[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: [ldap] Internet scans on port 389



Port 389 for LDAP should not be opened to the internet from a company firewall.  Period!  If you need to get ldap to a remote facility use VPN, and you will not have the issue with people scanning your LDAP server. Also if you put a host sensor on your ldap server, something like Cisco Security Agent, it will stop the scans and the directed attacks at you LDAP server that network based IDS' will not detect.

Tre

- First two things in a role out is security then design -

-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of bruce
Sent: Monday, February 23, 2004 10:28 AM
To: 'Kurt D. Zeilenga'; 'Tony Earnshaw'
Cc: 'Openldap list'
Subject: RE: [ldap] Internet scans on port 389


why would this not be appropriate to this list....

some may only be subscribed to this list..


-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Kurt D.
Zeilenga
Sent: Monday, February 23, 2004 9:58 AM
To: Tony Earnshaw
Cc: Openldap list
Subject: Re: [ldap] Internet scans on port 389


This topic is more appropriate discussed on the general LDAP
list <ldap@umich.edu> (which this message was cross posted to).
Please respond only to that list.

Kurt

At 10:56 PM 2/22/2004, Tony Earnshaw wrote:
>List,
>
>Although the following has nothing to do directly with the vendor
>software used, it does have a bearing on how that software is
>configured.
>
>It's worth mentioning that port 389 has reached the top 10 Internet
>ports being scanned (SANS ISC, http://isc.sans.org/). Why this should be
>is not reported.
>
>It might be as well to pay extra attention to your firewalling of this
>port, if your LDAP transactions involve sensitive information, and even
>to consider exclusively using TLS for transactions using this port.
>
>Best,
>
>--Tonni
>
>--
>
>mail: billy - at - billy.demon.nl
>http://www.billy.demon.nl
>
>
>---
>You are currently subscribed to ldap@umich.edu as: [Kurt@openldap.org]
>To unsubscribe send email to ldap-request@umich.edu with the word
UNSUBSCRIBE as the SUBJECT of the message.