Page 2 of 3 FirstFirst 123 LastLast
Results 21 to 40 of 54

Thread: Avira's firewall

  1. #21
    gufus
    Guest

    Re: Avira's firewall

    Hello, Jimmy!

    You wrote on Thu, 08 Apr 2010 04:31:14 GMT:

    | I wouldn't recommend a software based firewall on a server! Go out and
    | buy a hardware device like from WatchGuard, Fortinet, Juniper etc...
    |

    'k
    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  2. #22
    gufus
    Guest

    Re: Avira's firewall

    Hello, Rick!

    You wrote on Thu, 08 Apr 2010 14:07:41 -0400:


    >> I wouldn't recommend a software based firewall on a server! Go out and
    >> buy a hardware device like from WatchGuard, Fortinet, Juniper etc...
    >>

    |
    | i have heard that recommendation many times and do not dispute it, but
    | assuming that the s/w firewall comes up first during boot up, WHY would
    | you insist on not having a s/w firewall on a server?
    |
    Good question.
    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  3. #23
    gufus
    Guest

    Re: Avira's firewall

    Hello, Ansgar!

    You wrote on 8 Apr 2010 13:27:41 GMT:

    |
    | The Windows Firewall is perfectly fine for blocking inbound connections.
    | Outbound connections can't be controlled reliably anyway, not to mention
    | that once they happen, the system already has been compromised.
    |
    Duly noted.

    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  4. #24
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    Benji Z-Man <khormin@bigpond.com> wrote:
    > On 08/04/10 23:27, Ansgar -59cobalt- Wiechers wrote:
    >> Benji Z-Man<khormin@bigpond.com> wrote:
    >>> On 08/04/10 21:50, schtebo wrote:
    >>>> I think default Firewall from Microsoft should do it for us all.
    >>>
    >>> Ktchk- are you insane?

    >>
    >> This coming from someone who recommended Sygate, of all things. A
    >> firewall with well-known critical design flaws, like running an
    >> interactive service with SYSTEM privileges.

    >
    > Honestly did not know that. Anything else you can point out about it,
    > then? And where I can verify that?


    Get some window of the software in question (configuration, notifi-
    cation, whatever). Use a tool like Spy++ to identify the process that
    window belongs to. Check the process list to find the process and its
    owner (the account it's been started under). This should never be SYSTEM
    (or any other privileged account).

    For a better understanding of the underlying problem check these links:

    http://en.wikipedia.org/wiki/Shatter_attack
    http://support.microsoft.com/kb/327618
    http://msdn.microsoft.com/en-us/library/ms683502.aspx

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  5. #25
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    gufus <stop.nospam.gbbsg@shaw.ca> wrote:
    > You wrote on Thu, 08 Apr 2010 14:07:41 -0400:
    >>> I wouldn't recommend a software based firewall on a server! Go out and
    >>> buy a hardware device like from WatchGuard, Fortinet, Juniper etc...

    >
    > | i have heard that recommendation many times and do not dispute it, but
    > | assuming that the s/w firewall comes up first during boot up, WHY would
    > | you insist on not having a s/w firewall on a server?
    >
    > Good question.


    Actually, no. It's a rather stupid question. A good question would be:
    why would anyone in his right mind insist on HAVING a sofware firewall
    on a server?

    Open ports on a server need to be open, because otherwise the server
    would be unable to provide its services (which would render it rather
    futile). You cannot block access to ports that need to be accessible.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  6. #26
    Grant Taylor
    Guest

    Re: Avira's firewall

    Ansgar -59cobalt- Wiechers wrote:
    > Actually, no. It's a rather stupid question. A good question would
    > be: why would anyone in his right mind insist on HAVING a sofware
    > firewall on a server?


    I would say that part of the problem is the "insistence" of having (or
    not) a software firewall, with no possibility of the other.

    I will argue that a software firewall is just another form of security.
    (I'm not going to debate how good of a form of security it may or may
    not be.) Like most good over all security systems, security is provided
    in layers of multiple smaller forms of security. With this in mind, the
    software firewall on a server (or any thing for that matter) is another
    layer of security. Thus if the server has the resources to run the
    software firewall and it is not a detriment to the function of the
    system, then it's probably ok to have it there. If the server does not
    have the resources to run the software firewall or if it is a detriment
    to the function of the system, then don't run the firewall unless you
    really need to. In short, it is situational dependent.

    > Open ports on a server need to be open, because otherwise the server
    > would be unable to provide its services (which would render it rather
    > futile). You cannot block access to ports that need to be accessible.


