I have received an abuse report. You can find the report at the end of this message.
How I can inspect the reported abuse and what the cause of the report is? How can I prevent further abuse reports?
Thank you for your help.
Last week on 23.01.2020. network infrastructure of our host organization was under DDoS attack. According to netflow data large portion of that traffic as made by abused LDAP services on port 389, generating UDP responses to spoofed requests that claimed to be from the attack target.
Below is attached excerpt from nfdump. Timestamps are in UTC+1 (CET).
datetime duration protocol source_ip source_port destination_ip destination_port tos packets bytes
2020-01-23 11:00:08 0 UDP XX.132.145.XX 389 XX.132.20.XX 52918 72 1500 2250000