Paper accepted at TMA 2022
Our paper "The Race to the Vulnerable: Measuring the Log4j Shell Incident" has been accepted at the 6th Network Traffic Measurement and Analysis Conference
News from Jun 14, 2022
- Raphael Hiesgen, Marcin Nawrocki, Thomas C. Schmidt, Matthias Wählisch,
The Race to the Vulnerable: Measuring the Log4j Shell Incident,
In: Proc. of Network Traffic Measurement and Analysis Conference (TMA), IFIP, 2022. accepted for publication
PDF BibTeX Abstract
Abstract:
The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an interface to the Internet is potentially vulnerable. In this paper, we measure the rush of scanners during the two months after the disclosure. We use several vantage points to observe both researchers and attackers. For this purpose, we collect and analyze payloads sent by benign and malicious communication parties, their origins, and churn. We find that the initial rush of scanners quickly ebbed. Especially non-malicious scanners were only interested in the days after the disclosure. In contrast, malicious scanners continue targeting the vulnerability