LDAP reflected ddos

tcpdump -nn -i em1 udp and port 389
 
15:35:36.667005 IP 75.99.0.158.389 > x.x.x.x.4829: UDP, length 2804
15:35:36.667065 IP 192.162.242.123.389 > x.x.x.x.45750: UDP, length 2993
15:35:36.667105 IP 210.3.1.38.389 > x.x.x.x.61703: UDP, length 2687
15:35:36.667260 IP 210.211.126.112.389 > x.x.x.x.61703: UDP, length 2591
15:35:36.667318 IP 88.198.78.124.389 > x.x.x.x.18313: UDP, length 2955
15:35:36.667407 IP 192.186.71.248.389 > x.x.x.x.45750: UDP, length 3088
15:35:36.667420 IP 193.158.199.220.389 > x.x.x.x.45750: UDP, length 2582
15:35:36.667453 IP 108.60.201.51.389 > x.x.x.x.27164: UDP, length 2969
15:35:36.667472 IP 211.144.154.13.389 > x.x.x.x.61703: UDP, length 2395
15:35:36.667551 IP 78.140.59.119.389 > x.x.x.x.4829: UDP, length 2368
15:35:36.667562 IP 197.231.192.44.389 > x.x.x.x.45750: UDP, length 2959
15:35:36.667575 IP 185.104.180.89.389 > x.x.x.x.29749: UDP, length 3009
15:35:36.667600 IP 108.31.185.59.389 > x.x.x.x.27164: UDP, length 2474
15:35:36.667652 IP 76.16.250.71.389 > x.x.x.x.4829: UDP, length 2622
15:35:36.667708 IP 185.3.168.182.389 > x.x.x.x.29749: UDP, length 2816
15:35:36.667798 IP 196.6.233.18.389 > x.x.x.x.45750: UDP, length 2538
15:35:36.667845 IP 91.106.91.12.389 > x.x.x.x.18313: UDP, length 2863
15:35:36.667869 IP 89.218.64.42.389 > x.x.x.x.18313: UDP, length 2799
15:35:36.667909 IP 193.140.41.174.389 > x.x.x.x.45750: UDP, length 3046
15:35:36.667982 IP 76.213.157.105.389 > x.x.x.x.4829: UDP, length 2894
15:35:36.668086 IP 196.30.230.54.389 > x.x.x.x.45750: UDP, length 2706
15:35:36.668188 IP 75.99.131.234.389 > x.x.x.x.4829: UDP, length 2516
15:35:36.668218 IP 196.11.102.164.389 > x.x.x.x.45750: UDP, length 2798
15:35:36.668248 IP 184.69.98.206.389 > x.x.x.x.29749: UDP, length 2857
15:35:36.668267 IP 121.40.104.130.389 > x.x.x.x.27164: UDP, length 2589
15:35:36.668284 IP 109.166.208.171.389 > x.x.x.x.27164: UDP, length 2772
15:35:36.668343 IP 108.74.106.227.389 > x.x.x.x.27164: UDP, length 2904
15:35:36.668383 IP 88.150.147.131.389 > x.x.x.x.18313: UDP, length 2966
15:35:36.668421 IP 88.198.222.112.389 > x.x.x.x.18313: UDP, length 2714
15:35:36.668463 IP 184.106.234.128.389 > x.x.x.x.29749: UDP, length 2631
15:35:36.668468 IP 88.198.90.43.389 > x.x.x.x.18313: UDP, length 1782
15:35:36.668487 IP 194.247.240.50.389 > x.x.x.x.45750: UDP, length 2937
15:35:36.668641 IP 88.84.197.162.389 > x.x.x.x.18313: UDP, length 1785
15:35:36.668835 IP 115.124.66.19.389 > x.x.x.x.27164: UDP, length 2929
15:35:36.668888 IP 119.160.218.42.389 > x.x.x.x.27164: UDP, length 2497
15:35:36.668920 IP 76.104.14.11.389 > x.x.x.x.4829: UDP, length 2566
15:35:36.668944 IP 112.74.167.244.389 > x.x.x.x.27164: UDP, length 2873
15:35:36.669013 IP 116.12.189.33.389 > x.x.x.x.27164: UDP, length 2628
15:35:36.669163 IP 184.106.250.48.389 > x.x.x.x.29749: UDP, length 2600
15:35:36.669215 IP 115.90.181.114.389 > x.x.x.x.27164: UDP, length 2469
15:35:36.669396 IP 196.15.180.8.389 > x.x.x.x.45750: UDP, length 2632
