Attackers are now abusing exposed LDAP servers to amplify DDoS attacks

Attackers are abusing yet another widely used protocol in order to amplify distributed denial-of-service attacks: the Lightweight Directory Access Protocol (LDAP), which is used for directory services on corporate networks.

DDoS mitigation provider Corero Network Security has recently observed an attack against its customers that was reflected and amplified through Connectionless LDAP (CLDAP), a variant of LDAP that uses the User Datagram Protocol (UDP) for transport.

DDoS reflection is the practice of sending requests using a spoofed source IP address to various servers on the Internet, which will then direct their responses to that address instead of the real sender. The spoofed IP address is that of the intended victim.

To read this article in full or to leave a comment, please click here