[unisog] LDAP access for 3rd parties

Cal Frye cjf at calfrye.com
Thu Feb 14 22:27:09 GMT 2008


I reserve judgment regarding the clueful state of our contracted third parties ;-)

But we permit that LDAP bind only through a VPN tunnel, so the source addresses are rather limited...
--Cal Frye

-----Original Message-----
From: Valdis.Kletnieks at vt.edu
To: UNIversity Security Operations Group <unisog at lists.dshield.org>
Date: Wed, 13 Feb 2008 16:36:28 -0500
Subject: Re: [unisog] LDAP access for 3rd parties

On Wed, 13 Feb 2008 15:30:07 EST, Cal Frye said:

> We would have record of the site from which the LDAP bind occurred; so 
> if it's the third party...

In that case, you'd have to admit that you contracted out to a bunch of
clueless newbies so stupid that they launch an attack directly from their
home-base machine.  What you'll *have* is (if you're lucky) a machine in
Zanzibar or Bulgaria or China or Minnesota that you *might* have a chance at
doing forensics on, and if you're mostly unlucky it will be the IP address of a
Tor exit node, and if you're *really* unlucky, the source address will be
somewhere inside your machine room :)


--Cal Frye, Network Administrator, Oberlin College
www.ouuf.org     www.calfrye.com

"The Universe is not only queerer than we suppose, it is queerer than we CAN suppose." --J.B.S. Haldane.



More information about the unisog mailing list