Honeypots mailing list archives

Re: Need your helping defining honeypots

From: Diego González <dggomez () arrakis es>
Date: Fri, 16 May 2003 21:49:33 +0200

At 12:54 16/05/2003 -0600, Ed Shirey wrote:

I think option 1 is *much** better for 2 reasons:

#1) It's simple and concise, with no frills.  It is the essence of a honeypot.

#2) Option 2 assumes intent, and as you pointed out in numerous places
in your book,  many of today's threats are caused by worms, which don't
have intent, per se.  One could presume the intent of the original author is
what determines authorized/unauthorized, but still..

"Of each thing, ask what is it's essense" -- this is why Option 1 is the best.

I'm agree with that. Nevertheless, option 2 is more precise. Thus, I thinkthat a worm attack can be considered as an unauthorized activity.

Current thread:

Need your helping defining honeypots Lance Spitzner (May 16)
- RE: Need your helping defining honeypots Rick Hayes (May 16)
  - Re: Need your helping defining honeypots Jon Baer (May 16)
    - Re: Need your helping defining honeypots Valdis . Kletnieks (May 16)
- Re: Need your helping defining honeypots Ed Shirey (May 16)
  - Re: Need your helping defining honeypots Matt Fisher (May 16)
  - Re: Need your helping defining honeypots Diego González (May 16)
- Re: Need your helping defining honeypots Davide Del Vecchio (May 16)
- Re: Need your helping defining honeypots Seth Arnold (May 16)
  - Re: Need your helping defining honeypots Valdis . Kletnieks (May 16)
- Re: Need your helping defining honeypots Bernie, CTA (May 16)
- Re: Need your helping defining honeypots George Washington Dunlap III (May 16)
- Re: Need your helping defining honeypots Harish Pillay (May 17)
- Re: Need your helping defining honeypots Andy Cuff [talisker] (May 17)
  - Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
    - Re: Need your helping defining honeypots Christian Kreibich (May 19)
- Re: Need your helping defining honeypots Todd A. Jacobs (May 18)

(Thread continues...)