spammer worms?
Greg A. Woods
> Subject: Re: multi-hop open relays are OPEN RELAYS!!!!!
>
> "Greg A. Woods" <wo...@weird.com> wrote:
>
> > "Spammer worms"? "Obvious next step"? I don't think so. We've still
> > got hundreds of thousands of open relays to close up before we can put
> > even the tiniest bit of pressure on the theft-of-service spammers to
> > cause them to resort to new tricks.
>
> If I understand correctly that is what the jeep series of trojans do.
They must not be very good at doing what you claim they've been designed
to do -- I've never seen the results of one yet, and I'm not talking
just about my own home mail server either.
> I.e. We already have spammer worms, albeit only used by the porn
> merchants so far I understand.
What did I say about only the illegal users getting away with using
illegal delivery mechanisms? Thanks for supporting my point! ;-)
Perhaps they only target their existing customers, but that doesn't
explain why I haven't seen one at any of the ISPs I work with.
--
Greg A. Woods
+1 416 218-0098; <g.a....@ieee.org>; <wo...@robohack.ca>
Planix, Inc. <wo...@planix.com>; VE3TCP; Secrets of the Weird <wo...@weird.com>
Victor....@morganstanley.com
> They must not be very good at doing what you claim they've been designed
> to do -- I've never seen the results of one yet, and I'm not talking
> just about my own home mail server either.
>
I have personally identified O(300) trojaned machines, responsible for
thousands of messages. These are/were boutique operations, used in large
part for highly illicit content e.g. underage porn, but not exclusively
so. The JEEM hosts are largely all blacklisted now.
Freshly found a few minutes ago today, (and soon to be listed on DSBL):
24.76.230.212:4530 (SMTP)
24.76.230.212:5104 (SOCKS)
24.80.173.4:5978 (SMTP)
24.80.173.4:6552 (SOCKS)
The addresses may be in DHCP pools, so the next time they are tried, they
may not have JEEM.
--
Viktor.
Greg A. Woods
> Subject: Re: spammer worms?
>
> I have personally identified O(300) trojaned machines, responsible for
> thousands of messages. These are/were boutique operations, used in large
> part for highly illicit content e.g. underage porn, but not exclusively
> so. The JEEM hosts are largely all blacklisted now.
Again you help make my point for me.
The bulk of the uncontrollable problem remains with open relays.
Bill Campbell
>[ On Sunday, February 16, 2003 at 01:16:48 (-0500), Victor....@morganstanley.com wrote: ]
>> Subject: Re: spammer worms?
>>
>> I have personally identified O(300) trojaned machines, responsible for
>> thousands of messages. These are/were boutique operations, used in large
>> part for highly illicit content e.g. underage porn, but not exclusively
>> so. The JEEM hosts are largely all blacklisted now.
>
>Again you help make my point for me.
>
>The bulk of the uncontrollable problem remains with open relays.
Open proxies are right up there, possibly more of a problem than
open relays today.
Bill
--
INTERNET: bi...@Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``Most people, sometime in their lives, stumble across truth. Most jump
up, brush themselves off, and hurry on about their business as if
nothing had happened.'' - Sir Winston Churchill
Greg A. Woods
> Subject: Re: spammer worms?
>
> On Sun, Feb 16, 2003 at 03:15:29PM -0500, Greg A. Woods wrote:
> >The bulk of the uncontrollable problem remains with open relays.
>
> Open proxies are right up there, possibly more of a problem than
> open relays today.
Well, I don't know about that. Open proxies generally still are not
like TCPMUX -- at least not the ones I'm aware of to date. They only
forward connections to one place and that one place is usually their
ISP's SMTP gateway. Also the open proxies that are major problems are
the ones that listen on port#25 and can be discovered and easily
exploited by arbitrary third parties (just like ordinary open relays).
Put those together and you spell out problems for ISPs, especially the
ones who don't block inbound SMTP connections to their "dial-up"
customers. However they are not yet generally problems for everyone
else.
For everyone else there's still really just three classes of spam
sources:
1. open relays
2. spam via large ISP gateways (which happens to include most
relayed via open proxies)
3. direct-to-destination (usually from client workstations, and
this will probably include the idiots who get infected by
most types of spammer worms ;-)
I think we'e got a good handle on #3, especially those of us willing to
use either/both of HELO/EHLO validation and one or more "dial-up"
blacklists. It's also often just an AUP enforcement problem for the ISP.