    There are some advantages to running a firewall even on ports that you
    need to have open. Some services don't have any ability to filter what
    IP addresses are allowed to talk to them. Or there are some cases where
    it is appropriate to centrally manage a firewall across multiple systems
    rather than having to manage each service on every system.

    I think it really comes down to where does a software firewall fall in
    your over all security scheme. If you feel your organization can
    benefit from it, then use one. If you feel a software firewall is not
    appropriate for your organization, then don't use one.

    I personally view software firewalls as an additional line of defense to
    protect against outbreaks behind the edge hardware firewalls.



    Grant. . . .

  7. #27
    gufus
    Guest

    Re: Avira's firewall

    Hello, Grant!

    You wrote on Sun, 11 Apr 2010 12:51:03 -0500:

    | I think it really comes down to where does a software firewall fall in
    | your over all security scheme. If you feel your organization can
    | benefit from it, then use one. If you feel a software firewall is not
    | appropriate for your organization, then don't use one.
    |
    | I personally view software firewalls as an additional line of defense to
    | protect against outbreaks behind the edge hardware firewalls.
    |
    Excellent policy IMHO
    |

    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  8. #28
    gufus
    Guest

    Re: Avira's firewall

    Hello, Ansgar!

    You wrote on 11 Apr 2010 12:46:15 GMT:

    FL> >> i have heard that recommendation many times and do not dispute it,
    FL> >> but assuming that the s/w firewall comes up first during boot up,
    FL> >> WHY would you insist on not having a s/w firewall on a server?
    FL>>
    FL>> Good question.
    |
    | Actually, no. It's a rather stupid question.

    Hu.. :(

    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  9. #29
    gufus
    Guest

    Re: Avira's firewall

    Hello, schtebo!

    You wrote on Thu, 8 Apr 2010 04:50:02 -0700 (PDT):

    | I think default Firewall from Microsoft should do it for us all.

    Taking notes... <grin>
    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  10. #30
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    Grant Taylor <gtaylor@riverviewtech.net> wrote:
    > Ansgar -59cobalt- Wiechers wrote:
    >> Actually, no. It's a rather stupid question. A good question would
    >> be: why would anyone in his right mind insist on HAVING a sofware
    >> firewall on a server?

    >
    > I would say that part of the problem is the "insistence" of having (or
    > not) a software firewall, with no possibility of the other.
    >
    > I will argue that a software firewall is just another form of
    > security. (I'm not going to debate how good of a form of security it
    > may or may not be.) Like most good over all security systems,
    > security is provided in layers of multiple smaller forms of security.
    > With this in mind, the software firewall on a server (or any thing for
    > that matter) is another layer of security.


    Oh *please*, spare me that "layers" ********.

    Personal firewalls do not increase the security of a server. They
    increase the attack surface (larger codebase, thus most likely more
    vulnerabilities) and the overall complexity of the system, and thus
    actually *lower* your security.

    [...]
    >> Open ports on a server need to be open, because otherwise the server
    >> would be unable to provide its services (which would render it rather
    >> futile). You cannot block access to ports that need to be accessible.

    >
    > There are some advantages to running a firewall even on ports that you
    > need to have open. Some services don't have any ability to filter
    > what IP addresses are allowed to talk to them.


    That's what you already filter at the network boundary. No need to
    filter yet again on the server.

    > Or there are some cases where it is appropriate to centrally manage a
    > firewall across multiple systems rather than having to manage each
    > service on every system.


    And managing firewalls centrally instead of managing services centrally
    is more appropriate, how?

    > I think it really comes down to where does a software firewall fall in
    > your over all security scheme.


    They don't. Period.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  11. #31
    gufus
    Guest

    Re: Avira's firewall

    Hello, Ansgar!

    You wrote on 11 Apr 2010 20:52:39 GMT:

    | Personal firewalls do not increase the security of a server. They
    | increase the attack surface (larger codebase, thus most likely more

    So.. a firewall belongs in between what you protect, and what you
    protect it from.


    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  12. #32
    Grant Taylor
    Guest

    Re: Avira's firewall

    Ansgar -59cobalt- Wiechers wrote:
    > Oh *please*, spare me that "layers" ********.


    *chuckle*

    I want my opinion to stand, so I have to allow yours to stand. Even if
    I disagree with it. Thus, we will agree to disagree. Does that work
    for you?

    > Personal firewalls do not increase the security of a server. They
    > increase the attack surface (larger codebase, thus most likely more
    > vulnerabilities) and the overall complexity of the system, and thus
    > actually *lower* your security.


    That is a different point. One that no one has brought up before. Do
    you have any examples to show?

    > That's what you already filter at the network boundary. No need to
    > filter yet again on the server.


