The Wonderful World of COSMOS
by Bill from RNOC / Legion of Doom
Computer System for Main Frame Operations (COSMOS) is a database program used by various telephone companies to keep track of central office facilities. COSMOS gives information such as: how many cables or telephone numbers are currently available and what their status is. COSMOS is used by many departments now. It was originally for use in the frame room and Loop Assignment Center (LAC), for keeping track of both wires and paper (orders).
When someone orders a new telephone line from the business office, the request for service is entered into a billing computer. Once the billing details are in order, a service order is input into COSMOS. The fact that a service order placed in COSMOS can theoretically be completed without billing is most likely what attracts hackers the most. Keep in mind that COSMOS doesn't complete the orders, the people who use it do.
Dispelling COSMOS Myths
You cannot get from a COSMOS system in Massachusetts to one in New Jersey. Each Bell Operating Company (BOC) computer system is unrelated.
You can not get onto Loop Maintenance Operation System (LMOS) from COSMOS. In earlier versions there were two commands LMOS and LMOSH which were used in transferring data tape from COSMOS to LMOS. This is no longer done.
History
Bell Labs set out to design a mechanized system which would alleviate paperwork - thus COSMOS was born in the early 1970s. COSMOS is now supported by Bell Communications Research (BELLCORE). COSMOS can now run on several types of computers. The DEC PDP-11/70 and the PDP-11/45 (no longer used) run COSNIX as the operating system. On AT&T 3B20, COSMOS is running under UNIX (5.0.5). Generic 16 is the latest version. When Generic 17 comes out, it will only run on UNIX-based COSMOS systems. It will run on the following super-minis: AT&T 3B20, the Sperry CCI, and some Pyramid super-minis. Further ahead, COSMOS may be run on big mainframes, but that idea is just on paper now.
If you find UNIX-based COSMOS, you will not be able to tell it from any other UNIX system. It does not prompt you for a Wire Center (WC) until you have entered a valid login and password.
login: rm01 password: * = * = * = * = * = * = * = * = * Welcome to COSMOS system 3! cosmos 16.0.3 unix 5.05 Data line trouble call: 611 Data base info call: 555-1212 * = * = * = * = * = * = * = * = * wc? 26 26% <--- and you're in!In this first section, I am dealing with COSNIX (God rest its soul).
NAME: CON1 PASSWORD: WC? 26 TT23: MUX=DJ DELAY=5 UPLOW ECHO LOGIN ********** WELCOME TO COSMOS 15.4.8.7 SYSTEM 3 *********** *********************************************************** LAST TDAS TAPE LOADED ON 04-01-87 ATTENTION ALL FRAMES!!- .SCPA IS UP AND RUNNING. HAVE A NICE DAY! *********************************************************** 26#What does all this mean?
TTxx: Is the teletype (TTY) that the user logged in on. TTY numbers range from TT01-TT96. You can also get your TTY number by using the TTY command. The system console is TT00. The options for a specific TTY are kept in a file called /ETC/LINES.
MUX: PDP-11/70s can have different types of multiplexers. DJ is a DJ11 mux. These are asynchronous, 16-line multiplexers. DZ is a DZ11. These are less expensive than the DJ11. A DZ11 is an asynchronous 8- or 16-line mux. "MUX=DK" indicates DATAKIT Virtual Circuit System (VCS). A DK allows users to select which system they with to enter. An 11/70 hooked up to a DATAKIT usually has 60 TTYs (as opposed to 96).
DELAY: This word specifies the number of nulls (Control-@) to be sent before each line. The nulls sent are equal to the DELAY number. Many users log on to COSMOS with printing terminals. These printers cannot always print as fast as they can receive. Nulls will give the printers more time to print without slowing down CRTs. Too many nulls slow down 300 baud so they are kept at a moderate level.
UPLOW: COSNIX uses only upper-case. UPLOW converts lower-case and echos it in UPPERCASE. This is achieved by running a program called /BIN/LCASE when a user logs on.
