ISC StormCast for Tuesday, October 12th, 2021
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 12 October 2021
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Tuesday, October 12, 2021 edition of the Sandcent Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida. Ever looked at your web server logs and found some odd entries that don't really look like, well, HTTP requests. |
| 0:23.6 | I did publish today a quick sample of things that I typically run into and explaining |
| 0:30.6 | why you may run into these entries. |
| 0:34.6 | This happens more often if your web server is listening on odd port. That's also |
| 0:40.6 | used by other services. For example, the Android debug protocol, that's very often still scanned, |
| 0:47.9 | even though it hasn't really been exploitable in any somewhat recent version of Android. |
| 0:59.9 | On the other hand, sometimes you also have, of course, users that are creative and move S-H servers to odd ports that are also used by web servers. |
| 1:05.6 | Well, the bad guys are on to you, and I do see, for example, some S.S.H scans hitting web servers. And with that, |
| 1:14.9 | you sort of got some of the characteristic strings there in your web server logs. I also |
| 1:21.7 | included a couple of strings that I have no idea what they're trying to accomplish or what they're associated with. |
| 1:29.7 | One reader on Twitter noted that it may be actually the line printer demon. |
| 1:36.6 | So a common printing service for Unix systems. |
| 1:39.9 | A lot of printers are exposing that. |
| 1:43.1 | Maybe just someone looking for exposed printers to print |
| 1:47.5 | documents on it. |
| 1:48.5 | That has often been done as a prank. |
| 1:50.9 | Of course, there isn't really much else that an attacker could do with that. |
| 1:56.2 | And Apple today released one of its, well, recently somewhat common emergency updates for iOS |
| 2:03.1 | and iPad OS. This brings both up to 15.0.2 and it fixes a single vulnerability, an I.O.Mobile |
| 2:13.8 | frame buffer, overflow CVEVE 2021 30883. |
| 2:19.3 | The reason we get this update is, as before, this has already been exploited out in the wild. |
| 2:27.3 | Shortly after the patch was released, security researcher Saar Amar did use the bin-diff utility to compare the old new version of iOS, as well as other tools, in order to essentially reverse engineer what the problem is and create a working proof-of-concept exploit for this. So this is something that you probably should not delay |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.