15:35:36.669400 IP 196.15.180.62.389 > x.x.x.x.45750: UDP, length 2684
15:35:36.669417 IP 109.166.153.104.389 > x.x.x.x.27164: UDP, length 2362
15:35:36.669422 IP 197.148.64.80.389 > x.x.x.x.45750: UDP, length 2711
15:35:36.669463 IP 184.106.234.46.389 > x.x.x.x.29749: UDP, length 2747
15:35:36.669535 IP 88.208.119.250.389 > x.x.x.x.18313: UDP, length 3051
15:35:36.669548 IP 88.220.122.52.389 > x.x.x.x.18313: UDP, length 2868
15:35:36.669755 IP 197.81.233.50.389 > x.x.x.x.45750: UDP, length 2472
15:35:36.669766 IP 196.214.87.66.389 > x.x.x.x.45750: UDP, length 2623
15:35:36.669821 IP 88.198.203.195.389 > x.x.x.x.18313: UDP, length 1917
15:35:36.669942 IP 115.178.16.249.389 > x.x.x.x.27164: UDP, length 2996
15:35:36.670003 IP 184.147.198.111.389 > x.x.x.x.29749: UDP, length 2553
15:35:36.670044 IP 75.99.203.190.389 > x.x.x.x.4829: UDP, length 3046
15:35:36.670212 IP 197.249.132.72.389 > x.x.x.x.45750: UDP, length 2449
15:35:36.670286 IP 88.150.188.42.389 > x.x.x.x.18313: UDP, length 2914
15:35:36.670297 IP 184.155.25.26.389 > x.x.x.x.29749: UDP, length 2881
15:35:36.670411 IP 88.82.192.243.389 > x.x.x.x.18313: UDP, length 2501
15:35:36.670414 IP 186.115.11.67.389 > x.x.x.x.4829: UDP, length 2682
15:35:36.670549 IP 75.99.161.82.389 > x.x.x.x.4829: UDP, length 2861
15:35:36.670583 IP 77.120.243.225.389 > x.x.x.x.4829: UDP, length 2508
15:35:36.670657 IP 193.248.203.67.389 > x.x.x.x.45750: UDP, length 2931
15:35:36.670688 IP 75.35.145.219.389 > x.x.x.x.4829: UDP, length 2897
15:35:36.670819 IP 184.149.19.174.389 > x.x.x.x.29749: UDP, length 2579
15:35:36.671004 IP 197.159.49.36.389 > x.x.x.x.45750: UDP, length 2936
15:35:36.671027 IP 79.175.176.14.389 > x.x.x.x.4829: UDP, length 2891
15:35:36.671055 IP 108.29.161.26.389 > x.x.x.x.27164: UDP, length 2561
15:35:36.671075 IP 200.116.120.158.389 > x.x.x.x.45750: UDP, length 2892
15:35:36.671101 IP 196.15.180.2.389 > x.x.x.x.45750: UDP, length 2640
15:35:36.671186 IP 88.159.158.30.389 > x.x.x.x.18313: UDP, length 2574
15:35:36.671228 IP 108.29.99.165.389 > x.x.x.x.27164: UDP, length 2946
15:35:36.671256 IP 88.198.1.28.389 > x.x.x.x.18313: UDP, length 2949

tcpdump -nn -i em1 udp and port 389 15:35:36.667005 IP 75.99.0.158.389 > x.x.x.x.4829: UDP, length 2804 15:35:36.667065 IP 192.162.242.123.389 > x.x.x.x.45750: UDP, length 2993 15:35:36.667105 IP 210.3.1.38.389 > x.x.x.x.61703: UDP, length 2687 15:35:36.667260 IP 210.211.126.112.389 > x.x.x.x.61703: UDP, length 2591 15:35:36.667318 IP 88.198.78.124.389 > x.x.x.x.18313: UDP, length 2955 15:35:36.667407 IP 192.186.71.248.389 > x.x.x.x.45750: UDP, length 3088 15:35:36.667420 IP 193.158.199.220.389 > x.x.x.x.45750: UDP, length 2582 15:35:36.667453 IP 108.60.201.51.389 > x.x.x.x.27164: UDP, length 2969 15:35:36.667472 IP 211.144.154.13.389 > x.x.x.x.61703: UDP, length 2395 15:35:36.667551 IP 78.140.59.119.389 > x.x.x.x.4829: UDP, length 2368 15:35:36.667562 IP 197.231.192.44.389 > x.x.x.x.45750: UDP, length 2959 