Number 2 is more problematic for various reasons but I think it's also
easier to control than #1. ISPs who become known as spam sources either
get pressured into to cleanning up their customer base, or they end up
wasting a lot of resources cleaning up their error queues and handling
complaints from customers about their e-mail bouncing. I.e. it's a
self-correcting problem so long as enough people who get spam from an
ISP's own mail server will complain to that ISP and especially if enough
people will eventually resort to blocking the ISPs who don't get rid of
their problem customers (remember AGIS).
That leaves #1. I.e. the "bulk of the _uncontrollable_ problem". :-)
Of course #1 is not really uncontrollable if you're willing to accept
that most, if not all, of the open relay blacklists are (and essentially
have always been), mechanically proven and factual lists of open relays,
and If you are willing to use those lists to implement policies that
protect your mailserver from becoming another victim of the theft of
service attacks through those open relays. Yes, this involves causing
some collateral damage, but that's the kind of thing (maybe the only
kind) that wakes people up and makes them realize they can't just put up
with a bit of lost bandwidth.
Yes, the use of dynamic spam-source blacklists, such as bl.spamcop.net,
will in fact almost completely eliminate all spam from all three types
of sources, but it may also cause the most un-reasonable amount of
collateral damage of all, especially for bl.spamcop.net itself which can
fairly easilly be tricked (with some co-ordinated and distributed
effort) into listing addresses which are not spammers. Though I do use
bl.spamcop.net for my own home server I'd suggest sticking to more
category specific blacklists for corporate and ISP servers.
Michael Tokarev
> [ On Sunday, February 16, 2003 at 12:19:00 (-0800), Bill Campbell wrote: ]
>
>>Subject: Re: spammer worms?
>>
>>On Sun, Feb 16, 2003 at 03:15:29PM -0500, Greg A. Woods wrote:
>>
>>>The bulk of the uncontrollable problem remains with open relays.
>>
>>Open proxies are right up there, possibly more of a problem than
>>open relays today.
>
>
> Well, I don't know about that. Open proxies generally still are not
> like TCPMUX -- at least not the ones I'm aware of to date. They only
> forward connections to one place and that one place is usually their
> ISP's SMTP gateway. Also the open proxies that are major problems are
> the ones that listen on port#25 and can be discovered and easily
> exploited by arbitrary third parties (just like ordinary open relays).
Greg, please excuse me, but you're just too naive.
Relays are GONE, at least singlehop relays. ORDB and DSBL are works.
I've seen last spam via an open relay MONTHS ago (and here is a trick I
use, thanks to spammer's stupidity: spammers, as seen here, are just
throwing their spam to an open relay to a list of addresses choosen
from a list of common names and a domain appended (this is not "dictionary
attack" when someone probes whenever an address exists, but actual spam
runs), starting with the letter `a' - so several of my spamtraps are
receiving their crap and perform relay tests - so when a poor "mailserver"
comes to actual addresses, the relay is already identified and blocked
by DSBL).
Proxies are VERY easy to find. Belive me - I've a very good expirience
with that. With my internet link (1Mbps), scanning /16 network for 10
ports commonly used by proxies takes 90 SECOUNDS. Scan e.g. 200.158/16 -
you'll find several 1000s of open proxies there. Not 100s, but 1000s.
All are ready to use and allows connections from EVERYWHERE to EVERYWHERE.
Exactly like TCPMUX if you like.
But wait. Proxies are also almost gone already. My list of open proxies
consists of 45,000 IPs now, and growing at a rate of about 1000 +/-200
every day. Thanks, big thanks to all of users of my proxycheck service -
newly found (by spammers) open proxy gets listed in DSBL in several
MINUTES after first use. Again, since about a month, I've not seen
spam coming from an open proxy - *plain* open proxy installed by an
idiot user who does not know what they're doing.
Now, the trojan problem comes to the game. Well, it's already in the
game, widely used and already almost out of control. I'll send you
an URL in private with a list of trojaned machines - more than 3000
that only I know (there are FAR more). Especially note the connectivity
of that machines - a really good connectivity.
You said you never saw a spam coming from a trojaned machine. Ok.
