The race to the vulnerable : measuring the Log4j shell incident

Hiesgen, Raphael; Nawrocki, Marcin; Schmidt, Thomas C.; Wählisch, Matthias

doi:10.48550/arXiv.2205.02544

DC Field	Value	Language
dc.contributor.author	Hiesgen, Raphael	-
dc.contributor.author	Nawrocki, Marcin	-
dc.contributor.author	Schmidt, Thomas C.	-
dc.contributor.author	Wählisch, Matthias	-
dc.date.accessioned	2024-02-22T09:55:22Z	-
dc.date.available	2024-02-22T09:55:22Z	-
dc.date.issued	2022	-
dc.identifier.isbn	978-3-903176-47-8	en_US
dc.identifier.uri	http://hdl.handle.net/20.500.12738/14882	-
dc.description.abstract	The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10,021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an interface to the Internet is potentially vulnerable. In this paper, we measure the rush of scanners during the two months after the disclosure. We use several vantage points to observe both researchers and attackers. For this purpose, we collect and analyze payloads sent by benign and malicious communication parties, their origins, and churn. We find that the initial rush of scanners quickly ebbed. Especially non-malicious scanners were only interested in the days after the disclosure. In contrast, malicious scanners continue targeting the vulnerability.	en
dc.language.iso	en	en_US
dc.publisher	IFIP	en_US
dc.subject	Log4j	en_US
dc.subject	Log4Shell	en_US
dc.subject	Scanning	en_US
dc.subject	Security	en_US
dc.subject	Network Telescope	en_US
dc.subject.ddc	004: Informatik	en_US
dc.title	The race to the vulnerable : measuring the Log4j shell incident	en
dc.type	inProceedings	en_US
dc.relation.conference	Network Traffic Measurement and Analysis Conference 2022	en_US
dc.description.version	PeerReviewed	en_US
local.contributorPerson.editor	Ensafi, Roya	-
local.contributorPerson.editor	Lutu, Andra	-
local.contributorPerson.editor	Sperotto, Anna	-
local.contributorPerson.editor	van Rijswijk-Deij, Roland	-
tuhh.oai.show	true	en_US
tuhh.publication.institute	Department Informatik	en_US
tuhh.publication.institute	Fakultät Technik und Informatik	en_US
tuhh.publisher.doi	10.48550/arXiv.2205.02544	-
tuhh.publisher.url	https://tma.ifip.org/2022/wp-content/uploads/sites/11/2022/06/tma2022-paper40.pdf	-
tuhh.relation.ispartofseries	Proceedings of the 6th Network Traffic Measurement and Analysis Conference	en_US
tuhh.type.opus	InProceedings (Aufsatz / Paper einer Konferenz etc.)	-
dc.type.casrai	Conference Paper	-
dc.type.dini	contributionToPeriodical	-
dc.type.driver	contributionToPeriodical	-
dc.type.status	info:eu-repo/semantics/publishedVersion	en_US
dcterms.DCMIType	Text	-
local.comment.external	Preprint: https://doi.org/10.48550/arXiv.2205.02544. Verlagsversion: https://tma.ifip.org/2022/wp-content/uploads/sites/11/2022/06/tma2022-paper40.pdf.	en_US
item.openairecristype	http://purl.org/coar/resource_type/c_5794	-
item.fulltext	No Fulltext	-
item.grantfulltext	none	-
item.openairetype	inProceedings	-
item.tuhhseriesid	Proceedings of the 6th Network Traffic Measurement and Analysis Conference	-
item.creatorGND	Hiesgen, Raphael	-
item.creatorGND	Nawrocki, Marcin	-
item.creatorGND	Schmidt, Thomas C.	-
item.creatorGND	Wählisch, Matthias	-
item.languageiso639-1	en	-
item.creatorOrcid	Hiesgen, Raphael	-
item.creatorOrcid	Nawrocki, Marcin	-
item.creatorOrcid	Schmidt, Thomas C.	-
item.creatorOrcid	Wählisch, Matthias	-
item.cerifentitytype	Publications	-
item.seriesref	Proceedings of the 6th Network Traffic Measurement and Analysis Conference	-
crisitem.author.dept	Department Informatik	-
crisitem.author.dept	Department Informatik	-
crisitem.author.orcid	0000-0002-0956-7885	-
crisitem.author.parentorg	Fakultät Technik und Informatik	-
crisitem.author.parentorg	Fakultät Technik und Informatik	-
Appears in Collections:	Publications without full text