Stop an ongoing DoS attack

Many server managers say that effectively stopping a DoS attack is impossible. This is only half true.

Under a DoS siege the majority of the server administrators will try to create a null route for each offensive IP, IP block or even whole subnets. This is done as an effort to keep the service online for legitimate clients, but deny service for the offenders. This is very time consuming operation as the IPs are faked so null routing almost always is impossible.

So what other methods are available?

I can tell you my experience only, and that is extremely simple. First, I start to look for the port the attackers chose. Usually and unfortunately this port is almost always port 80 aka HTTP. If the server became completely unusable and the number of connections is unbelievably high, then one simple step: shut down the ethernet card which handles the public network. No one will be able to use the server until you re-enable the ethernet card so this is a very cruel option in many’s mind. But why? If no one can access the server because the DOS attack, why is bad if I shut down the ethernet card?
And why do I shut down completely the traffic? This is again my own experience: the offender thinks that the mission was accomplished and simply gives up. I had only once situation when re-enabling the ethernet card after a few hours brought the offender back too, one occasion from a few dozen. So in my humble opinion it’s still better to have a few hours of silence than having a few hours of stress caused by the efforts of blocking the unwanted traffic.
On the other hand if the server didn’t deny the service yet, you may try to null route the offenders. It’s an extremely time consuming operation and if the IPs are faked… well. You can’t really null route. But if you desperately want to keep the server up and running, you may try it. Be prepared for great stress, have your coffee machine prepared too, and if you smoke, a few packs of cigs in the nearby is also required.

Another option I heard about is a bit more interesting. But it involves DNS administration so you should be familiar with it before start it.
Let’s take the following situation: you have www.example.com functioning on the 192.168.0.1 IP. When you observe that your IP is under attack and your website functioning under the example.com domain became slow, you move your domain name under another IP on another server, the offenders will still attack the old IP but they cause no trouble since that IP is out of service.
This is very beautiful in theory, but in real world may function or not. Usually doesn’t, since while the update in your DNS travels through the whole world, your website may be already on its knees.

What can be done to just not experience DoS attacks?

To be prepared for the attack. There will be always black hat hackers and hacker kids in suburban basements who has nothing better to do but try to offend websites or whole servers, so our only option is to be prepared. Better said, the datacenters.
DoS attacks can be recognized quite easily, there is a listening system installed on every major internet backbone too. What they can do is to early recognize that something is happening and start to block the malicious traffic while is born.
Choose your provider wisely. If you want a good hosting solution go with well known web hosts like GoDaddy or MediaTemple. If you need servers, choose well known data centers like RackSpace or Softlayer. They are all prepared for DoS attacks and can help you in no time.

If you go with a server, a must have is a good hardware (!) firewall, which can distinguish the good traffic from the bad one, then block the unwanted. This kind of firewalls, stateful firewalls are manufactured by Cisco for example. They do a hell’a good job.
Other than that, you can only beg for mercy. Nothing else. Every system is vulnerable to these attacks at any time, it’s not just you. The only difference is how much the servers can survive without being killed.

What is null routing and how to use it

There are times when a server admin has to re-route some of the traffic coming from specific IPs. This is called null routing.

OK, now simpler: say, 192.168.0.1 is trying to connect to your server. You know that this IP has bad intentions so you decide to block it. Creating an IPTables deny entry is one of the options, null routing is another (adding an entry in the routing tables), more effective one. Why? Because while IPTables is only a software, null routing happens on the server’s level, thus putting less strain on the hardware.
Null routing means basically that you block the IP, but you can also re-route it. For example you can easily re-route it to the loopback address, 127.0.0.1, thus when the client tries to connect to the server, the server instantly redirects the connection to the client’s address. This is often called blackhole routing.

Null routing is the preferred option when a server is under DoS siege.

How to create a null route.

The offender’s IP address in my examples is 192.168.0.1, the gateway mask is 255.255.255.0 and the new route is 127.0.0.1 . Obviously, you replace these values with the offender’s IP and the preferred route.

on Linux, you log in as root, and type:
route add 192.168.0.1 gw 127.0.0.1 lo

On Windows based systems it seems re-routing is not really possible. You can specify a gateway to use to route a specific connection through, but my experience is that it’s just not working in the way I would like to. Even though Microsoft Support tells me the contrary.
Anyway, the shell command you should use for rerouting on Windows based systems is the following:
route add 192.168.0.1 MASK 255.255.255.0 127.0.0.1

The problem is that this created for me a loop, but on the wrong side: on my side.

