English dropdown-ico

Manual Fortinet Network Device IPS

62 pages 1.12 mb
Download

Go to site of 62

Summary
  • Fortinet Network Device IPS - page 1

    www.fortinet.com FortiG at e IPS User Guide V ersion 3.0 MR7 USER GUIDE ...

  • Fortinet Network Device IPS - page 2

    FortiGate IPS U ser Guide V ersion 3.0 MR7 September 16, 2 008 01-30007-00 80-20080916 © Copyright 2008 Fortine t, Inc. All rights reserved. No part of this publication including text, examples , diagrams or illustrations may be reproduced, tra nsmitted, or translated in any form or by any means, electronic, mechanical, manual, op tical or otherwi ...

  • Fortinet Network Device IPS - page 3

    Contents FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 3 Contents Introduction ............... ................................. .............................. .......... 5 The FortiGate IPS.. ................... ................ ................ .................... ................ ...... 5 About this document ........ ...... ...

  • Fortinet Network Device IPS - page 4

    FortiGate IPS User Guide Version 3.0 MR7 4 01-30007-0080-200809 16 Creating custom signatures ............. ................... .................... ................... .... 23 Custom signature fields ............. ................... .................... ................ .......... 23 Custom signature synt ax ..................... ................ ...

  • Fortinet Network Device IPS - page 5

    Introduction The FortiGate IPS FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 5 Introduction This section introduces you to the Fort iGate Intrusion Prev ention System (IPS) and the following topics: • The FortiGate IPS • About this doc ument • Fortinet document ation • Customer service and technical support The FortiGate ...

  • Fortinet Network Device IPS - page 6

    FortiGate IPS User Guide Version 3.0 MR7 6 01-30007-0080-200809 16 About this document Introduction About this document Document conventions The following document convention s are used in this guide: • In the exa mples, priva te IP addre sses are us ed for both p rivate and public IP addresses. • Notes and Cautions are used to provide import a ...

  • Fortinet Network Device IPS - page 7

    Introduction Fortinet documentation FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 7 • FortiGate Installation Guide Describes how to install a FortiGate unit. Includes a hardware reference, default configuration information, insta llation procedures, connection procedures, and basic configura tion pr ocedures. Choose the guide ...

  • Fortinet Network Device IPS - page 8

    FortiGate IPS User Guide Version 3.0 MR7 8 01-30007-0080-200809 16 Customer service and technical support Introduction Fortinet Knowledge Center Additional Fortinet technical document ation is available from the Fortinet Knowledge Center . The knowledge center cont ains troubleshooting and how-to articles, F AQs, technical notes, and more. Visit th ...

  • Fortinet Network Device IPS - page 9

    IPS overview and gene ral configuration The FortiGate IPS FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 9 IPS overview and general configuration This section contains th e following topics: • The FortiGate IPS • Network performance • Monitoring the network and dealing with att acks • Using IPS sensors in a protection pro ...

  • Fortinet Network Device IPS - page 10

    FortiGate IPS User Guide Version 3.0 MR7 10 01-30007-0080-200809 16 Network performance IPS overview and general configuration T o create an IPS sensor , go to Intrusion Protection > IPS Sensor . See “IPS sensors” on p age 39 for details. T o access the protection profile IPS sensor selection, go to Firewall > Protection Profile , select ...

  • Fortinet Network Device IPS - page 11

    IPS overview and gene ral configuration M onitoring the network and dealing with attacks FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 11 Controlling sessions Use this command to ignore sessions af ter a set amount of traf fic has passed. The default is 204800 bytes. config ips global set ignore-session-bytes <byte_integer&g ...

  • Fortinet Network Device IPS - page 12

    FortiGate IPS User Guide Version 3.0 MR7 12 01-30007-0080-200809 16 Monitoring the network and dealing with atta cks IPS overview and general configuration 5 Select and configure authentication if re quired and enter the email addresses that will receive the alert email. 6 Enter the time interval to wait before sending log messages for each logging ...

