TITLE:
Vulnerabilities of LDAP As An Authentication Service
AUTHORS:
Charlie Obimbo, Benjamin Ferriman
KEYWORDS:
LDAP, SYN Flooding, Denial-of-Service, Authentication Service
JOURNAL NAME:
Journal of Information Security,
Vol.2 No.4,
October
24,
2011
ABSTRACT: Lightweight Directory Access Protocol (LDAP) servers are widely used to authenticate users in enterprise level networks. Organizations such as universities and small to medium-sized businesses use LDAP for a variety of applications including e-mail clients, SSH, and workstation authentication. Since many organizations build dependencies on the LDAP service, a Denial-of-Service (DoS) attack to the service can cause a greater number of services disrupted. This paper examines the danger in the use of LDAP for user authentication by executing a DoS attack exploiting the TCP three-way handshake required when initializing a connection to an LDAP server.