Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security

How Should One Respond to a Network Break In? 96

Posted by Cliff from the set-phasers-to-WHAT-cap'n dept.
Jety asks: "I am the sole IT support for a medium sized residential real estate office. It has a network of one main server, 10 office workstations, and another 40 or so agent's personal computers. I discovered via logs that recently someone made about 50 remote login attempts to the server, guessing at passwords, but it would appear that they were not able to gain access. They did, however, leave an IP address in the logs. It turns out to be an Exchange server for another business in the same city. What is an appropriate response to this sort of failed break-in attempt? How seriously should one react? How should it be presented to management, and should you encourage them to over or under react? Should the other business, whose server was used to launch the attack, be informed? Should you try to surveil them first to learn about who is doing their tech work? With what tone should they be approached and/or accused? What would a suitable response from that company entail?"
This discussion has been archived. No new comments can be posted.

How Should One Respond to a Network Break In? More

How Should One Respond to a Network Break In?

Comments Filter:

  • First and foremost, cover your ass. (Score:4, Insightful)

    by TripMaster Monkey ( 862126 ) * on Tuesday July 26, 2005 @03:04PM (#13168472)

    Document everything in writing, discuss the situation with your superiors, and seriously consider initiating some form of legal action. If you are the first to get litigious, you stand a better chance of having the situation resolved in your favor. Unfortunate, but true.
    • Second that. And backup the logs to a CD.
    • I discovered via logs that recently someone made about 50 remote login attempts to the server, guessing at passwords, but it would appear that they were not able to gain access.

      If you really want to, try to find out who admins the other server, and make contact. Are they competitors, that would change a lot of things. BUT, this sort of thing happens several times a day to the servers I admin. Generally, there is nothing to be done about it, trying to notify the offending source is usually ignored. More tha

      • Re:First and foremost, cover your ass. (Score:1, Interesting)

        by Anonymous Coward
        File a police report. Costs nothing, covers your ass.
        Then tell their ISP, and tell the ISP you filed a police report. Their ISP will deal with it. If it becomes a problem for the ISP, it will be a serious problem with the company.

        If you want to be an ass, you could tip the BSA that they're running a pirated copy of Exchange. Anonymously would be best.

    • Re:First and foremost, cover your ass. (Score:1, Funny)

      by Anonymous Coward
      Upon learning that your systems have been penetrated, proper incident response is as follows:

      1. Scream. Hold head between hands and moan.

      2. Check passport, one-way tickets to South American country of choice. Express relief that the emergency escape kit is still operational.

      3. Remember advising boss to recind deparmental policy of secure sticky-note-on-the-monitor storage for passwords. Recall boss' gales of laughter in response. Take hefty s

  • Call 911 (Score:4, Funny)

    by H8X55 ( 650339 ) <jason...r...thomas@@@gmail...com> on Tuesday July 26, 2005 @03:06PM (#13168490) Homepage Journal
    Call 911 and let the Patriot Act take it from there... No one from that company will be trying to pwn you again.
    • And make sure to use the word "pwn" while on the phone with 911. :)
      • How do you pronounce "pwn"? It always comes out "poan" (one syllable) when I say it.
        • Same as the root word, own, but you pretend your saying it with a p.
          • If Pure Pwnage is to be believed, the p is pronounced as an o - so it's pronounced the same as "own".

            The title sequence on each episode has the announcer saying "Pure Ownage" (my emphasis, but the announcer DOES stress the O pretty strongly).

            Besides, "pwn" is a misspelling of "own". Being a misspelling, the pronunciation should be that of the original word.
            • Besides, "pwn" is a misspelling of "own". Being a misspelling, the pronunciation should be that of the original word.

              That's what I'm saying! Man, everytime a friend of mine says that he "pawned" someone or that "pawnage" occured, I wanna cut out his tongue with a rusty shoehorn!
              • Well, he's probably coming from the chess or pawn shop schools of thought.

                In the chess school of thought, the pawn is the weakest piece (some would say the strongest, but that's a point for another post). So, if you "pawn" someone, you make them weak, or they were already weak and you kill them. Pawn becomes pwn in the 1337speak movement to shorten stuff.

                In the pawn shop school of thought, the competitor that you just "pwned" you've deemed so worthless that you pawn him off. Again, pawn becomes pwn to short
                • Well, he's probably coming from the chess or pawn shop schools of thought.

