Honeypots mailing list archives
RE: Need your helping defining honeypots
From: <Glenn_Everhart () bankone com>
Date: Fri, 16 May 2003 15:07:48 -0400
A honeypot is also useful to detect people who may be exceeding their authorization. (Favors option 1.). Someone who attempts to log in via ftp with "anonymous" and fails and goes away is not doing anything wrong. Someone who does so, gets in, and then starts asking for directories of files whose names might suggest they contain sensitive information, on the other hand, is behaving suspiciously and may be exceeding authorization. Since one must attempt to use net services to find whether any are offered openly (and thus authorized), it seems wrong to suggest that such attempts on a machine are unauthorized. -----Original Message----- From: Lance Spitzner [mailto:lance () honeynet org] Sent: Friday, May 16, 2003 2:24 PM To: honeypots () securityfocus com Subject: Need your helping defining honeypots Recently I released a paper attempting to define honeypots. I've received alot of great feedback on that. Some of the feedback has been we may be able to improve on the definition. Honeypots are extremely flexible and can be used for many different things. As such, I propose two different possible definitions. Comments/input GREATLY appreciated! Option 1: --------- A honeypot is a security resource who's value lies in being probed, attacked, or compromised. Option 2: --------- A honeypot is a resource operated to monitor the use by entities who are unauthorized, or have reason to believe they are unauthorized, to use those resources. Do you have a preference for either defintion, a different defintion, or perhaps a combination of the both? If so, why? Let us know. Thanks! -- Lance Spitzner http://www.tracking-hackers.com ********************************************************************** This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you **********************************************************************
Current thread:
- Re: Need your helping defining honeypots, (continued)
- Re: Need your helping defining honeypots Harish Pillay (May 17)
- Re: Need your helping defining honeypots Andy Cuff [talisker] (May 17)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Christian Kreibich (May 19)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Todd A. Jacobs (May 18)
- Re: Need your helping defining honeypots Christian Kreibich (May 19)
- Re: Need your helping defining honeypots Niels Provos (May 19)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Diego González (May 16)
- Re: Need your helping defining honeypots Tora (May 16)
- RE: Need your helping defining honeypots Glenn_Everhart (May 16)
- FW: Need your helping defining honeypots David Lordly (May 16)
- Re: Need your helping defining honeypots Richard.Salgado () usdoj gov (May 16)
- RE: Need your helping defining honeypots John McCracken (May 16)
- Re: Need your helping defining honeypots George W. Capehart (May 16)
- Re: Need your helping defining honeypots George Bakos (May 17)
- Re: Need your helping defining honeypots Jeremy Bennett (May 19)
- RE: Need your helping defining honeypots John McCracken (May 16)
- FW: Need your helping defining honeypots Axel de Kimpe (May 16)