ECHO: Indicates that the computer will echo back (full-duplex).
LOGIN: Indicates that you just logged on. COSNIX, like UNIX, has an /ETC/PASSWD (password) file. This is similar to the UNIX PASSWD file but has some differences. Here is a sample /ETC/PASSWD file:
ROOT:NE2IDORF:0:::1:/:/USR/COSMOS BIN:NE2IDORF:1::Y:1:/BIN:/USR/COSMOS COM1:EPOHA3DU:2::Y:1:/USR/TMP:/USR/COSMOS:/USR/PREOP:/USR/SO:/USR/MMC COM2:EPOHA3DU:3::Y:2:/USR/TMP:/USR/COSMOS:/USR/PREOP:/USR/SO:/USR/MMC PA01:0062DAER:4::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO PA02:KSLN1NPA:5::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO NA01:4D17YT21:6::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO IN01:DROL0OHS:7::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO RC01:DAED7IBF:8::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO FM01:LOD1HNJ7:9::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO SS01:PSOSDEF9:10::Y:3:/USR/TMP:/USR/COSMOS:/USR/SOThe fields of a COSNIX /ETC/PASSWD are as follows. The fields are separated by colons ':' in the password file. The fields are as follows:
- Username
- Encrypted Password
- User Number
- Description Fields (unused)
- Dial-Up User ("Y" for yes, nothing for no)
- User Group (1 = full access, 2 = shell user, restricted access)
- Home Directory
- Path
- Path...
The COM accounts are used by the Mini-computer Maintenance Center (MMC) or the COSMOS database manager (DBM). 0:1 is the only user who can execute the change of password command. As in UNIX, /ETC/PASSWD can be left unprotected, but is almost never left that way.
COSNIX has another file called /ETC/LINES. This file lists the TTY numbers and which users can access them. It also specifies duplex, baud rate, and privileges (in some cases).
1-2,USERS=ROOT;BIN;COM1,ECHO,UPLOW,DELAY=5,MESSAGE 3-9,USERS=PA*;NA*;RC*;COM2,ECHO,UPLOW,DELAY=5 10-22,USERS=PA*;NA*;FM*;RC*;SS*;IN*;COM*,UPLOW,DELAY=10 23-60,USERS=FM*;SS*;IN*,ECHO,UPLOW,DELAY=5The first field is the TTY number. "USERS=" indicates which users access which TTYs. If a user has an asterisk after the group name, then it allows all users. If a line doesn't have the word "ECHO" there, then it's for half-duplex users only. "MESSAGE" will write a message to TT00 (the system console) stating that someone just logged on with privs. If you login with privs on a "MESSAGE" TTY, your prompt will be an asterisk. If the /ETC/LINES file is changed, a security feature of COSNIX will pick it up.
COSNIX Prompts: WC% = Average user WC# = Super user, user group 1 in /ETC/PASSWORD WC* = Super user MESSAGE TTY in /ETC/LINESThe /ETC/MATRIX.S file says which users can access which COSMOS commands. COSMOS commands are kept in the /USR/COSMOS directory.
/ PERMIT MATRIX 04-01-84 / UPDATED FOR 15.4.8. ON 11-25-85 /* COSMOS USER-CATEGORY-TRANSACTION PERMISSION FILE /* LIST OF FAMILY NAMES AND CATEGORY ASSOCIATED WITH EACH NAMES: / SYSTEM ADMINISTRATOR <COM>; 01.; / LOOP ASSIGNMENT CENTER (LAC) <PA>; 02.; / FRAME ROOM <FM>; 03.; / RECENT CHANGE MEMORY ADM. CENTER (RC MAC) <RC>; 04.; / INFORMATION USERS <IN>; 05.; / SPECIAL SERVICES <SS>; 06.; NAMESEND: ALLTRAN: / =0 MEANS USE MATRIX TO DETERMINE TRANS. PERMISSION 0 / =1 MEANS ALL TRANSACTIONS ARE PERMITTED. CATEGORY: 0 /* TRANSACTION VERSUS CATEGORY PERMIT MATRIX TRANX: /* 1 2 3 4 5 6 > <ACE 1 1 0 0 0 0 > <ADT 0 0 0 0 0 0 > <AIT 1 0 0 0 0 0 > <ALF 1 0 0 0 0 0 > <ALI 1 0 0 0 0 0 > <ALK 1 0 0 0 0 0 > <ALP 1 0 0 0 0 0 > <ARG 1 1 1 1 1 1 > <AUD 1 0 0 0 0 0 > <AZC 1 1 1 0 1 0 > <BAI 1 1 1 0 1 0 > <CAY 1 1 1 0 0 0 > <CCA 1 1 1 1 0 0 > . . . <WCC 1 1 1 1 1 1 >The /ETC/MATRIX.S file gives the different user group numbers, then makes a table cross-referencing them with command names. A "1" means that family can use the command and a "0" means they can't.
