Q: LDAP to DoD Server?
Get this, I just completed a fresh install of Mavericks on a Mac Pro - 4,1.
No more than to hours have gone by, I'm watching the traffic logs on my network firewall and what do I see?
The fresh install attempts multiple LDAP (tcp/389) connections to a couple DoD servers.
Specifically:
I did a WHOIS on 156.112.110.122 and 156.112.102.122
They both resolve to: crl.gds.disa.mil
...Now, 'DISA' stands for Defense Information Systems Agency. DISA is a cousin of the NSA - National Security Agency
I then traversed to https://crl.gds.disa.mil and was presented with:
As you can see, this server is FOUO (For Official Use Only). Why the heck is my fresh install Mavericks machine trying to talk to this guy? Anybody?
~Forever Paranoid
Mac Pro, OS X Mavericks (10.9.5)
Posted on Dec 7, 2015 9:33 PM
Apparently this is standard operating procedure for automated CRL checking. i.e. If a CRL distribution point is defined in the certificate, the CRL is automatically retrieved from that address.
In my keychain exists a DOD EMAIL CA-25 Certificate and within it is:
This would explain the fresh install contacting a DoD server via LDAP.
Posted on Dec 7, 2015 10:05 PM


