Open LDAP Report

LAST UPDATED: 2022-08-29

This report identifies hosts that have an LDAP instance running on port 389/UDP that are accessible on the Internet.

These hosts are often Active Directory servers. In addition to allowing for an ~60x amplification vector, the data disclosed by the server could reveal large amounts of information about the network that the server resides on.

For more details behind the scan methodology and a daily update of global LDAP (UDP)  scan statistics please visit our dedicated Open LDAP (UDP) scan page.

For more information on our scanning efforts, check out our Internet scanning summary page.

Filename(s): scan_ldap_udp

Fields

  • timestamp
    Time that the IP was probed in UTC+0
  • ip
    The IP address of the device in question
  • protocol
    Protocol that the response came on (always UDP)
  • port
    Port that the response came from (389/UDP)
  • hostname
    Reverse DNS name of the device in question
  • tag
    Will always be ldap-udp
  • asn
    ASN of where the device in question resides
  • geo
    Country where the device in question resides
  • region
    State / Province / Administrative region where the device in question resides
  • city
    City in which the device in question resides
  • naics
    North American Industry Classification System Code
  • sic
    Standard Industrial Classification System Code
  • size
    The size of the response (without UDP headers)
  • configuration_naming_context
    Distinguished name of the root of the configuration naming context of the domain controller
  • current_time
    The current system time on the domain controller
  • default_naming_context
    Distinguished name of the default naming context of the domain controller
  • dns_host_name
    DNS address of the domain controller
  • domain_controller_functionality
    Integer indicating the functional level of the domain controller
  • domain_functionality
    Integer indicating the functional level of the domain
  • ds_service_name
    Distinguished name of the nTDSDSA object for the domain controller
  • forest_functionality
    Integer indicating the functional level of the forest
  • highest_committed_usn
    The update sequence number of the domain controller
  • is_global_catalog_ready
    Boolean value indicating if this DC is a global catalog that has completed at least one synchronization of its global catalog data with its replication partners
  • is_synchronized
    Boolean value indicating if the DC has completed at least one synchronization with its replication partners
  • ldap_service_name
    The LDAP service name for the LDAP server on the domain controller
  • naming_contexts
    Multivalued set of distinguished names
  • root_domain_naming_context
    The distinguished name of the root domain naming context
  • schema_naming_context
    The distinguished name of the root of the schema naming context
  • server_name
    The distinguished name of the server object
  • subschema_subentry
    The distinguished name for the location of the subSchema object where the classes and attributes in the directory are defined
  • supported_capabilities
    A multivalued set of OIDs specifying the capabilities supported by the domain controller
  • supported_control
    A multivalued set of OIDs specifying the LDAP controls supported by the domain controller
  • supported_ldap_policies
    A multivalued set of strings specifying the LDAP administrative query policies supported by the domain controller
  • supported_ldap_version
    Set of integers specifying the versions of LDAP supported by the domain controller
  • supported_sasl_mechanisms
    A multivalued set of strings specifying the security mechanisms supported for SASL negotiation
  • amplification
    Amplification factor (This amplification is is based solely on the payload size sent and payload size received)

Sample

"timestamp","ip","protocol","port","hostname","tag","asn","geo","region","city","naics","sic","size","configuration_naming_context","current_time","default_naming_context","dns_host_name","domain_controller_functionality","domain_functionality","ds_service_name","forest_functionality","highest_committed_usn","is_global_catalog_ready","is_synchronized","ldap_service_name","naming_contexts","root_domain_naming_context","schema_naming_context","server_name","subschema_subentry","supported_capabilities","supported_control","supported_ldap_policies","supported_ldap_version","supported_sasl_mechanisms","amplification"
"2010-02-10 00:00:00",192.168.0.1,udp,389,node01.example.com,ldap-udp,64512,ZZ,Region,City,0,0,3038,"CN=Configuration,DC=ad,DC=example,DC=com",20220821044533.0Z,"DC=ad,DC=example,DC=com",node01.example.com,7,7,"CN=Configuration,DC=ad,DC=example,DC=com",7,222537,TRUE,TRUE,node01.example.com,"DC=ad,DC=example,DC=com|CN=Configuration,DC=example,DC=com|CN=Schema,CN=Configuration,DC=example,DC=com","DC=example,DC=com","CN=Schema,CN=Configuration,DC=example,DC=com","CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com","CN=Aggregate,CN=Schema,CN=Configuration,DC=example,DC=com",1.2.840.113556.1.4.800|1.2.840.113556.1.4.1670|1.2.840.113556.1.4.1791|1.2.840.113556.1.4.1935|1.2.840.113556.1.4.2080|1.2.840.113556.1.4.2237,1.2.840.113556.1.4.319|1.2.840.113556.1.4.801|1.2.840.113556.1.4.473|1.2.840.113556.1.4.528|1.2.840.113556.1.4.417|1.2.840.113556.1.4.619|1.2.840.113556.1.4.841|1.2.840.113556.1.4.529|1.2.840.113556.1.4.805|1.2.840.113556.1.4.521|1.2.840.113556.1.4.970|1.2.840.113556.1.4.1338|1.2.840.113556.1.4.474|1.2.840.113556.1.4.1339|1.2.840.113556.1.4.1340|1.2.840.113556.1.4.1413|2.16.840.1.113730.3.4.9|2.16.840.1.113730.3.4.10|1.2.840.113556.1.4.1504|1.2.840.113556.1.4.1852|1.2.840.113556.1.4.802|1.2.840.113556.1.4.1907|1.2.840.113556.1.4.1948|1.2.840.113556.1.4.1974|1.2.840.113556.1.4.1341|1.2.840.113556.1.4.2026|1.2.840.113556.1.4.2064|1.2.840.113556.1.4.2065|1.2.840.113556.1.4.2066|1.2.840.113556.1.4.2090|1.2.840.113556.1.4.2205|1.2.840.113556.1.4.2204|1.2.840.113556.1.4.2206|1.2.840.113556.1.4.2211|1.2.840.113556.1.4.2239|1.2.840.113556.1.4.2255|1.2.840.113556.1.4.2256|1.2.840.113556.1.4.2309|1.2.840.113556.1.4.2330|1.2.840.113556.1.4.2354,MaxPoolThreads|MaxPercentDirSyncRequests|MaxDatagramRecv|MaxReceiveBuffer|InitRecvTimeout|MaxConnections|MaxConnIdleTime|MaxPageSize|MaxBatchReturnMessages|MaxQueryDuration|MaxDirSyncDuration|MaxTempTableSize|MaxResultSetSize|MinResultSets|MaxResultSetsPerConn|MaxNotificationPerConn|MaxValRange|MaxValRangeTransitive|ThreadMemoryLimit|SystemMemoryLimitPercent,3|2,GSSAPI|GSS-SPNEGO|EXTERNAL|DIGEST-MD5,58.42
"2010-02-10 00:00:01",192.168.0.2,udp,389,node02.example.com,ldap-udp,64512,ZZ,Region,City,0,0,3062,"CN=Configuration,DC=ad,DC=example,DC=com",20220821044948.0Z,"DC=ad,DC=example,DC=com",node02.example.com,7,7,"CN=Configuration,DC=ad,DC=example,DC=com",7,1478714,TRUE,TRUE,node02.example.com,"DC=ad,DC=example,DC=com|CN=Configuration,DC=example,DC=com|CN=Schema,CN=Configuration,DC=example,DC=com","DC=example,DC=com","CN=Schema,CN=Configuration,DC=example,DC=com","CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com","CN=Aggregate,CN=Schema,CN=Configuration,DC=example,DC=com",1.2.840.113556.1.4.800|1.2.840.113556.1.4.1670|1.2.840.113556.1.4.1791|1.2.840.113556.1.4.1935|1.2.840.113556.1.4.2080|1.2.840.113556.1.4.2237,1.2.840.113556.1.4.319|1.2.840.113556.1.4.801|1.2.840.113556.1.4.473|1.2.840.113556.1.4.528|1.2.840.113556.1.4.417|1.2.840.113556.1.4.619|1.2.840.113556.1.4.841|1.2.840.113556.1.4.529|1.2.840.113556.1.4.805|1.2.840.113556.1.4.521|1.2.840.113556.1.4.970|1.2.840.113556.1.4.1338|1.2.840.113556.1.4.474|1.2.840.113556.1.4.1339|1.2.840.113556.1.4.1340|1.2.840.113556.1.4.1413|2.16.840.1.113730.3.4.9|2.16.840.1.113730.3.4.10|1.2.840.113556.1.4.1504|1.2.840.113556.1.4.1852|1.2.840.113556.1.4.802|1.2.840.113556.1.4.1907|1.2.840.113556.1.4.1948|1.2.840.113556.1.4.1974|1.2.840.113556.1.4.1341|1.2.840.113556.1.4.2026|1.2.840.113556.1.4.2064|1.2.840.113556.1.4.2065|1.2.840.113556.1.4.2066|1.2.840.113556.1.4.2090|1.2.840.113556.1.4.2205|1.2.840.113556.1.4.2204|1.2.840.113556.1.4.2206|1.2.840.113556.1.4.2211|1.2.840.113556.1.4.2239|1.2.840.113556.1.4.2255|1.2.840.113556.1.4.2256|1.2.840.113556.1.4.2309|1.2.840.113556.1.4.2330|1.2.840.113556.1.4.2354,MaxPoolThreads|MaxPercentDirSyncRequests|MaxDatagramRecv|MaxReceiveBuffer|InitRecvTimeout|MaxConnections|MaxConnIdleTime|MaxPageSize|MaxBatchReturnMessages|MaxQueryDuration|MaxDirSyncDuration|MaxTempTableSize|MaxResultSetSize|MinResultSets|MaxResultSetsPerConn|MaxNotificationPerConn|MaxValRange|MaxValRangeTransitive|ThreadMemoryLimit|SystemMemoryLimitPercent,3|2,GSSAPI|GSS-SPNEGO|EXTERNAL|DIGEST-MD5,58.88
"2010-02-10 00:00:02",192.168.0.3,udp,389,node03.example.com,ldap-udp,64512,ZZ,Region,City,0,0,36,"CN=Configuration,DC=ad,DC=example,DC=com",,"DC=ad,DC=example,DC=com",node03.example.com,,,"CN=Configuration,DC=ad,DC=example,DC=com",,,,,node03.example.com,"DC=ad,DC=example,DC=com|CN=Configuration,DC=example,DC=com|CN=Schema,CN=Configuration,DC=example,DC=com","DC=example,DC=com","CN=Schema,CN=Configuration,DC=example,DC=com","CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=example,DC=com","CN=Aggregate,CN=Schema,CN=Configuration,DC=example,DC=com",,,,,,0.69

Our 118 Report Types

« Back to Network Reporting