nanog mailing list archives
Re: Log4j mitigation
From: Joe Greco <jgreco () ns sol net>
Date: Mon, 13 Dec 2021 09:35:45 -0600
On Mon, Dec 13, 2021 at 03:50:11PM +0100, J??rg Kost wrote:
But in a world where the attacker can leak out a whole 16-bit integer, monitoring that 0.003% for two-port states may be irrelevant. Not saying you shall not, but you will miss 99.997%. Agree?
There's all sorts of statements I might agree with. However, if I have an easy indicator of a known problem, such as "LDAP traffic to an unknown server", I might be very tempted to set the IDS to notify me if it sees the weird thing, and then let the very fast moron just do its job. That's what it's there for, after all. Right? I don't care if it misses 9% or 99% or 99.997%. If I can generate some cheap and easy hits, without finding out about problems the Equifax way, I don't see the harm in that. Sometimes we do things "just in case." ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "The strain of anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'"-Asimov
Current thread:
- RE: Log4j mitigation, (continued)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Karl Auer (Dec 13)
- Re: Log4j mitigation bofh139 (Dec 13)
- Re: Log4j mitigation Hank Nussbacher (Dec 13)
- Re: Log4j mitigation Karl Auer (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation A Crisan (Dec 13)
- Re: Log4j mitigation Mike Hammett (Dec 13)
- Re: Log4j mitigation Karl Auer (Dec 13)
- Re: Log4j mitigation Andy Ringsmuth (Dec 13)