Honeypots mailing list archives

RE: Moving forward with defintion of honeypots

From: "Rick Hayes" <rhayes () vicor com>
Date: Tue, 20 May 2003 10:46:22 -0400

I think OPTION B is more appropriate.

Thanks,
Rick Hayes



-----Original Message-----
From: Lance Spitzner [mailto:lance () honeynet org] 
Sent: Monday, May 19, 2003 11:23 PM
To: honeypots () securityfocus com
Subject: Moving forward with defintion of honeypots


In the past week we have received over thirty postings
about the definition of honeypots, each posting suggesting
a different defintion.  I think we are all beginning to
realize just how tough it is to define this technology. Honeypots are an
extremely powerful tool that can accomplish many different things.  Some
trends I've noticed. 

First, many people are including the term 'decoy' in the 
definition.  While honeypots can 'decoy', I don't think 
that should be in the definition.  The term decoy implies 
"to lure or entrap".  Often honeypots don't lure.  You just 
put them out there and the bad guys find them on their own 
intiative, nothing special is done to insare the attacker.  
The Honeynet Project has being doing this for years now.

Second, many people are including in the definition how honeypots are
used to learn or research.  Once again, while honeypots can do this,
they can do so much more. They 
can be used for preventing attacks (such as LaBrea Tarpit)
or be used purely for detection similar to an IDS 
system (such as Honeyd).  We have to be very careful
in our defintion to ensure we do not imply why we would
want to use a honeypot.

Honeypots do not solve a specific problem, they are a 
highly flexible tool with many different applications to security.  This
is one of the things that makes honeypots unique.

Based on all the feedback we have been getting, I've 
narrowed this down into two options.

Thoughts?


OPTION A
--------
  "A honeypot is an information system resource who's
   value lies in being probed, attacked, or compromised"

 
OPTION B
-------- 
  "A honeypot is an information system resource who's
   value lies in monitoring unauthorized or illicit use of 
   that resource"


-- 
Lance Spitzner
http://www.tracking-hackers.com

Current thread:

Moving forward with defintion of honeypots Lance Spitzner (May 20)
- Re: Moving forward with defintion of honeypots Etaoin Shrdlu (May 20)
- Re: Moving forward with defintion of honeypots Christian Kreibich (May 20)
- RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Christian Kreibich (May 20)
  - Re: Moving forward with defintion of honeypots Perraju (May 21)
- Re: Moving forward with defintion of honeypots Richard La Bella (Florida Honeynet) (May 20)
  - Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- RE: Moving forward with defintion of honeypots Rick Hayes (May 20)
- Re: Moving forward with defintion of honeypots Harish Pillay (May 20)
- Re: Moving forward with defintion of honeypots Bernie, CTA (May 20)
  - RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- Re: Moving forward with defintion of honeypots Richard H. Cotterell (May 20)
- Re: Moving forward with defintion of honeypots David Goldsmith (May 20)
- Re: Moving forward with defintion of honeypots Graeme Thompson (May 20)
- Re: Moving forward with defintion of honeypots Per Gustav Ousdal (May 20)
- RE: Moving forward with defintion of honeypots Fabien Pouget (May 21)
- Honeypot Defintion - Almost There! Lance Spitzner (May 23)

(Thread continues...)