    I'm not so much filtering the same thing that the edge firewall is
    filtering. Rather, I'm filtering other things that other servers behind
    the edge firewall could attack.

    I'm sure that the edge firewall is filtering NetBIOS ports, but what
    happens if another system in the network gets infected with something /
    web site gets breached and starts attacking your other servers? This is
    the type of thing that I think the host based firewall is meant for.

    > And managing firewalls centrally instead of managing services centrally
    > is more appropriate, how?


    I'm not saying that centrally managing services is not appropriate. I
    know of multiple smaller shops that can't afford centrally managed
    services, yet they are running a network based AV scanner with firewall
    that they can centrally mange. Thus, they can centrally manage the
    firewall but not the services.

    > They don't. Period.


    That's your opinion.



    Grant. . . .

  13. #33
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    Grant Taylor <gtaylor@riverviewtech.net> wrote:
    > Ansgar -59cobalt- Wiechers wrote:
    >> Oh *please*, spare me that "layers" ********.

    >
    > *chuckle*
    >
    > I want my opinion to stand, so I have to allow yours to stand. Even
    > if I disagree with it. Thus, we will agree to disagree. Does that
    > work for you?


    I guess it'll have to.

    >> Personal firewalls do not increase the security of a server. They
    >> increase the attack surface (larger codebase, thus most likely more
    >> vulnerabilities) and the overall complexity of the system, and thus
    >> actually *lower* your security.

    >
    > That is a different point. One that no one has brought up before. Do
    > you have any examples to show?


    http://en.wikipedia.org/wiki/Witty_(computer_worm)

    >> That's what you already filter at the network boundary. No need to
    >> filter yet again on the server.

    >
    > I'm not so much filtering the same thing that the edge firewall is
    > filtering. Rather, I'm filtering other things that other servers
    > behind the edge firewall could attack.


    If you have to do that, you have a server placement issue. Boxes that
    shouldn't be able to access what the server is providing, should not be
    located in the same network segment.

    > I'm sure that the edge firewall is filtering NetBIOS ports, but what
    > happens if another system in the network gets infected with something
    > / web site gets breached and starts attacking your other servers? This
    > is the type of thing that I think the host based firewall is meant
    > for.


    This is the exact type of thing, that firewall can't protect you from
    (unless you're using a sanitizing reverse proxy or something).

    Again: any service that should be accessible, cannot be protected by a
    packet filter. Any service that shouldn't be accessible, should not be
    running (or at least not be listening on the external interface) in the
    first place. It really is as simple as that.

    >> And managing firewalls centrally instead of managing services centrally
    >> is more appropriate, how?

    >
    > I'm not saying that centrally managing services is not appropriate. I
    > know of multiple smaller shops that can't afford centrally managed
    > services, yet they are running a network based AV scanner with firewall
    > that they can centrally mange.


    They can't afford using the tools that come with the operating system,
    but can afford to buy a centrally manageable host-based firewall
    solution? You have to be kidding me.

    > Thus, they can centrally manage the firewall but not the services.


    "sc /?" tells you why you're wrong.

    >> They don't. Period.

    >
    > That's your opinion.


    A quite substantiated opinion, no less.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  14. #34
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    gufus <stop.nospam.gbbsg@shaw.ca> wrote:
    > Sunday April 11 2010, Grant Taylor writes to All:
    >> I'm not so much filtering the same thing that the edge firewall is
    >> filtering. Rather, I'm filtering other things that other servers
    >> behind the edge firewall could attack.

    >
    > With only /basic/ networking experience, I can't /see/ anything wrong
    > with this theory, It can only increase security,


    Wrong. Running an additional firewall means running additional code that
    can contain additional exploitable vulnerabilities. This already has
    happened ITW. Additional software also means additional complexity, that
    may lead to misconfiguration, which in turn may inadvertently open
    attack vectors.

    > what if a employee infects via a CD.


    What if? That employee's computer still needs to be able to access the
    server, meaning the server's ports still need to be open, meaning that
    the personal firewall won't help anything at all.

    Besides, how is the employee's box going to get infected in the first
    place? Disabling autoplay is one of the most basic countermeasures
    available in the toolbox. Not granting your employees administrative
    privileges is another one.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  15. #35
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    gufus <stop.nospam.gbbsg@shaw.ca> wrote:
    > 12 Apr 10, Ansgar -59cobalt- Wiechers writes to Gypsy BBS:
    >> misconfiguration, which in turn may inadvertently open attack
    >> vectors.

    >
    > Brief your employees.


