In article <Kc6Nl.22445$9J5.1277@newsfe13.iad>,
nobody@devnull.spamcop.net says...
> So tell me, why do you love pcbutts
>

Do you really think it's a place to discuss that? This is a XP group and
should be limited to discussions about XP and solutions presented for
problems related to XP.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

> Brian A. wrote:
>> <snip>
>>> The trouble with NAT is that the bad guys just slap their
>>> guess as to what your internal off Internet address on
>>> to their probe. They find you very quickly if your internal
>>> off Internet address is 192.168.0.xxx. (Recommendation:
>>> pick an internal address other than 192.168.0.0/24 or
>>> 192.168.1.0/24.)
>>>
>>> NAT does not stop incoming requests called SYN (TCP) or
>>> state "New" (TCP or UDP). It only stops traffic not
>>> properly addressed to your internal network. Enough
>>> guessing and the bad guys will find you.
>>
>> If that were to be true, every network in the universe would be no
>> more, Port probes are being performed 24/7 and have been for years.
>>
>> The Client sends a SYN to the Server requesting a connection.
>> The Server sends back a SYN-ACK to the Client acknowledging the request.
>> The Client responds with an ACK and the connection is completed.
>>
>> Port probes are looking for any open Port, and if they don't find one,
>> they move on to the next possible victim without ever responding with an
>> ACK to the Server. Without an ACK response from the Client, the Server
>> will wait X amount of time before sending another SYN-ACK, then again,
>> and again, etc. until it reaches it's max set of times to send. It's
>> when a Sever is overwhelmed with these Half-Open connections that it
>> becomes a real issue.
>>
>
> Hi Brian,
>
> You are correct. You are missing that the probe can include an
> internal address as well as the required external address.
>
> An unsuccessful sample attack on my machine for you:
>
> kernel: Incomming SYN IN=eth1 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.46
> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=228 DF PROTO=TCP SPT=1030 DPT=80
> WINDOW=8192 RES=0x00 SYN URGP=0
>
> Translation:
> SRC is my NAT router (192.168.1.1) on my 1st Ethernet port
>
> RST is a virtual machine (192.168.1.46) on my second Ethernet
> port that has not run for over three weeks (currently off)
>
> SYN is a SYN packet
>
> The probe got right through my NAT router (and got stopped by my
> software firewall). NAT is a good idea in a lot of ways.
> And it does stop tons of state=new packets. But, as I have
> shown, you can poke through it. It takes a lot more skill,
> so it does cut way down on the bad guys attempt to probe
> you. But it does not stop all unsolicited state=new probes.
> This is why I am tell everyone that doubts me that
> *NAT is not a firewall*.
>
> -T

And what makes you think that's a probe instead of a real request? You
mention the DST is a VM, how is that connected to physical port on the
router? Being that it is a VM, what security measures are in place for it?
Being a VM does not make it secure. What is the VM used for, any type of
server or service?


--

Brian A. Sesko
Conflicts start where information lacks.
http://basconotw.mvps.org/

Suggested posting do's/don'ts: http://www.dts-l.org/goodpost.htm
How to ask a question: http://support.microsoft.com/kb/555375

ToddAndMargo wrote:

> What triggered my question is a customer who relies on NAT (only,
> no firewall), and he is constantly getting tagged with one
> v1rus or another. I am trying to get him off IE, get a
> standardized decient antivirus, software firewall, and a *real*
> firewall.
>
> The reason I am suspicious of the NAT only router is the machines
> that seem to get tagged are usually just sitting there not being used.
> Not being used, as the users are afraid to use them -- threats
> from the management and all. They are suppose to file a single
> report once a day on the Internet. Otherwise, they just sit there.
> (Sit there collecting v1ruses.)
>
> I was looking for a way to show him he needed to upgrade to
> a real firewall. I have been told that the SonicWALL TZ180 is
> good. Any thoughts?

SonicWALL has a very good reputation, they are amongst the few that that
make reasonably affordable business class routers. But I can't give any
recommendations on any particular model because I don't have any
experience with their products and, more importantly, I don't know the
topology of the network where the product is meant to be installed.

Furthermore, you should listen to what Leythos told you, the virus
problems almost certainly have nothing to do with NAT or the router
being used! Installing a new router will not resolve any virus problems
that is going around on the internal LAN.

John

Leythos wrote:
> In article <Kc6Nl.22445$9J5.1277@newsfe13.iad>,
> nobody@devnull.spamcop.net says...
>> So tell me, why do you love pcbutts
>>
>
> Do you really think it's a place to discuss that? This is a XP group
> and should be limited to discussions about XP and solutions presented
> for problems related to XP.

No, I do not. That's the imposter at work; not me.

Twayne`

In article <ugxMzxL0JHA.5684@TK2MSFTNGP04.phx.gbl>,
nobody@devnull.spamcop.net says...
>
> Leythos wrote:
> > In article <Kc6Nl.22445$9J5.1277@newsfe13.iad>,
> > nobody@devnull.spamcop.net says...
> >> So tell me, why do you love pcbutts
> >>
> >
> > Do you really think it's a place to discuss that? This is a XP group
> > and should be limited to discussions about XP and solutions presented
> > for problems related to XP.
>
> No, I do not. That's the imposter at work; not me.
>
> Twayne`

Sorry, you're right, I failed to check the headers to verify it was you
before I hit send in my reply.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)

John John - MVP wrote:

> Furthermore, you should listen to what Leythos told you, the virus
> problems almost certainly have nothing to do with NAT or the router
> being used! Installing a new router will not resolve any virus problems
> that is going around on the internal LAN.
>
> John

Oh I certainly am. A real firewall is only one of several parts I
want to implement. I think I said what they are in a previous post.

My only disagreement with Leythos was the stupid comment. All you
have to do is "visit" an compromised web site with Internet Explorer
and you are infected. The users has no control over it, except
stop using IE.

Thank you for the tip on Sonic Wall. I appreciate your input.

These guys with their 127.0.0.1 for compromised site goes
as long way to protecting you too:

http://www.mvps.org/winhelp2002/hosts.htm

-T

Brian A. wrote:
>> Brian A. wrote:
>>> <snip>
>>>> The trouble with NAT is that the bad guys just slap their
>>>> guess as to what your internal off Internet address on
>>>> to their probe. They find you very quickly if your internal
>>>> off Internet address is 192.168.0.xxx. (Recommendation:
>>>> pick an internal address other than 192.168.0.0/24 or
>>>> 192.168.1.0/24.)
>>>>
>>>> NAT does not stop incoming requests called SYN (TCP) or
>>>> state "New" (TCP or UDP). It only stops traffic not
>>>> properly addressed to your internal network. Enough
>>>> guessing and the bad guys will find you.
>>>
>>> If that were to be true, every network in the universe would be no
>>> more, Port probes are being performed 24/7 and have been for years.
>>>
>>> The Client sends a SYN to the Server requesting a connection.
>>> The Server sends back a SYN-ACK to the Client acknowledging the request.
>>> The Client responds with an ACK and the connection is completed.
>>>
>>> Port probes are looking for any open Port, and if they don't find one,
>>> they move on to the next possible victim without ever responding with an
>>> ACK to the Server. Without an ACK response from the Client, the Server
>>> will wait X amount of time before sending another SYN-ACK, then again,
>>> and again, etc. until it reaches it's max set of times to send. It's
>>> when a Sever is overwhelmed with these Half-Open connections that it
>>> becomes a real issue.
>>>
>>
>> Hi Brian,
>>
>> You are correct. You are missing that the probe can include an
>> internal address as well as the required external address.
>>
>> An unsuccessful sample attack on my machine for you:
>>
>> kernel: Incomming SYN IN=eth1 OUT= MAC= SRC=192.168.1.1 DST=192.168.1.46
>> LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=228 DF PROTO=TCP SPT=1030 DPT=80
>> WINDOW=8192 RES=0x00 SYN URGP=0
>>
>> Translation:
>> SRC is my NAT router (192.168.1.1) on my 1st Ethernet port
>>
>> RST is a virtual machine (192.168.1.46) on my second Ethernet
>> port that has not run for over three weeks (currently off)
>>
>> SYN is a SYN packet
>>
>> The probe got right through my NAT router (and got stopped by my
>> software firewall). NAT is a good idea in a lot of ways.
>> And it does stop tons of state=new packets. But, as I have
>> shown, you can poke through it. It takes a lot more skill,
>> so it does cut way down on the bad guys attempt to probe
>> you. But it does not stop all unsolicited state=new probes.
>> This is why I am tell everyone that doubts me that
>> *NAT is not a firewall*.
>>
>> -T
>
> And what makes you think that's a probe instead of a real request? You
> mention the DST is a VM, how is that connected to physical port on the
> router? Being that it is a VM, what security measures are in place for
> it? Being a VM does not make it secure. What is the VM used for, any
> type of server or service?
>
>

Hi Brian,

Looking over that report, it is not a good example. It is my idiot
Verizon DSL modem probing my port 80 looking to see if I am running
a web page.

Searching through my logs, I have not found on this week. But
trust me, they are there. I have even hear Kim Komando say
she sees them occasionally on her firewall logs. I believe they
are spoofed packets.

Host: Cent OS 5.3
Guests: XP-Pro-SP3, Vista, W7rc, Kubuntu, LiveCD/Bart test

I am a busy guy. Interesting when you see/use several
OS's how the religious extremism melts away. They all
have their strengths and weaknesses. They only one
I really don't like is Vista. But, the good news is that
w7 really, really cleaned Vista up (except for XP program
compatibility, but they are working an an "XP" box).

-T

<snipped>
Read the entire conversation:
http://groups.google.com/group/micro...79a58e5ce5a68/



Leythos wrote:
<snip>
> With all of the issues that have been in the media, anyone getting
> malware has just got to be stupid, at least for the most part.
<snip>

<snipped>

ToddAndMargo wrote:
<snip>
> My only disagreement with Leythos was the stupid comment. All you
> have to do is "visit" an compromised web site with Internet Explorer
> and you are infected. The users has no control over it, except
> stop using IE.
<snip>

Seriously?

I am surprised (given your other comments) you can say something like, "The
users has no control over it, except stop using IE." Not all problems
center around Microsoft created anything. You can (and people do) get
infested/infected using all sorts of different browsers. ;-)

I do disagree with the Leythos quote (above - although I haven't checked to
confirm it was actually Leythos who posted it) in that people can be
intelligent and even careful and still get infested/infected; but for you to
say that the users have no control over such things except to stop using
Internet Explorer - that does show some level of at least self-inflicted
blindness on your part.

I personally use Firefox and Internet Explorer just about evenly. I use IE7
for the most part but have 'upgraded' to IE8 on several machines. In many
ways - some of the features others may find useful, I find a bit annoying -
but I am sure I will get used to them and even probably miss them eventually
on non-'upgraded' machines.

For the most part - users of the machines I help manage utilize IE7. They
have the option (always have) of using Firefox - but some (could because of
limitations of web pages and plugins they have to use) don't use it at all
and others only click on it infrequently (sometimes I think out of curiosity
or strange accident.) There are some that use it a lot, excluding when they
need to use the certain pages I alluded to.

*None* have become infected/infested. They've had scares (in both cases) -
but thanks to the setup (which consists mainly of them being 'user-level'
and protected by AV/AS with the built-in firewall enabled and most behind a
drawbridge firewall - the latter two of which has little effect in this
discussion of spyware/adware infection via web pages) they have not been
infested/infected in the years I have been around and helping to manage
them.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Shenan Stanley wrote:
>
> Leythos wrote:
> <snip>
>> With all of the issues that have been in the media, anyone getting
>> malware has just got to be stupid, at least for the most part.
> <snip>
>
> <snipped>
>
> ToddAndMargo wrote:
> <snip>
>> My only disagreement with Leythos was the stupid comment. All you
>> have to do is "visit" an compromised web site with Internet Explorer
>> and you are infected. The users has no control over it, except
>> stop using IE.
> <snip>

> Seriously?
>
> I am surprised (given your other comments) you can say something like, "The
> users has no control over it, except stop using IE." Not all problems
> center around Microsoft created anything. You can (and people do) get
> infested/infected using all sorts of different browsers. ;-)

I like to use several overlapping security features to protect
my users. One of them is to get off IE. IE has a L-O-N-G soiled
reputations for being security swiss cheese. And, yes, if a
user lands on a compromised site, he typically has no control
over it, depending on the virus.

By the way, Mozilla pays for security bugs last I heard. And,
they usually fix them in two days. Compare that with IE, which
is a week to never.

There is no religious extremism here. It is just the way it
is. IE is just bad (security) code. There are all sorts of
charts out on the Internet comparing security problems in
Firefox to IE. They will open your eyes. Microsoft makes
other good stuff -- don't get your nickers in a twist.

-T

<snipped>
Read the entire conversation:
http://groups.google.com/group/micro...79a58e5ce5a68/




Leythos wrote:
<snip>
> With all of the issues that have been in the media, anyone getting
> malware has just got to be stupid, at least for the most part.
<snip>

<snipped>

ToddAndMargo wrote:
<snip>
> My only disagreement with Leythos was the stupid comment. All you
> have to do is "visit" an compromised web site with Internet
> Explorer and you are infected. The users has no control over it,
> except stop using IE.
<snip>

Shenan Stanley wrote:
> Seriously?
>
> I am surprised (given your other comments) you can say something
> like, "The users has no control over it, except stop using IE." Not all
> problems center around Microsoft created anything. You can
> (and people do) get infested/infected using all sorts of different
> browsers. ;-)
> I do disagree with the Leythos quote (above - although I haven't
> checked to confirm it was actually Leythos who posted it) in that
> people can be intelligent and even careful and still get
> infested/infected; but for you to say that the users have no
> control over such things except to stop using Internet Explorer -
> that does show some level of at least self-inflicted blindness on
> your part.
> I personally use Firefox and Internet Explorer just about evenly. I use
> IE7 for the most part but have 'upgraded' to IE8 on several
> machines. In many ways - some of the features others may find
> useful, I find a bit annoying - but I am sure I will get used to
> them and even probably miss them eventually on non-'upgraded'
> machines.
> For the most part - users of the machines I help manage utilize
> IE7. They have the option (always have) of using Firefox - but
> some (could because of limitations of web pages and plugins they
> have to use) don't use it at all and others only click on it
> infrequently (sometimes I think out of curiosity or strange
> accident.) There are some that use it a lot, excluding when they
> need to use the certain pages I alluded to.
> *None* have become infected/infested. They've had scares (in both
> cases) - but thanks to the setup (which consists mainly of them
> being 'user-level' and protected by AV/AS with the built-in
> firewall enabled and most behind a drawbridge firewall - the latter
> two of which has little effect in this discussion of spyware/adware
> infection via web pages) they have not been infested/infected in
> the years I have been around and helping to manage them.

ToddAndMargo wrote:
> I like to use several overlapping security features to protect
> my users. One of them is to get off IE. IE has a L-O-N-G soiled
> reputations for being security swiss cheese. And, yes, if a
> user lands on a compromised site, he typically has no control
> over it, depending on the virus.
>
> By the way, Mozilla pays for security bugs last I heard. And,
> they usually fix them in two days. Compare that with IE, which
> is a week to never.
>
> There is no religious extremism here. It is just the way it
> is. IE is just bad (security) code. There are all sorts of
> charts out on the Internet comparing security problems in
> Firefox to IE. They will open your eyes. Microsoft makes
> other good stuff -- don't get your nickers in a twist.

Let's do clarify one thing - if Microsoft disappeared tomorrow completely -
I could care less. No celebration, no mourning - just a different day.

It was not that you were attacking Microsoft that prompted my response - it
was/is the inferrence of "you'll be safe if you don't use IE" in the
statement you made I was referring to. A little to specific to ring true.
If you had said the same thing about Opera or FireFox - the response would
have been no different.

Reputations (good and bad) are often exaggerated to ridiculous proportions
by such blanket statements such as the one you made. I just wanted to chime
in before someone read it and took it as gospel.

While I personally will (and have) recommend people use alternative browsers
(to Internet Explorer) for various reasons, including security - the
statement you made should have been broader, IMO.

'These days, all you have to do is "visit" a compromised web site and you
may get infected/infested.'

You may be using the latest Firefox, the latest Opera, the lates Internet
Explorer with the latest patches on each of them. You might even have other
protections in place beyond that afforded to you by the browsers themselves.
You can still be blind-sided and that changes every day.

Give and take.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

> It was not that you were attacking Microsoft that prompted my response - it
> was/is the inferrence of "you'll be safe if you don't use IE" in the
> statement you made I was referring to. A little to specific to ring true.
> If you had said the same thing about Opera or FireFox - the response would
> have been no different.

"Safer." Not completely safe. It is like you are about to
choose a plane to fly on. You could go with the one with
both wings about to fall off or the one with the bad seats.

"Safer". I never meant to imply complete safely. If I am
remembering the charts I have looked at, IE is about 4 times
more likely to have security holes than FF. FF also fixed
security holes much, much faster.

And FF is not the file system. IE and Windows Explorer (WE)
are the same thing. Compromise IE and you have compromised
your file system. Now that deserves the title of "stupid".
You can do a lot more damage with IE/WE than you can FF.

> You can still be blind-sided and that changes every day.

True. I think I will pick the plane with the bad seats.

-T

<snipped>
Read the entire conversation:
http://groups.google.com/group/micro...79a58e5ce5a68/




Leythos wrote:
<snip>
> With all of the issues that have been in the media, anyone getting
> malware has just got to be stupid, at least for the most part.
<snip>

<snipped>

ToddAndMargo wrote:
<snip>
> My only disagreement with Leythos was the stupid comment. All you
> have to do is "visit" an compromised web site with Internet
> Explorer and you are infected. The users has no control over it,
> except stop using IE.
<snip>

Shenan Stanley wrote:
> Seriously?
>
> I am surprised (given your other comments) you can say something
> like, "The users has no control over it, except stop using IE." Not all
> problems center around Microsoft created anything. You can
> (and people do) get infested/infected using all sorts of different
> browsers. ;-)
>
> I do disagree with the Leythos quote (above - although I haven't
> checked to confirm it was actually Leythos who posted it) in that
> people can be intelligent and even careful and still get
> infested/infected; but for you to say that the users have no
> control over such things except to stop using Internet Explorer -
> that does show some level of at least self-inflicted blindness on
> your part.
>
> I personally use Firefox and Internet Explorer just about evenly. I use
> IE7 for the most part but have 'upgraded' to IE8 on several
> machines. In many ways - some of the features others may find
> useful, I find a bit annoying - but I am sure I will get used to
> them and even probably miss them eventually on non-'upgraded'
> machines.
>
> For the most part - users of the machines I help manage utilize
> IE7. They have the option (always have) of using Firefox - but
> some (could because of limitations of web pages and plugins they
> have to use) don't use it at all and others only click on it
> infrequently (sometimes I think out of curiosity or strange
> accident.) There are some that use it a lot, excluding when they
> need to use the certain pages I alluded to.
>
> *None* have become infected/infested. They've had scares (in both
> cases) - but thanks to the setup (which consists mainly of them
> being 'user-level' and protected by AV/AS with the built-in
> firewall enabled and most behind a drawbridge firewall - the latter
> two of which has little effect in this discussion of spyware/adware
> infection via web pages) they have not been infested/infected in
> the years I have been around and helping to manage them.

ToddAndMargo wrote:
> I like to use several overlapping security features to protect
> my users. One of them is to get off IE. IE has a L-O-N-G soiled
> reputations for being security swiss cheese. And, yes, if a
> user lands on a compromised site, he typically has no control
> over it, depending on the virus.
>
> By the way, Mozilla pays for security bugs last I heard. And,
> they usually fix them in two days. Compare that with IE, which
> is a week to never.
>
> There is no religious extremism here. It is just the way it
> is. IE is just bad (security) code. There are all sorts of
> charts out on the Internet comparing security problems in
> Firefox to IE. They will open your eyes. Microsoft makes
> other good stuff -- don't get your nickers in a twist.

Shenan Stanley wrote:
> Let's do clarify one thing - if Microsoft disappeared tomorrow
> completely - I could care less. No celebration, no mourning - just
> a different day.
> It was not that you were attacking Microsoft that prompted my
> response - it was/is the inferrence of "you'll be safe if you don't
> use IE" in the statement you made I was referring to. A little too
> specific to ring true. If you had said the same thing about Opera
> or FireFox - the response would have been no different.
>
> Reputations (good and bad) are often exaggerated to ridiculous
> proportions by such blanket statements such as the one you made. I
> just wanted to chime in before someone read it and took it as
> gospel.
> While I personally will (and have) recommend people use alternative
> browsers (to Internet Explorer) for various reasons, including
> security - the statement you made should have been broader, IMO.
>
> 'These days, all you have to do is "visit" a compromised web site
> and you may get infected/infested.'
>
> You may be using the latest Firefox, the latest Opera, the latest
> Internet Explorer with the latest patches on each of them. You
> might even have other protections in place beyond that afforded to
> you by the browsers themselves. You can still be blind-sided and
> that changes every day.
> Give and take.

ToddAndMargo wrote:
> "Safer." Not completely safe. It is like you are about to
> choose a plane to fly on. You could go with the one with
> both wings about to fall off or the one with the bad seats.
>
> "Safer". I never meant to imply complete safely. If I am
> remembering the charts I have looked at, IE is about 4 times
> more likely to have security holes than FF. FF also fixed
> security holes much, much faster.
>
> And FF is not the file system. IE and Windows Explorer (WE)
> are the same thing. Compromise IE and you have compromised
> your file system. Now that deserves the title of "stupid".
> You can do a lot more damage with IE/WE than you can FF.
>
> True. I think I will pick the plane with the bad seats.

The possibility of mis-interpretation of your original statement is lowered
greatly now. Thanks.

However - if you would like to provide web links to these charts you looked
at - that would be great.

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html

Shenan Stanley wrote:

> However - if you would like to provide web links to these charts you looked
> at - that would be great.

Just do a Google Search.

Here is one: http://news.cnet.com/8301-1009_3-10190206-83.html
Note the days it took IE to fix their bugs. The red ones were not
patched as on 12/31/08.

-T

To ToddandMargo - please realise there is a person that writes here
impersonating MVP`s and gives bad advice .






On Sat, 09 May 2009 12:47:46 -0700, ToddAndMargo
<ToddAndMargo@invalid.com> wrote:

>John John - MVP wrote:
>
>> Furthermore, you should listen to what Leythos told you, the virus
>> problems almost certainly have nothing to do with NAT or the router
>> being used! Installing a new router will not resolve any virus problems
>> that is going around on the internal LAN.
>>
>> John
>
>Oh I certainly am. A real firewall is only one of several parts I
>want to implement. I think I said what they are in a previous post.
>
>My only disagreement with Leythos was the stupid comment. All you
>have to do is "visit" an compromised web site with Internet Explorer
>and you are infected. The users has no control over it, except
>stop using IE.
>
>Thank you for the tip on Sonic Wall. I appreciate your input.
>
>These guys with their 127.0.0.1 for compromised site goes
>as long way to protecting you too:
>
>http://www.mvps.org/winhelp2002/hosts.htm
>
>-T

In article <ud3wIGS0JHA.5528@TK2MSFTNGP03.phx.gbl>, newshelper******.com
says...
> It was not that you were attacking Microsoft that prompted my response - it
> was/is the inferrence of "you'll be safe if you don't use IE" in the
> statement you made I was referring to. A little to specific to ring true.
> If you had said the same thing about Opera or FireFox - the response would
> have been no different.
>

I have thousands of customers that use IE and have never been
compromised. While IE is an exploit path, it's not bad enough in a
properly secured environment that you have to stop using it.

If you employ block-lists of most non-US countries, content filtering at
your firewall, basic Windows security measures, and you keep your
patches updated along with a quality AV solution, there is little real
chance that you will become compromised.

That being said, using IE or Fire Fox, if you ignore all of the warnings
from the last decade, you WILL be compromised.

--
- Igitur qui desiderat pacem, praeparet bellum.
- Calling an illegal alien an "undocumented worker" is like calling a
drug dealer an "unlicensed pharmacist"
spam999free@rrohio.com (remove 999 for proper email address)