But tell me: how you know? How you know that 66.125.200.156 aka
adsl-66-125-200-156.dsl.lsan03.pacbell.net has an open SOCKS proxy on
port 36561 and HTTP CONNECT proxy on port 37358, and that THIS proxy
is used to send spam to you? Well, ok, you may have this netrange
blocked as being a "dialup", so that actually may be of no "interest"
to you. Ok. So how about this same machine being abused to send spam
via pacbell's mailservers? Or 4.40.148.178 (HTTP CONNECT proxy on
port 5490) via verizon's mailservers? Or any other similar example
that I see here in 100s every day?
Note: blocking ANY TCP SYN packets to all clients will NOT stop such
abuse. Trojaned machine may just send something to an IRC channel
("I'm here") and get a command back telling it to connect to some
host/port where spammers are awaiting it. There are UDP and ICMP
and any other home-grown protocol of your imagination (IP over ICMP
works just fine).
Spammers become - already - mature. When one sells lists of trojaned
machines to MANY other spammers, with a good cost - only *this* makes
it possible to have money to develop new solution of a new level.
Think about Alan Ralsky's "Fantasy Mailer" which avoided outgoing
port 25 blocking from dialups by using IP address spoofing (packets
are originally come from high-speed connection but with fake source
IP of one of dozens dialup machines - all being one machine in fact,
with multiple phone lines and active connections to multiple dialup
ISPs). This is history too.
> Put those together and you spell out problems for ISPs, especially the
> ones who don't block inbound SMTP connections to their "dial-up"
> customers. However they are not yet generally problems for everyone
> else.
>
> For everyone else there's still really just three classes of spam
> sources:
From my today's maillog. 684 attempts to deliver spam (not counting
non-existing addresses) - this is about a mailserver that handles
mail for 20 users, 100.200 legitimate emails daily. From those:
532 - open proxies,
34 of which are on non-standard ports, i.e. trojaned machines
(NOT set up to listen on a non-standard port for "security")
43 - open relays, i.e. singlehop
84 - open proxy to ISP's mailhub
3 - multihop open relays
22 - unknown, some are from known spammers
Well, YMMV - this is CURRENT stats as I see it here.
/mjt
Craig Sanders
> With the data I have, I'm able to list almost ALL ISP's mailhubs of
> this world to multihop.dsbl.org, and keep those relays there almost
> forever. Just pick up any open proxy near that mailhub - next one
> every time - and use it to connect to that mailhub's port 25.
well said. that is an excellent description of the problem with using
multi-stage relay listings to reject mail (although i concede that they
might be worth 1 or 2 points in SpamAssassin).
even doing as Greg suggests (i.e. using various DNSBL *before*
permit_mynetworks) won't help much - if the customer with an open proxy
(or spammer worm) enables a spammer (or an open-proxy DNSBL tester) to
relay through the ISP before they get listed in a DNSBL then both the
ISP's mail server and the customer's IP address will be blacklisted at
the same time.
i.e. by the time the ISP finds out about it, it is far too late.
the end result will be such a catastrophic denial of service to all mail
users that all DNSBL's will be discredited.
craig
--
craig sanders <c...@taz.net.au>
Fabricati Diem, PVNC.
-- motto of the Ankh-Morpork City Watch
Greg A. Woods
> Subject: Re: spammer worms?
>
> Relays are GONE, at least singlehop relays.
Gone? From where? There are 208,345 open relays listed in ORDB _TODAY_.
> ORDB and DSBL are works.
You really didn't read what I actually wrote, did you?
Greg A. Woods
> Subject: Re: spammer worms?
>
> even doing as Greg suggests (i.e. using various DNSBL *before*
> permit_mynetworks) won't help much - if the customer with an open proxy
> (or spammer worm) enables a spammer (or an open-proxy DNSBL tester) to
> relay through the ISP before they get listed in a DNSBL then both the
> ISP's mail server and the customer's IP address will be blacklisted at
> the same time.
You're really not thinking very clearly Craig.
I seem to remember at least one open relay operator promising to
white-list all mail gateways that proved they were protecting their own
inputs using the blacklist. That immediately and permanently stops all
two-hop relays and guarantees such a responsible gateway operator never
gets listed on that blacklist. Many-hop relays require only a tiny bit
more co-ordination to block as well.