                  No, he's just not very well read. :P

                  In the chess school of thought, the pawn is the weakest piece (some would say the strongest, but that's a point for another post). So, if you "pawn" someone, you make them weak, or they were already weak and you kill them.

                  Back in Chess Club, the ultimate humiliation was being checkmated by a pawn. I loved doing that to people.

  • It probably isn't even them (Score:5, Informative)

    by Stone Rhino ( 532581 ) <mparke@gm a i l.com> on Tuesday July 26, 2005 @03:06PM (#13168497) Homepage Journal
    You shouldn't start out accusatorily, because it's most likely that they're not the ones attempting the breakin. It's more likely that their box has been hijacked and is being used as a proxy to launch attacks against your computer for someone else.

    After all, who uses an exchange server as their terminal to log in to other computers? If it was one of the desktops, then it would make sense that they were attacking.

    • It's called NAT (Score:4, Insightful)

      by b00m3rang ( 682108 ) * on Tuesday July 26, 2005 @04:17PM (#13169375)
      Just because their NAT router has a port forwarded to an Exchange server doesn't mean that the Exchange server was necessarily the machine where the attack originated. It could have been that machine, or any other machine on the network.

    • Re:It probably isn't even them (Score:4, Interesting)

      by linzeal ( 197905 ) on Tuesday July 26, 2005 @04:24PM (#13169452) Journal
      Unless he lives in a large city I highly doubt your suspicions, if that happened in my town of 30k you can bet all the beans in Boston that some summer intern has gone rogue. I have dealt with similiar things while working for an art gallery in Phoenix. We had our WWW server compromised at a datacenter that we did not control and a trojan was installed in a scratch directory with the name of a popular program for digital art manipulation at the time. One of my friends downloaded and installed it on the main point of sale machine in the front of the shop and it almost immmediately attempted to phone home to a ip address owned by a competing art co-op who had been dissed by us in a play performed at our gallery the month before. It was stopped by Tiny Personal Firewall [tinysoftware.com] which was installed on all machines in the gallery.

      We did not call the police, instead we found out the format it was sending information in and what it was reporting. So we took the program and installed it on disconnected machine to play with it. It scanned a hard drive for Jpeg, PDF and PSD files and than sent them in a zipped file to the address every night at 3 am. So we had a meeting to decide on what we should send them. We decided to send someone they did not know to photograph inside their gallery when they were not looking. After we had most of their new installation photoed and scanned, FYI this is before digital cameras were cheap.

      After that we found out where they lived and took pictures of them leaving their houses in the morning for some who lived nearby, their licence plates and inside of their cars, where they worked some with pictures of them working and sent it to them a few days later. About a week after that we took pictures of someone taking pictures of us from across the street in a car we did not recognize and blew up the image to find the culprit who we told the competing gallery about which promptly took his whole installation including 2 computers synchronizing motion to music (just a program downloaded off the net) and left all of it in the back of the building in central Phoenix in broad daylight. Virtually nothing survived, lol. Some people were pissed we took photos of them and their art but I believe it it legal to do so in public. Correct me if I'm wrong.

      • After that we found out where they lived and took pictures of them leaving their houses in the morning for some who lived nearby, their licence plates and inside of their cars, where they worked some with pictures of them working and sent it to them a few days later. About a week after that we took pictures of someone taking pictures of us from across the street in a car we did not recognize and blew up the image to find the culprit who we told the competing gallery about which promptly took his whole insta
    • I can't tell from the very limited information given in the article if this is relevant or not, but Exchange has been known to try and authenticate to another Exchange server before sending (which invariably fails of course).

      A bunch of failed login attempts isn't necessarily a hostile activity, which is all it sounds like in the article. Of course the poster probably knows more information that he's giving out...

      Remember: Never attribute to malice that which can be adequately explained by stupidity.

  • Simple (Score:5, Insightful)

    by rylin ( 688457 ) on Tuesday July 26, 2005 @03:06PM (#13168502)
    You try contacting abuse@ the other company.
    If that fails, you call them up and ask for their tech-lead.

    You already have your logfiles, and reasonably secured server.
    What you can gain here is a partnership - or at least an exchange of favors every now and then - between your company and the remote one.

    That said, if the other company isn't responsive, you firewall them to hell and get on with your daily work.

