LDAP to DoD Server?

Question

trevormark Author

Level 1

8 points

LDAP to DoD Server?

Get this, I just completed a fresh install of Mavericks on a Mac Pro - 4,1.

No more than to hours have gone by, I'm watching the traffic logs on my network firewall and what do I see?

The fresh install attempts multiple LDAP (tcp/389) connections to a couple DoD servers.

Specifically:

I did a WHOIS on 156.112.110.122 and 156.112.102.122

They both resolve to: crl.gds.disa.mil

...Now, 'DISA' stands for Defense Information Systems Agency. DISA is a cousin of the NSA - National Security Agency

I then traversed to https://crl.gds.disa.mil and was presented with:

As you can see, this server is FOUO (For Official Use Only). Why the heck is my fresh install Mavericks machine trying to talk to this guy? Anybody?

~Forever Paranoid

Mac Pro, OS X Mavericks (10.9.5)

Posted on Dec 7, 2015 9:33 PM

Reply

Answer 1

trevormark Author

Level 1

8 points

Dec 7, 2015 10:05 PM in response to trevormark

Apparently this is standard operating procedure for automated CRL checking. i.e. If a CRL distribution point is defined in the certificate, the CRL is automatically retrieved from that address.

In my keychain exists a DOD EMAIL CA-25 Certificate and within it is:

This would explain the fresh install contacting a DoD server via LDAP.

Reply