    You failed to understand the issue. The more complex your systems
    become, the more likely it's for your employees to make a mistake or
    overlook something. You could brief them all day long and still not
    prevent this from happening.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  16. #36
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    gufus <stop.nospam.gbbsg@shaw.ca> wrote:
    > 12 Apr 10, Ansgar -59cobalt- Wiechers writes to Gypsy BBS:
    >> make a mistake or overlook something. You could brief them
    >> all day long and still not prevent this from happening.

    >
    > Tell me about it... good-bad employees. :(


    You missed the point again. Even the best employees are still human and
    *will* make mistakes here and there. Unnecessarily increasing system
    complexity will raise the chances of this happening.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  17. #37
    gufus
    Guest

    Re: Avira's firewall

    Hello, schtebo!

    You wrote on Thu, 8 Apr 2010 04:50:02 -0700 (PDT):


    s> I think default Firewall from Microsoft should do it for us all.

    After setting up a few off-the-shelf firewalls, and getting frustrated with
    everything, I'm back to using Win NT stock firewall, everything is back
    working again.

    Good advice. :)


    --
    With best regards, gufus. E-mail: stop.nospam.gbbsg@shaw.ca



  18. #38
    Grant Taylor
    Guest

    Re: Avira's firewall

    Ansgar -59cobalt- Wiechers wrote:
    > I guess it'll have to.


    Fair enough. ;-)

    > http://en.wikipedia.org/wiki/Witty_(computer_worm)


    Interesting. I will have to do some follow up reading on that.

    > If you have to do that, you have a server placement issue. Boxes that
    > shouldn't be able to access what the server is providing, should not
    > be located in the same network segment.


    I think we mis-understand each other. Let me give an example.

    Suppose that a hosting company has multiple IIS web servers behind an
    edge ingress filtering firewall that only allows traffic to TCP ports 80
    and 443 through. With in the network the servers also allow SNMP and /
    or RPC for remote computer management.

    What prevents a web site on one of these hosts from becoming compromised
    and running a local program that starts attacking the other systems in
    the local subnet. This local program would have unfettered access to
    SNMP and / or RPC to the other servers that are behind the edge ingress
    filtering firewall.

    Conversely if the web servers were running a software based firewall,
    they could easily filter SNMP and / or RPC traffic so that only the
    management station(s) could access them. There by protecting them from
    the program running locally on the compromised server.

    These types of side attacks (if you will) are what I'm saying that a
    software based firewall will help prevent.

    > This is the exact type of thing, that firewall can't protect you from
    > (unless you're using a sanitizing reverse proxy or something).


    I'm not sure that I understand what you are trying to say.

    The closest that I can come up with is that the edge firewall is doing
    egress filtering.

    > Again: any service that should be accessible, cannot be protected by
    > a packet filter. Any service that shouldn't be accessible, should not
    > be running (or at least not be listening on the external interface)
    > in the first place. It really is as simple as that.


    What if you modify my above example of the server farm where one
    interface is public and another interface is private (think DMZ /
    management network) and the local program starts attacking the internal
    network. Again, I believe that the software based firewall would help
    protect other servers from the attack.

    A perfect example of a service would be to not run SSH on the external
    interface, yet run it on the internal interface for remote management.

    > They can't afford using the tools that come with the operating
    > system, but can afford to buy a centrally manageable host-based
    > firewall solution? You have to be kidding me.


    I believe you mis-understand what I'm getting at.

    I'm not aware of any utility included in either 2k3 or 2k8 that allows
    changes to multiple IIS web servers at one time. I.e. do not process
    requests from the w.x.y/24 network.

    > "sc /?" tells you why you're wrong.


    You are correct that there are ways to administer the operational state
    of a service in such as is it started / stopped / etc. That does little
    to prevent a service from talking to a given subnet.

    > A quite substantiated opinion, no less.


    I'm sure it is. ;-)



    Grant. . . .

  19. #39
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    gufus <stop.nospam.gbbsg@shaw.ca> wrote:
    > 12 Apr 10, Ansgar -59cobalt- Wiechers writes to Gypsy BBS:
    >> You missed the point again. Even the best employees are

    >
    > I beg to differ. Sir.
    >
    > Employees /need/ to understand the system,


    True, but besides the point. Repeating myself: even the best employees
    are still human and *will* make mistakes here and there. Unnecessarily
    raising the complexity of a system will only increase the chances of
    this happening.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

  20. #40
    Ansgar -59cobalt- Wiechers
    Guest

    Re: Avira's firewall

    Grant Taylor <gtaylor@riverviewtech.net> wrote:
    > Ansgar -59cobalt- Wiechers wrote:
    >> If you have to do that, you have a server placement issue. Boxes that
    >> shouldn't be able to access what the server is providing, should not
    >> be located in the same network segment.