    You'll want to give management a brief notice about what's happening before you do this, obviously.
    After you've talked to abuse@, you tell management what happened.

    Now is the time to see over your authentication schemes. Are your users logging in over SSH? With passwords instead of keys? (Hint: keys are nicer).

    After this is said and done, you paypal me $90 for doing your job.
    Cheers!

    • Re:Simple (Score:2, Funny)

      by EricV314a ( 581711 )
      And this is why consultants should demand their fee UP FRONT
    • erm, he should notify management before doing _anything_ other than basic internal fact finding. never, and i do mean never, communicate with anyone outside of the business about business matters, without talking to management first.

      the company can keep the $150 that i would normally charge for fixing your errors. :)

      strike
    • " After this is said and done, you paypal me $90 for doing your job."

      Cool. So what's your address...? ;)

  • Just inform them (Score:4, Insightful)

    by dtfinch ( 661405 ) * on Tuesday July 26, 2005 @03:07PM (#13168509) Journal
    No damage was done to you, except the effort you put into investigating. They, on the other hand, will probably want to catch whoever's actively using their server to launch attacks.

  • Don't overreact (Score:4, Informative)

    by Nos. ( 179609 ) <andrewNO@SPAMthekerrs.ca> on Tuesday July 26, 2005 @03:08PM (#13168512) Homepage
    Start off by blocking remote logins (ssh?) from anywhere except where you want to allow people to log in from. Second, I would send a polite, email to their tech contact, or if you can't find that, regular post mail to the company. Don't overreact. Their are a lot of ssh worms out there. I have one machine where I watch for these kinds of things. I see at least 3 or 4 worms hitting my box a day.
    • Don't overreact. Their are a lot of ssh worms out there. I have one machine where I watch for these kinds of things. I see at least 3 or 4 worms hitting my box a day.

      Likewise. I think I see on average about 400 failed login attempts across 3 machines, every day.

      Most look something like this:

      Jul 26 08:10:27 oxygen sshd[30231]: Illegal user gabriel from ::ffff:140.254.26.248
      Jul 26 08:10:32 oxygen sshd[30233]: Illegal user gabriela from ::ffff:140.254.26.248
      Jul 26 08:10:39 oxygen sshd[30235]: Illegal user

      • Re:Don't overreact (Score:5, Informative)

        by Nos. ( 179609 ) <andrewNO@SPAMthekerrs.ca> on Tuesday July 26, 2005 @03:36PM (#13168889) Homepage

        Speaking of which, I was just chatting with a buddy who has a Brute Force rule setup in IP tables. Too many connections from a single IP within a set amount of time creates a temporary ban of that IP.

        Here's what he wrote to an IRC channel we were on (this is untested but should be close):

        • iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW -j SSH_Brute_Force
        • iptables -A SSH_Brute_Force -m recent --name SSH --set --rsource
        • iptables -A SSH_Brute_Force -m recent ! --rcheck --seconds 60 --hitcount 4 --name SSH --rsource -j RETURN
        • iptables -A SSH_Brute_Force -m limit --limit 3/min -j LOG --log-prefix "SSH Brute Force Attempt: "
        • iptables -A SSH_Brute_Force -p tcp -j REJECT
        Again, I haven't tried this yet, but generally speaking, 4 ssh connects within 60 seonds on eth0 will result in a 3 minute ban - I think.
        • That'll be going into my LEAF box tonight. Much appreciated.
        • With rules like that, does that mean someone could potentially spoof a TCP connect packet coming from a legitimate IP (such as maybe someone who regularly logs in via SSH to the server) and get them autobanned?

          • Autobanned? (Score:3, Insightful)

            by phorm ( 591458 )
            a) They'd have to know the IP's of the allowed machines
            b) The ban would only last 3 minutes.
            c) A 3 minute blockout is much better than an owned server :-)

        • Re:Don't overreact (Score:3, Insightful)

          by 4of12 ( 97621 )

          Be careful with implementing auto blcoks on connections since systems like that can sometimes be abused to cause a denial of service.

          • Is there any way to have an ssh server slow down its responses on each successive login failure from an IP, so that the first failure might pause 2 seconds before even processing incoming data, 2nd would pause 4 seconds, 3rd would pause 8 seconds, etc (up to a limit) ?

