I-BLOG
Never go to bed mad. Stay up and fight!
India :: World’s Top Virus Producer, SIGH!
Sep 7th
We’re at the top for all wrong reasons…. Still the top SPAM position to be acquired 
According to a recent study of Internet threats by Network Box, India surpasses the US as the top most virus producer.
Globally, India alone is accountable for 13.74% of viruses, which was 9.5% in July, 2010. It is followed by Russia, which is at second place in August, 2010. Russia’s average rate of viruses on a daily basis increased from 4.01% in July, 2010, to a little bit above 11% in August, 2010.
As a virus producer, the US calculated for a rate over 8% of the entire detected by Network Box, which is considerably lesser than 14.65% in July, 2010. The UK virus levels also came down to 2.5% from 5% in July, 2010. Globally, the UK is now the seventh-largest producer of viruses, which was fourth in July, 2010.
The US retained its position as the world’s leader in generating spam, with a daily average of 12.2%. The other two positions were acquired by India ( second) with 7.69% and Brazil ( third) with 5.4%.
Network Box’s Internet Security Analyst, Simon Heron stated that, continuous change in such kind of data reflected the adaptability of cybercriminals, as reported by InfoSecurity on 31st Aug, 2010.
He also added that, the country sources of such kind of Internet threats moves every month, which reflected how fast the cybercriminals could shift their operations throughout the world and initiate attacks. Organizations are required to be alert and make sure that they are not attacked by hackers while using new applications and techniques.
It is also being reported by Network Box that the largest amount of firewall blocks stems from the US with 18.3% and Korea with 13%. While commenting on these findings, Simon Heron stated that it was amusing to see that UDP: 137 (NetBIOS’ name service) was the second most attacked port. It was absolutely necessary for the organizations to examine their firewall rules, as these data showed that there had to be some system available with this port open to the Internet, as reported by Malware Research Group on 31st August, 2010.
He also added that, web proxies were seemed to be worth checking as TCP: 8080 was third on the list, which showed that cybercriminals perceived this as another backdoor entry.
Source :: SPAMFighter
Windows Driver Updates (Automatic)
Sep 6th
How often do you update the drivers for the computer/notebook? I did a Google search of this and found out 2 interesting things about it;
1. Users prefer not to update their drivers and the main reason is they are vary of issues that might happen once the new drivers are installed.
2. Users think of driver update the same way as Windows Update, in fact; I saw couple of forum comments mentioning about windows update can break system since M$ releases unstable stuff, so you have to wait.
Pretty much this seems to be the mindset for a lot of folks. Well, I’m a strong believer of update everything when an update is available. So I use for most purpose an aggregate updater service for my software/hardware.
I use Windows Update regularly.
I use 3rd party software upgrade aggregator like the one ‘filehippo.com’ provides. Also use the ‘Secunia PSI’ software – the use of this helps me in 2 ways. If there are instability in the programs, that is why the update is appearing in the first place (for example, take the adobe reader update to patch the vulnerability which was hot couple of weeks back. Secunia PSI helps identify outdated/old program files and helps us derive a score of the machine and helps finding out a download link for the updated software as well.
Now, when it comes to hardware drivers, I do the same thing. Had evaluated a lot of auto updaters/aggregators but seems most of them are paid versions (this is one area where there is not much choice), else it’d be requiring a lot of registration and uploading of your current drivers to that the database can be build (which I guess is good).
Recently I found out something good in this front too and from 2 days of evaluation, it looks like I’m going to keep it.
It is called SlimDrivers, tried it on both my home PC and laptop, it detected most of the drivers and above all, without any mistakes! My laptop is a standard Thinkpad T series and I have the nVidia Quadro NVS 140M. It is a pain to find an updated drivers for this from nVidia’s site itself, and filehippo.com updater makes mistake when it detects this too, after download – you may not be able to install it. However this time, with SlimDrivers; it was a breeze. It is still in beta and I hope they keep it free for ever. Try this out, it is cool.
They do have computer cleaner as well (pretty similar to CCleaner, looks almost the same).
Intel acquires McAfee!
Aug 19th
The acquisition spree continues…. Now this looks a little strange at first glance but I’m sure if Intel is paying up $48 per share in cash there is something more aimed at it? Are we looking at an era where security is build on to the chips itself? Looks interesting…
News Highlights:
Press Release:- [ Here ]
Firefox Search Plug-In for Juniper Knowledge Base (KB)
Aug 10th
Use a lot of Juniper equipments/configuration samples/guides etc? Some time back I had written a blog post on getting information on Juniper products which are relevant and with examples was to search it at http://kb.juniper.net
Read here {http://www.rsivanandan.com/2010/01/24/documentation-for-juniper-devices/}
There is a much better way if you use Firefox. There is a search plug-in that you could use to integrate it with Firefox and have the term/configuration you want directly from the browser.
