Re: "Honeynets" vs. "Honeypots"

["HoneyNet Germany" <newsletter () honeynet de>]

There is a definition given by Lance spitzner and I expect him to also give
you an answer. As he is the Founder of "The Honeynet Project" he defined the
a "honeynet" as a honeypot which is dedicated to research, not to prevent a
productive invironement from beeing hacked (usually a honeypot is another
kind of sensor of an IDS-System).

So it has nothing to do if there is one or more machines running and though
it has nothing to do with "network" directly. So I would use the terminology
"honeynet" for the entire system and call the machine a target-system in the
honeynet, but not a honeypot, but I also think it's nothing wrong to call it
a honeypot in your honeynet.

Uwe Betz
HoneyNet Germany
http://www.honeynet.de

> -----Original Message-----
> From: Andrew Hintz (Drew) [mailto:drew () overt org]
> Sent: Sunday, March 23, 2003 5:15 AM
> To: Scott - cb750c
> Cc: honeypots () securityfocus com
> Subject: RE: "Honeynets" vs. "Honeypots"
>
>
> sounds right to me. (:
>
> > -----Original Message-----
> > From: Scott - cb750c [mailto:cb750c () email com]
> > Sent: Saturday, March 22, 2003 4:12 PM
> > To: honeypots () securityfocus com
> > Subject: "Honeynets" vs. "Honeypots"
> >
> >
> > I have kind of a silly terminology question that I'd like to clear 
> > up. What differentiates a honeynet vs. a honeypot? I'm building a 
> > high-interaction GenI setup with only two machines, a firewall and a 
> > honeypot. Is this a honeynet or not? In the whitepaper I'm writing, 
> > I refer to the entire setup as a honeynet (since this setup is not 
> > part of our production network) and reserve the term honeypot for 
> > the machine which is intended to be compromised. I want to make sure 
> > I'm being accurate.
> >
> > Thanks,
> >
> > Scott