            • For OpenSSH [openssh.com], the ssh2d_config(5) man page:

              AuthInteractiveFailureTimeout

              Specifies the delay, in seconds, that the server delays after a failed attempt to log in using keyboard-interactive and password authentication. The default is 2.

              A decelerating response might be customized using plug-ins if AuthKbdInt.Plugin were configured.

      • You can save a lot of log file space (and a modest amount of bandwidth) if you do as the first poster suggested, and block access except from specific IPs or IP blocks. At least unless you need to provide access from anywhere. And surely no more than one machine on your network needs to do that. (The others can all just accept access from that one machine.)

        Jul 26 13:12:49 starless sshd[7168]: refused connect from host150-93.pool8017.interbusiness.it (80.17.93.150)
        Jul 26 13:38:16 starless sshd[7306]: war

    • Re:Don't overreact (Score:2, Informative)

      by Mercury2k ( 133466 )
      I would have to advise AGAINST email contact. Remember, if their email server is compromised, chances are the person you engage in converstaion with is infact the person who is trying to break into your machine, and thus will go unreported to the people who can do something about the problem. A better solution is to do a whois on the domain name and try to get a phone number of the company involved. Also, dont phone just one contact number is multiple numbers are givin. If the admin contact is actually tryi

  • It doesn't have to be the exchange server (Score:4, Insightful)

    by maddskillz ( 207500 ) on Tuesday July 26, 2005 @03:08PM (#13168513)
    There is a good chance the whole business uses the one IP for everything, so it could be anyone at that business (or anyone accessing an unsecured wireless network they have setup, etc) that is attacking your network

  • Personally... (Score:5, Funny)

    by Anonymous Coward on Tuesday July 26, 2005 @03:09PM (#13168531)
    I always celebrate. Oh wait, you mean as the victim? Hrm..

  • Diplomacy (Score:2, Informative)

    by Penguin Programmer ( 241752 )
    My guess is that it's that script trying to bruteforce random SSH servers, as mentioned on /. a couple weeks ago. My server here at work has been hit too, although the attacking machines were in Europe and Korea in my case. I emailed the owners of the IP blocks the attacks came from and have left it in their courts. My system is secure (I'm the only one who can login via SSH and I have a damn good password), so there was no harm done.

    I think before you jump to any conclusions about it being malicious on
  • I think you should call them and email them the relevant portions of your logs. It might be not even them due to spoofing, but most likely, it is unauthorized use of their machine. They need to know about a wayward employee.
  • 1) Document Everything
    2) Alert the owners/management of the company. Impress upon them how serious this is, and how it won't be tolerated. Most likely it's just one employee with a wild hair up his... and not a representation of their company's intent.
    3) Give them a time frame to address it/correct their problem
    4) If it happens again let them know you're considering legal action.

    There's no excuse for this behavior. Would you tolerate someone skulking around your building looking for open doors and windo

  • Big Friendly Letters (Score:3, Funny)

    by SDMX ( 668380 ) on Tuesday July 26, 2005 @03:16PM (#13168626)
    DON'T PANIC.

  • Depends (Score:5, Insightful)

    by linuxwrangler ( 582055 ) on Tuesday July 26, 2005 @03:22PM (#13168683)
    Frankly I'm a lot more afraid of a successful breakin that I don't discover than heaps of unsuccessful attempts that I do.

    Essentially everyone who attempts to hit my ftp server with anonymous is trying to break in - the address is only known to a few people who have accounts and I can see from the logs that the other attempts are just scripted tries.

    Similarly, I'm see several attempts every day to log into my machines via ssh (where an attempt may involve from a dozen to hundreds of tries to log in). Don't even get started on what I see in the http or smtp logs.

    I work at a small company, too, and I could pull everyone off their jobs and still not have enough manpower to investigate each attempted breakin, locate and contact the appropriate parties, etc.

    As mentioned elsewhere, most of these machines are compromised so you are really spending your time to provide unpaid antivirus support for the other party's machine. You have to pick your battles.

    Depending on my workload and the probability of a positive result I'll contact someone as a courtesy. Generally my criteria is that I am able to make telephone contact with a person responsible for the machine relatively quickly.

    • Re:Depends (Score:3, Interesting)

      by Johnno74 ( 252399 )
      A while ago I was setting up a win2k server on my connection at home with an external ip address (yes I patched it before I went online :D).

      One of the last things I did was disable FTP, and then on some whim I checked the ftp logs...