    >
    > I think we mis-understand each other. Let me give an example.
    >
    > Suppose that a hosting company has multiple IIS web servers behind an
    > edge ingress filtering firewall that only allows traffic to TCP ports
    > 80 and 443 through. With in the network the servers also allow SNMP
    > and / or RPC for remote computer management.
    >
    > What prevents a web site on one of these hosts from becoming
    > compromised and running a local program that starts attacking the
    > other systems in the local subnet. This local program would have
    > unfettered access to SNMP and / or RPC to the other servers that are
    > behind the edge ingress filtering firewall.


    Sorry, but that's just ridiculous. If you're that concerned about
    security, you don't allow SNMP or RPC in the first place. Period. Rather
    than running additional code on the servers, you'd lock them down tight,
    update them frequently, and monitor them closely.

    > Conversely if the web servers were running a software based firewall,
    > they could easily filter SNMP and / or RPC traffic so that only the
    > management station(s) could access them. There by protecting them
    > from the program running locally on the compromised server.


    You don't seem understand how SNMP works. What exactly prevents
    compromised server A from spoofing the source address of the SNMP
    packets it sends to victim server B on the same network segment? The
    protocol is UDP-based after all.

    >> This is the exact type of thing, that firewall can't protect you from
    >> (unless you're using a sanitizing reverse proxy or something).

    >
    > I'm not sure that I understand what you are trying to say.
    >
    > The closest that I can come up with is that the edge firewall is doing
    > egress filtering.


    You mean the "sanitizing reverse proxy" thingie? Those are not about
    egress filtering, but ingress filtering. They sanitize (i.e. rewrite/
    canonicalize) the input data stream going from a client to a server, and
    thus protect a server from malicious user-supplied data. mod_security
    for Apache is an example of this kind of software.

    >> Again: any service that should be accessible, cannot be protected by
    >> a packet filter. Any service that shouldn't be accessible, should not
    >> be running (or at least not be listening on the external interface)
    >> in the first place. It really is as simple as that.

    >
    > What if you modify my above example of the server farm where one
    > interface is public and another interface is private (think DMZ /
    > management network) and the local program starts attacking the
    > internal network. Again, I believe that the software based firewall
    > would help protect other servers from the attack.


    As explained above, this won't necessarily work as you expect.

    > A perfect example of a service would be to not run SSH on the external
    > interface, yet run it on the internal interface for remote management.


    SSH is a perfect example of a service that does not need to be
    "protected" with a local firewall at all. You disallow password
    authentication and restrict which user can login from where.

    If you're referring to exploitable vulnerabilities: trying to "protect"
    SSH with some kind of personal firewall would just move the problem from
    sshd to the personal firewall instead of solving it, and I clearly trust
    SSH more than any personal firewall. IPv6, anyone?

    >> They can't afford using the tools that come with the operating
    >> system, but can afford to buy a centrally manageable host-based
    >> firewall solution? You have to be kidding me.

    >
    > I believe you mis-understand what I'm getting at.
    >
    > I'm not aware of any utility included in either 2k3 or 2k8 that allows
    > changes to multiple IIS web servers at one time. I.e. do not process
    > requests from the w.x.y/24 network.


    I don't consider the potential gain in security (which may be a lot less
    than you expect, as explained above) worth the additional complexity and
    effort in keeping another piece of software up-to-date.

    >> "sc /?" tells you why you're wrong.

    >
    > You are correct that there are ways to administer the operational
    > state of a service in such as is it started / stopped / etc. That
    > does little to prevent a service from talking to a given subnet.


    Of course not, because that's not what management of services is about.
    I believe I already said that if you want that level of isolation,
    you're far better off putting the servers in separate DMZs.

    cu
    59cobalt
    --
    "If a software developer ever believes a rootkit is a necessary part of
    their architecture they should go back and re-architect their solution."
    --Mark Russinovich

Similar Threads

  1. Did this get resolved?
    By Chad Ingram in forum ms.public.windows.networking.wireless
    Replies: 1
    Last Post: 11-20-09, 12:09 PM
  2. Need xp64 software firewall
    By GiantWaffle in forum Network Security
    Replies: 5
    Last Post: 05-21-09, 11:40 AM
  3. Richard's Firewall Rule Set - getting it to work (0/1)
    By Ian Cowan in forum comp.security.firewalls
    Replies: 0
    Last Post: 03-27-09, 10:00 AM
  4. No firewall home network setup
    By SRO_dude in forum Wireless Networks & Routers
    Replies: 3
    Last Post: 10-13-07, 07:30 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •