Sharing Networking Knowledge: October 2013

Wednesday, 23 October 2013

Carpal Tunnel Syndrome cure

Some time ago I was suffering Carpal Tunnel Syndrome (CTS), that's pain at the wrist caused because of too much hours in front the computer with the hand in the mouse and keyboard with very little movement.

CC by

Conventional treatment includes stretching, drugs, wristbands and surgery!

I changed the mouse to the left hand and did some stretching with very little improvement.

But I discovered Taichi Taoist and since that CTS is forgotten. CURED. Why?
In my point of view, CTS is caused by a lack of join movement so it's a non sense to try to cure that with a surgery.

Taichi is always lubricating this joint through its gentle movement and stretching with the fingers pointing up and down continuously.

cc-by

So, my recommendations are:

- If you have a Taichi Taoist centre near you, go for it. There are centres around the world.

- If not, I suppose any other Taichi school or qiqong can be equally good.

- If not, do this qigong exercise everyday:

Tuesday, 22 October 2013

Stopping ZeroAccess Botnet in your Cisco ASA firewall

Is your LAN infected by ZeroAccess Botnet and you don’t know where, or maybe your IP address is in some blacklist like CBL or Spamhaus ?

This was the case in the network of one of my clients. They appeared in CBL blacklist for infection by ZeroAccess. CBL is linked to Spamhaus and they couldn't send email.

ZeroAccess Botnet communicates over P2P using UDP so the most fast solution to find out which PC is infected is deny in the firewall all the outbound UDP traffic (except DNS server and NTP server) in the inside interface.

Something like this in Cisco ASA:

access-list ACL_INSIDE permit udp host dns_server any eq domain

access-list ACL_INSIDE permit udp host time_server any eq ntp

access-list ACL_INSIDE deny udp any any

access-list ACL_INSIDE permit ip any any

access-group ACL_INSIDE in interface inside

Define the level of logging to catch the zombi:

logging buffered errors

And we look into the "show logging" to find out who is being blocked by the ACL.

Better if you combine this with the SMTP outbound filter and a fail-safe security police, that’s a default deny stance (specify only what you allow and prohibit everything else).