[unisog] LDAP access for 3rd parties
cjf at calfrye.com
Thu Feb 14 22:27:09 GMT 2008
I reserve judgment regarding the clueful state of our contracted third parties ;-)
But we permit that LDAP bind only through a VPN tunnel, so the source addresses are rather limited...
From: Valdis.Kletnieks at vt.edu
To: UNIversity Security Operations Group <unisog at lists.dshield.org>
Date: Wed, 13 Feb 2008 16:36:28 -0500
Subject: Re: [unisog] LDAP access for 3rd parties
On Wed, 13 Feb 2008 15:30:07 EST, Cal Frye said:
> We would have record of the site from which the LDAP bind occurred; so
> if it's the third party...
In that case, you'd have to admit that you contracted out to a bunch of
clueless newbies so stupid that they launch an attack directly from their
home-base machine. What you'll *have* is (if you're lucky) a machine in
Zanzibar or Bulgaria or China or Minnesota that you *might* have a chance at
doing forensics on, and if you're mostly unlucky it will be the IP address of a
Tor exit node, and if you're *really* unlucky, the source address will be
somewhere inside your machine room :)
--Cal Frye, Network Administrator, Oberlin College
"The Universe is not only queerer than we suppose, it is queerer than we CAN suppose." --J.B.S. Haldane.
More information about the unisog