[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] A real interesting addition to hosts.deny
- Subject: Re: [cobalt-users] A real interesting addition to hosts.deny
- From: Jens Kristian Søgaard <jens@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed Feb 14 06:43:12 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
Hi,
> Feb 13 16:09:54 www portsentry[1467]: attackalert: SYN/Normal scan from
> host: crawler.ldap.research.netsol.com/216.168.227.9 to TCP port: 389
> FYI - port 389 is where LDAP runs (Lightweight Directory Access Protocol
or
> something). Not entirely sure what its all about, but I think it is
specific
> to X windows.
> I should have some fun with this one.... Oh, just in case SOMEONE doesn't
> get it, netsol is Network Solutions
Well, I think you got it wrong -- Network Solutions is not trying to
portscan or hack you in any way.
LDAP has nothing to do with the X windowing protocol.
LDAP is, like you wrote before, a Lightweight Directory Access Protocol. It
can be used (like forexample Hotmail do) to create a large "telephone book"
with email addresses.
We use LDAP to have a centralized database with usernames, passwords,
addresses, phonenumbers, etc. of our users (it can be used for authorizing
logins, getting mail, etc.). It can also used similarly in Windows 2000.
Others again use LDAP for their PKI.
The host that contacted your machine is a part of VeriSign's LDAP system.
They run a kind of "search engine" for LDAP -- i.e. they use the list of
domains in the WHOIS database as a base, and then contacts all these domains
individually to see, who is the authoritative LDAP server for that domain.
Imagine a global addressbook where you could lookup email-addresses, public
keys, etc. directly from Outlook Express or whatever software you're using.
--
Jens Kristian Søgaard, Mermaid Consulting I/S,
jens@xxxxxxxxxxxxxxxxxxxx,
http://www.mermaidconsulting.com/