Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group
Hi All,
OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
[image: Inline image 1]
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated.
Have you tried to strace it from the startup to the end ? You would sure see the creation of this port and know more. That’s the technique I use when the software is blackbox to me. My strace invocation is using
/usr/bin/strace -fF -ttT -v -o strace.log -s 255 <PROGRAM>
++Cyrille
From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Sreekanth Sukumaran Sent: Monday, September 26, 2016 12:59 PM To: openldap-technical@openldap.org Subject: OpenLDAP server attack surface analysis shows UDP port 63515 in unknown state
Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group Hi All,
OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
[Inline image 1]
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated. -- Regards, Sreekanth
-- Regards, Sreekanth 09036794524
Sreekanth Sukumaran wrote:
Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group
Hi All,
OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
Inline image 1
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated.
I really wonder what OpenLDAP builds you're running?!?
Personally I never saw an OpenLDAP server listening on 63515/udp.
Maybe - the analysis tool is broken - the OpenLDAP server was seriously patched to do something strange nobody knows - somebody hacked your server and added it to a botnet
Ciao, Michael.
On Sep 30, 2016, at 06.55, Michael Ströder michael@stroeder.com wrote:
Sreekanth Sukumaran wrote:
Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group
Hi All,
OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
Inline image 1
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated.
I really wonder what OpenLDAP builds you're running?!?
Personally I never saw an OpenLDAP server listening on 63515/udp.
Maybe
- the analysis tool is broken
- the OpenLDAP server was seriously patched to do something strange nobody knows
- somebody hacked your server and added it to a botnet
we mustn't forget the possibility of solar flares, and most recently, courtesy of cisco, cosmic radiation.
Am Fri, 30 Sep 2016 12:55:47 +0200 schrieb Michael Ströder michael@stroeder.com:
Sreekanth Sukumaran wrote:
Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group
Hi All,
OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
Inline image 1
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated.
I really wonder what OpenLDAP builds you're running?!?
Personally I never saw an OpenLDAP server listening on 63515/udp.
Probabely Samba with CLDAP and a strange port?
-Dieter
Hi All,
Thanks for all the replies, I have been in vacation and am just back.
The OpenLDAP server is not seriously patched and the port is really strange. I will look back at the analysis once again and update.
On Sat, Oct 1, 2016 at 11:20 PM, Dieter Klünter dieter@dkluenter.de wrote:
Am Fri, 30 Sep 2016 12:55:47 +0200 schrieb Michael Ströder michael@stroeder.com:
Sreekanth Sukumaran wrote:
Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group
Hi All,
OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer
We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)
Inline image 1
We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.
Has anyone an idea on what this port could be for. Inputs are much appreciated.
I really wonder what OpenLDAP builds you're running?!?
Personally I never saw an OpenLDAP server listening on 63515/udp.
Probabely Samba with CLDAP and a strange port?
-Dieter
-- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53°37'09,95"N 10°08'02,42"E
openldap-technical@openldap.org
-
btb@bitrate.net -
Dieter Klünter -
Maucci, Cyrille -
Michael Ströder -
Sreekanth Sukumaran