nanog mailing list archives
Re: Log4j mitigation
From: "Jörg Kost" <jk () ip-clear de>
Date: Mon, 13 Dec 2021 13:49:07 +0100
I understand what you want to say, but I disagree in this point. When you have a cup full of water and someone remotely can drill holes into the out shell, just checking the bottom for leaks won't help. You may want a new mug instead. :-) The initial posting was about looking at the bottom only.
Now we have the long journey from Java, Ldap, DNS, Birds and Coffee Cups behind us. Does anyone else have any advice on prevention?
On 13 Dec 2021, at 13:35, Joe Greco wrote:
On Mon, Dec 13, 2021 at 01:12:25PM +0100, J??rg Kost wrote:Yes, but it won't change the outcome. We shall run with assuming breach paradigm. In this scenario, it might be useless looking around for port389 only; it can give you a wrong assumption.That's like arguing that it isn't worth having a canary in the coal mine. Which, come to think of it, was implicitly the point of the message I sent that you're replying to as well. Just because there are other sources of fatalities, doesn't mean you can't check for the quick obvious stuff. In my experience, this tends to reveal issues that might have been forgotten or never known about to begin with. Most organizations have a variety of zombie legacy systems that were set up by people on staff several generations ago. The more tools at your disposal to identify breached systems, the better.
Current thread:
- Re: Log4j mitigation, (continued)
- Re: Log4j mitigation Saku Ytti (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Saku Ytti (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Jörg Kost (Dec 13)
- Re: Log4j mitigation Joe Greco (Dec 13)
- Re: Log4j mitigation Karl Auer (Dec 13)
- Re: Log4j mitigation bofh139 (Dec 13)
- Re: Log4j mitigation Hank Nussbacher (Dec 13)
- Re: Log4j mitigation Karl Auer (Dec 13)
- RE: Log4j mitigation Jean St-Laurent via NANOG (Dec 13)
- Re: Log4j mitigation A Crisan (Dec 13)
- Re: Log4j mitigation Mike Hammett (Dec 13)