Honeypots mailing list archives
Re: Need your helping defining honeypots
From: "George W. Capehart" <gwc () capehassoc com>
Date: Fri, 16 May 2003 18:44:13 -0400
On Friday 16 May 2003 05:21 pm, John McCracken wrote:
I concur with Richard and believe the definition should cover the spectrum of unauthorized and illicit use.
FWIW, I agree also. To me, this is the raison d'etre of the honey[p,n,t]*. Normal logging tells me all I would ever want to know about legitimate system usage. Honey[p,n,t]* provide the means for me to isolate and observe *purposefully* unauthorized and illicit behavior. BR, George Capehart <snip> On 05/16/2003 04:34 pm -0400 also sprach Richard Salgado:
The second definition (or some version of it) is preferable to the first for a few reasons. Basically, the original definition assumes that to be a honeypot, the deployment must be a "security" resource. This is likely the most common use among the members of this list, but a honeypot is not necessarily deployed to learn about how blackhats probe, attack or compromise a system, or to find means to enhance security. A honeypot may be used by law enforcement, for example, to create a fake warez service to further the investigation of pirate groups. In that case, law enforcement isn't looking for lessons on how to secure systems; the agents are trying to find bad guys and use a honeypot to do so. To limit the definition to "security" and "probes, attacks and compromise" misses a world of other potential goals for a fake-production server. In my world, the essence of a honeypot is much closer to the second option than the first. It is a system used to monitor unauthorized or illicit activity. The definition needs to be broad enough to capture honeypots with a security-research goal as well as deployments aimed at other misuses of networks and data. (I think Lance would like to be sure that the definition covers honey tokens as well). Perhaps the we could combine the two definitions as follows: "A honeypot is a computer resource the value of which lies in monitoring unauthorized or illicit use of the resource."
-- George W. Capehart "With sufficient thrust, pigs fly just fine . . ." -- RFC 1925
Current thread:
- Re: Need your helping defining honeypots, (continued)
- Re: Need your helping defining honeypots Todd A. Jacobs (May 18)
- Re: Need your helping defining honeypots Christian Kreibich (May 19)
- Re: Need your helping defining honeypots Niels Provos (May 19)
- Re: Need your helping defining honeypots Sergio Pozo Hidalgo (May 19)
- Re: Need your helping defining honeypots Diego González (May 16)
- Re: Need your helping defining honeypots Tora (May 16)
- RE: Need your helping defining honeypots Glenn_Everhart (May 16)
- FW: Need your helping defining honeypots David Lordly (May 16)
- Re: Need your helping defining honeypots Richard.Salgado () usdoj gov (May 16)
- RE: Need your helping defining honeypots John McCracken (May 16)
- Re: Need your helping defining honeypots George W. Capehart (May 16)
- Re: Need your helping defining honeypots George Bakos (May 17)
- Re: Need your helping defining honeypots Jeremy Bennett (May 19)
- RE: Need your helping defining honeypots John McCracken (May 16)
- FW: Need your helping defining honeypots Axel de Kimpe (May 16)