[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Is having an "open" ldap database a good idea ?

To: Dustin Sallings <dustin@spy.net>, "John P. Looney" <jplooney-ldap@online.ie>
Subject: Re: Is having an "open" ldap database a good idea ?
From: Roy Smith <roy@endeavor.med.nyu.edu>
Date: Fri, 04 Feb 2000 18:00:28 -0500
Cc: openldap-general@OpenLDAP.org
Content-disposition: inline
In-reply-to: <Pine.NEB.4.10.10002041423340.27462-100000@foo.west.spy.net>

We had a case about a year or so ago where somebody was methodically
scanning our LDAP server trying to harvest addresses.  We have a limit on
how many addresses we'll return in one query, but they were doing stuff
like searching for aa*, ab*, ac*, etc.

--On Fri, Feb 4, 2000 2:31 PM -0800 Dustin Sallings <dustin@spy.net> wrote:

>	 Spammers don't care where they get addresses, or, for the most
> part, whether they're valid or not.  If someone finds out about your LDAP
> server, you can guarantee they'll get a list of addresse out of it.

Roy Smith <roy@popmail.med.nyu.edu>
New York University School of Medicine
550 First Avenue, New York, NY  10016

References:
- Re: Is having an "open" ldap database a good idea ?
  - From: Dustin Sallings <dustin@spy.net>

Prev by Date: Re: Is having an "open" ldap database a good idea ?
Next by Date: Re: Is having an "open" ldap database a good idea ?
Index(es):
- Chronological
- Thread