How do you recognize a DoS attack

Early recognition of a DoS attack is essential. This post will help you learn how to recognize a DoS attack so you can take necessary steps.

In my previous post, I talked about DoS attacks in general (see end of the post for the link) and if you’ve read it, you know how are they working. If you didn’t read it, do it now then return here.

When a website is under DoS siege, the most prominent effect is that the website becomes slower and slower as the time passes by and the number of incoming connection increases to the point the webserver either resets (in my humble opinion the best thing) or denies to serve.

In one of my previous posts I mentioned that a webserver, for example Apache can handle only a limited number of connections. This number solely depends on the architecture of the webserver’s core, the amount of available hardware resource and how the server manager configured the webserver. This only applies to standalone servers, not balanced ones or mainframes. In how much time will the server becomes unusable, solely depends on the above factors. For example a server with high amount of RAM could handle a very big number of connections, if the configuration of the software allows it.

So, the first eye-blowing effect of a DoS attack is the enormous number of unexpected connections.

The architecture of the webservers is designed so that when a connection is opened, it isn’t closed for quite a lot time, usually 250-300 seconds. So when a DoS client connects to a server, it’s not disconnected for the TTL time. Imagine thousands of connections waiting to close.

As per the above paragraph, the second prominent thing which happens with a webserver is that there are a lot of unclosed, waiting connections.

The web server allocates an amount of hardware resource for each incoming connection. Under a DoS siege the number of connections is enormously high, thus a lot of hardware resource is consumed. First the RAM will be not enough, when the RAMs are filled up the server will try to use the hard disk thus causing the server to “swap” but as there is not enough RAM the CPU neither will be able to handle a thing. The server is on its knees.

So, the last thing you should observe is that the server load is too high. I say this is the last you have to look for because if only this applies to your situation, it’s most likely you are not under a DoS siege but either a misconfiguration happened on the server’s level, or a bad-written, low quality script is using up the resources.

What is a DOS attack and how to initiate it

The best method to deflect an attack is to understand how the offender planed his attack, thus you know what will happen next or how to stop a previous action.

This post is about the basics of a distributed DOS attack. DoS is the abbreviation of Denial of Service. I won’t list everything you need, not the software you need nor anything which you can start a DOS attack with, but the architecture of such an attack to help you form a picture about how the DOS attacks works thus help you avoid them.

First of all, what is a DoS attack?

DoS stands for Denial of Service. Basically, a server is bombarded with fake traffic until it denies to serve normal traffic coming from legitimate users. DoS is a relatively new thing on the internet and they can be temporary or permanent. Temporary is when it can be let’s say fixed easily and permanent is when it can’t be fixed with a simple reboot or by shutting down the ethernet port. Permanent DoS is very sever as it rewrites a network component’s firmware, thus the owner of the hardware either replace it or re-rewrites the firmware (usually replacing is advised).

There are many types of DOS attacks, the most common are probably the ICMP floods. ICMP is a protocol on which the ping requests are handled and as almost every server will respond to ping requests, they are vulnerable to these type of attacks.

So, what happens in the background? A user with connection superior to the server’s which will be attacked, sends a high amount of ping requests to the server and keeps sending them until the server is brought down. Sounds simple? It’s not. The above example is oversimplified, there is involved one other step which i didn’t mention: the IP faking.

So, how ping is working?

1. user initiates a ping to a specified server.
2. the server receives the request
3. the request contains data about where the server has to reply, the initiator’s IP address. The server replies to this address
4. the initiator acknowledges the answer and the connection is closed

So how to initiate a DoS attack

The problem occurs when the pinger’s IP is faked as the server will try to answer for the request but as the address is faked it can’t. One issue with this: as the architecture of the web servers is designed so that if a connection can not be handled, the connection is kept open for a very long time. Too many connections open will bring the server on its knees in no time, mostly if there are not enough hardware resource like RAM.

Of course, modern web servers will not be brought down with only one offending client. An attack to a well designed webserver, network component or network is much harder and requires more offenders. The attack should be synchronized very well and distributed over many, a few hundred or even thousand and even millions of attacking PC, solely depending on how advanced is the attacked party.

So how DoS is possible then?

