How do I protect my Windows server against LDAP DNS Amplification attacks?

+1 vote
According to sources found attackers are using widely used server protocols to amplify distributed denial-of-service attacks over LDAP (port 389) by using a practice known as DDoS reflection.

Put simply, this attack is done by sending requests using a spoofed source IP address of the intended victim's server to various servers on the Internet, which will then direct their responses to that address instead of the real sender. As the requests are sent to various services that work over UDP the transport protocol does not validate the source address, in effect hiding the real source of the attack from the victim by reflecting traffic through third-party servers.

Most protocols used for DDoS reflection also allow attackers to amplify the amount of traffic being generated by small queries. This means that attackers can generate responses that are 50 times larger in size than the queries that were initially used to trigger them. As servers typically have a larger bandwidth allocation than home computers and consumer devices it has become the primary target for these attackers to use for this DDoS.

To prevent this type of attack from affecting your server the best option would be to configure specific IP address access to your server over port 389 for both TCP and UDP as well as adding a rule to your Windows server FireWall to deny all other traffic from accessing or communicating with this port.
asked Sep 28, 2017 in Cloud Hosting by Kendall_✖‿✖ (180 points)
Doing some basic research it looks like Windows Firewall is not capable blocking this attack. Can you perhaps point to some documentation on how this is setup and how it works?

1 Answer

0 votes
Maybe you should invest in something like OnApp (which has it's own firewall) while you still have clients who uses your virtual cloud. Even if the price goes up, I am sure the downtime is hurting you as much as it hurts us..Just a thought....
answered Sep 28, 2017 by GreenGeckoZA (140 points)