Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Are these source or destination IPs? #3

Open
zeroepix opened this issue Dec 18, 2020 · 3 comments
Open

Are these source or destination IPs? #3

zeroepix opened this issue Dec 18, 2020 · 3 comments

Comments

@zeroepix
Copy link

I'm a bit unclear whether these IP addresses are the ones where the backdoor was installed - the compromised systems - or where compromised systems were being directed to. Could you please clarify?
@bambenek
Copy link
Owner

These are destination IPs

@zeroepix
Copy link
Author

Interesting. In trying to figure out the applicable risk, even if a company didn't use Solarwinds Orion itself, if an upstream provider (e.g. a cloud or data center) used them, could it have been affected anyway?

@bambenek
Copy link
Owner

An upstream provider could have been affected but it depends on the service as to what could impact downstream victims. See Azure, VMware news

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zeroepix @bambenek