11 Dec
2021
11 Dec
'21
12:51 p.m.
Hiho,
we got a notice that currently several exploit attempts for the log4j flaw going through Tor exit nodes und using LDAP. See https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20At... The sender asked to do something against the currently running attacks. One possibility is, in my opinion, rejecting connection over ports 389 and 636. What do you think? Should we as exit node operators block connections over those LDAP ports for some amount of time?
Best,
qbi