  • Fortinet Network Device IPS - page 13

    IPS overview and gene ral configuration M onitoring the network and dealing with attacks FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 13 Anomaly The following log messag e is generated when an attack anomaly is de tected: The FortiGuard Center The FortiGuard Center combine s the knowledge base of the Fortinet technical team in ...

  • Fortinet Network Device IPS - page 14

    FortiGate IPS User Guide Version 3.0 MR7 14 01-30007-0080-200809 16 Using IPS sensors in a protection profil e IPS overview and general configuration Using IPS sensors in a protection profile IPS can be combined with othe r FortiGate fe atures – antivi rus, spam filtering, web filtering, a nd web category filtering – to c reate protec tion prof ...

  • Fortinet Network Device IPS - page 15

    IPS overview and gene ral configuration Us ing IPS sensors in a protection profile FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 15 Adding protection profiles to user groups When creating a user gr oup, select a protec tion profile that applies to that group. Then, when configuring a firewall policy that includ es user authenti ...

  • Fortinet Network Device IPS - page 16

    FortiGate IPS User Guide Version 3.0 MR7 16 01-30007-0080-200809 16 Using IPS sensors in a protection profil e IPS overview and general configuration ...

  • Fortinet Network Device IPS - page 17

    Predefined signatures IPS predefined signatures FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 17 Predefined signatures This section describes: • IPS predefined signature s • Viewin g the predefined signature list IPS predefined signatures Predefined signatur es are arranged in alphabetical order. By d efault, some signatures ...

  • Fortinet Network Device IPS - page 18

    FortiGate IPS User Guide Version 3.0 MR7 18 01-30007-0080-200809 16 Viewing the predefined signature list Predefined signature s By default, the signatures are sorted by name. T o sort the t able by another column, select the re quired column header name. Fine tuning IPS predef ined signatures fo r enhanced system performance In FortiOS the FortiGa ...

  • Fortinet Network Device IPS - page 19

    Predefined signatures Viewing the predefined signature list FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 19 Y ou should also review exactly how y ou use the information provided by the logging feature. If you find th at you do not review the information, it is best to turn off IPS logging. Logging is best us ed to provide acti ...

  • Fortinet Network Device IPS - page 20

    FortiGate IPS User Guide Version 3.0 MR7 20 01-30007-0080-200809 16 Viewing the predefined signature list Predefined signature s ...

  • Fortinet Network Device IPS - page 21

    Custom signatures IPS custom signatures FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 21 Custom signatures Custom signatures provide the power and flexibility to customize the FortiGate Intrusion Prot ection system for diverse network envir onments. The FortiG ate predefined signatures repr esent common attacks. If you use an un ...

  • Fortinet Network Device IPS - page 22

    FortiGate IPS User Guide Version 3.0 MR7 22 01-30007-0080-200809 16 Custom signature configuration Custom signatures Custom signature configuration Add custom signatures using th e web-based manager or th e CLI. For more information about custom signature synta x, see “Creating custom s ignatures” on page 23 and “Custom signa ture syntax” o ...

  • Fortinet Network Device IPS - page 23

    Custom signatures Creating custom signatures FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 23 Creating custom signatures Custom signatures are added sep arately to each VDOM. In each VDOM, there can be a maximum of 255 custom signatures. A custom signat ure definition is limited to a ma ximum length of 512 characters. A definit ...

  • Fortinet Network Device IPS - page 24

    FortiGate IPS User Guide Version 3.0 MR7 24 01-30007-0080-200809 16 Creating custom signatures Custom signatures Custom signature syntax T able 2: Information keywords Keyword and value Description --attack_id <id_int>; This optional value is used to identify the signa ture. It cannot be the same value as any other custom rules within the sam ...

