[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Mitigating log4j exploits

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Mitigating log4j exploits
From: Jens Kubieziel <maillist@xxxxxxxxxxxx>
Date: Sat, 11 Dec 2021 13:51:40 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 11 Dec 2021 10:22:47 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.14.0

Hiho,

we got a notice that currently several exploit attempts for the log4jflaw going through Tor exit nodes und using LDAP. Seehttps://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22The sender asked to do something against the currently running attacks.One possibility is, in my opinion, rejecting connection over ports 389and 636. What do you think? Should we as exit node operators blockconnections over those LDAP ports for some amount of time?


Best,

qbi
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Mitigating log4j exploits
  - From: Felix Eckhofer via tor-relays

Prev by Author: Re: [tor-relays] tor-relays Digest, Vol 131, Issue 4
Next by Author: Re: [tor-relays] General overload -> DNS timeouts
Previous by thread: Re: [tor-relays] Rejected-fingerprints-found-in-attacks wiki page
Next by thread: Re: [tor-relays] Mitigating log4j exploits
Index(es):
- Author
- Thread