Honeypots mailing list archives
Re: Moving forward with defintion of honeypots
From: Per Gustav Ousdal <pgo-ml () ousdal com>
Date: Wed, 21 May 2003 03:22:33 +0200
On Tuesday 20 May 2003 05:23, Lance Spitzner wrote:
In the past week we have received over thirty postings about the definition of honeypots, each posting suggesting a different defintion. I think we are all beginning to realize just how tough it is to define this technology. Honeypots are an extremely powerful tool that can accomplish many different things. Some trends I've noticed. First, many people are including the term 'decoy' in the definition. While honeypots can 'decoy', I don't think that should be in the definition. The term decoy implies "to lure or entrap". Often honeypots don't lure. You just put them out there and the bad guys find them on their own intiative, nothing special is done to insare the attacker. The Honeynet Project has being doing this for years now.
Well, I disagree with this point. Although my mother tounge is not English, I still hope I am entitled to an opinion. I've always felt that honeypot is a bad name for these things, (unless they actually DO implement luring or entraping technics). And the point your making suggests that also. In my world a honeypot is pretty much bait (specialized bait for bees, ants and other animals who likes honey). This fits pretty good with the lawenforcment senario (i.e. fake warz site): Warz dudes "feeds" on warz, right? ;) Although, even the lawenforcement use fits nicely in under the term decoy as well. A decoy *can* be combined with luring technics, (but often at the price of raising suspicion if faced with an intelligent and calculating enemy, and especially if you over do it). Placing one of those plastic ducks on a lake is hardly luring, (once you start making quack, quack noises it's a different story) but it is a decoy. Placing an empty tent camp in the woods is a decoy. A decoy is something that appears to be something, but it's not (i.e Company HQ/empty tents, legimate production system/"honeypot" system). And it is a decoy regardless of wether you lure the enemy to it or not. I feel your use of decoy fits more with what I would call a trap (or atleast part of a trap). A trap to me is getting (luring) the enemy to where you want them to be. (Waiting at the enemy at terrain that gives you an advantage is also a trap). I rather liked the definition which included decoy. In fact in many situations I envision myself using this definition: "A honeypot is a decoy". Or, if it was not clear from the context; "A honeypot is a computer resource that functions as a decoy". If it still was not clear I would analyse the situation, and adopt it to context: "A honeypot is a computer resource that functions as a decoy, we will use it to.../or it may be used for.... etc" IMHO: decoy would be a much more appropriate name than honeypot.
Second, many people are including in the definition how honeypots are used to learn or research. Once again, while honeypots can do this, they can do so much more. They can be used for preventing attacks (such as LaBrea Tarpit) or be used purely for detection similar to an IDS system (such as Honeyd). We have to be very careful in our defintion to ensure we do not imply why we would want to use a honeypot.
Just like a decoys may be used for numerous things: - draw/(waste) enemy fire - slow the enemy down - give them false impresion on our numbers - trap/ambush etc, etc Regards, Per
Current thread:
- Re: Moving forward with defintion of honeypots, (continued)
- Re: Moving forward with defintion of honeypots Richard La Bella (Florida Honeynet) (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- RE: Moving forward with defintion of honeypots Rick Hayes (May 20)
- Re: Moving forward with defintion of honeypots Harish Pillay (May 20)
- Re: Moving forward with defintion of honeypots Bernie, CTA (May 20)
- RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- Re: Moving forward with defintion of honeypots Richard H. Cotterell (May 20)
- Re: Moving forward with defintion of honeypots David Goldsmith (May 20)
- Re: Moving forward with defintion of honeypots Graeme Thompson (May 20)
- Re: Moving forward with defintion of honeypots Per Gustav Ousdal (May 20)
- RE: Moving forward with defintion of honeypots Fabien Pouget (May 21)
- Honeypot Defintion - Almost There! Lance Spitzner (May 23)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
- Re: Honeypot Defintion - Almost There! Tora (May 23)
- Re: Honeypot Defintion - Almost There! Richard La Bella (Florida Honeynet) (May 23)
- Re: Honeypot Defintion - Almost There! Steve Barnet (May 23)
- Re: Honeypot Defintion - Almost There! Jack McCarthy (May 23)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- Re: Honeypot Defintion - Almost There! Erik S. Johansen (May 23)
- Re: Honeypot Defintion - Almost There! Jon Price (May 25)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
(Thread continues...)
- Re: Moving forward with defintion of honeypots Richard La Bella (Florida Honeynet) (May 20)