Prefixes and Brief Descriptions
AO: Associated Order - When creating a service order (ORD), the option AO can be used. This indicates that there is another ORD pertinent to the one being worked with. The two orders should be completed together.
BL: Bridge Lifter - These are used with Telephone Answering Services (TAS). The TAS has an extension of the customer's line. A BL allows one location, the customer's house, to have priority. If the TAS is on the customer's line, and the customer picks up, he will have priority and the TAS will be disconnected.
BTN: Billing Telephone Number - This indicates that one line's calls get placed on the bill of another line.
CCF: Custom Calling Features - COSMOS has an option which can define the features (three-way, call waiting, etc.) on a line. These features would be, for the most part, listed by three characters. This option can only be used with electronic or digital offices.
CUSTOM CALLING FEATURES TABLE: INDIVIDUAL CCFs *************** SAM SAMPLE FEATURE 1ES=1/1AESS EF2=2/2BESS 3ES=3ESS DMC=DMS 100 5ES=5ESS ESM CALL FORWARD POTS 1ES=ESM EF2=ESM 3ES=ESM DMC=CFW 5ES=/CFV ESX CALL WAITING POTS 1ES=ESX EF2=ESX 3ES=ESX DMC=CWT 5ES=/CWT ESC 3 WAY CALLING POTS 1ES=ESC EF2=ESC 3ES=ESC DMC=3WC 5ES=/MW3WC ESL SPEED CALLING 0 1ES=ESL EF2=ESL 3ES=ESL DMS=SC1 5ES=/IDSC1C ESF SPEED CALLING 30 1ES=ESF EF2=ESF 3ES=ESF DMC=SC2 5ES=/IDSC2C EAN CONFERENCE CALLING CENTREX 1ES=EAN,E2H EF2=EAN 3ES= DMC=CNF 5ES=/MW6WCSAM is the feature identifier code in COSMOS. The codes following the switch names (1ES, DMC, 5ES, etc.) would be the feature identifier code on the different electronic/digital switches.
CP: Cable Pair - A CP is the wire which goes from the Central Office (CO) to the customer's premises.
CS: Class of Service - RES, BUS, PBX, DTF (Dial Tone First coin line). The CS is a general service category. It varies from place to place.
DD: Due Date - A DD is simply the date a specific ORD should be completed by.
FDD: Frame Due Date - This is the date when all work on the Main Distributing Frame (MDF) should be completed. It is usually a day or two before the DD. This will ensure that the line is working, before a lineman goes to the customer's premises.
FEA: Features - These are line features common to all types of switching equipment.
- Touch-Tone/Rotary
- Sleeve Lead/No Sleeve
- Essential Service/Non-essential
- Ground Start/Loop Start
A sleeve is part of a subscriber trunk. A grounded sleeve indicates the line is busy. Customers who own fancy equipment such as a PBX will have sleeve lead. This means the sleeve will be run into their location.
Essential service means that the customer is on a priority service list, in case of emergency. If the switch were to break (electro-mechanical) or crash (electronic), the customer's line would be one of the first restored. Essential service also indicates a good chance to get a toll call through when lines are tied up (i.e. flood, hurricane, wars for Israel). Usually doctors, coin phones, and govemment officials have essential service.
