cyberwar.nl Open in urlscan Pro
149.210.129.7  Public Scan

Form analysis
0 forms found in the DOM

Text Content

2021-12-12: VISITING THIS SITE B/C YOU SAW A LOG4J JNDI REQUEST FOR
FRIENDLY-TEST.<SHA1HASH>.DNS.CYBERWAR.NL?

Don't worry: that request is (intended as) a friendly test. If a system is
potentially vulnerable to Log4Shell (CVE-2021-44228), the owner will be informed
asap.

I'm a volunteer at the non-profit Dutch Institute for Vulnerability Disclosure
(DIVD; Twitter: @DIVDnl), where tests are being done to detect systems
potentially vulnerable to CVE-2021-44228 and inform system owners. DIVD operates
in a 'no commerce, no press' setting.

The test is based on a DNS lookup. If a DNS lookup is observed in our logs, a
system might be vulnerable. In that case, we inform the system owner about that
via CERT channels, via the abuse contact for the IP address or domain, or via
other (1-on-1) means. If you don't receive any information, your system was not
detected as potentially vulnerable by this (imperfect) test.

We have deliberated on necessity, proportionality and subsidiarity before
starting scans. The test that is performed is the least intrusive test known to
us: no RCE is triggered. Triggering RCE is not necessary to detect possible
vulnerability (hence: disproportionate), and moreover, exceeds both our legal
and moral boundaries. The DNS lookup-based tests are performed because of the
criticality of the vulnerability, combined with the fact that bad actors are
already actively scanning and exploiting it. Like other proactive scanners, and
preferably in cooperation with them and other defenders, we seek to help reduce
attack surface, hopefully reducing the likelihood and incidence of criminal
abuses.

A-record lookups for domains below dns.cyberwar.nl receive a NXDOMAIN response:
they never resolve to an IP address. That behavior is by design, intended as an
additional safeguard.

The <SHA1HASH> value is used to keep track of associations between DNS lookups
and systems.

For more information, see https://csirt.divd.nl/cases/DIVD-2021-00038/.

Note: on the hosts used to perform scans (i.e., the source IP of the requests),
a web page is present at tcp/80 that contains a small description + contact
information. As per best practice in this domain.


CYBERWAR.NL

My blog is at blog.cyberwar.nl.

My RSS aggregator is at news.cyberwar.nl.

An archive of documents obtained from the public internet is kept at
cyberwar.nl/d/ (because links break all too often and Lots Of Copies Keep Stuff
Safe).


READING

 * Strategic Studies Quarterly (SSQ)
 * Joint Force Quarterly (JFQ)
 * Journal of Homeland Security Affairs
 * NATO CCD CoE (various publications)
 * Military Intelligence Professional Bulletin
 * Military Law Review
 * Journal of Energy Security
 * Information & Security
 * Intelligence and National Security ($)
 * Journal of Intelligence & Counterintelligence ($)
 * International Journal of Critical Infrastructures ($)
 * International Journal of System of Systems Engineering ($)
 * International Journal of Critical Infrastructure Protection (IJCIP) ($)
 * International Journal of Electronic Security and Digital Forensics($)
 * International Journal of Risk and Contingency Management (IJRCM) ($)
 * Intercom ($, Dutch)
 * Selected Readings in Cyber Conflict


MISCELLANEOUS

phibetaiota.net | lightbluetouchpaper.org | emergentchaos.com | schneier.com |
shmoo.com | taosecurity.blogspot.com | conspicuouschatter.wordpress.com |
blog.didierstevens.com | educatedguesswork.org | tscm.com | osvdb.org |
exploit-db.com


MAILINGLISTS

Headlines (past week) | Full Disclosure | DailyDave | Securiteam | Risks Digest
| Crypto-Gram | EDRI-gram | Cipher - IEEE Security & Privacy


2012: YEAR OF ALAN TURING


These photo's were taken on October 28th 2010 at The National Museum of
Computing at Bletchley Park, one-time home of mathematician/codebreaker Alan
Turing. 2012 marked Turing's 1st Centennial.

 

Last update: 2021-12-12 15:16:27.

Author: Matthijs R. Koot, or whoever you wish... I mean really, why would you
trust this webpage to contain accurate claims? On the Internet one should ALWAYS
question information. Be a productive skeptic!