Abstract
Lightweight Directory Access Protocol (LDAP) servers are widely used to authenticate users in enterprise level networks. Organizations such as universities and small to medium-sized businesses use LDAP for a variety of applications including e-mail clients, SSH, and workstation authentication. Since many organizations build dependencies on the LDAP service, a Denial-of-Service (DoS) attack to the service can cause a greater number of services disrupted. This paper examines the danger in the use of LDAP for user authentication by executing a DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server.
Highlights
In computing today organizations including universities and small to medium-sized businesses need to provide a wide range of services to a vast number of users
This paper examines the danger in the use of Lightweight Directory Access Protocol (LDAP) for user authentication by executing a DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server
Since LDAP servers are critical [1] in business environments, they are typically hidden behind firewalls and IDS software
Summary
In computing today organizations including universities and small to medium-sized businesses need to provide a wide range of services to a vast number of users. Many of these services require a form of authentication and/or authorization to securely verify the identity of their respective subscribers. One major flaw that usually causes security policies to be degraded, is the fact that LDAP is an active directory meaning that IT departments will usually make these servers open to the Internet. This paper intends to assert the argument that active directory systems like LDAP in their current states are poor choices as authentication services through the design and implementation of a SYN flooding denial-ofservice attack. The attack is intended as a simple denialof-service scenario to bring forth issues that may arise when a LDAP server is used as an authentication service
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have