Re: Moving forward with defintion of honeypots

[Etaoin Shrdlu <shrdlu () deaddrop org>]

Lance Spitzner wrote:
> In the past week we have received over thirty postings
> about the definition of honeypots, each posting suggesting
> a different defintion.

It has easily been one of the most interesting threads on any of the sec
focus lists I read. It certainly requires careful thought, and I agree that
the purpose of the honeypot should not enter into the definition.

> Thoughts?
>
> OPTION A
> --------
>   "A honeypot is an information system resource who's
>    value lies in being probed, attacked, or compromised"
>
>
> OPTION B
> --------
>   "A honeypot is an information system resource who's
>    value lies in monitoring unauthorized or illicit use of
>    that resource"

A honeypot is an information system resource whose value lies in being
probed, attacked, or compromised, and may contribute to the monitoring of
unauthorized or illicit use of that resource.

BTW, any consideration to a specific definition of honey tokens (which you
had spoken of earlier)? In addition, I think that the (combined) definition
above applies to a honeynet with any modification.

--
"They had discovered Mr. Slippery's True Name and it was Roger Andrew
Pollack TIN/SSAN 0959-34-2861, and no amount of evasion, tricky
programming, or robot sources could ever again protect him from them."