  • Fortinet Network Device IPS - page 25

    Custom signatures Creating custom signatures FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 25 T able 4: Content keywo rds Keyword and value Description --byte_jump <bytes_to_convert>, <offset>[, relative] [, big] [, little] [, string] [, hex] [, dec] [, oct] [, align]; Use the byte_jump option to e xtract a number o ...

  • Fortinet Network Device IPS - page 26

    FortiGate IPS User Guide Version 3.0 MR7 26 01-30007-0080-200809 16 Creating custom signatures Custom signatures --byte_test <bytes_to_convert>, <operator>, <value>, <offset>[, relative] [, big] [, little] [, string] [, hex] [, dec] [, oct]; The FortiGa te unit comp ares a byte field against a specific value (with operator). ...

  • Fortinet Network Device IPS - page 27

    Custom signatures Creating custom signatures FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 27 --context {uri | header | body | host}; S pecify the protocol field that the pattern should be looked for . If context is not specified for a p attern, the FortiGate unit searches for the pattern anywhere in the packet buf fer . The av ...

  • Fortinet Network Device IPS - page 28

    FortiGate IPS User Guide Version 3.0 MR7 28 01-30007-0080-200809 16 Creating custom signatures Custom signatures --pcre [!]"(/<regex>/|m<delim>< regex><delim>)[ismxAEGRU B]"; Similar to the pattern keyword, pcre is used to specify a pattern using Perl-compatible regular expressions (PCRE). A pcre keyword can be fol ...

  • Fortinet Network Device IPS - page 29

    Custom signatures Creating custom signatures FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 29 T able 5: IP header keywor ds Keyword and V alue Description --dst_addr [!]<ipv4>; The destination IP address. T o have the FortiGate search for a packet that does not contain the specified address, add an exclamation mark (!) be ...

  • Fortinet Network Device IPS - page 30

    FortiGate IPS User Guide Version 3.0 MR7 30 01-30007-0080-200809 16 Creating custom signatures Custom signatures T able 6: T CP header keywords Keyword and V alue Description --ack <ack_int>; Check for the specified TCP acknowledge number . --dst_port [!]{<port_int> | :<port_int> | <port_int>: | <port_int>:<port_int ...

  • Fortinet Network Device IPS - page 31

    Custom signatures Creating custom signatures FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 31 --tcp_flags <FSRPAU120>[!|*|+] [,<FSRPAU120>]; S pecify the TCP flags to match in a packet. • S : Match the SYN flag. • A : Match the ACK flag. • F : Match the FIN flag. • R : Match the RST flag. • U : Match the U ...

  • Fortinet Network Device IPS - page 32

    FortiGate IPS User Guide Version 3.0 MR7 32 01-30007-0080-200809 16 Creating custom signatures Custom signatures T able 7: UDP header key words Keyword and V alue Description --dst_port [!]{<port_int> | :<port_int> | <port_int>: | <port_int>:<port_int>}; The destination port numbe r . Y o u can specify a single port or ...

  • Fortinet Network Device IPS - page 33

    Custom signatures Creating custom signatures FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 33 Example custom signatures Custom signature fields and syntax are fully d escribed in this chapter , though using them to build a custom sig nature can be complex. It’s best to start with a simpler signature. Example 1: signature to b ...

  • Fortinet Network Device IPS - page 34

    FortiGate IPS User Guide Version 3.0 MR7 34 01-30007-0080-200809 16 Creating custom signatures Custom signatures The FortiGate unit will limit its search for the pattern to the H TTP protocol. Even though the HTTP prot ocol uses only TCP traffi c, the FortiGate will search for HTTP prot ocol commu nication in TCP , UDP , and ICMP traffic. This is a ...

  • Fortinet Network Device IPS - page 35

    Custom signatures Creating custom signatures FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 35 Example 2: signature to bl ock the SMTP ‘vrfy’ command The SMTP vrfy command can be used to verify the existence of a single email address, or it can be used to list all of the valid email account s on an email server . A spammer c ...