I.e. if you co-ordinate the use of such things on your end with the
blacklist operator then it is literally impossible for the open relay
chain to be exploitable by the time the next-to-last-hop is listed in
the blacklist and it's about to send a relay test through your server.
Literally impossible. Period. (well, barring software or configuration
failures of your own making, of course :-)
Stop fighting against the system and try to work with it instead! It's
the only way we all really stand a chance to get a handle on this problem.
Craig Sanders
> [ On Monday, February 17, 2003 at 13:10:08 (+1100), Craig Sanders wrote: ]
> > Subject: Re: spammer worms?
> >
> > even doing as Greg suggests (i.e. using various DNSBL *before*
> > permit_mynetworks) won't help much - if the customer with an open proxy
> > (or spammer worm) enables a spammer (or an open-proxy DNSBL tester) to
> > relay through the ISP before they get listed in a DNSBL then both the
> > ISP's mail server and the customer's IP address will be blacklisted at
> > the same time.
>
> You're really not thinking very clearly Craig.
i'm thinking very clearly. far more clearly than you. i'm looking at
the inevitable consequences of widespread use of multistage relays
without blinkering myself with wishful thinking. unlike you, i have no
vested interest in wanting it to work because i'm not foolish enough to
DoS my own servers by using them.
> I seem to remember at least one open relay operator promising to
> white-list all mail gateways that proved they were protecting their
> own inputs using the blacklist.
that's very close to extortion - "use my service or i'll blacklist you".
you've STILL ignored the central point, that there is NO defence against
this.
> That immediately and permanently stops all two-hop relays and
> guarantees such a responsible gateway operator never gets listed on
> that blacklist. Many-hop relays require only a tiny bit more
> co-ordination to block as well.
so i'm supposed to know about and contact every single self-important
dickhead who decides that they're going to run their own DNSBL which
lists multi-stage relays?
that does not scale.
it doesn't scale even when it's only one ISP who has to do that. it
certainly won't scale when you consider that EVERY ISP would have to do
the same. DNSBL operators wouldn't be able to cope with the demand on
their time, and ISPs wouldn't be able to cope with the effort to find,
contact, and negotiate with every DNSBL operator that starts up.
an ISP might have such a deal with one or two such DNSBL
services, but there is no way that they could possibly have an agreement
with every one of them.
> I.e. if you co-ordinate the use of such things on your end with the
> blacklist operator then it is literally impossible for the open relay
> chain to be exploitable by the time the next-to-last-hop is listed in
> the blacklist and it's about to send a relay test through your server.
> Literally impossible.
that's the biggest load of crap that you've come up with so far in this
thread. i don't know if it's viable in whatever fantasy universe you're
inhabiting, but it's totally impractical in the real world.
> Stop fighting against the system and try to work with it instead! It's
> the only way we all really stand a chance to get a handle on this problem.
i'm not "fighting against the system". as i've said before, i've got no
problem with the fact of the listing (if it's true). i am exercising my
right to attempt to convince people via logic and reason that actually
*USING* such listings on medium to large mail servers is moronic.
Michael Tokarev
> [ On Monday, February 17, 2003 at 04:10:52 (+0300), Michael Tokarev wrote: ]
>
>
> Gone? From where?
From a list of machines that are allowed to send mail to me or
anyone who uses blocklists. Let's allow all the newbie spammers
to use all that open relays together - I just don't care, for me,
there will be no difference, I don't accept mail from open relays.
This is why open relays are "gone".
> There are 208,345 open relays listed in ORDB _TODAY_.
Fine. Excellent. The funny thing is that there are not much new
unknown relays. So, 208,345 hosts aren't welcome at my mailserver,
and the rest - unknown or new ones - which pops up sometimes - will
be detected and listed too.
>> ORDB and DSBL are works.
>
> You really didn't read what I actually wrote, did you?
Hmm. Granted, I didn't read the whole thread. I just answered to
one email and wanted to point out some issues in it.
Michael Tokarev
> On Mon, Feb 17, 2003 at 04:36:21AM +0300, Michael Tokarev wrote:
>
>>With the data I have, I'm able to list almost ALL ISP's mailhubs of
>>this world to multihop.dsbl.org, and keep those relays there almost
>>forever. Just pick up any open proxy near that mailhub - next one
>>every time - and use it to connect to that mailhub's port 25.
>
> well said. that is an excellent description of the problem with using
> multi-stage relay listings to reject mail (although i concede that they
> might be worth 1 or 2 points in SpamAssassin).
>
> even doing as Greg suggests (i.e. using various DNSBL *before*
> permit_mynetworks) won't help much - if the customer with an open proxy
> (or spammer worm) enables a spammer (or an open-proxy DNSBL tester) to
> relay through the ISP before they get listed in a DNSBL then both the
> ISP's mail server and the customer's IP address will be blacklisted at
> the same time.
>
> i.e. by the time the ISP finds out about it, it is far too late.
Well, for this, in case of DSBL, there is an easy workaround. An ISP
may route mail sent to lis...@listme.dsbl.org to a robot that will
automatically block access to customer in question and ring a bell
in tech support room. The same may be done with other blocklists
too. But this technique isn't in use yet, and yet to be know how it
will work in general (trojans may be configured to block email sent
to this address too).
> the end result will be such a catastrophic denial of service to all mail
> users that all DNSBL's will be discredited.
Only in case when enouth sites will block multihops. But quite some
time should go before this will be true.
Funny enouth - some time ago there was endless battless about difference
between "open" and "open abused" (MAPS vs ORBS battle) - many folks argued
that blocking email from "just" open relays isn't good, only already abused
open relays should be blocked. Now all we know that "open" is THE SAME as
"abused". I expect the same will be with multihops in the near future.
Greg is right: there should be something to FORCE ISPs to close holes in
their networks, and as of now, the only such method exists is to block
mail from multihops. But this is a nightmare too, and - again, for _now_, -
world isn't just ready for this.
/mjt
Michael Tokarev
[open relays]
> Uhm, they're only GONE from sites that DO implement dynamic blacklists.
> Not all do, and spammers know this.
I just don't care about ones who don't use existing tools to protect their
networks - that's choice of their owners. I work for myself, and _for me_,
open relays (singlehops at least) aren't exists.
/mjt
Greg A. Woods
> Subject: Re: spammer worms?
>
> Greg A. Woods wrote:
> > [ On Monday, February 17, 2003 at 04:10:52 (+0300), Michael Tokarev wrote: ]
> >
> >>Relays are GONE, at least singlehop relays.
> >
> > Gone? From where?
>
> From a list of machines that are allowed to send mail to me or
> anyone who uses blocklists. Let's allow all the newbie spammers
> to use all that open relays together - I just don't care, for me,
> there will be no difference, I don't accept mail from open relays.
> This is why open relays are "gone".
They're "gone" for you, and I might even be able to protect myself from
the majority of them too, but you and I are not everyone who's running a
mail server.
Furthermore, "singlehop" relays are only a small part of the open relay
problem, especially if we include proxies that are directed at their
ISP's gateways too. These I'm not afraid to protect my mailer from
either, but seemingly some folks are willing to allow such abuse, even
if they are the ISP and the mailers in question are their own.
> Hmm. Granted, I didn't read the whole thread. I just answered to
> one email and wanted to point out some issues in it.
There's a lot of context here you're missing. It seems you didn't even
read the whole message you replied to.
Ian Gulliver
> multi-stage relay listings to reject mail (although i concede that they
> might be worth 1 or 2 points in SpamAssassin).
>
> even doing as Greg suggests (i.e. using various DNSBL *before*
> permit_mynetworks) won't help much - if the customer with an open proxy
> (or spammer worm) enables a spammer (or an open-proxy DNSBL tester) to
> relay through the ISP before they get listed in a DNSBL then both the
> ISP's mail server and the customer's IP address will be blacklisted at
> the same time.
While I agree that blocking all multihop outputs right now is
impossible for any sites, I do believe that this is the next anti-spam
battlefield. More and more, ISPs will be pressured to filter customer
ports and restrict incoming connections to stem the complaints about
mail relaying through their servers. Eventually, I think most ISPs
will only allow serving for higher-class connections (business-class
service only?) and will restrict those that can serve from relaying
through their mail server; this isolates broken sites cleanly.
