Honeypots mailing list archives
RE: Moving forward with defintion of honeypots
From: "Thomas,Richard" <richard.thomas () dhs state tx us>
Date: Tue, 20 May 2003 10:15:58 -0500
Lance, I'll submit an option C. A honeypot is system or system resource that is configured to simulate one or more network services and designed to be attractive to potential intruders. Richard -----Original Message----- From: Lance Spitzner [mailto:lance () honeynet org] Sent: Monday, May 19, 2003 10:23 PM To: honeypots () securityfocus com Subject: Moving forward with defintion of honeypots In the past week we have received over thirty postings about the definition of honeypots, each posting suggesting a different defintion. I think we are all beginning to realize just how tough it is to define this technology. Honeypots are an extremely powerful tool that can accomplish many different things. Some trends I've noticed. First, many people are including the term 'decoy' in the definition. While honeypots can 'decoy', I don't think that should be in the definition. The term decoy implies "to lure or entrap". Often honeypots don't lure. You just put them out there and the bad guys find them on their own intiative, nothing special is done to insare the attacker. The Honeynet Project has being doing this for years now. Second, many people are including in the definition how honeypots are used to learn or research. Once again, while honeypots can do this, they can do so much more. They can be used for preventing attacks (such as LaBrea Tarpit) or be used purely for detection similar to an IDS system (such as Honeyd). We have to be very careful in our defintion to ensure we do not imply why we would want to use a honeypot. Honeypots do not solve a specific problem, they are a highly flexible tool with many different applications to security. This is one of the things that makes honeypots unique. Based on all the feedback we have been getting, I've narrowed this down into two options. Thoughts? OPTION A -------- "A honeypot is an information system resource who's value lies in being probed, attacked, or compromised" OPTION B -------- "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource" -- Lance Spitzner http://www.tracking-hackers.com
Current thread:
- Re: Honeypot Defintion - Almost There!, (continued)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- Re: Honeypot Defintion - Almost There! Erik S. Johansen (May 23)
- Re: Honeypot Defintion - Almost There! Jon Price (May 25)
- Message not available
- Re: Honeypot Defintion - Almost There! Marc Dacier (May 23)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- RE: Honeypot Defintion - Almost There! David Gillett (May 23)
- Re: Moving forward with defintion of honeypots Bill McCarty (May 24)
- Re: Moving forward with defintion of honeypots Scarecrow (May 24)
- Re: Moving forward with defintion of honeypots nigel (May 20)
- RE: Moving forward with defintion of honeypots SRH-Lists (May 20)
- RE: Moving forward with defintion of honeypots Thomas,Richard (May 20)
- RE: Moving forward with defintion of honeypots Colm Murphy (May 20)
- RE: Moving forward with defintion of honeypots Gonzalez, Albert (May 20)
- RE: Moving forward with defintion of honeypots eohlson (May 21)