[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Dennis Boone
drb at ihatespam.msu.edu
Wed Dec 15 14:08:51 EST 2021
> SO if it tends to be "state actors" blocking those "states" or countries
> may be the best option to start off.
Blocking countries... by IP address? I don't know how else you'd try
to do that. But it's porous as hell. US-EAST-1 is in Virginia, and
Amazon certainly doesn't prevent foreigners from setting up VMs there.
Many VPN options. Etc. Any state actor that can't trivially work
around an IP range block isn't really a state actor.
The best option is to get the vulnerable log4j versions off your
servers. Period. Only hippopotamus will do.
De
More information about the Info-vax
mailing list