The easiest way the hackers achieve to sync and distribute the attack is that they, let’s say hire spammers to send spam containing either links to malware which is used as a DoS client or the message has the malware attached. When the user clicks the link or opens the attachment, the script installs itself as a service on a Windows based OS.

On a side note, it’s interesting that the most expensive OS is in the same time the most vulnerable to malware and virus attacks, too.

The whole of the PCs which has this malware installed is called botnet.

The installed malware will start to work on a specified time and date like in MyDoom’s (Link to Wikipedia article, read it, it’s very interesting) case when millions of computers started synchronized distributed attack against several websites. This is called DDoS, abbreviation for Distributed Denial of Service. It’s incredibly effective against lower end web servers and can put offline even high-end architectures like Google’s search back-end network.

Next article is about how to recognize DoS attacks.

If something is not clear, feel free to ask.

The end of the CAPTCHA era

Every webmaster should know what a CAPTCHA (abbreviation for Completely Automated Public Turing test to tell Computers and Humans Apart) is, but for who doesn’t know, the little images with obfuscated text on it under the registration forms or comment forms are CAPTHCAs. They are meant to stop robots, for example spam-bots from registering on a website or to post unwanted, spam comments. They are very effective. But the problem is, they are easier to brake than many thinks.

Braking, hacking CAPTCHAs

I am not a good desktop-software developer, but even for me, took less then 2 days to write a .NET software which can recognize with quite high reliability (over 80%) the characters in random CAPTCHAs i found on the internet. I was one step away from releasing a SPAM-Bot with CAPTCHA recognition as all I would have need is a network connector, a script which handles the data transfer on TCP between my PC and the remote website.

So, why are these CAPTHCAs so easy to break?

Basically these are just text, random letters and numbers on a random background then saved as an image file. When braking these images, the software has to follow these steps:

1. separate the background and the foreground
2. segment the characters from the image into separate blocks
3. finally, match the blocks with templates, so all the letters from the dictionary plus the numbers

I think it’s too simple.

If a spammer team hires humans to decipher CAPTCHAs, the situation is even easier. In 3rd world country anyone would do it for a price of $0.0001 per CAPTHCA. Someone who is good enough, can solve about 5000 CAPTCHA’s per day, go figure. How much the spammers earn with their spam-campaign i have no idea, but since they doing this i figure way more than i would think.

So,

How to stop spammers effectively?

It’s very hard. A very good initiative is the Akismet project. Before a comment appears on a website is submitted to Akismet which will try to identify if the text from within the comment could be spam or it’s a legitimate comment. The effectiveness of this service is incredibly high. Sincerely, I didn’t see a spam comment on any website which is protected by Akismet. But this service has a great vulnerability: the service is free and the threshold the comments are matched against, is practically a database. The spammers use random text for their comments, so the owners and developers of Akismet have to update their database day-by-day, the database can only grow and updating the database is also time consuming… for a free service is not a good thing. They will either have to go further as a payed service, get sponsors or to give up. Neither one is an easy decision.

Another good alternative would be to make a website registration dependent and the registration data to be obtained from a trusted third-party which verifies extensively the identity of the users. Such initiative is OpenID. If the third-party which verifies the identity of the users - these entities are called OpenID Servers, such server is for example Verisign, one of the most trusted entities on the internet- makes a good job, the spammers can’t pass through the net thus can not post unwanted commercial comments. If the OpenID Server doesn’t do a good job, then the whole thing is meaningless.

And the list of the possible options has been exhausted… I think. If you know more, let me know.

Now let’s see what upgrade options for the CAPTCHA system would be possible. The official CAPTCHA website lists some great ideas, but at the time of my visits neither worked. The first is that they take hand-written (or not) words from old books and while a user types the letters (and numbers), they also digitize the books. Well, maybe it’s just me but this is the old CAPTHCA refurbished.
The second interesting initiative is a… I have no idea as it’s not working. They neither list any detail but, that it’s their newest CAPTCHA. Good to know.
And the last: 4 random images which relates in a way or other with each other. The user has to choose then the thing which is related to each image.

The last initiative I think is the most reliable and the same time unbreakable initiative as I can’t think of a reliable(!) solution which could recognize random objects from an image, of course i might be totally wrong.

Do you know of another solution which might work on a grand scale? Share your thoughts, the comments are open.

