On Sep 30, 2016, at 06.55, Michael Ströder michael@stroeder.com wrote:
Sreekanth Sukumaran wrote:
Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group
Hi All,
OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
Inline image 1
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated.
I really wonder what OpenLDAP builds you're running?!?
Personally I never saw an OpenLDAP server listening on 63515/udp.
Maybe
- the analysis tool is broken
- the OpenLDAP server was seriously patched to do something strange nobody knows
- somebody hacked your server and added it to a botnet
we mustn't forget the possibility of solar flares, and most recently, courtesy of cisco, cosmic radiation.