ISC StormCast for Thursday, November 30th, 2023
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 30 November 2023
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello and welcome to the Thursday, November 30th, 2023 edition of the Sands and the Storm Center's Stormcast. My name is Johannes Ulrich and I'm recording from Jacksonville, Florida. |
| 0:14.0 | One of the questions I get a lot is if you're setting up a honeypot, what should you expect? How many attacks should you expect? What kinds |
| 0:21.6 | of attacks should you expect? Well, one of our sands.edu undergraduate interns has put together |
| 0:30.1 | a little blog post, a little diary on the internet storm center, answering just that question. |
| 0:37.0 | The data summarized covers about three months, |
| 0:40.4 | and I would call it pretty typical. There are tags against the S.H. Honeypot from about |
| 0:46.9 | 26,000 IP addresses and 13,000 different usernames were attempted with 43,000 passwords. So quite impressive numbers for a little lonely Honeypot just exposing S's age. |
| 1:04.0 | Also, the commands that the attackers are attempting are summarized 27,000 different commands were captured. So this is only after |
| 1:13.7 | the initial login attempt was successful. The top 10 that are listed here are very typical |
| 1:21.7 | against some some reconnaissance, some overriding of S-H keys. That's actually super common, and I think often not well monitored. |
| 1:30.2 | And that's exactly sort of how you learn from Honeypots. If you're seeing that one of the things |
| 1:35.1 | that attackers seem to always do is modify your authorized keys file, well, that's probably |
| 1:41.3 | something that you need to put some additional controls and |
| 1:45.1 | monitoring around. So take a look, and if you're interested in running your own honeypot, |
| 1:49.9 | well, please go ahead and let me know how it goes. And Tenable today published an advisory |
| 1:57.9 | with details regarding three vulnerabilities in ArcServe UDP. |
| 2:02.8 | The backup suite is vulnerable to these three trivial to exploit vulnerabilities. Tenable |
| 2:10.8 | does provide the sample curl commands, essentially, that will show you how to exploit these vulnerabilities. |
| 2:19.6 | Patches were released last week, so fairly short timeline here in particular, given how |
| 2:26.1 | trivial these vulnerabilities are to exploit. But these are prominent systems that you should |
| 2:31.2 | have exposed to the internet in the first place. In particular, |
| 2:35.3 | the first of the vulnerabilities, that's CVE 202033-41998. It's an unauthenticated remote code |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.