The meaning of the ads on a site

I was wondering what the common internet users think about the AdSense and other types of ads on websites. Me being a web developer (too), I know their meaning: most likely they keep the website rolling. Now let’s see some stuff about this subject.

First, let’s point out some basic things in Internet Advertising. Who is the publisher and who is the advertiser? The publisher is me. I publish ads on the top and in the navigation sidebar of my website. Both ad blocks are paying only if a user interacts with them, so if you click (DON’T DO IT NOW) one of those ads I get some money. But don’t think my pocket will be full in no time! No. These ads usually pays very small amount. My experience is that the advertisers set a very low price for one very obvious reason: they want to pay as little as possible and earn as much visitor as possible. So the advertisers are who created those ads. If you click on an ad, you will be taken to the advertiser’s website and the publisher receives the commission for the referral.

Now let’s see the advertisement types. There are three I will mention now: CPM, CPA and CPC. Don’t be scared, I explain each below.

If the ads are CPM based ads, they keep the site rolling OK. The user doesn’t have to interact with the advertisement to generate some tiny revenue for the website when talking about CPM ads, so these are the most convenient ones if a website has many thousands of visitors. CPM ads are usually so called ‘branding’ ads and they are used to, well, to brand. Again usually, these are image ads not text ads. For example, the below ad SHOULD be a CPM ad coming from Google AdSense. Since the publishers have no great control over whom ads are displayed, theoretically on each page load this should show a new ad and Google decides what type of ad and which advertiser’s. If there is no CPM ad available for the context of this post, it will show a CPC ad. If no CPC ad is available, it will show a … nothing.

There are two other type of ads I mentioned above: CPC and CPA. Well, there are more, but for example I consider pop-unders and pop-ups an extremely annoying and idiotic thing, not an advertisement. So, the CPC ads are Cost per Click ads. This means that the advertiser who created that ad pays for the publisher only if a user actually clicks that small ad. And only then. An example for the CPC ad is shown below. These are usually text based ads. The greatest CPM and CPC advertisement networks are Google AdSense and Adbrite. I feel that Adbrite pays a bit better than AdSense but it pays only with checks which I don’t really like. AdSense offers Western Union electronic transfer to pay the publishers (in a few countries) which is extremely convenient for me. Also, AdBrite’s engine shows more CPM ad, which on a high traffic website is an extremely good thing.

On the other hand, CPA or Cost per Action/Acquisition pays even harsher case: the user who clicked the ad has to do something on the advertisers website. The advertisement from the very top of this page, actually all of the pages on this website, are CPA ads. The greatest CPA ad networks are DoubleClick and CommissionJunction.

So, as a last word. I know that the common users already formed a so called “ad blindness” which typically means that they simply don’t see the ads, but sometimes, especially if you like the website, you should try to forget about that blindness

Image Hosting: A good business or a complete failure?

Lately, more and more image hosting services appeared on the net. Even though i think the business starts to be saturated, I see each month new image hosts on the forums. Then after a short time disappearing… So, let’s see the cons and pros of why to have, or not an own image host.

As I said in one of my previous post, I manage one of the image hosts and worked for one of the oldest and biggest ones. What I saw in the very first moments, is the enormous transfer rate of the image data. There were moments -better said almost always,- when a 100mbit connection’s download band was completely saturated. That means that in one month the webserver transferred 32 Terra Bytes of data. Even if the owner of the image host found a good uplink provider, that means 3200 US dollars… in one single month.
So, after the above calculation, I was thinking of how to cover the costs of the server. 3200 dollars is a smaller fortune, so covering that cost isn’t so easy.
At that time, the following options popped in my mind:

1. The most obvious: Ads
2. Subscription based service
3. Donations

The ads. As I see on every host, this is the one the most opt for. The problem with the ads is that not all networks allow any type of content. So, depending of what the owner of the image host decide to deny to host, finding a good network might be very hard. There are two type of image hosts: one which allows adult images, and the one which doesn’t. If the owner decides to let adult material to be hosted, it will be hard to find a good advertising network which allows adult content. My experience is that BlackLabelAds is the one which pays the best, especially their full page ads and allows adult content. If the owner decide to not allow adult content, even Google’s AdSense will do the job. The only problem is that one of the biggest, well, better said greatest non-adult image host will suck the owner’s clientele like a magnet, and if there are no visitors, the ads don’t pay at all.