Simon White
> They're "gone" for you, and I might even be able to protect myself from
> the majority of them too, but you and I are not everyone who's running a
> mail server.
This isn't a dig at you in particular Greg, or anyone else who has
posted to this thread, but as far as I'm concerned this thread is going
around in circles.
- Everyone is basically agreed but talking from differing viewpoints.
(dialup users, major sysadmins, small mailserver owners, ISP
employees) -> "My server, My rules" comes to mind
- Open Relays, Open Proxies, and Trojaned machines must be fought
against by everyone with clue
- SPAM is here to stay, and those with clue, five years from now, may be
running the better mail servers of the future, and winning clients
because of it.
The rest is moot IMHO.
<my2cents>
A fixed IP is a small price to pay to keep fighting. You can fight with
your hands, but if you don't arm yourself, then those with arms will
shoot you down, and there's no philosophical high ground where you can
hide here.
</my2cents> (I shouldn't have added this. Oops.)
Regards,
--
[Simon White. vim/mutt. si...@mtds.com. Folding@home no log script yet...]
Neutron stars are almost unimaginably dense: a teaspoon of neutron star
material weighs a billion tons (1.016 billion tonnes).
[Linux user #170823 http://counter.li.org. Home cooked signature rotator.]
Brad Spencer
Hello - I normally post in news.admin.net-abuse.email but I found this
post looking for one by Michael Tokarev (who posts both places.)
There's an unused (for the most part) option for dealing with open
relays: saturate the pool of detectable open relays with false ones.
Michael did this (ran a false open relay) last year from February to
July and had great success but gave it up for a couple of reasons.
Obviously his fake open relay and a handful more do not saturate the
pool of open relays.
It's easy for most Windows users with a network connection to do this:
they can run Jackpot: http://jackpot.uk.net/
I've got a fake open relay running on an old VMS system (Vax - that is
old) that is capturing spam to about 3000 people/hour (99-recipient
spam messages.) These are people elsewhere, not on that system. I've
been running a scaled-down relay spam honeypot (which is what this
sort of system is called): I only accepted relay test messages and
delivered nothing. In the middle of last week I decided to see what
would follow if I delivered a test, so I did. As usual, what followed
was spam.
I know of a couple others who do this who have upped the flow of spam
to their fake open relays by nominating themselves for listing in open
relay DNSBL's. Pretty clear evidence that the listing informaiton
does percolate down to the spammers.
At home I can't recall trapping anything other than spam from a
particularly annoying Chinese spammer this year. I've trapped a
couple of relay tests from within the US but there again I'm only
trapping tests, not delivering them.
Here's a sample relay test message, just for you amusement:
Received: from a213084.upc-a.chello.nl by X.X.X;
Mon, 24 Feb 03 13:05 CST
Message-Id: <MUNGED046055...@smtp-gw-4.msn.com>
Date: Mon, 24 Feb 2003 13:05:07 -0600
From: a0024...@msn.com
Subject: how old am I?
To: spyc...@aol.com
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook Express 5.00.3018.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
afeafaaegaejafeafbaegafaaejafbaegafgafcafiafiafbaffafgafhafiaejafiahibbb
I munged part of the message-ID - that's where this spammer puts my IP
number in the test he sends. It's in decimal ascii, with "048"
representing "0," for example.
The body of the message is similar, except it's two-level encoding.
Every "0" is replaced with an "a," etc.
spyc...@aol.com is the spammer's dropbox address for these tests.
Some dropbox addresses persist for months. Even though this relay
testing (which goes on constantly underlies relay psam almost no one
pays attention, almost no one does anything about it.
If I had delivered this message then I'd have gotten (probably) a good
indication of which spammer sent the test - he'd follow up with relay
spam.
The person quoted in my sig runs a silent fake open relay: he just
relays the tests and archives the spam. The figure is for the number
of spam recipients he protected for the time period specified. It's a
lot but he didn't even protect a million/day.
He uses sendmail, on a 120 MHz Pentium with 64 Mb. Michael Tokarev's
honeypot was a Postfix honeypot. I've got the VMS honeypot (using the
old, free PMDF) at where I used to work and a Jackpot at home.
--
"From March 7 to December 26 2002, the total was: 235,624,232"
-- The Mushroom Guy
Stop spam, run Jackpot: http://jackpot.uk.net/