Environment
Open Enterprise Server 2018 SP2
Situation
The server was showing very high CPU utilization (Example: 1400%)
The top command showed that ndsd was the process causing this high utilization
Obviously eDirectory authentications were very very slow.
An ndstrace with LDAP enabled showed a ton of -5888 errors scrolling by.
Eventually eDirectory would crash.
Resolution
The network team noticed that this same server was connecting over UDP port 389 to IP addresses all over the world.
It was believed that this server was being exploited over UDP 389.
The network team configured the firewall to not allow inbound traffic on UDP port 389.
The utilization and crashes stopped