ST Alpha - "We don't have a lot of externally exposed systems (and none affected by log4j) but we logged our first exploit attempt against one of our systems " (Reading a Post)

SlickerTalk
Search Archives
The Leaderboard
The FAQ

Down to Post

Backboards:

Posts: 153

We don't have a lot of externally exposed systems (and none affected by log4j) but we logged our first exploit attempt against one of our systems

Posted by kilbowl full of jelly (aka kkuphal) Dec 15 '21, 06:36

This was sent to our remote support product earlier this morning

messageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="11" fw_rule_id="6" user="" sig_id="58737" message="SERVER-OTHER Apache Log4j logging remote code execution attempt" classification="Attempted User Privilege Gain" rule_priority="1" src_ip="194.195.244.81" src_country="DEU" dst_ip="192.168.5.174" dst_country="R1" protocol="TCP" src_port="63332" dst_port="80" OS="BSD,Linux,Mac,Other,Solaris,Unix,Windows" category="server-other" victim="Server"

Responses:

yeah, I've gotten a couple of those -- nm - decline Dec 15, 06:43
related-ish, I didn't previously realize that RaaS was a a thing - ty97 Dec 15, 06:38 5
- didn't you remember scriptkiddies? -- nm - colinberry sauce Dec 15, 06:43 3
  - That term is insensitive to kitties. -- nm - Pam Dec 15, 06:48
  - who even needs to remember, they never went away -- nm - ty97 Dec 15, 06:43 1
    - too true. i remember watching port scans hit my computer in college... it was relentless even back then. -- nm - colinberry sauce Dec 15, 06:45
- Yeah. These large botnets are basically hawking themselves to be a kind of "for hire" attacker. -- nm - kilbowl full of jelly Dec 15, 06:39

Post a message top

We don't have a lot of externally exposed systems (and none affected by log4j) but we logged our first exploit attempt against one of our systems

Replies are disabled on threads older than 7 days.