15:35:36.667575 IP 185.104.180.89.389 > x.x.x.x.29749: UDP, length 3009 15:35:36.667600 IP 108.31.185.59.389 > x.x.x.x.27164: UDP, length 2474 15:35:36.667652 IP 76.16.250.71.389 > x.x.x.x.4829: UDP, length 2622 15:35:36.667708 IP 185.3.168.182.389 > x.x.x.x.29749: UDP, length 2816 15:35:36.667798 IP 196.6.233.18.389 > x.x.x.x.45750: UDP, length 2538 15:35:36.667845 IP 91.106.91.12.389 > x.x.x.x.18313: UDP, length 2863 15:35:36.667869 IP 89.218.64.42.389 > x.x.x.x.18313: UDP, length 2799 15:35:36.667909 IP 193.140.41.174.389 > x.x.x.x.45750: UDP, length 3046 15:35:36.667982 IP 76.213.157.105.389 > x.x.x.x.4829: UDP, length 2894 15:35:36.668086 IP 196.30.230.54.389 > x.x.x.x.45750: UDP, length 2706 15:35:36.668188 IP 75.99.131.234.389 > x.x.x.x.4829: UDP, length 2516 15:35:36.668218 IP 196.11.102.164.389 > x.x.x.x.45750: UDP, length 2798 15:35:36.668248 IP 184.69.98.206.389 > x.x.x.x.29749: UDP, length 2857 15:35:36.668267 IP 121.40.104.130.389 > x.x.x.x.27164: UDP, length 2589 15:35:36.668284 IP 109.166.208.171.389 > x.x.x.x.27164: UDP, length 2772 15:35:36.668343 IP 108.74.106.227.389 > x.x.x.x.27164: UDP, length 2904 15:35:36.668383 IP 88.150.147.131.389 > x.x.x.x.18313: UDP, length 2966 15:35:36.668421 IP 88.198.222.112.389 > x.x.x.x.18313: UDP, length 2714 15:35:36.668463 IP 184.106.234.128.389 > x.x.x.x.29749: UDP, length 2631 15:35:36.668468 IP 88.198.90.43.389 > x.x.x.x.18313: UDP, length 1782 15:35:36.668487 IP 194.247.240.50.389 > x.x.x.x.45750: UDP, length 2937 15:35:36.668641 IP 88.84.197.162.389 > x.x.x.x.18313: UDP, length 1785 15:35:36.668835 IP 115.124.66.19.389 > x.x.x.x.27164: UDP, length 2929 15:35:36.668888 IP 119.160.218.42.389 > x.x.x.x.27164: UDP, length 2497 15:35:36.668920 IP 76.104.14.11.389 > x.x.x.x.4829: UDP, length 2566 15:35:36.668944 IP 112.74.167.244.389 > x.x.x.x.27164: UDP, length 2873 15:35:36.669013 IP 116.12.189.33.389 > x.x.x.x.27164: UDP, length 2628 15:35:36.669163 IP 184.106.250.48.389 > x.x.x.x.29749: UDP, length 2600 15:35:36.669215 IP 115.90.181.114.389 > x.x.x.x.27164: UDP, length 2469 15:35:36.669396 IP 196.15.180.8.389 > x.x.x.x.45750: UDP, length 2632 15:35:36.669400 IP 196.15.180.62.389 > x.x.x.x.45750: UDP, length 2684 15:35:36.669417 IP 109.166.153.104.389 > x.x.x.x.27164: UDP, length 2362 15:35:36.669422 IP 197.148.64.80.389 > x.x.x.x.45750: UDP, length 2711 15:35:36.669463 IP 184.106.234.46.389 > x.x.x.x.29749: UDP, length 2747 15:35:36.669535 IP 88.208.119.250.389 > x.x.x.x.18313: UDP, length 3051 15:35:36.669548 IP 88.220.122.52.389 > x.x.x.x.18313: UDP, length 2868 15:35:36.669755 IP 197.81.233.50.389 > x.x.x.x.45750: UDP, length 2472 15:35:36.669766 IP 196.214.87.66.389 > x.x.x.x.45750: UDP, length 2623 15:35:36.669821 IP 88.198.203.195.389 > x.x.x.x.18313: UDP, length 1917 15:35:36.669942 IP 115.178.16.249.389 > x.x.x.x.27164: UDP, length 2996 15:35:36.670003 IP 184.147.198.111.389 > x.x.x.x.29749: UDP, length 2553 15:35:36.670044 IP 75.99.203.190.389 > x.x.x.x.4829: UDP, length 3046 15:35:36.670212 IP 197.249.132.72.389 > x.x.x.x.45750: UDP, length 2449 15:35:36.670286 IP 88.150.188.42.389 > x.x.x.x.18313: UDP, length 2914 15:35:36.670297 IP 184.155.25.26.389 > x.x.x.x.29749: UDP, length 2881 15:35:36.670411 IP 88.82.192.243.389 > x.x.x.x.18313: UDP, length 2501 15:35:36.670414 IP 186.115.11.67.389 > x.x.x.x.4829: UDP, length 2682 15:35:36.670549 IP 75.99.161.82.389 > x.x.x.x.4829: UDP, length 2861 15:35:36.670583 IP 77.120.243.225.389 > x.x.x.x.4829: UDP, length 2508 15:35:36.670657 IP 193.248.203.67.389 > x.x.x.x.45750: UDP, length 2931 15:35:36.670688 IP 75.35.145.219.389 > x.x.x.x.4829: UDP, length 2897 15:35:36.670819 IP 184.149.19.174.389 > x.x.x.x.29749: UDP, length 2579 15:35:36.671004 IP 197.159.49.36.389 > x.x.x.x.45750: UDP, length 2936 15:35:36.671027 IP 79.175.176.14.389 > x.x.x.x.4829: UDP, length 2891 15:35:36.671055 IP 108.29.161.26.389 > x.x.x.x.27164: UDP, length 2561 15:35:36.671075 IP 200.116.120.158.389 > x.x.x.x.45750: UDP, length 2892 15:35:36.671101 IP 196.15.180.2.389 > x.x.x.x.45750: UDP, length 2640 15:35:36.671186 IP 88.159.158.30.389 > x.x.x.x.18313: UDP, length 2574 15:35:36.671228 IP 108.29.99.165.389 > x.x.x.x.27164: UDP, length 2946 15:35:36.671256 IP 88.198.1.28.389 > x.x.x.x.18313: UDP, length 2949

sample packet:

15:37:21.996866 IP (tos 0x0, ttl 117, id 18284, offset 0, flags [+], proto UDP (17), length 1500)
    179.210.166.177.389 > x.x.x.x.45750: UDP, length 2905
	0x0000:  4500 05dc 476c 2000 7511 9265 b3d2 a6b1  E...Gl..u..e....
	0x0010:  2ea6 bd15 0185 b2b6 0b61 9566 3084 0000  .........a.f0...
	0x0020:  0b3d 0201 0764 8400 000b 3404 0030 8400  .=...d....4..0..
	0x0030:  000b 2c30 8400 0000 2604 0b63 7572 7265  ..,0....&..curre
	0x0040:  6e74 5469 6d65 3184 0000 0013 0411 3230  ntTime1.......20
	0x0050:  3137 3037 3035 3135 3337 3232 2e30 5a30  170705153722.0Z0
	0x0060:  8400 0000 5504 1173 7562 7363 6865 6d61  ....U..subschema
	0x0070:  5375 6265 6e74 7279 3184 0000 003c 043a  Subentry1....<.:
	0x0080:  434e 3d41 6767 7265 6761 7465 2c43 4e3d  CN=Aggregate,CN=
	0x0090:  5363 6865 6d61 2c43 4e3d 436f 6e66 6967  Schema,CN=Config
	0x00a0:  7572 6174 696f 6e2c 4443 3d45 434f 5445  uration,DC=ECOTE
	0x00b0:  502c 4443 3d6c 6f63 616c 3084 0000 0086  P,DC=local0.....
	0x00c0:  040d 6473 5365 7276 6963 654e 616d 6531  ..dsServiceName1
	0x00d0:  8400 0000 7104 6f43 4e3d 4e54 4453 2053  ....q.oCN=NTDS.S
	0x00e0:  6574 7469 6e67 732c 434e 3d45 434f 5352  ettings,CN=ECOSR
	0x00f0:  5630 322c 434e 3d53 6572 7665 7273 2c43  V02,CN=Servers,C
	0x0100:  4e3d 4465 6661 756c 742d 4669 7273 742d  N=Default-First-
	0x0110:  5369 7465 2d4e 616d 652c 434e 3d53 6974  Site-Name,CN=Sit
	0x0120:  6573 2c43 4e3d 436f 6e66 6967 7572 6174  es,CN=Configurat
	0x0130:  696f 6e2c 4443 3d45 434f 5445 502c 4443  ion,DC=ECOTEP,DC
	0x0140:  3d6c 6f63 616c 3084 0000 00ca 040e 6e61  =local0.......na
	0x0150:  6d69 6e67 436f 6e74 6578 7473 3184 0000  mingContexts1...
