Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need your helping defining honeypots

From: Christian Kreibich <christian () whoop org>
Date: 19 May 2003 14:54:17 +0100
Hi,


thought I'd throw in my opinion as well. What a fun thread :) As I think
it can be assumed that the definition will only be relevant to the IT
community, we can make it narrow enough to focus on computer systems in
the broadest sense and not just the "literal" honeypot meaning.

I think the second option as Lance put it doesn't make clear enough the
fact that it's the use of the honeypot resource itself that is
monitored, in contrast to an IDS for example. The primary element we
want to capture is the fact that we can assume activities on the
honeypot to be malicious. I think so far I like Andy's suggestion best.

Enough babbling -- here's my attempt:

"A honeypot is a decoy computer resource set up for the purpose of
monitoring and logging the activities of entities that probe, attack or
compromise it."

I dropped the "studying" part as I think it's redundant; clearly
monitoring and logging are pointless without later studying. Also it's
not the honeypot that does the studying -- that's still up to us.

Regards,
Christian.
-- 
________________________________________________________________________
                                                    http://www.whoop.org
Previous By Date Next
Previous By Thread Next

Current thread: