Mailing List Archive: NANOG: users

Is it time to abandon bogon prefix filters?

1 2 3 4

View All

Index | Next | Previous | View Threaded

bicknell at ufp

Aug 6, 2008, 6:09 AM

Post #1 of 88 (616 views)
Permalink

Is it time to abandon bogon prefix filters?

"Bogon" filters made a lot of sense when most of the Internet was
bogons. Back when 5% of the IP space was allocated blocking the
other 95% was an extremely useful endevour. However, by the same
logic as we get to 80-90% used, blocking the 20-10% unused is
reaching diminishing returns; and at the same time the rate in which
new blocks are allocated continues to increase causing more and
more frequent updates.

Have bogon filters outlived their use? Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?

--
Leo Bicknell - bicknell[at]ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

darden at armc

Aug 6, 2008, 6:18 AM

Post #2 of 88 (592 views)
Permalink

RE: Is it time to abandon bogon prefix filters? [In reply to]

Yes. 1918 (10/8, 172.16/12, 192.168/16), D, E, reflective (outgoing
mirroring), and as always individual discretion.

--Patrick Darden

-----Original Message-----
From: Leo Bicknell [mailto:bicknell[at]ufp.org]
Sent: Wednesday, August 06, 2008 9:10 AM
To: nanog[at]nanog.org
Subject: Is it time to abandon bogon prefix filters?

"Bogon" filters made a lot of sense when most of the Internet was
bogons. Back when 5% of the IP space was allocated blocking the
other 95% was an extremely useful endevour. However, by the same
logic as we get to 80-90% used, blocking the 20-10% unused is
reaching diminishing returns; and at the same time the rate in which
new blocks are allocated continues to increase causing more and
more frequent updates.

Have bogon filters outlived their use? Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?

--
Leo Bicknell - bicknell[at]ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

robt at cymru

Aug 6, 2008, 7:28 AM

Post #3 of 88 (591 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

This makes sense especially for static filters. Automated feeds, such
as the bogon route-server or DNS zones, leaves folks with options.

--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");

patrick at ianai

Aug 6, 2008, 7:55 AM

Post #4 of 88 (591 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

On Aug 6, 2008, at 10:28 AM, Rob Thomas wrote:

> This makes sense especially for static filters. Automated feeds,
> such as the bogon route-server or DNS zones, leaves folks with
> options.

Honestly, I don't believe the 80/20 rules applies here.

Until all transit networks are willing to strictly filter their
downstreams (and themselves!), if there is any unused space (note I
said "unused", not "unallocated"), the miscreants will use it. They
are not going around saying "oh, damn, there are only a few /8s left,
we better stop!".

Filter your bogons. But do it in an automated fashion, from a trusted
source.

Of course, I recommend Team Cymru, which has a most sterling record.
Nearly perfect (other than the fact they still recommend MD5 on BGP
sessions :).

--
TTFN,
patrick

randy at psg

Aug 6, 2008, 8:01 AM

Post #5 of 88 (589 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

> Until all transit networks are willing to strictly filter their
> downstreams (and themselves!), if there is any unused space (note I said
> "unused", not "unallocated"), the miscreants will use it.

serious curiosity:

what is the proportion of bad stuff coming from unallocated space vs
allocated space? real measurements, please. and are there longitudinal
data on this?

are the uw folk, gatech, vern, ... measuring?

randy

robt at cymru

Aug 6, 2008, 8:18 AM

Post #6 of 88 (589 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

> serious curiosity:
>
> what is the proportion of bad stuff coming from unallocated space vs
> allocated space? real measurements, please. and are there longitudinal
> data on this?

Let me see what we can produce in the way of data. I'll just count
2008, though I could go back further if there's interest. Stay tuned, I
should have some answers in a few hours.

--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");

LarrySheldon at cox

Aug 6, 2008, 8:46 AM

Post #7 of 88 (586 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Leo Bicknell wrote:

> Have bogon filters outlived their use? Is it time to recommend people
> go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
> doesn't need to be updated as frequently?

Seems like filtering against those could be done on the backplane, so to
speak.

One of the things that has always puzzled me is this:

In the default-free zone, why is necessary to filter _against_ anybody?
Seems like traffic for which there is no route would at most be dumped
to an error-log someplace.

For folks with a default route, I have long advocated (with no success
what ever) filtering against stuff like the above, your own networks as
sourced somewhere else, such.

I also think a central blacklist a la spamhaus for networks makes sense.
--
Requiescas in pace o email Two identifying characteristics
of System Administrators:
Ex turpi causa non oritur actio Infallibility, and the ability to
learn from their mistakes.
Eppure si rinfresca

ICBM Targeting Information: http://tinyurl.com/4sqczs

justin at justinshore

Aug 6, 2008, 8:52 AM

Post #8 of 88 (588 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Randy Bush wrote:
> serious curiosity:
>
> what is the proportion of bad stuff coming from unallocated space vs
> allocated space? real measurements, please. and are there longitudinal
> data on this?
>
> are the uw folk, gatech, vern, ... measuring?

I still have 2 of my borders using an inbound ACL to filter BOGONs vs
null routes. For the ACLs I've broken down the BOGONs to nothing larger
than a /8. I see a number of hits on those entries, especially on 94/8.
and 0/8. While some of the other hits are accidental I'm sure, I
would seriously doubt if those 2 /8s are.

Justin

justin at justinshore

Aug 6, 2008, 9:02 AM

Post #9 of 88 (587 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Leo Bicknell wrote:
> Have bogon filters outlived their use? Is it time to recommend people
> go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
> doesn't need to be updated as frequently?

In my opinion no; BOGON filters are still very useful. Back when only
5% of the IP space was allocated we didn't have the same kinds of
serious threats to our networks and our users that we have today. We
didn't have spammers hijacking unallocated space (can if be considered
hijacking when the block hasn't been allocated yet?) to mass mail our
users, host phishing servers, run C&C servers for botnets, etc. Today
we do and the use of what few networks are still unallocated for bad
purposes are prevalent.

For my users I only recommend that they use dynamic methods of keeping
up to date with changes in the BOGON list. While I still do much of my
BOGON work manually, as I'm sure many of us do, I have my local BOGON
lists updated within a few hours of learning of a new allocation
(sometimes even before the bogon-announce email arrives). For those
that aren't uber network geeks I recommend using something automated.

Look at it this way: you have what's essentially a mostly static list
of netblocks from which all traffic is unquestionably malicious.
Wouldn't you block it if you could for the sake of your network security
and that of your users?

Justin

internetplumber at gmail

Aug 6, 2008, 9:06 AM

Post #10 of 88 (586 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

> I see a number of hits on those entries, especially on 94/8. and 0/8.

You do know that 94/8 has been assigned to the RIPE NCC, right? :-)

Cheers,
Rob

justin at justinshore

Aug 6, 2008, 9:19 AM

Post #11 of 88 (588 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Rob Evans wrote:
>> I see a number of hits on those entries, especially on 94/8. and 0/8.
>
> You do know that 94/8 has been assigned to the RIPE NCC, right? :-)

I knew I should have logged into a production box to look at the ACL
counters. But no, I thought the former border that I was already logged
into was good enough. Apparently not! :-) I stopped updating it's
BOGON list when it was decommissioned and retasked. I could have sworn
that was just this past April and the only change since then was 112 and
113/8 which I accounted for mentally. Apparently it was longer ago than
I thought!

Justin

patrick at ianai

Aug 6, 2008, 9:58 AM

Post #12 of 88 (587 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

On Aug 6, 2008, at 11:46 AM, Laurence F. Sheldon, Jr. wrote:
> Leo Bicknell wrote:
>
>> Have bogon filters outlived their use? Is it time to recommend
>> people
>> go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
>> doesn't need to be updated as frequently?
>
> Seems like filtering against those could be done on the backplane,
> so to speak.
>
> One of the things that has always puzzled me is this:
>
> In the default-free zone, why is necessary to filter _against_
> anybody? Seems like traffic for which there is no route would at
> most be dumped to an error-log someplace.
>
> For folks with a default route, I have long advocated (with no
> success what ever) filtering against stuff like the above, your own
> networks as sourced somewhere else, such.

I'm confused. Why does it matter if you are DF or not?

If the packets are just coming in, there does not need to be a prefix
in the table.

If duplex communication is required (e.g. spam runs), a prefix need to
be in the table whether you have a 0/0 or not.

We know spammers have done runs by announcing a block (which gets it
into the DFZ if it is not filtered properly), send spam, pull prefix.
So again, why does it matter if you have a default route or not?

> I also think a central blacklist a la spamhaus for networks makes
> sense.

See Team Cymru.

--
TTFN,
patrick

Skywing at valhallalegends

Aug 6, 2008, 10:25 AM

Post #13 of 88 (568 views)
Permalink

RE: Is it time to abandon bogon prefix filters? [In reply to]

Then again, it does make Team Cymru an attractive target for DoS or even compromise if they can control routing policy to a degree for a large number of disparate networks. Especially if it gets in the way of for-profit spammers.

(Not trying to knock them, just providing a for consideration. I would certainly hope and expect that Team Cymru would do their due dilligance in that respect, but it seems like an attractive central point of failure to attack to me.)

- S

(Sent via dumb phone mail client, apologies for any formatting badness).

-----Original Message-----
From: Patrick W. Gilmore <patrick[at]ianai.net>
Sent: Wednesday, August 06, 2008 11:59
To: NANOG list <nanog[at]nanog.org>
Subject: Re: Is it time to abandon bogon prefix filters?

On Aug 6, 2008, at 11:46 AM, Laurence F. Sheldon, Jr. wrote:
> Leo Bicknell wrote:
>
>> Have bogon filters outlived their use? Is it time to recommend
>> people
>> go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
>> doesn't need to be updated as frequently?
>
> Seems like filtering against those could be done on the backplane,
> so to speak.
>
> One of the things that has always puzzled me is this:
>
> In the default-free zone, why is necessary to filter _against_
> anybody? Seems like traffic for which there is no route would at
> most be dumped to an error-log someplace.
>
> For folks with a default route, I have long advocated (with no
> success what ever) filtering against stuff like the above, your own
> networks as sourced somewhere else, such.

I'm confused. Why does it matter if you are DF or not?

If the packets are just coming in, there does not need to be a prefix
in the table.

If duplex communication is required (e.g. spam runs), a prefix need to
be in the table whether you have a 0/0 or not.

We know spammers have done runs by announcing a block (which gets it
into the DFZ if it is not filtered properly), send spam, pull prefix.
So again, why does it matter if you have a default route or not?

> I also think a central blacklist a la spamhaus for networks makes
> sense.

See Team Cymru.

--
TTFN,
patrick

darden at armc

Aug 6, 2008, 10:32 AM

Post #14 of 88 (570 views)
Permalink

RE: Is it time to abandon bogon prefix filters? [In reply to]

1. DOS of Cymru (as noted below).
2. False Positives. Your network is suddenly stranded. Maybe on purpose. (DOS of a network, e.g. China or Youtube).
3. False Negatives. A bogus network is suddenly centrally rubber-stamped. Could happen. We've seen a lot of shenanigans with the domain registrars--similar issues could happen here.
.
.

I guess I am just trying to say that a centralized trusted repository brings with it a chance for a single point of failure. Could be the pros outweigh the cons. There are issues with a de-centralized system as well (which is what brought this conversation about.) Nothing specific to Cymru.

--Patrick Darden

-----Original Message-----
From: Skywing [mailto:Skywing[at]valhallalegends.com]
Sent: Wednesday, August 06, 2008 1:25 PM
To: Patrick W. Gilmore; NANOG list
Subject: RE: Is it time to abandon bogon prefix filters?

Then again, it does make Team Cymru an attractive target for DoS or even compromise if they can control routing policy to a degree for a large number of disparate networks. Especially if it gets in the way of for-profit spammers.

(Not trying to knock them, just providing a for consideration. I would certainly hope and expect that Team Cymru would do their due dilligance in that respect, but it seems like an attractive central point of failure to attack to me.)

- S

sean at donelan

Aug 6, 2008, 11:01 AM

Post #15 of 88 (569 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

On Thu, 7 Aug 2008, Randy Bush wrote:
> serious curiosity:
>
> what is the proportion of bad stuff coming from unallocated space vs
> allocated space? real measurements, please. and are there longitudinal
> data on this?
>
> are the uw folk, gatech, vern, ... measuring?

Attacks or misconfigured leaks?

Leaks of RFC1918 stuff is pretty common, just ask any of the root server
operators how many packets they see from RFC1918 leaking networks or do a
traceroute across several residential cable network backbones.

Attacks aren't as common because there is enough (not 100%) anti-spoofing
(good) and/or bogon-filters (not as good) in different parts of the
Internet it requires more thought to launch a spoofed DDOS than it does
just to use tens of thousands of non-spoofed bots to launch a DDOS.

Arbor Networks has some data.

robt at cymru

Aug 6, 2008, 11:36 AM

Post #16 of 88 (570 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Hi, Skywing.

We've had a few DDoS attacks and lots of scans and hack attempts. Some
of the DDoS attacks managed to wipe out our front-end. At no point were
the route-servers impacted, since we keep them well away from our
networks, widely distributed, and vigorously monitored (configs,
responsiveness, advertisements).

Of course we're not perfect and there is no 100% solution, but we
understand the implications of filtering gone awry (especially since we
use it ourselves), and spend a lot of time and code keeping an eye on
these things. Knowing that no one has a monopoly on imagination, we
also have some friends at commercial pen-testers hit us regularly, just
to be sure. :)

Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");

sam_mailinglists at spacething

Aug 6, 2008, 12:59 PM

Post #17 of 88 (565 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

sam_mailinglists at spacething

Aug 6, 2008, 12:59 PM

Post #18 of 88 (516 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Skywing wrote:
> Then again, it does make Team Cymru an attractive target for DoS or even compromise if they can control routing policy to a degree for a large number of disparate networks. Especially if it gets in the way of for-profit spammers.
>
> (Not trying to knock them, just providing a for consideration. I would certainly hope and expect that Team Cymru would do their due dilligance in that respect, but it seems like an attractive central point of failure to attack to me.)
>
Use a prefix list of existing bogons against the Team Cymru BGP feed. If
they are hacked this limits the possible attacks to the following bounds:

1) They advertise no address space, and you end up with no bogon filtering.
2) They advertise all of the IPv4 address space, but your prefix list
limits this to (an admittedly out-of-date) list of bogons.

Sam

To report this e-mail as SPAM, forward it to spam[at]mailcontrol.com

The information contained in this E-mail message, including any attached files transmitted, is confidential and may be legally privileged. It is intended only for the sole use of the individual(s) named above. If you are the intended recipient, be aware that your use of any confidential or personal information may be restricted by state and federal privacy laws. If you, the reader of this message, are not the intended recipient, you are hereby notified that you should not further disseminate, distribute, or forward this E-mail message. If you have received this E-mail in error, please notify the sender and delete the material from your computer system. This message is provided for information purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments in any jurisdiction.

petelists at templin

Aug 7, 2008, 11:04 AM

Post #19 of 88 (515 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Patrick W. Gilmore wrote:

> Filter your bogons. But do it in an automated fashion, from a trusted
> source.
>
> Of course, I recommend Team Cymru, which has a most sterling record.
> Nearly perfect (other than the fact they still recommend MD5 on BGP
> sessions :).

How can you recommend Team Cymru, when their product is not in any way a
filter? It is merely an automated method of injecting aggregate null
routes for bogons, but in no way prevents a network from accepting
aggregate or specific bogon announcements (i.e. it does not _filter_).

pt

patrick at ianai

Aug 7, 2008, 11:52 AM

Post #20 of 88 (514 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

On Aug 7, 2008, at 2:04 PM, Pete Templin wrote:
> Patrick W. Gilmore wrote:
>
>> Filter your bogons. But do it in an automated fashion, from a
>> trusted source.
>> Of course, I recommend Team Cymru, which has a most sterling
>> record. Nearly perfect (other than the fact they still recommend
>> MD5 on BGP sessions :).
>
> How can you recommend Team Cymru, when their product is not in any
> way a filter? It is merely an automated method of injecting
> aggregate null routes for bogons, but in no way prevents a network
> from accepting aggregate or specific bogon announcements (i.e. it
> does not _filter_).

HUH?

Team Cymru offers many ways to set up filters, null routes, etc. See <http://www.team-cymru.org/Services/Bogons/
>.

Oh, and to answer Randy's question about how much actually comes from
bogons, on that same page:

<quote>
How much does it help to filter the bogons? In one study conducted by
Rob Thomas of a frequently attacked site, fully 60% of the naughty
packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.). A
presentation based on that study, entitled "60 Days of Basic
Naughtiness," can be viewed here. Your mileage may vary, and you may
opt to filter more conservatively or more liberally. As always, you
must KNOW YOUR NETWORK to understand the effects of such filtering.
</quote>

I guess that means filtering bogons is useful.

--
TTFN,
patrick

rs at seastrom

Aug 7, 2008, 12:29 PM

Post #21 of 88 (516 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

"Patrick W. Gilmore" <patrick[at]ianai.net> writes:

> How much does it help to filter the bogons? In one study conducted by
> Rob Thomas of a frequently attacked site, fully 60% of the naughty
> packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.)

Stated another way, you can get 60% success on bogon filtering by
ignoring the free pool (which is getting smaller over time which
indicates the value in filtering it is asymptotic to zero) and only
filtering obvious crud, whose definition is not going to change over time.

In other words, Leo is right, and I'd submit that we're past the point
where putting in non-auto-updated filters for the free pool has a
value that exceeds the operational cost of dealing with their
lossage... by a couple of years.

-r

randy at psg

Aug 7, 2008, 1:14 PM

Post #22 of 88 (516 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

>> How much does it help to filter the bogons? In one study conducted by
>> Rob Thomas of a frequently attacked site, fully 60% of the naughty
>> packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.)
> Stated another way, you can get 60% success on bogon filtering by
> ignoring the free pool

if 127.1.2.3 and 0.5.4.3 are in the free pool, we have a few more /8s in
the bank then we thought, eh? :)

btw, patrick neglected the last sentences of that paragraph, which made
me wonder what rob would actually say. luckily, in response to my post,
rob replied that he/they would try to get some useful measures in the
near term. i am patient.

but your post makes me inclined to beg that he/that he have a few taxa
within the bogon space.

randy

rs at seastrom

Aug 7, 2008, 2:35 PM

Post #23 of 88 (510 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Randy Bush <randy[at]psg.com> writes:

>>> How much does it help to filter the bogons? In one study conducted by
>>> Rob Thomas of a frequently attacked site, fully 60% of the naughty
>>> packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.)
>>
>> Stated another way, you can get 60% success on bogon filtering by
>> ignoring the free pool
>
> if 127.1.2.3 and 0.5.4.3 are in the free pool, we have a few more /8s in
> the bank then we thought, eh? :)

I guess I didn't really word that clearly.

My point was that by not including the free pool in your candidates
for filtering (i.e., only filtering out packets from addresses that
will never be allocated or are permanently reserved such as 1918
space), you're only sacrificing 40% of your likely hits... and that
number is going down over time. Why not just cut to the chase and
make a filter that will never go stale, take any possible lumps on the
bogus packet announcement side, and collect handsomely on the
operational side?

> btw, patrick neglected the last sentences of that paragraph, which made
> me wonder what rob would actually say. luckily, in response to my post,
> rob replied that he/they would try to get some useful measures in the
> near term. i am patient.

I read that thrice and thought "wtf?" twice, until I properly
dereferenced "rob" to "robt", not "rs". Heh.

> but your post makes me inclined to beg that he/that he have a few taxa
> within the bogon space.

Come, come, elucidate your thoughts.

-r

robt at cymru

Aug 7, 2008, 2:38 PM

Post #24 of 88 (508 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

Hi, NANOG (he says with a shout)!

> btw, patrick neglected the last sentences of that paragraph, which made
> me wonder what rob would actually say. luckily, in response to my post,
> rob replied that he/they would try to get some useful measures in the
> near term. i am patient.

Yep yep, have some results at last. Sorry, the queries took a bit
longer than planned.

Note that the study I conducted which populated the "60 Days of Basic
Naughtiness" presentation is now years old. Such studies, like me,
don't necessarily age well. :)

This is not meant to replace a more comprehensive and clueful study by
the likes of Vern, Stefan, and the CAIDA crew. As folks may know we
have a large Darknet[1] project. In there we collect the scanning
activity of malware, backscatter, and the like. Often we can tie the
scanning pattern to a family of malware or maltool.

If the source of a scan or probe is a bogon, we tag it that way in our
data store. I went back to 2008-01 and found the following percentages
of bogons in our data:

2008-01: 0.001095262%
2008-02: 0.001759343%
2008-03: 0.001619555%
2008-04: 0.001433908%
2008-05: 0.001182351%
2008-06: 0.130534559%
2008-07: 0.002327683%
2008-08: 0.001258054% (thus far)

That's not a lot of bogon activity in the Darknets, though Darknets are
only one measure of malevolent traffic. Your mileage may vary, etc.

[1] <http://www.team-cymru.org/Services/darknets.html>

Thanks,
Rob.
--
Rob Thomas
Team Cymru
http://www.team-cymru.org/
cmn_err(CEO_PANIC, "Out of coffee!");

patrick at ianai

Aug 7, 2008, 3:04 PM

Post #25 of 88 (510 views)
Permalink

Re: Is it time to abandon bogon prefix filters? [In reply to]

[.Just a correction because Randy attributed something to me that I
didn't do.]

On Aug 7, 2008, at 4:14 PM, Randy Bush wrote:

> btw, patrick neglected the last sentences of that paragraph, which
> made
> me wonder what rob would actually say. luckily, in response to my
> post,
> rob replied that he/they would try to get some useful measures in the
> near term. i am patient.

_patrick_ did not cut anything from that paragraph. Check the
archives, the whole paragraph is in my post. Rob Seastrom cut
patrick's quote off when he replied.

--
TTFN,
patrick

1 2 3 4

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com