LDAP.Kerberos.SPN.Query
Description
This indicate a LDAP query to locate all user accounts with a Service Principal Name. Running this LDAP query is possible for all user accounts in a domain.
After all user accounts were collected, they could use for Kerberoasting attack later on.
Affected Products
LDAP Server
Impact
Information Disclosure: Remote attackers can gain all user accounts with Service Principal Name information from vulnerable systems.
Recommended Actions
If required, the signature's action can be set to "Block".
Monitor the LDAP traffic from the network for suspicious behavior.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-27 | 17.006 |