Open LDAP Report

This report identifies hosts that have an LDAP instance running on port 389/UDP that are accessible on the Internet.

These hosts are often Active Directory servers. In addition to allowing for an ~60x amplification vector, the data disclosed by the server could reveal large amounts of information about the network that the server resides on.

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always UDP)
  • port
    Port that the response came from (389/UDP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be ldap-udp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • size
    The size of the response (without UDP headers)
  • configuration_naming_context
    Distinguished name of the root of the configuration naming context of the domain controller
  • current_time
    The current system time on the domain controller
  • default_naming_context
    Distinguished name of the default naming context of the domain controller
  • dns_host_name
    DNS address of the domain controller
  • domain_controller_functionality
    Integer indicating the functional level of the domain controller
  • domain_functionality
    Integer indicating the functional level of the domain
  • ds_service_name
    Distinguished name of the nTDSDSA object for the domain controller
  • forest_functionality
    Integer indicating the functional level of the forest
  • highest_committed_usn
    The update sequence number of the domain controller
  • is_global_catalog_ready
    Boolean value indicating if this DC is a global catalog that has completed at least one synchronization of its global catalog data with its replication partners
  • is_synchronized
    Boolean value indicating if the DC has completed at least one synchronization with its replication partners
  • ldap_service_name
    The LDAP service name for the LDAP server on the domain controller
  • naming_contexts
    Multivalued set of distinguished names
  • root_domain_naming_context
    The distinguished name of the root domain naming context
  • schema_naming_context
    The distinguished name of the root of the schema naming context
  • server_name
    The distinguished name of the server object
  • subschema_subentry
    The distinguished name for the location of the subSchema object where the classes and attributes in the directory are defined
  • supported_capabilities
    A multivalued set of OIDs specifying the capabilities supported by the domain controller
  • supported_control
    A multivalued set of OIDs specifying the LDAP controls supported by the domain controller
  • supported_ldap_policies
    A multivalued set of strings specifying the LDAP administrative query policies supported by the domain controller
  • supported_ldap_version
    Set of integers specifying the versions of LDAP supported by the domain controller
  • supported_sasl_mechanisms
    A multivalued set of strings specifying the security mechanisms supported for SASL negotiation

Our 76 Report Types

« Back to Network Reporting