile phones appeared for the Symbian OS. The virus was first described by Kaspersky Labs and requires users to confirm the installation of unknown software before it can propagate. The virus was written as a proof-of-concept by a group of virus writers known as 29a and sent to anti-virus groups. Because of this, it should not be regarded as a security failure of either Bluetooth or the Symbian OS. It has not propagated ‘in the wild’.

    In August 2004, a world-record-setting experiment (see also Bluetooth sniping) showed that with directional antennas the range of class 2 Bluetooth radios could be extended to one mile. This enables attackers to access vulnerable Bluetooth-devices from a distance beyond expectation.

    Bluetooth uses the SAFER+ algorithm for authentication and key generation.

    Bluetooth profiles

    In order to use Bluetooth, a device must be able to interpret certain Bluetooth profiles. These define the possible applications. Following profiles are defined:

    • Generic Access Profile (GAP)
    • Service Discovery Application Profile (SDAP)
    • Cordless Telephony Profile (CTP)
    • Intercom Profile (IP)
    • Serial Port Profile (SPP)
    • Headset Profile (HSP)
    • Dial-up Networking Profile (DUNP)
    • Fax Profile
    • LAN Access Profile (LAP)
    • Generic Object Exchange Profile (GOEP)
    • Object Push Profile (OPP)
    • File Transfer Profile (FTP)
    • Synchronisation Profile (SP)

    This profile allows synchronisation of Personal Information Manager (PIM) items. As this profile originated as part of the infra-red specifications but has been adopted by the Bluetooth SIG to form part of the main Bluetooth specification, it is also commonly referred to as IrMC Synchronisation.

    • Hands-Free Profile (HFP)
    • Human Interface Device Profile (HID)
    • Hard Copy Replacement Profile (HCRP)
    • Basic Imaging Profile (BIP)
    • Personal Area Networking Profile (PAN)
    • Basic Printing Profile (BPP)
    • Advanced Audio Distribution Profile (A2DP)
    • Audio Video Remote Control Profile (AVRCP)
    • SIM Access Profile (SAP)

    Compatibility of products with profiles can be verified on the Bluetooth Qualification website.

    See also

    External links