	0x0160:  00b4 0412 4443 3d45 434f 5445 502c 4443  ....DC=ECOTEP,DC
	0x0170:  3d6c 6f63 616c 0423 434e 3d43 6f6e 6669  =local.#CN=Confi
	0x0180:  6775 7261 7469 6f6e 2c44 433d 4543 4f54  guration,DC=ECOT
	0x0190:  4550 2c44 433d 6c6f 6361 6c04 2d43 4e3d  EP,DC=local.-CN=
	0x01a0:  5363 6865 6d61 2c43 4e3d 436f 6e66 6967  Schema,CN=Config
	0x01b0:  7572 6174 696f 6e2c 4443 3d45 434f 5445  uration,DC=ECOTE
	0x01c0:  502c 4443 3d6c 6f63 616c 0424 4443 3d44  P,DC=local.$DC=D
	0x01d0:  6f6d 6169 6e44 6e73 5a6f 6e65 732c 4443  omainDnsZones,DC
	0x01e0:  3d45 434f 5445 502c 4443 3d6c 6f63 616c  =ECOTEP,DC=local
	0x01f0:  0424 4443 3d46 6f72 6573 7444 6e73 5a6f  .$DC=ForestDnsZo
	0x0200:  6e65 732c 4443 3d45 434f 5445 502c 4443  nes,DC=ECOTEP,DC
	0x0210:  3d6c 6f63 616c 3084 0000 0030 0414 6465  =local0....0..de
	0x0220:  6661 756c 744e 616d 696e 6743 6f6e 7465  faultNamingConte
	0x0230:  7874 3184 0000 0014 0412 4443 3d45 434f  xt1.......DC=ECO
	0x0240:  5445 502c 4443 3d6c 6f63 616c 3084 0000  TEP,DC=local0...
	0x0250:  004a 0413 7363 6865 6d61 4e61 6d69 6e67  .J..schemaNaming
	0x0260:  436f 6e74 6578 7431 8400 0000 2f04 2d43  Context1..../.-C
	0x0270:  4e3d 5363 6865 6d61 2c43 4e3d 436f 6e66  N=Schema,CN=Conf
	0x0280:  6967 7572 6174 696f 6e2c 4443 3d45 434f  iguration,DC=ECO
	0x0290:  5445 502c 4443 3d6c 6f63 616c 3084 0000  TEP,DC=local0...
	0x02a0:  0047 041a 636f 6e66 6967 7572 6174 696f  .G..configuratio
	0x02b0:  6e4e 616d 696e 6743 6f6e 7465 7874 3184  nNamingContext1.
	0x02c0:  0000 0025 0423 434e 3d43 6f6e 6669 6775  ...%.#CN=Configu
	0x02d0:  7261 7469 6f6e 2c44 433d 4543 4f54 4550  ration,DC=ECOTEP
	0x02e0:  2c44 433d 6c6f 6361 6c30 8400 0000 3304  ,DC=local0....3.
	0x02f0:  1772 6f6f 7444 6f6d 6169 6e4e 616d 696e  .rootDomainNamin
	0x0300:  6743 6f6e 7465 7874 3184 0000 0014 0412  gContext1.......
	0x0310:  4443 3d45 434f 5445 502c 4443 3d6c 6f63  DC=ECOTEP,DC=loc
	0x0320:  616c 3084 0000 03a9 0410 7375 7070 6f72  al0.......suppor
	0x0330:  7465 6443 6f6e 7472 6f6c 3184 0000 0391  tedControl1.....
	0x0340:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0350:  2e31 2e34 2e33 3139 0416 312e 322e 3834  .1.4.319..1.2.84
	0x0360:  302e 3131 3335 3536 2e31 2e34 2e38 3031  0.113556.1.4.801
	0x0370:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0380:  2e31 2e34 2e34 3733 0416 312e 322e 3834  .1.4.473..1.2.84
	0x0390:  302e 3131 3335 3536 2e31 2e34 2e35 3238  0.113556.1.4.528
	0x03a0:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x03b0:  2e31 2e34 2e34 3137 0416 312e 322e 3834  .1.4.417..1.2.84
	0x03c0:  302e 3131 3335 3536 2e31 2e34 2e36 3139  0.113556.1.4.619
	0x03d0:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x03e0:  2e31 2e34 2e38 3431 0416 312e 322e 3834  .1.4.841..1.2.84
	0x03f0:  302e 3131 3335 3536 2e31 2e34 2e35 3239  0.113556.1.4.529
	0x0400:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0410:  2e31 2e34 2e38 3035 0416 312e 322e 3834  .1.4.805..1.2.84
	0x0420:  302e 3131 3335 3536 2e31 2e34 2e35 3231  0.113556.1.4.521
	0x0430:  0416 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0440:  2e31 2e34 2e39 3730 0417 312e 322e 3834  .1.4.970..1.2.84
	0x0450:  302e 3131 3335 3536 2e31 2e34 2e31 3333  0.113556.1.4.133
	0x0460:  3804 1631 2e32 2e38 3430 2e31 3133 3535  8..1.2.840.11355
	0x0470:  362e 312e 342e 3437 3404 1731 2e32 2e38  6.1.4.474..1.2.8
	0x0480:  3430 2e31 3133 3535 362e 312e 342e 3133  40.113556.1.4.13
	0x0490:  3339 0417 312e 322e 3834 302e 3131 3335  39..1.2.840.1135
	0x04a0:  3536 2e31 2e34 2e31 3334 3004 1731 2e32  56.1.4.1340..1.2
	0x04b0:  2e38 3430 2e31 3133 3535 362e 312e 342e  .840.113556.1.4.
