blackhat840
New Around Here
Hello everyone,
I am a long time lurker here and decided to sign up today as I'm having an issue that I can't seem to resolve. We are getting AUP Violation notices from our ISP from a local LDAP server that is being used for reflection attacks on other servers. Apparently our IP is spoofed, our server says the packet is good we received and sends a response back to the victim server.
We've been having this issue for 45 days or so and I've tried everything from blocking the port on the actual server to configuring Network Services Filter within our ASUS router to also block any traffic on port 389 TCP and UDP. However, the victim is stating that they can still connect to our server using a one-liner from within linux and that the port is indeed not blocked...
Any advice as to how I should set this up on our ASUS would be great.
I am a long time lurker here and decided to sign up today as I'm having an issue that I can't seem to resolve. We are getting AUP Violation notices from our ISP from a local LDAP server that is being used for reflection attacks on other servers. Apparently our IP is spoofed, our server says the packet is good we received and sends a response back to the victim server.
We've been having this issue for 45 days or so and I've tried everything from blocking the port on the actual server to configuring Network Services Filter within our ASUS router to also block any traffic on port 389 TCP and UDP. However, the victim is stating that they can still connect to our server using a one-liner from within linux and that the port is indeed not blocked...
Any advice as to how I should set this up on our ASUS would be great.