The Wonderful World of COSMOS

by Bill from RNOC / Legion of Doom

Computer System for Main Frame Operations (COSMOS) is a database program used by various telephone companies to keep track of central office facilities.  COSMOS gives information such as: how many cables or telephone numbers are currently available and what their status is.  COSMOS is used by many departments now.  It was originally for use in the frame room and Loop Assignment Center (LAC), for keeping track of both wires and paper (orders).

When someone orders a new telephone line from the business office, the request for service is entered into a billing computer.  Once the billing details are in order, a service order is input into COSMOS.  The fact that a service order placed in COSMOS can theoretically be completed without billing is most likely what attracts hackers the most.  Keep in mind that COSMOS doesn't complete the orders, the people who use it do.

Dispelling COSMOS Myths

You cannot get from a COSMOS system in Massachusetts to one in New Jersey.  Each Bell Operating Company (BOC) computer system is unrelated.

You can not get onto Loop Maintenance Operation System (LMOS) from COSMOS.  In earlier versions there were two commands LMOS and LMOSH which were used in transferring data tape from COSMOS to LMOS.  This is no longer done.

History

Bell Labs set out to design a mechanized system which would alleviate paperwork - thus COSMOS was born in the early 1970s.  COSMOS is now supported by Bell Communications Research (BELLCORE).  COSMOS can now run on several types of computers.  The DEC PDP-11/70 and the PDP-11/45 (no longer used) run COSNIX as the operating system.  On AT&T 3B20, COSMOS is running under UNIX (5.0.5).  Generic 16 is the latest version.  When Generic 17 comes out, it will only run on UNIX-based COSMOS systems.  It will run on the following super-minis: AT&T 3B20, the Sperry CCI, and some Pyramid super-minis.  Further ahead, COSMOS may be run on big mainframes, but that idea is just on paper now.

If you find UNIX-based COSMOS, you will not be able to tell it from any other UNIX system.  It does not prompt you for a Wire Center (WC) until you have entered a valid login and password.
login: rm01
password:

* = * = * = * = * = * = * = * = *

  Welcome to COSMOS system 3!

  cosmos 16.0.3    unix 5.05

  Data line trouble call: 611

  Data base info call: 555-1212

* = * = * = * = * = * = * = * = *
wc? 26

26% <--- and you're in!
In this first section, I am dealing with COSNIX (God rest its soul).
NAME: CON1
PASSWORD:
WC? 26

TT23: MUX=DJ DELAY=5 UPLOW ECHO LOGIN
**********  WELCOME TO COSMOS 15.4.8.7 SYSTEM 3 ***********
***********************************************************
            LAST TDAS TAPE LOADED ON 04-01-87

      ATTENTION ALL FRAMES!!- .SCPA IS UP AND RUNNING.
                 
				 HAVE A NICE DAY!
***********************************************************

26#
What does all this mean?

TTxx:  Is the teletype (TTY) that the user logged in on.  TTY numbers range from TT01-TT96.  You can also get your TTY number by using the TTY command.  The system console is TT00.  The options for a specific TTY are kept in a file called /ETC/LINES.

MUX:  PDP-11/70s can have different types of multiplexers.  DJ is a DJ11 mux.  These are asynchronous, 16-line multiplexers.  DZ is a DZ11.  These are less expensive than the DJ11.  A DZ11 is an asynchronous 8- or 16-line mux.  "MUX=DK" indicates DATAKIT Virtual Circuit System (VCS).  A DK allows users to select which system they with to enter.  An 11/70 hooked up to a DATAKIT usually has 60 TTYs (as opposed to 96).

DELAY:  This word specifies the number of nulls (Control-@) to be sent before each line.  The nulls sent are equal to the DELAY number.  Many users log on to COSMOS with printing terminals.  These printers cannot always print as fast as they can receive.  Nulls will give the printers more time to print without slowing down CRTs.  Too many nulls slow down 300 baud so they are kept at a moderate level.

UPLOW:  COSNIX uses only upper-case.  UPLOW converts lower-case and echos it in UPPERCASE.  This is achieved by running a program called /BIN/LCASE when a user logs on.

ECHO:  Indicates that the computer will echo back (full-duplex).

LOGIN:  Indicates that you just logged on.  COSNIX, like UNIX, has an /ETC/PASSWD (password) file.  This is similar to the UNIX PASSWD file but has some differences.  Here is a sample /ETC/PASSWD file:
ROOT:NE2IDORF:0:::1:/:/USR/COSMOS
BIN:NE2IDORF:1::Y:1:/BIN:/USR/COSMOS
COM1:EPOHA3DU:2::Y:1:/USR/TMP:/USR/COSMOS:/USR/PREOP:/USR/SO:/USR/MMC
COM2:EPOHA3DU:3::Y:2:/USR/TMP:/USR/COSMOS:/USR/PREOP:/USR/SO:/USR/MMC
PA01:0062DAER:4::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO
PA02:KSLN1NPA:5::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO
NA01:4D17YT21:6::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO
IN01:DROL0OHS:7::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO
RC01:DAED7IBF:8::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO
FM01:LOD1HNJ7:9::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO
SS01:PSOSDEF9:10::Y:3:/USR/TMP:/USR/COSMOS:/USR/SO
The fields of a COSNIX /ETC/PASSWD are as follows.  The fields are separated by colons ':' in the password file.  The fields are as follows:

Username

Encrypted Password

User Number

Description Fields (unused)

Dial-Up User ("Y" for yes, nothing for no)

User Group (1 = full access, 2 = shell user, restricted access)

Home Directory

Path

Path...

The COM accounts are used by the Mini-computer Maintenance Center (MMC) or the COSMOS database manager (DBM).  0:1 is the only user who can execute the change of password command.  As in UNIX, /ETC/PASSWD can be left unprotected, but is almost never left that way.

COSNIX has another file called /ETC/LINES.  This file lists the TTY numbers and which users can access them.  It also specifies duplex, baud rate, and privileges (in some cases).
1-2,USERS=ROOT;BIN;COM1,ECHO,UPLOW,DELAY=5,MESSAGE
3-9,USERS=PA*;NA*;RC*;COM2,ECHO,UPLOW,DELAY=5
10-22,USERS=PA*;NA*;FM*;RC*;SS*;IN*;COM*,UPLOW,DELAY=10
23-60,USERS=FM*;SS*;IN*,ECHO,UPLOW,DELAY=5
The first field is the TTY number. "USERS=" indicates which users access which TTYs. If a user has an asterisk after the group name, then it allows all users. If a line doesn't have the word "ECHO" there, then it's for half-duplex users only. "MESSAGE" will write a message to TT00 (the system console) stating that someone just logged on with privs. If you login with privs on a "MESSAGE" TTY, your prompt will be an asterisk. If the /ETC/LINES file is changed, a security feature of COSNIX will pick it up.
COSNIX Prompts:

WC% = Average user
WC# = Super user, user group 1 in /ETC/PASSWORD
WC* = Super user MESSAGE TTY in /ETC/LINES
The /ETC/MATRIX.S file says which users can access which COSMOS commands. COSMOS commands are kept in the /USR/COSMOS directory.
/ PERMIT MATRIX    04-01-84
/ UPDATED FOR 15.4.8. ON 11-25-85
/* COSMOS USER-CATEGORY-TRANSACTION PERMISSION FILE

/* LIST OF FAMILY NAMES AND CATEGORY ASSOCIATED WITH EACH
NAMES:
/ SYSTEM ADMINISTRATOR
<COM>; 01.;
/ LOOP ASSIGNMENT CENTER (LAC)
<PA>; 02.;
/ FRAME ROOM
<FM>; 03.;
/ RECENT CHANGE MEMORY ADM. CENTER (RC MAC)
<RC>; 04.;
/ INFORMATION USERS
<IN>; 05.;
/ SPECIAL SERVICES
<SS>; 06.;
NAMESEND:
ALLTRAN:   / =0 MEANS USE MATRIX TO DETERMINE TRANS. PERMISSION
        0  / =1 MEANS ALL TRANSACTIONS ARE PERMITTED.

CATEGORY:
        0
/* TRANSACTION VERSUS CATEGORY PERMIT MATRIX
TRANX:

/*   1 2 3 4 5 6 >
<ACE 1 1 0 0 0 0 >
<ADT 0 0 0 0 0 0 >
<AIT 1 0 0 0 0 0 >
<ALF 1 0 0 0 0 0 >
<ALI 1 0 0 0 0 0 >
<ALK 1 0 0 0 0 0 >
<ALP 1 0 0 0 0 0 >
<ARG 1 1 1 1 1 1 >
<AUD 1 0 0 0 0 0 >
<AZC 1 1 1 0 1 0 >
<BAI 1 1 1 0 1 0 >
<CAY 1 1 1 0 0 0 >
<CCA 1 1 1 1 0 0 >
.
.
.
<WCC 1 1 1 1 1 1 >
The /ETC/MATRIX.S file gives the different user group numbers, then makes a table cross-referencing them with command names.  A "1" means that family can use the command and a "0" means they can't.

Prefixes and Brief Descriptions

AO:  Associated Order - When creating a service order (ORD), the option AO can be used.  This indicates that there is another ORD pertinent to the one being worked with.  The two orders should be completed together.

BL:  Bridge Lifter - These are used with Telephone Answering Services (TAS).  The TAS has an extension of the customer's line.  A BL allows one location, the customer's house, to have priority.  If the TAS is on the customer's line, and the customer picks up, he will have priority and the TAS will be disconnected.

BTN:  Billing Telephone Number - This indicates that one line's calls get placed on the bill of another line.

CCF:  Custom Calling Features - COSMOS has an option which can define the features (three-way, call waiting, etc.) on a line.  These features would be, for the most part, listed by three characters.  This option can only be used with electronic or digital offices.
CUSTOM CALLING FEATURES TABLE:

INDIVIDUAL CCFs
***************
SAM           SAMPLE FEATURE
  1ES=1/1AESS      EF2=2/2BESS        3ES=3ESS
  DMC=DMS 100                         5ES=5ESS

ESM           CALL FORWARD POTS
  1ES=ESM          EF2=ESM            3ES=ESM
  DMC=CFW                             5ES=/CFV

ESX           CALL WAITING POTS
  1ES=ESX          EF2=ESX            3ES=ESX
  DMC=CWT                             5ES=/CWT

ESC           3 WAY CALLING POTS
  1ES=ESC          EF2=ESC            3ES=ESC
  DMC=3WC                             5ES=/MW3WC

ESL           SPEED CALLING 0
  1ES=ESL          EF2=ESL            3ES=ESL
  DMS=SC1                             5ES=/IDSC1C

ESF           SPEED CALLING 30
  1ES=ESF          EF2=ESF            3ES=ESF
  DMC=SC2                             5ES=/IDSC2C

EAN           CONFERENCE CALLING CENTREX
  1ES=EAN,E2H      EF2=EAN            3ES=
  DMC=CNF                             5ES=/MW6WC
SAM is the feature identifier code in COSMOS.  The codes following the switch names (1ES, DMC, 5ES, etc.) would be the feature identifier code on the different electronic/digital switches.

CP:  Cable Pair - A CP is the wire which goes from the Central Office (CO) to the customer's premises.

CS:  Class of Service - RES, BUS, PBX, DTF (Dial Tone First coin line).  The CS is a general service category.  It varies from place to place.

DD:  Due Date - A DD is simply the date a specific ORD should be completed by.

FDD:  Frame Due Date - This is the date when all work on the Main Distributing Frame (MDF) should be completed.  It is usually a day or two before the DD.  This will ensure that the line is working, before a lineman goes to the customer's premises.

FEA:  Features - These are line features common to all types of switching equipment.

Touch-Tone/Rotary

Sleeve Lead/No Sleeve

Essential Service/Non-essential

Ground Start/Loop Start

A sleeve is part of a subscriber trunk.  A grounded sleeve indicates the line is busy.  Customers who own fancy equipment such as a PBX will have sleeve lead.  This means the sleeve will be run into their location.

Essential service means that the customer is on a priority service list, in case of emergency.  If the switch were to break (electro-mechanical) or crash (electronic), the customer's line would be one of the first restored.  Essential service also indicates a good chance to get a toll call through when lines are tied up (i.e. flood, hurricane, wars for Israel).  Usually doctors, coin phones, and govemment officials have essential service.

A normal line is loop start, meaning when you pick up the phone you get a dial tone.  If a line is ground start you must touch the tip (lead) to ground to get a dial tone.  Ground start lines are mostly used by PBX customers.

HF:  Hunt From - This indicates that when the line specified after the HF is busy, calls will hunt to the TN in question.

HT:  Hunt To - This indicates that when the line is busy, calls will hunt to the given TN.

LOC:  This is the location of either the CP or OE on the MDF.

OC:  Order Class - An OC represents special treatment for an ORD.  I am not fully familiar with the different types.  OC HOT indicates that the ORD is on a priority completion list and should be done right away.  This is normally used when a customer has a service failure.

OE:  Office Equipment - An OE is the physical piece of equipment that a line takes up in the switch.  In electronic offices, there is a line card with memory which holds the attributes of the line.  In electro-mechanical offices an OE is a small network of electronic components: changes are hard-wired and not kept in memory.

ORD:  Order Number - An ORD is the service order's name.  It is indefinitive, but follows a certain standard.  It can be any group of characters (up to 25), but is usually the OT followed by six numbers (ORD OT123456).

OT:  Order Type - An OT signifies what a specific ORD does, whether it's a new line or just a change made to an old one.

PIC:  Primary Independent Carrier - This option, while hardly used, will display the customer's equal access choice by its three-digit code.  Some systems use the alpha code, while most use the numeric.

Note:  This is not a complete list of carriers but covers most of the big ones.  This list serves a double purpose, as the PIC codes are the same as equal access 10XXX codes.
PIC   Alpha   Company Name
001   RTT     Republic Telecom
007   TMC     TMC
009   MCR     ???
011   MTD     Metromedia Long Distance
040   ???     Teledial America
053   ANW     American Network
066   ???     MAX/Lexitel
080   ???     Aatel
084   LDS     LDS Metromedia Long Distance
211   RTC     RCI
220   WUT     Western Union Long Distance
221   TSR     Telsavers
222   MCI     MCI/AMEX/Sears Long Distance
223   TDX     TDX Systems Inc.
224   ACT     ???
228   ATX     AT&T
234   ACC     ACC
245   TDT     Taconic Telephone
258   ???     Metronet
272   BPA     Bell of PA
286   ???     Clark Long Distance
288   ATT     AT&T
322   ASH     American Sharcom
333   UST     US Telecom (now US SPRINT network)
345   NCF     ???
362   ELC     Electronic Office Center
421   CLK     Comlink
432   LGT     Litel / Lighttel (Doesn't want name being givin out.)
442   FNE     First Phone of New England
452   VNS     Virtual Network Services
456   ACC     Argo Communications
488   ITT     ITT Longer Distance Services
497   ECA     Econo-call
539   LDX     LDX / Allnet Communications Services (Lexitel)
555   TLP     TeleSphere
652   NJB     New Jersey Bell
654   CBD     Cincinnati Bell Long Distance
698   NYT     New York Telephone
776   ???     Liberty Telephone (950-1776 cute)
777   GSP     GTE SPRINT (now US SPRINT network 2)
800   RCA     RCA/Satelco
826   TLM     TEL MAN
833   BTI     Business Telecos
835   TLC     TeleConnect
850   TKC     TollKall
852   TSI     Telecom Systems
888   SBS     SBS Skyline (now MCI)
963   TNX     ???
999   SNC     Starnet Corporation
PL: Private Line - A PL is a special circuit setup between two COs. It can be a Foreign Exchange (FX), or WATS, or just any type of long distance connection. A PL name can be up to 25 characters and has little other information about it kept in COSMOS. PL information is usually kept in Trunk Integrated Record Keeping System (TIRKS).

SE: Special Equipment - SE is used when a circuit, usually a PL, requires something which cannot be achieved with an OE. When you look up a line owned by TELCO (Telephone Company) instead of a cable pair, it will have house cable. It will look like this:
SE HSE.CBL   ST WK     DATE 04-10-87
TN:  Telephone Number - This is a telephone number, plain and simple.

