Old Protocols, New Exploits: LDAP Unwittingly Serves DDoS Amplification Attacks
- by nlqip
Figure 1: How an LDAP reflection-amplification attack works
LDAP’s Weak Spot
LDAP is used to query resources such as networks, systems, applications, and services throughout an organization network. This protocol is typically served over TCP, which requires a connection to be established before data is transferred. But, in this case, because the source IP address is spoofed and a connection cannot be established, the attacker must use a connectionless protocol like UDP in order for a reflection attack to work.
Conveniently, LDAP also supports communicating over UDP—a connectionless protocol—using port 389 by default. Thus, any publicly available LDAP server that uses UDP port 389 could be a great amplifier for serving this attack because LDAP over UDP lets some unauthenticated queries right through.
In researching this attack vector, one of our first questions was whether there were organizations that actually enabled LDAP authentication publicly. The answer was, unfortunately, yes.
Global Scope of Vulnerable LDAP Servers
Attackers typically use network scanners to look for publically open ports on selected IP addresses. These scanning tools are relatively simple to set up, even for someone with limited technical skills. A simple installation process and a few command line entries are all that’s required.
What’s more, it’s simple for just about anyone to use the Shodan search engine to find vulnerable LDAP servers. At the time of this writing, Shodan reported 1,984 vulnerable LDAP servers globally.
Source link
lol
Figure 1: How an LDAP reflection-amplification attack works LDAP’s Weak Spot LDAP is used to query resources such as networks, systems, applications, and services throughout an organization network. This protocol is typically served over TCP, which requires a connection to be established before data is transferred. But, in this case, because the source IP address…
Recent Posts
- Arm To Seek Retrial In Qualcomm Case After Mixed Verdict
- Jury Sides With Qualcomm Over Arm In Case Related To Snapdragon X PC Chips
- Equinix Makes Dell AI Factory With Nvidia Available Through Partners
- AMD’s EPYC CPU Boss Seeks To Push Into SMB, Midmarket With Partners
- Fortinet Releases Security Updates for FortiManager | CISA