Honeypots mailing list archives
Re: Need your helping defining honeypots
From: "Matt Fisher" <mattfisher () comcast net>
Date: Fri, 16 May 2003 15:48:39 -0400
I feel honeypots are essentially decoys: " A honeypot is a decoy device or system deployed to attract the attention of intruders, with the intention of monitoring and tracking intrusion attempts for the purposes of researching and securing against evolving or imminent threats. " ----- Original Message ----- From: "Ed Shirey" <eshirey () pclocals com> To: <honeypots () securityfocus com> Sent: Friday, May 16, 2003 2:54 PM Subject: Re: Need your helping defining honeypots
Lance Spitzner wrote:Recently I released a paper attempting to define honeypots. I've received alot of great feedback on that. Some of the feedback has been we may be able to improve on the definition. Honeypots are extremely flexible and can be used for many different things. As such, I propose two different possible definitions. Comments/input GREATLY appreciated! Option 1: --------- A honeypot is a security resource who's value lies in being probed, attacked, or compromised. Option 2: --------- A honeypot is a resource operated to monitor the use by entities who are unauthorized, or have reason to believe they are unauthorized, to use those resources. Do you have a preference for either defintion, a different defintion, or perhaps a combination of the both? If so, why? Let us know. Thanks!Lance, I think option 1 is *much** better for 2 reasons: #1) It's simple and concise, with no frills. It is the essence of a honeypot. #2) Option 2 assumes intent, and as you pointed out in numerous places in your book, many of today's threats are caused by worms, which don't have intent, per se. One could presume the intent of the original author
is
what determines authorized/unauthorized, but still.. "Of each thing, ask what is it's essense" -- this is why Option 1 is the best.
Current thread:
- Need your helping defining honeypots Lance Spitzner (May 16)
- RE: Need your helping defining honeypots Rick Hayes (May 16)
- Re: Need your helping defining honeypots Jon Baer (May 16)
- Re: Need your helping defining honeypots Valdis . Kletnieks (May 16)
- Re: Need your helping defining honeypots Jon Baer (May 16)
- Re: Need your helping defining honeypots Ed Shirey (May 16)
- Re: Need your helping defining honeypots Matt Fisher (May 16)
- Re: Need your helping defining honeypots Diego González (May 16)
- Re: Need your helping defining honeypots Davide Del Vecchio (May 16)
- Re: Need your helping defining honeypots Seth Arnold (May 16)
- Re: Need your helping defining honeypots Valdis . Kletnieks (May 16)
- Re: Need your helping defining honeypots Bernie, CTA (May 16)
- Re: Need your helping defining honeypots George Washington Dunlap III (May 16)
- Re: Need your helping defining honeypots Harish Pillay (May 17)
- Re: Need your helping defining honeypots Andy Cuff [talisker] (May 17)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Christian Kreibich (May 19)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
(Thread continues...)
- RE: Need your helping defining honeypots Rick Hayes (May 16)