Main Nav

Posted by seb6chub on July 19, 2012
I am wondering what other schools are doing to combat LDAP directory harvests. We are constantly hit with phishing campaigns. While some email addresses are grabbed via web searches, malware reading address books, or other means, I suspect email directory harvests account for a large percentage of the addresses used in phishing campaigns. Some ideas we have tossed around for limiting the harvests are: - Only allow email look-ups to campus address space and campus VPN. - Rate limit using a firewall or IDP to block an IP address for specific period of time if connection attempts are made too rapidly. - Rate limit at the web server that interfaces into the LDAP server. Only allow a specific number of queries per source IP address per time period. - Use a Captcha to reduce the number of automated queries. - Reduce the number of results returned. Instead of 100 rows, return 5 closest matches. - Require a valid email address to run the query. Block email accounts from anonymous email providers. Has anyone implemented these or other measures to reduce LDAP harvests? Are there any commercial solutions? Thanks, Tyler -- -- Tyler Schoenke Network Security Manager IT Security Office University of Colorado at Boulder

Comments

It's getting more difficult to contain this data as more means become available for accessing it, but generally, we limit the returns to a search to 20 (or is it 25?) unique responses. Off campus searches have the email address obscured in a capcha like fashion. We used to manage our logs better in the past and would black list IP's that were obviously scraping our directory. We don't have the time to do this anymore. We have been replying on our anti-spam and proactive education solutions to prevent phishing. The number of victims remains low, so on some level I'd like to think our efforts are working, but, we may just be lucky. >
Posted by: r-safian@northw... on July 19, 2012
Message from hhoffman@ip-solutions.net

This is a real sore point for me, because even when you've done all of this you'll find out that your org has entered into agreements with others for data sharing and emails are harvested that way.

Our 1st step was a opt out from directory listing. 2nd step was limited search results.

LDAP queries shouldn't go beyond your border without a business relationship. Searching can be done with webapps only with a second query to display email address so out of a single search a follow up query for one email is done.

We haven't done the above, there are bigger fish to fry first.

HTH

Cheers,
Harry

---

Posted by: listserv-anon on July 19, 2012
We give a maximum of 20 results - if you want more, you have to authenticate Joel Rosenblatt Joel Rosenblatt, Director Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel Public PGP key http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x90BD740BCC7326C3 --On Thursday, July 19, 2012 8:11 PM +0000 Roger A Safian wrote: > It's getting more difficult to contain this data as more means become available for accessing it, but generally, we limit the returns to a search to 20 (or > is it 25?) unique responses. Off campus searches have the email address obscured in a capcha like fashion. We used to manage our logs better in the past > and would black list IP's that were obviously scraping our directory. We don't have the time to do this anymore. We have been replying on our anti-spam and > proactive education solutions to prevent phishing. The number of victims remains low, so on some level I'd like to think our efforts are working, but, we > may just be lucky. > >>
Posted by: jlrcu on July 19, 2012
Post a Comment

Research and Publications

Conferences and Events

Career Development

Focus Areas and Initiatives

Connect and Contribute

About EDUCAUSE

Close

 


Current Issue
March/April 2013
EDUCAUSE Review

Publications

Research

Close


Annual Conference
October 15–18, 2013
Save the date!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

See All Events

Close

EDUCAUSE Institute
Leadership/Management Programs
Explore More

Career Center

Find or Post a Job

Leadership and Management Programs

EDUCAUSE Institute
Advanced Programs
Project Management

 

Fellowships and Awards

Fellowships
Awards Programs

Getting Involved

Mentoring
Volunteer
Speak at an Event

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

Advance Your Career

 

Close

Latest Topics

EDUCAUSE organizes its efforts around three IT Focus Areas

 

Enterprise and Infrastructure

Enterprise and
Infrastructure

Policy and Security

Policy and
Security

Teaching and Learning

Teaching and
Learning

 

Join These Programs If Your Focus Is

Close

From the Blogs
The Role of Campus Leadership in Ensuring IT Accessibility
by
Diana Oblinger

Find Others

Share Ideas

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

Create Your Profile

 

Close

2013 Strategic Priorities

  • Connected Learning
  • Enterprise IT
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.
 

Discover Membership