[unisog] LDAP access for 3rd parties

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Feb 13 21:36:28 GMT 2008


On Wed, 13 Feb 2008 15:30:07 EST, Cal Frye said:

> We would have record of the site from which the LDAP bind occurred; so 
> if it's the third party...

In that case, you'd have to admit that you contracted out to a bunch of
clueless newbies so stupid that they launch an attack directly from their
home-base machine.  What you'll *have* is (if you're lucky) a machine in
Zanzibar or Bulgaria or China or Minnesota that you *might* have a chance at
doing forensics on, and if you're mostly unlucky it will be the IP address of a
Tor exit node, and if you're *really* unlucky, the source address will be
somewhere inside your machine room :)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/unisog/attachments/20080213/2b3c4771/attachment.bin 


More information about the unisog mailing list