meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Monday, May 10th, 2021

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News

4.9754 Ratings

🗓️ 10 May 2021

⏱️ 5 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Research Scans; tsuNAME and Cyclehunter; Foxit Patches; Hypocrit Patch Research Investigation

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Monday, May 10th, 2021 edition of the Sansanet Storm Center's Stormcast. My name is Johannes Ulrich. And then I'm recording from Jacksonville, Florida.

0:13.3

This weekend, Guy took a look at his honeypot and which scans that he received actually came from researchers that are scanning the internet

0:23.2

for open ports.

0:25.5

We do actually have an API that you can use to get a list of all the IP addresses that

0:32.7

we consider researchers.

0:34.9

I will add a link to that API to the show notes if you're

0:41.1

interested. And of course, feedback is welcome. Defining what is a researcher is, of course,

0:47.4

a little bit tricky. These are not necessarily universities. Some of them are companies

0:53.3

that are scanning the internet. Some of the organizations are a little bit harder to define, but they call themselves researchers, which is really all it takes to sort of be classified as a researcher in our feet.

1:09.0

Next question that usually comes up is, should you block scans

1:13.2

from researchers? Again, I don't think there's big harm in allowing them in. We don't really see a

1:19.7

lot of real outright malicious stuff, but of course, that's a matter of how you define this.

1:26.6

We had actually, I think, two years ago, a research paper

1:30.7

that one of our sans-dot students wrote, where he looked at whether or not it matters if you are

1:36.9

listed, for example, in Shodan, which is one of the sites we classify as researchers. And he didn't

1:43.1

see a big difference here here whether or not you are

1:46.0

or are not listed, but probably worthwhile doing this again and seeing what this looks like now.

1:53.9

Now talking about researchers, a group of researchers from SIDN labs, Internet, New Zealand, USC, and ISI have published an interesting

2:04.5

paper outlining denial of service vulnerability in DNS servers. Now, there are really two

2:12.5

parts to it. There's a first part that's a misconfiguration of zones.

2:20.9

So that affects the authoritative name servers.

2:30.0

But the real vulnerability that's then being used to take advantage of the misconfiguration is actually in the recursive name servers.

...

Please login to see the full transcript.

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2026.