Location: List Archives

List Archives

This forum is an archive of all posts to our mailing list over the past few years.  The forum is set read only therefore to contribute you will need to join our list community.  See more info about this here.

 

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Forums >ActiveDir Mail List Archive >List Archives
Subject: RE: [ActiveDir] [Fwd: [NT] Microsoft Windows Active Directory LDAP Server Information Disclosure Vulnerability]
Prev Next
You are not authorized to post a reply.

AuthorMessages
bdesmondUser is Offline

Posts:995

11/18/2008 3:38 PM  
It is pretty common to see this sort of config where customers ACL firewalls to allow certain partners/vendors LDAP access for auth, lookup, etc.

Thanks,
Brian Desmond
brian@briandesmond.com

c - 312.731.3132

From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Kennedy, Jim
Sent: Tuesday, November 18, 2008 2:22 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] [Fwd: [NT] Microsoft Windows Active Directory LDAP Server Information Disclosure Vulnerability]

We do, although 'public' might not be the right description. Our ISP is more than just an ISP (we are a school system). They also provide a great many services to us, Student Information Systems, distance learning....items like that. We allow 2 specific IP's on their private network LDAP access so we can have single sign on with them.

But being a K-12 edu I can tell you I am far more worried about what our internal users can do compared to what the 'internet' can do to us. This summer I to build an internal DMZ for all our servers.


From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Praveen Thampi
Sent: Tuesday, November 18, 2008 3:18 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] [Fwd: [NT] Microsoft Windows Active Directory LDAP Server Information Disclosure Vulnerability]


BTW, why should somebody open LDAP to public. Also wondering even if the ports are allowed, they'll be only for specific ips/subnets which reduces the surface.


You are not authorized to post a reply.
Forums >ActiveDir Mail List Archive >List Archives > RE: [ActiveDir] [Fwd: [NT] Microsoft Windows Active Directory LDAP Server Information Disclosure Vulnerability]



ActiveForums 3.7
Friends

Friends

VisualClickButoton
Members

Members

MembershipMembership:
Latest New UserLatest:rana.b4523
New TodayNew Today:1
New YesterdayNew Yesterday:1
User CountOverall:5291
People OnlinePeople Online:
VisitorsVisitors:38
MembersMembers:0
TotalTotal:38
Online NowOnline Now:

Ads

Copyright 2012 ActiveDir.org
Terms Of Use