dnswatchdog.iodocs
Issues

Port 389: LDAP

Open LDAP port detected on a publicly accessible host.

Severity: Warning | Port: 389

What is LDAP?

LDAP (Lightweight Directory Access Protocol) is a protocol for accessing and managing directory services — essentially databases that store information about users, groups, computers, and other resources in an organization. Active Directory, the backbone of most corporate Windows networks, uses LDAP as its primary query protocol.

Why this is a problem

LDAP on port 389 transmits data unencrypted by default. If exposed to the internet, attackers can query the directory to enumerate usernames, email addresses, group memberships, and organizational structure. This information is valuable for planning targeted phishing attacks or credential stuffing. LDAP servers can also be abused for DDoS amplification attacks.

What you should do

  • Block port 389 from the internet — LDAP should only be accessible from internal networks
  • Use LDAPS (port 636) for encrypted LDAP communication where possible
  • If remote access to directory services is needed, require VPN connectivity
  • Review LDAP access controls to ensure anonymous queries are disabled

Port 445: SMB

Open SMB port detected on a publicly accessible host.

Port 636: LDAPS

Open LDAPS port detected on a publicly accessible host.

On this page

What is LDAP?Why this is a problemWhat you should do