Re: .gov/.mil threat ID

[Joseph S D Yao <jsdy () cospo osis gov>]

> I think the government and military may be the only organizations with the
> resources to respond to potential threats, but they still do not know how
> to effectively respond, or even to decide which events their threat
> detection systems log should be responded to.  Apparently someone sent a
> "small number of probes" to a .mil site spoofed from one of my computers'
> addresses a few weeks ago, and they were quite paranoid about it.  If the
> government can log but doesn't have the resources to decide what to do
> with that potential threat information, what good would it do a company
> with alot less resources?  Or is the military just inept at their
> analysis?

There is no such thing as "the military".  There are individual people,
some of whom are ept, and some of whom may or may not be inept.  ;-)
There are also individual groups, whose response may depend on their
local commanding officer's philosophies, and what they believe they
have to protect.

If they believe that there is a possibility of a hostile attack, and
then they get packets which appear [spoofed or not] to be from your
workstation, then some amount of paranoia is an appropriate response.
> From the fact that you and your computer are still there, and that you
are able to talk about it, I take it that it was not a LARGE amount of
paranoia.  ;-]

Take into account the general military response to attacks!  Be
thankful that they are NOT allowed to lay down retaliatory fire!  ;-}

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-A/B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.