      Someone (no doubt a bot) had connected to my ftp server with anonymous, created a directory, changed into the directory to make sure it really existed, then deleted the directory and logged out.

      No doubt my IP address was now on some list of open ftp servers.

      I was very tempte
  • The advice that everyone else is giving is better than what I could give. But the important thing to note is that there wasn't actually a break in at all, so no crime has been committed. This is akin to someone coming around and giving your doorknob a good jiggling. Not exactly pleasant, but thankfully they didn't get in...
    • But guvner, I only TRIED to kill'im! It doesn't count!
    • It is a good job that you recognise that your advice is worthless.

      Although this is UK law, I'm sure the US has similar legislation, though I don't know what the US laws are called.

      Merely writing the script without even running it is enough to break these laws :

      An Act to make provision for securing computer material against unauthorised access or modification; and for connected purposes.
      [29th June 1990]
      BE IT ENACTED by the Queen's most Excellent Majesty, by and with the advice and consent of the Lords Spi
  • Submit an interesting sounding post to slashdot with a link to their web site and watch their servers melt.

    Of course, this assumes people try to RTFA.
  • I get this a bit on a server I run. I usually just forward a copy of the info from my logs to whatever technical contact I can find with a friendly note saying that someone from one of their addresses was trying something. That way, I have a nice record that I notified them.

    If it keeps happening, I then usually block that address or range of addresses with my firewall. (I can do this since only a small number of users access the server, and I'll hear about it if they're having trouble accessing things.)
  • Doesn't everyone who leaves ssh open and unrestricted by IP for any length of time see people trying to brute-force it with password lists?

    That said, there's no guarantee that it really is a malicious act on behalf of that other business - could be someone came through them to get to you "for a laugh", or the office junior or someone's 12-year-old messing about.

    Oh - and document everything, and make sure that if asked how you knew exactly when something happened (such as when something happened) you have
  • He has trespassed and therefore must pay: track down the real source of the attack, sick law enforcement on him, shut off his power and water, destroy his hard drive with a hard head crash, and show him that hacking your system doesn't pay.

  • Let the readers decide (Score:3, Funny)

    by kmahan ( 80459 ) on Tuesday July 26, 2005 @04:16PM (#13169356)
    You could always just post the IP on Slashdot.

    Some might consider that overkill though.

  • From a grizzled old security dude.. (Score:2, Informative)

    by Anonymous Coward
    "You must be new here" is what comes to mind.. I get hundreds of these per HOUR on most of my boxes. It could be anything: a curious worker, a hacker, a virus, a script gone bad.

    First thing, check your important file checksums, run tripwire, or whatever. If you don't have a tripwire-like system set up, or a backup set you can compare against, you've got another problem, but let's assume somehow, you are sure your files were not compromised.

    Once you're sure no damage was done, relax, the system did what it
  • The attempt was to brute force VNC server running on a Windows 2000 server box. Because the attempt came from withing the same city, and because there aren't too many VNC worms out there (though there are some) I made the assumption that there was probably an actual person behind it. Also, I used a reverse DNS lookup to see where the IP address resolved, so I don't think it was NAT'd through a firewall.
    • The reverse DNS lookup doesn't tell you whether or not is was through a firewall. Many names could resolve to the same address. Say I have mail.cide1.com and ntp.cide1.com, and both point to 3.57.0.2, and you do a lookup, both will return 3.57.0.2, which is in reality my firewall. My firewall is smart enough to route packets on the mail port to my mailserver, sitting well protected behind the firewall, with only the required ports forwarded to/ from it, while packets received on the ntp port are forwarde
  • Fix it quickly - patch the hole. dont tell anyone, and hope to god your boss doesnt find out! ;)
  • For the love of god and language there is no such word as surveil. Try SURVEY.

    Thank you and good night.

    • is too! (Score:2)

      by Xtifr ( 1323 )
      From WordNet (r) 2.0 [wn]:

      surveil
      v : keep under surveillance; "The police had been following him
      for weeks but they could not prove his involvement in the
      bombing" [syn: {follow}, {survey}]

      It is a backformation, but it's in my 1980 Websters too, so it's been around for a while. If you wanted to argue that there shouldn't be such a word, I might be more sympathetic. It is rather ugly. But it is, I think, a word by any reasonable person's definition.

      cheers

      • I accept your argument with the reservation "It remains to be seen whether it too will eventually come to be regarded as useful and unexceptionable." :-)
  • Having that IP isn't good enough. It doesn't prove it was valid, or if valid, originated at that other company.

