Overview of Callbacks in Log4j Remote Detection Plugins The...

The remote direct checks in this post do not use or require credentials, administrator or otherwise. 

The different ports and protocols scanned by our DNS remote direct checks are all detailed in https://community.tenable.com/s/feed/0D53a00008E3hKzCAJ. 

The Direct Bind Callback plugin (155998) uses ephemeral ports as detailed in https://community.tenable.com/s/feed/0D53a00008ER4VjCAL

Local firewalls in restrictive network environments or non-Internet connected environments can open these ports to employ direct check scanning using plugin 155998.

The DNS Server names are not being publicly disclosed to avoid DoS or misuse by bad actors. Being DNS servers, they need to be publicly accessible to resolve requests from all of our diverse worldwide customer base. 

Tenable Customer Support has the DNS information at the ready and is standing by to handle all of our customers' questions related to Tenable's Log4j plugins. Please engage our CS agents for best response on these questions and issues.

Respectfully, - Ivan Belyna, Sr. Manager, Tenable Research Global Detections