Abstract

Lightweight Directory Access Protocol (LDAP) servers are widely used to authenticate users in enterprise level networks. Organizations such as universities and small to medium-sized businesses use LDAP for a variety of applications including e-mail clients, SSH, and workstation authentication. Since many organizations build dependencies on the LDAP service, a Denial-of-Service (DoS) attack to the service can cause a greater number of services disrupted. This paper examines the danger in the use of LDAP for user authentication by executing a DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server.

Highlights

  • In computing today organizations including universities and small to medium-sized businesses need to provide a wide range of services to a vast number of users

  • This paper examines the danger in the use of Lightweight Directory Access Protocol (LDAP) for user authentication by executing a DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server

  • Since LDAP servers are critical [1] in business environments, they are typically hidden behind firewalls and IDS software

Read more

Summary

Introduction

In computing today organizations including universities and small to medium-sized businesses need to provide a wide range of services to a vast number of users. Many of these services require a form of authentication and/or authorization to securely verify the identity of their respective subscribers. One major flaw that usually causes security policies to be degraded, is the fact that LDAP is an active directory meaning that IT departments will usually make these servers open to the Internet. This paper intends to assert the argument that active directory systems like LDAP in their current states are poor choices as authentication services through the design and implementation of a SYN flooding denial-ofservice attack. The attack is intended as a simple denialof-service scenario to bring forth issues that may arise when a LDAP server is used as an authentication service

LDAP Overview
Security in LDAP
LDAP Authentication Model
LDAP Authentication Protocol
Related Work
Proposed Attack
Packet Design
Attack Implementation
Analysis of Attack
Packet Generation
Effectiveness of Attack
Effectiveness as an Authentication Service
Issues
Alternative Authentication Services
Conclusions
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Inventions on LDAP Administration- A TRIZ Based Analysis
Umakant Mishra
SSRN | VOL. -
Umakant MishraUmakant Mishra
23 Aug 2006
Inventions on Integrating LDAP with Other Directories - A TRIZ Based Analysis of US Patents
Umakant Mishra
SSRN | VOL. -
Umakant MishraUmakant Mishra
01 Jan 2006
Inventions on LDAP Data Storage - A Study Based on US Patents
Umakant Mishra
SSRN | VOL. -
Umakant MishraUmakant Mishra
20 Sep 2006
Inventions on Data Searching in LDAP - A TRIZ Based Analysis
Umakant Mishra
SSRN | VOL. -
Umakant MishraUmakant Mishra
23 Aug 2006
View more papers

More From: Journal of Information Security

Paper Title
Journal
Date
Author
Formulating and Supporting a Hypothesis to Address a Catch-22 Situation in 6G Communication Networks
Fazal Raheman
Journal of Information Security | VOL. 15
Fazal RahemanFazal Raheman
01 Jan 2024
Cyberattack Ramifications, The Hidden Cost of a Security Breach
Meysam Tahmasebi
Journal of Information Security | VOL. 15
Meysam TahmasebiMeysam Tahmasebi
01 Jan 2024
Saviynt Meets GCP: A Deep Dive into Integrated IAM for Modern Cloud Security
Sampath Talluri
Journal of Information Security | VOL. 15
Sampath TalluriSampath Talluri
01 Jan 2024
Exploring the Characteristics of Data Breaches: A Descriptive Analytic Study
Dominik Molitor ... Wullianallur Raghupathi
Journal of Information Security | VOL. 15
Dominik Molitor, et. al.Dominik Molitor ... Wullianallur Raghupathi
01 Jan 2024
View more papers