    You need the logs from the other company. those will prove if it came from through there, or from there.

    Trying to handle that yourself with your counterpart in the other company could leave you open to several charges if you tried to go it along or with their admin's help. You'll need positive containment of evidence and chain of security.

    If too much time has passed, alert the authorities and ke
  • This should never have happened, it should not be possible. All servers should be protected by firewall from the internet, thus preventing nasty external attacks. At the very least, in case it's a web server/email server/ftp server as well as a file server, you should only allow those ports through the firewall.

    Or, alternatively, place those functions onto a different server. Internet functions like WWW, FTP and so on are generally better served from a linux server, and those servers tend to have lower
  • Block the the IP address attempting the hijack at your gateway, in fact block all IP ranges that don't need access. Limit your network in everyway possible to just what you want coming in.
  • This is no serious threat. You had 50 attempts from one address big whoop. What is the timeline on the logfile? Look scriptish? I get these on my home network constantly, of course malicious laugh ensues, ah the noobishness. A locked down box is a happy place. If your network is deployed correctly, and the logs show no evidence of breakin, merely attempts, I would simply keep an eye on the logs. No action should be taken to notify anyone, if it is the rival company then let them try. Worse comes to worse yo

  • What A Manager Would Expect (Score:3, Insightful)

    by reallocate ( 142797 ) on Wednesday July 27, 2005 @03:48PM (#13179160)
    My perspective is that of someone, in a past life, who hired network techs.

    If this happened in my organization, I would expect three things from my network people:

    1) Follow and stay within established policy; I would expect you to do what is needed to protect the security of the network short of attacking the presumed culprit. If it came to that, bring the network down. Attacking the apparent culprit puts my business at legal risk and you do not get to make that call.

    2) Notify me (management) as soon as possible. Give me all the facts and answer my questions. Lay out my technical options objectively. Explain to me why our network was vulnerable and how we can remedy that. Don't try to spin me so I under or over react. It is my network and you work for me; I won't take kindly to attempts to manipulate me.

    3) Then, follow my instructions.
    • Those are very good points if you can be trusted(I'll assume here that you, personally could be) not to turn it around and accuse the person reporting the problem of causing it, as has happened in other cases. My point is that we don't know who to trust. To protect myself from such action, I might leave an anonymous note. From what I see in the news and in articles posted right here, honesty can get you into real trouble. You'll get the report, but you won't know from who. If I saw that the problem is not b
      • Who you trust is up to you. You trust who you decide to trust. Stating that you don't know who to trust is an admission that you lack confidence in your own ability to assess character.

        In any case, i don't think this is a matter of trust. As an employee, you'd have an obligation to tell me you'd discovered an attack on our network. (An anonymous note would not provide any anonoymity. As soon as I read it, I'd walk over and ask my network techs what they knew about it. If they all claimed ignorance, then
        • I never claimed an ability to assess character, but in a world where you have to answer to every joe blow that makes a claim against you, no matter frivolous, then I will not put myself at any risk. And yes, I do successfully avoid such enviroments. Once I was accused of damaging a machine by someone who had no idea how the old Windows for workgroups mail system operates. I slapped him down hard when I found out on what he based the accusation. Never again.

          As an employee, you'd have an obligation to tell me
          • No one's arguing that the decison to trust someone belongs to you. But, that's just reality. Defendng realilty is rather pointless.

            In any case, you seem to have a view of the world that I'd characterize as akin to paranoia. Since you carry your own misery with you, I doubt a new job would change anything.
            • ...akin to paranoia.

              A bit "protectionist" maybe. But, you call it what you like. Me? Man, I'm in paradise...literally and figuratively :-) We all get along just fine and dandy. You can have your reality. We're fine with ours. My only problem right now is a dead wireless router. Eh, waddaya gonna do? A few days work, and I'll have a new one. I'll raise my next beer to ya, though. Salud! Kam bai! Prost!
              Or as it goes at our table:
              Para 'riba
              Para 'bajo
              Para centro
              Para dentro

              ...Since you carry your own misery wit

Slashdot Top Deals

E = MC ** 2 +- 3db

Close