TT:  Telephone Number Type - This is not rigid.  When a COSMOS database is set up, different TNs are asssigned TTs.  They do not have to be stuck to, but they are a good idea (organization, how novel).

US:  USOC (Universal Service Order Code) - This is the COSMOS equivalent of an LCC.  For example: 1FR, 2FR, 4FR are 1-, 2-, and 4-party line flat rate.  1MR and 1MB are measured residence and measured business.  DTF and DFA are dial tone first coin.  10F is an official TELCO line.

Essentially, a phone line is comprised of a CP - the wire which runs to the customer premises.  The TN is the network address dialable from anywhere, and the OE is the equipment which makes it all work.

Modifiers
CP: BL, LOC
TN: BTN, HF, HT, TT
OE: CCF, CS, FEA, PIC, US
ORD: AO, DD, FDD, OC, OT
CP Status

WK: Working Pair  (Pair in use)

SF: Spare  (Unused pair)

RS: Reserved  (For future assignment)

UK: Unknown  (This is rarely used, and shows sloppy work on the part of the TELCO)

D1-9: Defective Cable

D1 = Short Circuit

D2 = Ground Ring-Side

D3 = Ground Tip-side

D4 = Cross Battery

D5 = Open Ring-Side  (Ring-side not connected)

D6 = Open Tip-Side

D7 = Open Both Sides

D8 = Ground Both Sides

D9 = Unbalanced Voltage

PC: Pending Connect  (The CP is being added to a circuit)

PD: Pending Disconnect  (The CP is being removed from a circuit)

TN Status

WK: Working  (Number in use)

OF: Official TELCO Line

TS: Test Line  (Used on loop, terminations, recordings...)

UNQ: Unique  (Used for special numbers, such as NNX-0000)

SF: Spare  (Willing and ready... for assignment)

NP: Non-Published Number  (Used when customer changes old number due to a problem such as crank calls.  The NP informs people looking up the line to not disclose information.)

AV: Same as SF  (Seems rather silly to me)

UK: Unknown  (Someone spilled coffee on the paper work)

DO: Disconnected Number  (Instead of a recording, there will be an operator to announce a change is service)

DM: Disconnected Machine  (Recorded intercept, "The number you have reached has been disconnected...")

CO: Changed Number  (Operator intercept)

CM: Changed Number  (Machine intercept)

PC: Pending Connect  (The TN is being added to a circuit)

PD: Pending Disconnect  (The TN is being removed from a circuit)

In all cases, if a facility (TN, OE, CP) is either PC or PD, it will have a regular status (WK, SF, DM, etc.) also.

An OE status is the same as both a CP or a TN status code.

OT - Order Types

NC: New Connect  (A new circuit is being built)

CD: Complete Disconnect  (An existing circuit is being removed)

CN: Change  (An existing circuit is being changed; new TN, different FEA, etc.)

F and T: From and To  (These are AO - I'm not too familiar with them)

SS and RS Suspension/ Restoral of Service  (These are used when bills are left unpaid!

TT - Telephone Number Types

B: Business Line  (Usually thousand, or hundred group numbers (i.e. NNX-2000, NNX-2600, etc.)

C: Coin Line  (Usually in the 9XXX range)

D: Official TELCO Line  (Usually NNX-99XX or NNX-00XX mmbers)

T: Test Line  (Usually NNX-99XX or NNX-00XX numbers)

G: Good  (This, as far as I can tell, is assigned to numbers which can be both residence or business lines.  The numbers are usually catchy - NNX-1222, NNX-1212, NNX-1234, etc.)

X: Other  (Basically, your run of the mill number - NNX-9089 or NNX-7689, etc.)

Q: Centrex Numbers  (Usually a hundred group range - NNX-1000 to NNX-1099)

To get a listing of orders in COSMOS, you can use the SOL command.  On the Hunt line of the SOL it says "OT NC."  This will only print out an ORO if its type is a new connect.  You can specify OT, OC, DD, FDD, and ORD in an SOL.

Return to $2600 Index