A normal line is loop start, meaning when you pick up the phone you get a dial tone. If a line is ground start you must touch the tip (lead) to ground to get a dial tone. Ground start lines are mostly used by PBX customers.
HF: Hunt From - This indicates that when the line specified after the HF is busy, calls will hunt to the TN in question.
HT: Hunt To - This indicates that when the line is busy, calls will hunt to the given TN.
LOC: This is the location of either the CP or OE on the MDF.
OC: Order Class - An OC represents special treatment for an ORD. I am not fully familiar with the different types. OC HOT indicates that the ORD is on a priority completion list and should be done right away. This is normally used when a customer has a service failure.
OE: Office Equipment - An OE is the physical piece of equipment that a line takes up in the switch. In electronic offices, there is a line card with memory which holds the attributes of the line. In electro-mechanical offices an OE is a small network of electronic components: changes are hard-wired and not kept in memory.
ORD: Order Number - An ORD is the service order's name. It is indefinitive, but follows a certain standard. It can be any group of characters (up to 25), but is usually the OT followed by six numbers (ORD OT123456).
OT: Order Type - An OT signifies what a specific ORD does, whether it's a new line or just a change made to an old one.
PIC: Primary Independent Carrier - This option, while hardly used, will display the customer's equal access choice by its three-digit code. Some systems use the alpha code, while most use the numeric.
Note: This is not a complete list of carriers but covers most of the big ones. This list serves a double purpose, as the PIC codes are the same as equal access 10XXX codes.
PIC Alpha Company Name 001 RTT Republic Telecom 007 TMC TMC 009 MCR ??? 011 MTD Metromedia Long Distance 040 ??? Teledial America 053 ANW American Network 066 ??? MAX/Lexitel 080 ??? Aatel 084 LDS LDS Metromedia Long Distance 211 RTC RCI 220 WUT Western Union Long Distance 221 TSR Telsavers 222 MCI MCI/AMEX/Sears Long Distance 223 TDX TDX Systems Inc. 224 ACT ??? 228 ATX AT&T 234 ACC ACC 245 TDT Taconic Telephone 258 ??? Metronet 272 BPA Bell of PA 286 ??? Clark Long Distance 288 ATT AT&T 322 ASH American Sharcom 333 UST US Telecom (now US SPRINT network) 345 NCF ??? 362 ELC Electronic Office Center 421 CLK Comlink 432 LGT Litel / Lighttel (Doesn't want name being givin out.) 442 FNE First Phone of New England 452 VNS Virtual Network Services 456 ACC Argo Communications 488 ITT ITT Longer Distance Services 497 ECA Econo-call 539 LDX LDX / Allnet Communications Services (Lexitel) 555 TLP TeleSphere 652 NJB New Jersey Bell 654 CBD Cincinnati Bell Long Distance 698 NYT New York Telephone 776 ??? Liberty Telephone (950-1776 cute) 777 GSP GTE SPRINT (now US SPRINT network 2) 800 RCA RCA/Satelco 826 TLM TEL MAN 833 BTI Business Telecos 835 TLC TeleConnect 850 TKC TollKall 852 TSI Telecom Systems 888 SBS SBS Skyline (now MCI) 963 TNX ??? 999 SNC Starnet CorporationPL: Private Line - A PL is a special circuit setup between two COs. It can be a Foreign Exchange (FX), or WATS, or just any type of long distance connection. A PL name can be up to 25 characters and has little other information about it kept in COSMOS. PL information is usually kept in Trunk Integrated Record Keeping System (TIRKS).
SE: Special Equipment - SE is used when a circuit, usually a PL, requires something which cannot be achieved with an OE. When you look up a line owned by TELCO (Telephone Company) instead of a cable pair, it will have house cable. It will look like this:
SE HSE.CBL ST WK DATE 04-10-87TN: Telephone Number - This is a telephone number, plain and simple.
