Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: www.disa.mil down? - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
www.disa.mil down?

The web server behind disa.mil appears to be down. It currently resolves to 156.112.108.76 but it is sending RST to requests. Thanks Paul for noticing and writing in!

Cheers,
Adrien de Beaupré
intru-shun.ca
Teaching SANS Sec560 in Toronto #sanstoronto, 21-26 Nov 2011
sans.org/toronto-2011-cs-2

Adrien de Beaupre

353 Posts
ISC Handler
I imagine thousands of web servers go down everyday. What am I missing about this particular system from a security perspective?
Dean

135 Posts
DISA: Defense Information Systems Agency that provides information technology (IT) and communications support to the President, Vice President, Secretary of Defense, the military Services, and the Combatant Commands.
It handles the C&C of the DOD SIPRNET (Secure Internet), NIPRNET (Non-Secure Internet), 13 Regional NOC’s, etc.
itsup2u

1 Posts
Thx, Itsup2u. Are we to assume the US is under attack or that its a config/maint snafu as I read the FBI DNSSEC issue to be? Guess my point is that I feel the initial post might be premature w/o other info.
Dean

135 Posts
DISA's been down since at least yesterday afternoon. I think I started trying the IASE portal at 1:00 PM -ish with no luck. I halfway assumed that the problems might be related to the FBI.gov problems, but FBI is up this morning.

Well, no STIGs for me. I don't know whether to dig out the tinfoil hat or just call it a day.
Angela

3 Posts
There's no attack, just a hardware failure on the SAN.
Angela
2 Posts
Up here --> http://diicoe.disa.mil/

fmc

5 Posts
@dsh, The fact that this site is down affects all DoD security personnel that may need access to current STIGs, SRRs, Retina scan updates and other information required as part of the DIACAP process. No one said "The US is under attack". They merely noted that a key information security resource is unavailable.
fmc
7 Posts
Thx, lonegeek05. Regardless of the reason for the outage, it'll be an interesting case study in BCP. Especially given the amount of $$$ the DOD has and the importance of the site.
Dean

135 Posts
The STIGS and other IA resources are still available through the DoD IA Portal on DKO. The same can't be said for DISA's Vulnerability Management System. This doesn't bode well for DISA Computing Services Directorate or their customers.
Dean
2 Posts
4 days now!? Anyone know what's going on?

@tnc, what's the URL for the DKO portal?
Dean
7 Posts
Just got to site. I am southeast US. 2:05pm EST. Seems up and working fine now. However this banner is at the top of their site "The IASE NIPR site will be unavailable due to scheduled maintenance on Saturday 12 November 2011
from 12:00 hrs (EST) to 18:00 hrs (EST)."
fmc

5 Posts
Changed their banner, but still no explanation.

"Parts of the IASE NIPR site are temporarily unavailable. We apologize for any inconvenience.
For STIG content, please go to AKO/DKO (AKO/DKO account required)."

AKO/DKO link --> https://www.us.army.mil/suite/page/397960

fmc

5 Posts
Noticed the following at https://www.ditco.disa.mil/ when I went there today:
-----BEGIN QUOTE-----
27 Oct 11 - Due to rehosting of applications from DITCO Scott to DECC Oklahoma, access to http://www.ditco.disa.mil will be unavailable starting Thursday 10 Nov 11, 1700. This will include access to the DITCO Home Page, DCOP Home Page, TIBI and DITCO Intranet applications to include CFE Financial Support Applications (eg. Contract Closeout and ARAP) ESTIMATED DOWN TIME: Starting Thursday, 10 Nov 11, 1700 hrs CST through Wednesday, 16 Nov 11, 0500 hrs CST. Begin to check back on 15 Nov 11 for updates and further instructions.
------END QUOTE------
So it sounds like at least some of the sites that were offline may have been as part of a planned outage.
Anonymous
http://www.federalnewsradio.com/?nid=405&sid=2635587
DISA website back up after five-day outage
Mention a serious data storage system failure, but no mention of the www.disa.mil outage being planned.
Dean

135 Posts

Sign Up for Free or Log In to start participating in the conversation!