  • Fortinet Network Device IPS - page 36

    FortiGate IPS User Guide Version 3.0 MR7 36 01-30007-0080-200809 16 Creating custom signatures Custom signatures Use the --protocol tcp keyword to limit the effect of the custom signature to only TCP traffic. This will save system re sources by not unnecessarily scanning UDP and ICMP traffic. F-SBID( --name "Block.SMTP.VRFY.CMD"; --patter ...

  • Fortinet Network Device IPS - page 37

    Protocol decoders Protocol decoders FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 37 Protocol decoders This section describes: • Protocol decoders • Upgrading the IPS protocol decoder list • Viewin g the protocol decoder list Protocol decoders The FortiGate IPS uses protocol decoders to ide ntify the abnormal traffic p att ...

  • Fortinet Network Device IPS - page 38

    FortiGate IPS User Guide Version 3.0 MR7 38 01-30007-0080-200809 16 Viewing the protocol decoder list Protocol decoders V iewing the protocol decoder list T o view the decoder list, go to Intrusion Prot ection > Signature > Protocol Decoder . Figure 6: The protoc ol decoder list Protocols The protocol decoder names. Port The port number or nu ...

  • Fortinet Network Device IPS - page 39

    IPS sensors Viewing the IPS sensor list FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 39 IPS sensors Y ou can group signat ures into IPS sensors for e asy selection in protection profiles. Y ou can define signatures for s pecific types of traffic in sep arate IPS sensors, and then select those sensors in profiles designed to han ...

  • Fortinet Network Device IPS - page 40

    FortiGate IPS User Guide Version 3.0 MR7 40 01-30007-0080-200809 16 Configuring IPS sensors IPS sensors Adding an IPS sensor An IPS sensor must be created be fore it can be configured by adding filter s and overrides. T o create an IPS sensor , go to Intrusion Protec tion > IPS Sensor and select Create New . Figure 8: New IPS sens or Configuring ...

  • Fortinet Network Device IPS - page 41

    IPS sensors Configuring IPS sensors FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 41 T o view an IPS sensor , go to Intrusion Protection > IPS Sensor and select the Edit icon of any IPS sensor . The Edit IP S Sensor window is divided into three part s: the sensor attributes, the filters, and the overrides. Figure 9: Edit IPS ...

  • Fortinet Network Device IPS - page 42

    FortiGate IPS User Guide Version 3.0 MR7 42 01-30007-0080-200809 16 Configuring IPS sensors IPS sensors IPS sensor overrides: Configuring filters T o configure a filter , go to Intrusion Protection > IPS Sen sor . Select the Edit icon of the IPS sensor containing the filter you want to edit. When the se nsor window opens, select the Edit icon of ...

  • Fortinet Network Device IPS - page 43

    IPS sensors Configuring IPS sensors FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 43 The signatures included in the filter are only those matching every attribute specified. When created, a new filter ha s every attribute set to “all” wh ich causes every signature to be included in th e filter . If the severity is change d ...

  • Fortinet Network Device IPS - page 44

    FortiGate IPS User Guide Version 3.0 MR7 44 01-30007-0080-200809 16 Configuring IPS sensors IPS sensors T o edit a pre-defined or custom overr ide, go to Intrusion Protection > IPS Sensor and select the Edit ic on of the IPS sensor contain ing the override you want to edit. When the sensor window op ens, se lect the Edit icon of the override you ...

  • Fortinet Network Device IPS - page 45

    DoS sensors FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 45 DoS sensors The FortiGate IPS u ses a traf fic anomaly detection fe ature to identify network traffic that does n ot fit known or co mmon traffic p atterns and behavior . For example, one type of flooding is th e deni al of service (DoS) att ack that occurs when an att ...

  • Fortinet Network Device IPS - page 46

    FortiGate IPS User Guide Version 3.0 MR7 46 01-30007-0080-200809 16 Viewing the DoS sensor list DoS sensors V iewing the DoS sensor list T o view the anomaly list, go to Intrusion Protection > DoS Sensor . Figure 12: The DoS sensor list Configuring DoS sensors Because an improperly configured DoS sensor can interfere with network traffic, no DoS ...