Can’t wait to get it? Head straight to http://kb.juniper.net and below right hand corner, you can see ‘Install Search Plug-in’.
Install it and there you have it;
An example page that I searched was looking as below;
Have fun…
rsivanandan.com is Mobile Friendly now
Aug 5th
When I started off this site, this was rather a note to self kinda thing and over years I learnt that people actually do visit my site. So recently, very very recently I signed up for Google Analytics to see how much really is the traffic onto this blog.
Prior to that, I thrived to avoid adwords/analytics etc, just ‘coz it was of no interest to me; remember, this was a blog to self and was never intended to do business. So I decided to check how much traffic do I get;
The Google Analytics says that for about a month, I got a total of 1254 visits with an average of 1.44 pages/visit. A rough average over a period is 41 visits per day, looks like a small number? Well, it may be a very small number but for someone who never thought someone would even visit this page, this is a big number. Again, I’m not after ‘reaching 1000 visits a day’ target kind of mission here.
Minimum visitors during the whole period was – 16
Maximum visitors during the whole period was – 75
Again, Analytics did a map overlay of regions people are using this;
This tells me that, I have over 19% of people who’re directly coming over to this site, while majority is referral of Google and other search engines. Geography wise North America and a bit from India/Europe etc…
At this time, the biggest technology industry seems to be Mobile Phone industry with Android breaking iPhone revenues (still can’t believe, a whopping 886% growth for Android from 2009, man – now that is some number!). So I decided to make this blog mobile friendly for those who might be interested in browsing/reading stuff here from their handhelds. One plugin did all those possible, MobilePress, and of course wordpress is just great!; tried using with my Xperia X10 (runs Android 1.6) and it worked just great. Seems this plugin actually offers more to the iPhone users…
Folks, try it out and lemme know. I would be glad to hear!
PPTP Pass-through through Juniper NS 5GT Firewall
Jul 16th
Got a question on this one in my comments page and hence thought of putting it together. Say there is a PPTP server residing on the trust side of your NS firewall (applicable to all/most of the NS firewalls running Screen OS). For simplicity, assuming that the device is in NAT mode and you want to allow connections coming from internet for PPTP VPN, follow the steps here;
First create a custom service to address the PPTP requirement (This is Microsoft windows specific);
set service CustomPPTP group "other" 47 src 2048-2048 dst 2048-2048
set service CustomPPTP + tcp src 0-65535 dst 1723-1723
The first line above creates a custom service named “CustomPPTP” with protocol number 47 (GRE) with source/destination port as 2048.
The second line adds to the same service for PPTP (port 1723 TCP).
Then the next step would be to NAT the internal PPTP server to publically accessible server using a public ip address. Here we’d use the same address assigned on the untrust interface (single public ip available scenario);
set vip multi-port
set interface ethernet0/0 vip 2048 CustomPPTP 10.1.1.10
The first line above states that it is a multi-port VIP. Normally a VIP listens only on a single port, if a single ip address is used and you want to have multiple ports forwarded, multi-port VIP is needed.
The second line above sets a VIP for port 2048 for the internal server (PPTP Server) 10.1.1.10 (assuming the ip of the internal PPTP server to be this).
almost done; the only thing pending is a policy to allow traffic to pass through this condition;
set policy from untrust to trust "any" "VIP::1" "CustomPPTP" permit
The above policy allows any machine from untrust zone (internet) to connect to VIP address (trust zone) for the service “CustomPPTP”.
Just save the configuration and you should have it working just fine…
Block Facebook using Juniper SRX
Jul 13th
Continuation to the last post of MPF on Cisco ASA series, Juniper’s nextGen firewalls (SRX series that run JunOS software) can also be used for blocking unwanted sites. While SRX supports integration to SurfControl/WebSense etc, this post is more focused on the inbuilt capabilities just like what Cisco’s ASA had.
UTM feature (Unified Threat Management) is integrated into SRX devices. So in order to block a site(s);
1. First create a custom block lists to contain the websites that you want to block.
custom-objects {
url-pattern {
badsite {
value www.facebook.com;
}
addictivesite {
value www.twitter.com;
}
}
custom-url-category {
bad-sites {
value [ addictivesite badsite ];
}
}
}
As you can see, the custom URL category block list above contains the site ‘www.facebook.com’ and ‘www.twitter.com’ and based on the preferences time-eating sites like facebook/twitter/myspace etc can be used in here. Again, the advantage is that it doesn’t deal with ip addresses and hence very effective how many ever servers are hosted around the world.
2. Then create a web filtering policy to allow the traffic after screening the type/site to which the traffic is going to, as below;
policies {
from-zone trust to-zone untrust {
policy utm {
match {
source-address any;
destination-address any;
application any;
}
then {
permit {
application-services {
utm-policy wf-block-specfic-categories;
}
}
}
}
}
}
utm {
feature-profile {
web-filtering {
url-blacklist bad-sites; #This causes sites in the bad-sites category to be blockedutm-policy wf-block-specfic-categories {
web-filtering {
http-profile block-selected-sites;
}
}
}
Along with this, SRX also supports usage of ‘Custom Block Messages’ and also make this time bound. Say if you don’t want to block it completely but just block it during business hours that is possible too by scheduling policies.
Modular Policy Framework (ASA)
Jul 5th
Productivity increase by blocking non-project related sites is one of the myth that I’ve seen a lot on various online forums and as well there are always counter research data as to this has nothing to do with ‘increase in productivity’. I guess, I kinda agree too (Well, I know one of the leading IT companies who doesn’t give computers with internet access to any employee and only the lead/manager has it, that too restricted).
So putting aside the arguments, one of the issues with blocking outgoing connections based on IP has always failed (imagine the cloud of servers, if you were to block say yahoo mail). Now the Modular Policy Framework does support regex checking in the URL header to see which site it is going and block it, if you’d like to.
Here is the Cisco article describing the MPF in details {Here}
Now how do you block say access to facebook or myspace, from being utilized by your employees?? Pete has a good write-up on it and hence I’m not going to write it again here.
In short the configuration you need is; Thanks to Pete for providing such a detailed write-up.
On the Global Policy
————————————————-regex domainlist1 "facebook.com"
class-map type regex match-any DomainBlockList
match regex domainlist1
class-map type inspect http match-all BlockDomainsClass
match request header host regex class DomainBlockList
policy-map type inspect http http_inspection_policy
class BlockDomainsClass
reset log
policy-map global_policy
class inspection_default
inspect http http_inspection_policy
service-policy global_policy global
———————————————-With its own policy
———————————————–
regex BLOCKED_DOMAIN_1 "www.facebook.com"
access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS extended permit tcp any any eq http
class-map type regex match-any CLASS_MAP_BLOCKED_DOMAIN_LIST
match regex BLOCKED_DOMAIN_1
class-map type inspect http match-all CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
match request header host regex class CLASS_MAP_BLOCKED_DOMAIN_LIST
class-map CLASS_MAP_HTTP_TRAFFIC
match access-list TRAFFIC_TO_INSPECT_FOR_BLOCKED_DOMAINS
policy-map type inspect http POLICY_MAP_HTTP_INSPECTION
parameters
class CLASS_MAP_DEFINE_TRAFFIC_TO_INSPECT
drop-connection log
policy-map POLICY_MAP_OUTSIDE_INTERFACE
class CLASS_MAP_HTTP_TRAFFIC
inspect http POLICY_MAP_HTTP_INSPECTION
service-policy POLICY_MAP_OUTSIDE_INTERFACE interface outside
Photography – Gears
Jun 18th
I’ve been lately pretty much exploring my photography skills, a long lost ambition now kind of came true. Simple reason, I can afford to buy these now which I couldn’t earlier.
A Nikon D-5000 is what I have, It is a Prosumer Camera (Professional + Consumer), after much research found that this one would be ideal for a beginner like me, who’d love to have the professional SLR options to some level so that it doesn’t overwhelm me too much and of course the damage on the pocket too.
Comes with a Kit Lens which is 18-55MM AF-S lens, the D-5000 doesn’t have an inbuilt motor so I have to buy lenses that have the motor built-in, means a little more money involved.
Then I also bought a telephoto zoom lens (55-200MM), which does a pretty good job. In fact this lens seems to fare much better than the kit lens for the similar kind of shots. I’m a newbie and still can find out the difference.
It is a lot of fun and pain at the same time.
I’ve learnt that you click 50 shots to get one shot perfect, just the way you want it and you’d know Planning on investing more time doing this. I’ve uploaded some of the photos that I thought are good onto http://fotoblog.rsivanandan.com
What Y’all think????