TT: Telephone Number Type - This is not rigid. When a COSMOS database is set up, different TNs are asssigned TTs. They do not have to be stuck to, but they are a good idea (organization, how novel).
US: USOC (Universal Service Order Code) - This is the COSMOS equivalent of an LCC. For example: 1FR, 2FR, 4FR are 1-, 2-, and 4-party line flat rate. 1MR and 1MB are measured residence and measured business. DTF and DFA are dial tone first coin. 10F is an official TELCO line.
Essentially, a phone line is comprised of a CP - the wire which runs to the customer premises. The TN is the network address dialable from anywhere, and the OE is the equipment which makes it all work.
Modifiers
CP: BL, LOC TN: BTN, HF, HT, TT OE: CCF, CS, FEA, PIC, US ORD: AO, DD, FDD, OC, OTCP Status
- WK: Working Pair (Pair in use)
- SF: Spare (Unused pair)
- RS: Reserved (For future assignment)
- UK: Unknown (This is rarely used, and shows sloppy work on the part of the TELCO)
- D1-9: Defective Cable
- D1 = Short Circuit
- D2 = Ground Ring-Side
- D3 = Ground Tip-side
- D4 = Cross Battery
- D5 = Open Ring-Side (Ring-side not connected)
- D6 = Open Tip-Side
- D7 = Open Both Sides
- D8 = Ground Both Sides
- D9 = Unbalanced Voltage
- PC: Pending Connect (The CP is being added to a circuit)
- PD: Pending Disconnect (The CP is being removed from a circuit)
TN Status
- WK: Working (Number in use)
- OF: Official TELCO Line
- TS: Test Line (Used on loop, terminations, recordings...)
- UNQ: Unique (Used for special numbers, such as NNX-0000)
- SF: Spare (Willing and ready... for assignment)
- NP: Non-Published Number (Used when customer changes old number due to a problem such as crank calls. The NP informs people looking up the line to not disclose information.)
- AV: Same as SF (Seems rather silly to me)
- UK: Unknown (Someone spilled coffee on the paper work)
- DO: Disconnected Number (Instead of a recording, there will be an operator to announce a change is service)
- DM: Disconnected Machine (Recorded intercept, "The number you have reached has been disconnected...")
- CO: Changed Number (Operator intercept)
- CM: Changed Number (Machine intercept)
- PC: Pending Connect (The TN is being added to a circuit)
- PD: Pending Disconnect (The TN is being removed from a circuit)
In all cases, if a facility (TN, OE, CP) is either PC or PD, it will have a regular status (WK, SF, DM, etc.) also.
An OE status is the same as both a CP or a TN status code.
OT - Order Types
- NC: New Connect (A new circuit is being built)
- CD: Complete Disconnect (An existing circuit is being removed)
- CN: Change (An existing circuit is being changed; new TN, different FEA, etc.)
- F and T: From and To (These are AO - I'm not too familiar with them)
- SS and RS Suspension/ Restoral of Service (These are used when bills are left unpaid!
TT - Telephone Number Types
- B: Business Line (Usually thousand, or hundred group numbers (i.e. NNX-2000, NNX-2600, etc.)
- C: Coin Line (Usually in the 9XXX range)
- D: Official TELCO Line (Usually NNX-99XX or NNX-00XX mmbers)
- T: Test Line (Usually NNX-99XX or NNX-00XX numbers)
- G: Good (This, as far as I can tell, is assigned to numbers which can be both residence or business lines. The numbers are usually catchy - NNX-1222, NNX-1212, NNX-1234, etc.)
- X: Other (Basically, your run of the mill number - NNX-9089 or NNX-7689, etc.)
- Q: Centrex Numbers (Usually a hundred group range - NNX-1000 to NNX-1099)
To get a listing of orders in COSMOS, you can use the SOL command. On the Hunt line of the SOL it says "OT NC." This will only print out an ORO if its type is a new connect. You can specify OT, OC, DD, FDD, and ORD in an SOL.