  • Fortinet Network Device IPS - page 47

    DoS sensors Configuring DoS sensors FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 47 Figure 13: Edit DoS Sensor DoS sensor attributes: Anomaly configuration: Name Enter or change the DoS sensor name. Comment s Enter or change an optional description of the DoS sensor . This descri ption will appear in the DoS sensor list. Name ...

  • Fortinet Network Device IPS - page 48

    FortiGate IPS User Guide Version 3.0 MR7 48 01-30007-0080-200809 16 Understanding the anomalies DoS sensors Protected addresses: Each entry in the protec ted addres s table includes a so urce and des tination IP address as well as a destination port. Th e DoS sens or will be applied to traffic matching the three attributes in any t able entry . Und ...

  • Fortinet Network Device IPS - page 49

    DoS sensors Understanding the anomalies FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 49 tcp_dst_session If the number of concurrent TCP con nections to one destination IP address exceeds the configured th reshold valu e, the action is executed. ud p_flood If the UDP traffic to one destination IP address exceeds the configured ...

  • Fortinet Network Device IPS - page 50

    FortiGate IPS User Guide Version 3.0 MR7 50 01-30007-0080-200809 16 Understanding the anomalies DoS sensors ...

  • Fortinet Network Device IPS - page 51

    SYN flood attacks What is a SYN flood a ttack? FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 51 SYN flood att acks This section describes: • What is a SYN flood attack? • How SYN floods work • The FortiGate IPS Response to SYN flood att acks • Configuring SYN flood protection • Suggested settings for different network ...

  • Fortinet Network Device IPS - page 52

    FortiGate IPS User Guide Version 3.0 MR7 52 01-30007-0080-200809 16 The FortiGate IPS Response to SYN flood attacks SYN flood attacks After the handsh aking process is comp lete the connection is open and dat a exchange can begin betwee n the originator and the receiver , in this case the web browser and the web ser ver . Between steps 2 a nd 3 how ...

  • Fortinet Network Device IPS - page 53

    SYN flood attacks The FortiGate IP S Response to SYN flood att acks FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 53 A true SYN proxy approach r equires that all three packet s (SYN, SYN/ACK, and ACK) are cached and replayed even befor e it is known if a TCP connection request is legitimate. Th e FortiGate I PS pseu do SYN prox ...

  • Fortinet Network Device IPS - page 54

    FortiGate IPS User Guide Version 3.0 MR7 54 01-30007-0080-200809 16 Configuring SYN flood p rotection SYN flood attacks Configuring SYN flood protection T o configure the SYN flood prot ection 1 Go to Intrusion Protection > DoS Sensor . 2 Select Create New . 3 Configure the options for tcp_syn_flood. 4 Select OK. Figure 18: Configuring the syn _ ...

  • Fortinet Network Device IPS - page 55

    ICMP sweep attacks What is an ICMP sweep? FortiGate IPS User Gu ide Version 3.0 MR7 01-30007-0080-2008091 6 55 ICMP sweep att acks This section describes: • What is an ICMP sweep? • How ICMP sweep attacks work • The FortiGate IPS response to ICMP sweep att acks • Configuring ICMP sweep prot ection • Suggested settings for different networ ...

  • Fortinet Network Device IPS - page 56

    FortiGate IPS User Guide Version 3.0 MR7 56 01-30007-0080-200809 16 The FortiGate IPS response to IC MP sweep attacks ICMP sweep attacks Predefined ICMP signatures Ta b l e 1 1 describes all the ICMP-related pr edefined signatu res and the default settings for each. Note: The predefined signature descriptio ns in T able 1 1 are accurate as of the I ...