	0x04c0:  3134 3133 0417 322e 3136 2e38 3430 2e31  1413..2.16.840.1
	0x04d0:  2e31 3133 3733 302e 332e 342e 3904 1832  .113730.3.4.9..2
	0x04e0:  2e31 362e 3834 302e 312e 3131 3337 3330  .16.840.1.113730
	0x04f0:  2e33 2e34 2e31 3004 1731 2e32 2e38 3430  .3.4.10..1.2.840
	0x0500:  2e31 3133 3535 362e 312e 342e 3135 3034  .113556.1.4.1504
	0x0510:  0417 312e 322e 3834 302e 3131 3335 3536  ..1.2.840.113556
	0x0520:  2e31 2e34 2e31 3835 3204 1631 2e32 2e38  .1.4.1852..1.2.8
	0x0530:  3430 2e31 3133 3535 362e 312e 342e 3830  40.113556.1.4.80
	0x0540:  3204 1731 2e32 2e38 3430 2e31 3133 3535  2..1.2.840.11355
	0x0550:  362e 312e 342e 3139 3037 0417 312e 322e  6.1.4.1907..1.2.
	0x0560:  3834 302e 3131 3335 3536 2e31 2e34 2e31  840.113556.1.4.1
	0x0570:  3934 3804 1731 2e32 2e38 3430 2e31 3133  948..1.2.840.113
	0x0580:  3535 362e 312e 342e 3139 3734 0417 312e  556.1.4.1974..1.
	0x0590:  322e 3834 302e 3131 3335 3536 2e31 2e34  2.840.113556.1.4
	0x05a0:  2e31 3334 3104 1731 2e32 2e38 3430 2e31  .1341..1.2.840.1
	0x05b0:  3133 3535 362e 312e 342e 3230 3236 0417  13556.1.4.2026..
	0x05c0:  312e 322e 3834 302e 3131 3335 3536 2e31  1.2.840.113556.1
	0x05d0:  2e34 2e32 3036 3404 1731 2e32            .4.2064..1.2

15:37:21.996866 IP (tos 0x0, ttl 117, id 18284, offset 0, flags [+], proto UDP (17), length 1500) 179.210.166.177.389 > x.x.x.x.45750: UDP, length 2905 0x0000: 4500 05dc 476c 2000 7511 9265 b3d2 a6b1 E...Gl..u..e.... 0x0010: 2ea6 bd15 0185 b2b6 0b61 9566 3084 0000 .........a.f0... 0x0020: 0b3d 0201 0764 8400 000b 3404 0030 8400 .=...d....4..0.. 0x0030: 000b 2c30 8400 0000 2604 0b63 7572 7265 ..,0....&..curre 0x0040: 6e74 5469 6d65 3184 0000 0013 0411 3230 ntTime1.......20 0x0050: 3137 3037 3035 3135 3337 3232 2e30 5a30 170705153722.0Z0 0x0060: 8400 0000 5504 1173 7562 7363 6865 6d61 ....U..subschema 0x0070: 5375 6265 6e74 7279 3184 0000 003c 043a Subentry1....<.: 0x0080: 434e 3d41 6767 7265 6761 7465 2c43 4e3d CN=Aggregate,CN= 0x0090: 5363 6865 6d61 2c43 4e3d 436f 6e66 6967 Schema,CN=Config 0x00a0: 7572 6174 696f 6e2c 4443 3d45 434f 5445 uration,DC=ECOTE 0x00b0: 502c 4443 3d6c 6f63 616c 3084 0000 0086 P,DC=local0..... 0x00c0: 040d 6473 5365 7276 6963 654e 616d 6531 ..dsServiceName1 0x00d0: 8400 0000 7104 6f43 4e3d 4e54 4453 2053 ....q.oCN=NTDS.S 0x00e0: 6574 7469 6e67 732c 434e 3d45 434f 5352 ettings,CN=ECOSR 0x00f0: 5630 322c 434e 3d53 6572 7665 7273 2c43 V02,CN=Servers,C 0x0100: 4e3d 4465 6661 756c 742d 4669 7273 742d N=Default-First- 0x0110: 5369 7465 2d4e 616d 652c 434e 3d53 6974 Site-Name,CN=Sit 0x0120: 6573 2c43 4e3d 436f 6e66 6967 7572 6174 es,CN=Configurat 0x0130: 696f 6e2c 4443 3d45 434f 5445 502c 4443 ion,DC=ECOTEP,DC 0x0140: 3d6c 6f63 616c 3084 0000 00ca 040e 6e61 =local0.......na 0x0150: 6d69 6e67 436f 6e74 6578 7473 3184 0000 mingContexts1... 