nanog mailing list archives
RE: Log4j mitigation
From: Jean St-Laurent via NANOG <nanog () nanog org>
Date: Mon, 13 Dec 2021 06:11:13 -0500
You are right, but it's still a good place to start looking. What do you recommend? Panic? It won't help you. Jean -----Original Message----- From: Jörg Kost <jk () ip-clear de> Sent: December 13, 2021 6:01 AM To: Jean St-Laurent <jean () ddostest me> Cc: Nick Hilliard <nick () foobar org>; Andy Ringsmuth <andy () andyring com>; nanog () nanog org Subject: Re: Log4j mitigation It's not true. It can pull from other ports, URLs, make DNS calls, and seems to evaluate even from environment variables. It's a "virtual machine". On 13 Dec 2021, at 11:54, Jean St-Laurent via NANOG wrote:
Well if you look to the right you won't see it, but if you look to the left you will see it. Meaning, that for a successful attack to work, the infected host needs to first download a payload from ldap. And ldap runs on port 389/636. You probably can't see the log4j vulnerability in the https, but you should be able to see your servers querying weird stuff on internet on port 389/636. Just don't allow your important hosts to fetch payload on internet on port 389/636. Et voila! Look to the left, not to the right. Jean
Current thread:
- Log4j mitigation Andy Ringsmuth (Dec 10)
- Re: Log4j mitigation Jared Mauch (Dec 11)
- Re: Log4j mitigation Owen DeLong via NANOG (Dec 13)
- Re: Log4j mitigation Jared Mauch (Dec 13)
- Re: Log4j mitigation Carsten Bormann (Dec 13)
- Re: Log4j mitigation Alain Hebert (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Owen DeLong via NANOG (Dec 13)
- Re: Log4j mitigation Jared Mauch (Dec 11)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Saku Ytti (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Saku Ytti (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)