Active Directory is being attacked remotely

Posted on

A server stack is the collection of software that forms the operational infrastructure on a given machine. In a computing context, a stack is an ordered pile. A server stack is one type of solution stack — an ordered selection of software that makes it possible to complete a particular task. Like in this post about Active Directory is being attacked remotely was one problem in server stack that need for a solution. Below are some tips in manage your windows server when you find problem about windows, active-directory, firewall, ldap, ddos.

Thanks for clicking, I’m having an issue with our server where our Active Directory is being abused by random external servers.

From what I can gather, our server is the victim of an LDAP forwarding attack used in DDOS’ing, unfortunately our network is the one being taken down
(Attackers abuse exposed LDAP servers to amplify DDoS attacks

Articles suggest activating Allow the Connection if it is Secure in the windows firewall for Active Domain Controller - LDAP (UDP-In), which works, but also prevents Active Directory from working on everything else such as external Remote Desktop connections, and it even seems to prevent local network users from connecting to our local MS Exchange email server.

What I’d love to know is how to block these connections without blocking our own systems.

Thanks for reading, I’d love to hear your thoughts.


Sorry for the shouting, but honestly, get your firewall blocking any connections to your DC that are not from internal networks.

You should be using RDP over VPN as well. (RDP will auth to your DC over the internal network in either case)

Leave a Reply

Your email address will not be published. Required fields are marked *