Either case, the ads are paying only if they are fetched on the host. So the owner has to bring visitors to his/her site. And NOT the uploaders! The users which has account stay about 10 seconds on the image host. That’s not enough at all, for anything. So, the owner has to bring somehow else the visitors to his site. The most convenient way is to don’t let the uploaders display full size images on the remote sites, but thumbnails which are hotlinked to the original image. This has two effects: it reduces the bandwidth consumption considerably, and will bring users to the site.

Another option to cover the costs of the server is to offer subscription based service. Only a few hosts do this, so probably is not a too good idea. Let’s see why? One single reason pops in my mind: users don’t pay for something which exists in free version too. The owner may have some subscribers, but not too much. If he wants a lot of subscribers, will have to advertise the site massively, and advertising costs…. a lot! So this option to sustain the site is not the best. Possibly the existent users will be very happy with the service, but the owner will not have an acceptable revenue.

The last option I listed is to accept donations. Would you donate for a service just to keep it running? And is free anyway… Most will say no

Another issue with letting users upload files to the server is that the users will upload files to the server :). This can be a very big security risk and usually webmasters doesn’t allow file uploading to not let users with bad intentions to exploit server resources or to upload malicious software, scripts to it.

The number of concurrent connections can also be a problem. Apache can handle a limited number of connections and if you don’t set the MaxClients directive wisely, the whole server will go down the hill. For example, if you set a too low number, the connections will be queued, then if too many users in the queue the server will not be able to handle them and the connection will time out. On the other hand if you set a too high number for MaxClients and you have not enough RAM, your server will deny to serve as each process eats up some RAM, too many processes, not enough RAM and the server will hung.

So, as a final word, starting an image hosting service is a very bad idea in my humble opinion. I can’t list any good reason of why to start another one.

Let me know what are your own thoughts on this subject. You could even try to convince me that it’s a good idea

Ban IP on server level after a number of unsuccessful logins

This is a widely used function amongst the server managers. Depending on your system configuration, the server will ban the enforcer’s IP, either putting it in the firewall’s deny list or, on Linux servers with IPTables installed, will put the IP in the drop list.

To achieve this feature, the easiest way is to install a software firewall. My recommendation is CSF, Configserver Security & Firewall developed and maintained by Way To The Web Limited. It’s an extremely efficient software, and integrated into WHM is very easy to manage it, even a beginner can handle almost everything.

So, if configured correctly, CSF has a, say, extension: LFD or Login Failure Daemon.

This stuff is what we search for at the moment. You can configure which ports to listen on, so if the enforcer tries on SSH, POP3 or FTP and even HTTP authentication, it will get banned after a few tries.

You can also put IPs to its ignore list. This is very useful feature if you don’t want to get yourself banned.

Country bans: Good or not?

During my daily routine, when I check all the sites I have to, Google Webmaster Group, and other forums I visit, I noticed a, well… Let’s say trend: more and more webmasters think that it’s a good idea to ban whole countries from their websites and servers. So is this wise or just a result of a momentary panic?

Let’s see first why would do it? The most convenient explanation would be that you get attacks, let it be SPAM or DOS, from a specific country and to stop it, you just ban the whole country. Let’s say you have a basic server, running Apache. To ban a country is quite easy, you supply a feed with the IPs you want to ban and you’re done. Even with IPTables would be easy enough to ban a country, say most half an hour with searching included.
Let’s take a small number of aggressive clients, say 1.000 clients concurs for connection to the servers/website, and you decide to ban a whole country. The most offensive country at the moment of this post is China. China has approximately 1/6 of the World’s population. Basically if you ban 1 billion people from accessing your site just because of those 1.000 who are attacking it, well… it’s pity. You can only lose, mostly visitors coming from search engines. You will have you webserver standing steadily, but you lost revenue, as visitors equals revenue. And as a general rule of the thumb, the aggressive clients WILL give up after a moment, switch off the server, shut down the ports they are using for an hour, something, anything, but ban a whole country?!

