What might cause mysterious LDAP traffic sent to port 389 ?
Article ID: 177036
Updated On:
Products
IT Management Suite
Issue/Introduction
Network security analysis detected a series of LDAP requests being sent from the Notification Server every day at a specific time. The destination port of all of the requests was 389 (the default).
In the interest of security the question was asked: What were these requests? Why are they sent? Can they be prevented or blocked?
Resolution
All NS licenses have an LDAP address built in and the license refresh tries to "phone home" on a regular basis.
There is no way to prevent it from doing this. However, you can block this traffic at the firewall and it will not affect any NS functions including licenses.
Feedback
Yes
No
Powered by
