Honeypots mailing list archives

Re: Honeypot Defintion - Almost There!

From: "Richard.Salgado () usdoj gov" <Richard.Salgado () usdoj gov>
Date: Fri, 23 May 2003 15:37:06 -0400 (EDT)

Date:   05/23/2003  03:39 pm -0400  (Friday)  
From:  Richard Salgado
To:  "honeypots () securityfocus com@inetgw".WTGATE2.CRMGW
Subject:  Re: Honeypot Defintion - Almost There!

Looks like it's getting close.  Tweaking to correct the grammar, how's this: 

A honeypot is an information system resource that derives its value from its unauthorized or illicit use.

lance () honeynet org@inetgw 05/23/03 10:30AM >>>

Okay folks, attempting to define what a honeypot is has
been extremely interesting (and challenging).  If 
nothing else, I think we are all beginning to realize just
how powerful and flexible honeypots can be.  I've also got
a feeling no matter which definition we use, we will not
be able to make everyone happy.  However, we will try to
get there as close as possible :)

Based on the feedback we have gotten over the past week,
it looks like Option B was the preferred option.  That
definition is as follows.

   "A honeypot is an information system resource who's
    value lies in monitoring unauthorized or illicit use 
    of that resource"


Since this is the preferred option of the two, this is
what we will go with.  HOWEVER, I'm uncomfortable with the
word 'monitoring' in the definition.  I was thinking we
could remove it.  Not all honeypots derive their value
from being monitored.  For example, I may build a honeypot
so it gets hacked, just so I can do forensics on it and
develop my forensic skills.  Sticky honeypots like LaBrea
Tarpit are not used to monitor scanning activity, but
slow down scans.  A deceptive honeypot may not be used to
monitor attackers, but used to give the attacker bad or
deceiving information.  I was thinking that if we remove
the word monitoring, the definition is more flexible.
It includes the concept of monitoring, but other concepts
as well.

Am I being to anal here, too detailed oriented?  Without 
the word monitoring, the defintion would look like this.

   "A honeypot is an information system resource who's
    value lies in unauthorized or illicit use of that 
    resource"


Thoughts?

Thanks!

lance

Current thread:

RE: Honeypot Defintion - Almost There! Lobur, Julia M (May 23)
- <Possible follow-ups>
- RE: Honeypot Defintion - Almost There! eric () infobro com (May 23)
  - RE: Honeypot Defintion - Almost There! Jack McCarthy (May 23)
- Re: Honeypot Defintion - Almost There! Richard.Salgado () usdoj gov (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)
  - Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)