0x0160: 00b4 0412 4443 3d45 434f 5445 502c 4443 ....DC=ECOTEP,DC 0x0170: 3d6c 6f63 616c 0423 434e 3d43 6f6e 6669 =local.#CN=Confi 0x0180: 6775 7261 7469 6f6e 2c44 433d 4543 4f54 guration,DC=ECOT 0x0190: 4550 2c44 433d 6c6f 6361 6c04 2d43 4e3d EP,DC=local.-CN= 0x01a0: 5363 6865 6d61 2c43 4e3d 436f 6e66 6967 Schema,CN=Config 0x01b0: 7572 6174 696f 6e2c 4443 3d45 434f 5445 uration,DC=ECOTE 0x01c0: 502c 4443 3d6c 6f63 616c 0424 4443 3d44 P,DC=local.$DC=D 0x01d0: 6f6d 6169 6e44 6e73 5a6f 6e65 732c 4443 omainDnsZones,DC 0x01e0: 3d45 434f 5445 502c 4443 3d6c 6f63 616c =ECOTEP,DC=local 0x01f0: 0424 4443 3d46 6f72 6573 7444 6e73 5a6f .$DC=ForestDnsZo 0x0200: 6e65 732c 4443 3d45 434f 5445 502c 4443 nes,DC=ECOTEP,DC 0x0210: 3d6c 6f63 616c 3084 0000 0030 0414 6465 =local0....0..de 0x0220: 6661 756c 744e 616d 696e 6743 6f6e 7465 faultNamingConte 0x0230: 7874 3184 0000 0014 0412 4443 3d45 434f xt1.......DC=ECO 0x0240: 5445 502c 4443 3d6c 6f63 616c 3084 0000 TEP,DC=local0... 0x0250: 004a 0413 7363 6865 6d61 4e61 6d69 6e67 .J..schemaNaming 0x0260: 436f 6e74 6578 7431 8400 0000 2f04 2d43 Context1..../.-C 0x0270: 4e3d 5363 6865 6d61 2c43 4e3d 436f 6e66 N=Schema,CN=Conf 0x0280: 6967 7572 6174 696f 6e2c 4443 3d45 434f iguration,DC=ECO 0x0290: 5445 502c 4443 3d6c 6f63 616c 3084 0000 TEP,DC=local0... 0x02a0: 0047 041a 636f 6e66 6967 7572 6174 696f .G..configuratio 0x02b0: 6e4e 616d 696e 6743 6f6e 7465 7874 3184 nNamingContext1. 0x02c0: 0000 0025 0423 434e 3d43 6f6e 6669 6775 ...%.#CN=Configu 0x02d0: 7261 7469 6f6e 2c44 433d 4543 4f54 4550 ration,DC=ECOTEP 0x02e0: 2c44 433d 6c6f 6361 6c30 8400 0000 3304 ,DC=local0....3. 0x02f0: 1772 6f6f 7444 6f6d 6169 6e4e 616d 696e .rootDomainNamin 0x0300: 6743 6f6e 7465 7874 3184 0000 0014 0412 gContext1....... 0x0310: 4443 3d45 434f 5445 502c 4443 3d6c 6f63 DC=ECOTEP,DC=loc 0x0320: 616c 3084 0000 03a9 0410 7375 7070 6f72 al0.......suppor 0x0330: 7465 6443 6f6e 7472 6f6c 3184 0000 0391 tedControl1..... 