The second case, you ban countries just because you don’t offer anything for those countries. Or you think you don’t offer.
This was very painful for me to learn, but for some reason big corporations’ webmasters do it often, and it’s so frustrating. I test a lot of IT equipment, usually stuff which didn’t appear yet in my country, I try to visit the manufacturer’s website to download a driver and I can not, because the IP I have, and all the country has, is banned from the server I want to access! How foolish…

Recent case is one of my tests with an eMachines notebook. I knew the firm is owned by Acer, yet Acer has no drivers for eMachines equipments. I check the website, emachines.com and miracle: I can’t access it, it times out. This is a common case when your IP is banned on server level, since the server won’t serve you anything, no 403 message, no nothing, not even a single ICMP package. So I tried to access the website through a server which is located in a different country, still in Europe. No luck. After a few more tries with EU servers, I try with a US server, located in Dallas. And what a joy: I could access the above link. Later I tried with a Canadian server and I could access the website. In total, I tested it with 46 servers which are under my management, and ONLY the US and Canadian servers could fetch the site.
Yet, eMachines started to export notebooks in my country and since they are cheep, people buy it like sugar, but their only option is the provided driver CD/DVD… which is not good for XP
So if you need an XP driver for something, you either code it for yourself (i know), or you switch to Vista as the drivers provided on that media is good only for this OS.

So, what do you think, is it good to ban a whole country or not?

Hanns-G LCD Monitor: A must have or a fear of?

If I’m already in testing pc components, peripherals and laptops, I accepted to test a Hanns-G, HU196D 19″ LCD screen.

My own monitor is a Philips 22″ 220EW8FB/05, an extremely good and beautiful screen, so when I heard about Hanns-G, my first impression was “What the heck is that”. The guy from the magazine I tested the monitor for, brought a plain box with one single inscription: Hanns-G. I expected something more, but whatever, not a problem I though.

When i pulled the monitor out of its box, I was shocked: the design of the monitor was quite nice, the shapes rounded, the LCD matted, reflection-less and the finishing was high quality. Not bad for the first impression i guess.

Then I tried to attach the stand. I work with computers for a long time, but this fight was the hardest: I figured, mounting a stand on an LCD is a 2-3 second job; I was totally wrong as it took me about 20 minutes and the help of a sharp knife. The slots where the LCD should have pop in were not perforated very well and i had to effectively cut the excessive plastic off before I could mount the LCD on the stand.
Well, done, the monitor was standing on “its own feet”, I plugged the VGA cable in, then the audio jack lastly the power cord, linked to the PC both, then switched the monitor on.

The first OS i was testing on was XP. The quality of the image was… well. Wow! Amazingly sharp. And the best is: I didn’t have to install anything as I got no CD/DVD or any other media with the monitor. XP installed the screen as Plug&Play monitor, and that’s all. The Windows Update service neither returned any drivers. After a quick search on the allmighty Google returned absolutely no information regarding any usable driver, but I guess I shouldn’t even need any, as the screen works as it should.

The second OS was Vista. I guessed it will recognize as a Hanns-G monitor (it will read it from the monitor’s ICs), but it didn’t. It knew the screen is an LCD monitor, also that is plug&play but nothing else. I thought the Update Service will find something as it’s smarter than the one bundled in XP, but again I was wrong as it didn’t. So I just used it as a plug&play monitor.
The quality of the image under Vista, well, a good advice: switch font smoothing off. With smoothing on the image was unexpectedly ugly. I’m don’t have a designer’s eye, but I guess if a designer would have see the quality of the image, would have cry like a baby. If you turn the smoothing off, the quality is the same as in XP’s case: a wow.

The monitor has 5 buttons below the screen:

1. Auto-Adjust: it auto-adjusts what you see on the screen, to best fit the screen
2. Volume-down: as it has integrated speakers, this is a volume control to turn the volume down
3. Switch On/Off: well… :|… guess it
4. Volume-up
5. Menu: read below

Pressing the button labeled with an “M” in the button-bar will bring the the On-Screen-Display up. This is simple and straight forward: you have 8 menu-points.

1. Brightness
2. Contrast
3. Image settings: you can control the position the image, the clock, the phase
4. Color Settings: the color grade. It has 3 presets: 5500 K, 6500 K and 9300 K and you can define your own as well.
5. OSD: control how the OSD looks and acts like
6. ETC: some misc settings like volume, DOS mode (text or graphic), VGA settings and restore factory defaults
7. Input Setting: Analog or Digital
8. Exit

Generally, the LCD is awesome: it acted well in any situation, the heat emitting is very reduced and the screen doesn’t reflect a thing. Compared to it’s price, $~200 + 19% VAT where I live, si an excellent choice if you don’t want or can’t spend a fortune on an LCD screen. My score would be 9.5 of 10.

Next Page »