TY - GEN
T1 - Deceptive directories and “vulnerable” logs
T2 - 2022 IEEE European Symposium on Security and Privacy Workshops
AU - Srinivasa, Shreyas
AU - Pedersen, Jens Myrup
AU - Vasilomanolakis, Emmanouil
PY - 2022/3
Y1 - 2022/3
N2 - The Lightweight Directory Access Protocol (LDAP) has been widely used to query directory services. It is mainly utilized for reading, writing, and searching directory services like the Active Directory. The vast adoption of LDAP for authentication has entailed several attack attempts like injection attacks and unauthorized access due to third-party key storage. Furthermore, recent vulnerabilities discovered in libraries like the Log4j can lead adversaries to obtain unauthorized information from the directory services through pivoting attacks. Moreover, the LDAP can be configured to operate on UDP, motivating adversaries to exploit it for Distributed Reflection Denial of Service attacks (DRDoS). This paper presents a study of attacks on the LDAP by deploying honeypots that simulate multiple profiles that support the LDAP service and correlating the attack datasets obtained from honeypots deployed by the Honeynet Project community. We observe a total of 39,388 malicious events targeting the honeypots and discover 273 unique attack sources performing pivot attacks in a period of one month.
AB - The Lightweight Directory Access Protocol (LDAP) has been widely used to query directory services. It is mainly utilized for reading, writing, and searching directory services like the Active Directory. The vast adoption of LDAP for authentication has entailed several attack attempts like injection attacks and unauthorized access due to third-party key storage. Furthermore, recent vulnerabilities discovered in libraries like the Log4j can lead adversaries to obtain unauthorized information from the directory services through pivoting attacks. Moreover, the LDAP can be configured to operate on UDP, motivating adversaries to exploit it for Distributed Reflection Denial of Service attacks (DRDoS). This paper presents a study of attacks on the LDAP by deploying honeypots that simulate multiple profiles that support the LDAP service and correlating the attack datasets obtained from honeypots deployed by the Honeynet Project community. We observe a total of 39,388 malicious events targeting the honeypots and discover 273 unique attack sources performing pivot attacks in a period of one month.
KW - Deception
KW - Honeypots
KW - LDAP
KW - LDAP attacks
UR - http://www.scopus.com/inward/record.url?scp=85134156835&partnerID=8YFLogxK
U2 - 10.1109/EuroSPW55150.2022.00052
DO - 10.1109/EuroSPW55150.2022.00052
M3 - Article in proceeding
T3 - IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
SP - 442
EP - 447
BT - Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
PB - IEEE
Y2 - 6 June 2022 through 10 June 2022
ER -