0x0340: 0416 312e 322e 3834 302e 3131 3335 3536 ..1.2.840.113556 0x0350: 2e31 2e34 2e33 3139 0416 312e 322e 3834 .1.4.319..1.2.84 0x0360: 302e 3131 3335 3536 2e31 2e34 2e38 3031 0.113556.1.4.801 0x0370: 0416 312e 322e 3834 302e 3131 3335 3536 ..1.2.840.113556 0x0380: 2e31 2e34 2e34 3733 0416 312e 322e 3834 .1.4.473..1.2.84 0x0390: 302e 3131 3335 3536 2e31 2e34 2e35 3238 0.113556.1.4.528 0x03a0: 0416 312e 322e 3834 302e 3131 3335 3536 ..1.2.840.113556 0x03b0: 2e31 2e34 2e34 3137 0416 312e 322e 3834 .1.4.417..1.2.84 0x03c0: 302e 3131 3335 3536 2e31 2e34 2e36 3139 0.113556.1.4.619 0x03d0: 0416 312e 322e 3834 302e 3131 3335 3536 ..1.2.840.113556 0x03e0: 2e31 2e34 2e38 3431 0416 312e 322e 3834 .1.4.841..1.2.84 0x03f0: 302e 3131 3335 3536 2e31 2e34 2e35 3239 0.113556.1.4.529 0x0400: 0416 312e 322e 3834 302e 3131 3335 3536 ..1.2.840.113556 0x0410: 2e31 2e34 2e38 3035 0416 312e 322e 3834 .1.4.805..1.2.84 0x0420: 302e 3131 3335 3536 2e31 2e34 2e35 3231 0.113556.1.4.521 0x0430: 0416 312e 322e 3834 302e 3131 3335 3536 ..1.2.840.113556 0x0440: 2e31 2e34 2e39 3730 0417 312e 322e 3834 .1.4.970..1.2.84 0x0450: 302e 3131 3335 3536 2e31 2e34 2e31 3333 0.113556.1.4.133 0x0460: 3804 1631 2e32 2e38 3430 2e31 3133 3535 8..1.2.840.11355 0x0470: 362e 312e 342e 3437 3404 1731 2e32 2e38 6.1.4.474..1.2.8 0x0480: 3430 2e31 3133 3535 362e 312e 342e 3133 40.113556.1.4.13 0x0490: 3339 0417 312e 322e 3834 302e 3131 3335 39..1.2.840.1135 0x04a0: 3536 2e31 2e34 2e31 3334 3004 1731 2e32 56.1.4.1340..1.2 0x04b0: 2e38 3430 2e31 3133 3535 362e 312e 342e .840.113556.1.4. 0x04c0: 3134 3133 0417 322e 3136 2e38 3430 2e31 1413..2.16.840.1 0x04d0: 2e31 3133 3733 302e 332e 342e 3904 1832 .113730.3.4.9..2 0x04e0: 2e31 362e 3834 302e 312e 3131 3337 3330 .16.840.1.113730 0x04f0: 2e33 2e34 2e31 3004 1731 2e32 2e38 3430 .3.4.10..1.2.840 0x0500: 2e31 3133 3535 362e 312e 342e 3135 3034 .113556.1.4.1504 0x0510: 0417 312e 322e 3834 302e 3131 3335 3536 ..1.2.840.113556 0x0520: 2e31 2e34 2e31 3835 3204 1631 2e32 2e38 .1.4.1852..1.2.8 0x0530: 3430 2e31 3133 3535 362e 312e 342e 3830 40.113556.1.4.80 0x0540: 3204 1731 2e32 2e38 3430 2e31 3133 3535 2..1.2.840.11355 0x0550: 362e 312e 342e 3139 3037 0417 312e 322e 6.1.4.1907..1.2. 0x0560: 3834 302e 3131 3335 3536 2e31 2e34 2e31 840.113556.1.4.1 0x0570: 3934 3804 1731 2e32 2e38 3430 2e31 3133 948..1.2.840.113 0x0580: 3535 362e 312e 342e 3139 3734 0417 312e 556.1.4.1974..1. 0x0590: 322e 3834 302e 3131 3335 3536 2e31 2e34 2.840.113556.1.4 0x05a0: 2e31 3334 3104 1731 2e32 2e38 3430 2e31 .1341..1.2.840.1 0x05b0: 3133 3535 362e 312e 342e 3230 3236 0417 13556.1.4.2026.. 0x05c0: 312e 322e 3834 302e 3131 3335 3536 2e31 1.2.840.113556.1 0x05d0: 2e34 2e32 3036 3404 1731 2e32 .4.2064..1.2