ISC StormCast for Wednesday, November 20th 2019
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 20 November 2019
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, November 20th, 2019 edition of the Sandcented Storm Center's |
| 0:06.3 | Stormcast. My name is Johannes Ulrich. And I'm recording from Riyadh, Saudi Arabia. When I'm teaching |
| 0:14.4 | classes, I'm sometimes going with the students over some recent detects in the internet storm center. |
| 0:21.6 | And one thing we came across looking at some of our recent logs was a real marked increase |
| 0:29.9 | in scans for port 60,001. |
| 0:34.3 | Now this particular port isn't immediately recognized as something well known, so I set up a quick honeypot and well, really only took seconds for a query to arrive, and it was a fairly simple HTTP request that exploited a vulnerability that's well known for a while now in some |
| 0:58.0 | cheap Chinese DVRs. Pentest partners originally did write a report about the JAWS web server found |
| 1:07.0 | in these DVRs back in 2016, and the report is almost comical in the type of vulnerabilities. |
| 1:14.6 | They're finding, like, multiple unauthenticated ways to execute code, either via non-passer |
| 1:21.6 | protected telnet servers, very buggy web Cgi's. Oh, and it also does send occasional still images to a hard-coded |
| 1:32.6 | email address that's included in the default firmware. Now, for a while now, this vulnerability |
| 1:38.7 | has been exploited against Port 80, which appears to be the normal default port for the web server, but apparently the |
| 1:47.3 | bad guys have figured out that there is a real good population of these DVRs listening on |
| 1:52.8 | port 60,001. Actually, it turns out that currently out of the 100,000 or so DVRs that showed analysts, more than 70,000 are listening |
| 2:05.1 | on this high port. |
| 2:07.6 | So I guess it was about time for someone to put these DVRs to work. |
| 2:12.5 | If you do have one of these DVRs, probably your best bet is to just toss them. |
| 2:17.1 | Don't try to patch them. |
| 2:19.0 | Whatever firmware you're downloading, it probably just has a new set of similar vulnerabilities. |
| 2:26.2 | And in the past, I have reported about the Pone to Own contest, which was put together by the |
| 2:33.5 | Saraday initiative, and typically it does offer quite large |
| 2:38.7 | sums of money for attackers that find new vulnerabilities in commonly used software. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.