  • Fortinet Network Device IPS - page 57

    ICMP sweep attacks The FortiGate I PS response to ICMP sweep attacks FortiGate IPS Us er Guide V ersion 3.0 MR7 01-30007-0080-20080 916 57 ICMP sweep anomalies The FortiGate unit also detect s ICMP sw eep s that do not have a predefined signature to block them. The FortiGate IPS monito rs traffic to ensu re that ICMP messages do not exceed the defa ...

  • Fortinet Network Device IPS - page 58

    FortiGate IPS User Guide Version 3.0 MR7 58 01-30007-0080-200809 16 Configuring ICMP sweep protection ICMP sweep attacks Configuring ICMP sweep protection T o configure the ICMP sweep anomaly pr otection settings 1 Go to Intrusion Protection > DoS Sensor . 2 Select Create New . 3 Configure the options for icmp_swee p, icmp_src_session, and icmp_ ...

  • Fortinet Network Device IPS - page 59

    Index FortiGate V ersion 3.0 MR7 IPS User Guide 01-30007-0080-2008091 6 59 Index A alert email configuring 11 anomalies log messages 13 anomaly destination session l imit 48 flooding 48 scan 48 source session limit 48 attack log messages 12 anomalies 13 signature 12 C comments, documentation 8 Create New firewall policy 39 custom signature adding 2 ...

  • Fortinet Network Device IPS - page 60

    FortiGate V ersion 3.0 MR 7 IPS User Guide 60 01-30007-0080-200809 16 Index T technical support 8 ...

  • Fortinet Network Device IPS - page 61

    www.fortinet.com ...

  • Fortinet Network Device IPS - page 62

    www.fortinet.com ...

Manufacturer Fortinet Category Network Card

Documents that we receive from a manufacturer of a Fortinet Network Device IPS can be divided into several groups. They are, among others:
- Fortinet technical drawings
- Network Device IPS manuals
- Fortinet product data sheets
- information booklets
- or energy labels Fortinet Network Device IPS
All of them are important, but the most important information from the point of view of use of the device are in the user manual Fortinet Network Device IPS.

A group of documents referred to as user manuals is also divided into more specific types, such as: Installation manuals Fortinet Network Device IPS, service manual, brief instructions and user manuals Fortinet Network Device IPS. Depending on your needs, you should look for the document you need. In our website you can view the most popular manual of the product Fortinet Network Device IPS.

Similar manuals

A complete manual for the device Fortinet Network Device IPS, how should it look like?
A manual, also referred to as a user manual, or simply "instructions" is a technical document designed to assist in the use Fortinet Network Device IPS by users. Manuals are usually written by a technical writer, but in a language understandable to all users of Fortinet Network Device IPS.

A complete Fortinet manual, should contain several basic components. Some of them are less important, such as: cover / title page or copyright page. However, the remaining part should provide us with information that is important from the point of view of the user.

1. Preface and tips on how to use the manual Fortinet Network Device IPS - At the beginning of each manual we should find clues about how to use the guidelines. It should include information about the location of the Contents of the Fortinet Network Device IPS, FAQ or common problems, i.e. places that are most often searched by users in each manual
2. Contents - index of all tips concerning the Fortinet Network Device IPS, that we can find in the current document
3. Tips how to use the basic functions of the device Fortinet Network Device IPS - which should help us in our first steps of using Fortinet Network Device IPS
4. Troubleshooting - systematic sequence of activities that will help us diagnose and subsequently solve the most important problems with Fortinet Network Device IPS
5. FAQ - Frequently Asked Questions
6. Contact detailsInformation about where to look for contact to the manufacturer/service of Fortinet Network Device IPS in a specific country, if it was not possible to solve the problem on our own.

Do you have a question concerning Fortinet Network Device IPS?

Use the form below

If you did not solve your problem by using a manual Fortinet Network Device IPS, ask a question using the form below. If a user had a similar problem with Fortinet Network Device IPS it is likely that he will want to share the way to solve it.

Copy the text from the picture

Captcha
New picture

Comments (0)