Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Need your helping defining honeypots

From: <Glenn_Everhart () bankone com>
Date: Fri, 16 May 2003 15:07:48 -0400
A honeypot is also useful to detect people who may be exceeding their
authorization. (Favors option 1.). Someone who attempts to
log in via ftp with "anonymous" and fails and goes away is not
doing anything wrong. Someone who does so, gets in, and then
starts asking for directories of files whose names might suggest
they contain sensitive information, on the other hand, is behaving
suspiciously and may be exceeding authorization.

Since one must attempt to use net services to find whether any
are offered openly (and thus authorized), it seems wrong to suggest
that such attempts on a machine are unauthorized.

-----Original Message-----
From: Lance Spitzner [mailto:lance () honeynet org]
Sent: Friday, May 16, 2003 2:24 PM
To: honeypots () securityfocus com
Subject: Need your helping defining honeypots


Recently I released a paper attempting to define honeypots.
I've received alot of great feedback on that.  Some of the
feedback has been we may be able to improve on the definition.
Honeypots are extremely flexible and can be used for many
different things.  As such, I propose two different possible
definitions.  Comments/input GREATLY appreciated!


Option 1:
---------
A honeypot is a security resource who's value lies in being
probed, attacked, or compromised.


Option 2:
---------
A honeypot is a resource operated to monitor the use by entities 
who are unauthorized, or have reason to believe they are unauthorized, 
to use those resources. 



Do you have a preference for either defintion, a different
defintion, or perhaps a combination of the both?  If so, why?
Let us know.

Thanks!

-- 
Lance Spitzner
http://www.tracking-hackers.com



**********************************************************************
This transmission may contain information that is privileged, confidential and/or exempt from disclosure under 
applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, 
distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If 
you received this transmission in error, please immediately contact the sender and destroy the material in its 
entirety, whether in electronic or hard copy format. Thank you
**********************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: