Honeypots mailing list archives
Re: Moving forward with defintion of honeypots
From: "Perraju" <perrajukv () ideasp com>
Date: Wed, 21 May 2003 12:43:31 +0530
I prefer Both. Perraju ----- Original Message ----- From: "Christian Kreibich" <christian () whoop org> To: "Honeypots List" <honeypots () securityfocus com> Sent: Tuesday, May 20, 2003 7:54 PM Subject: Re: Moving forward with defintion of honeypots
On Tue, 2003-05-20 at 04:23, Lance Spitzner wrote:First, many people are including the term 'decoy' in the definition. While honeypots can 'decoy', I don't think that should be in the definition. The term decoy implies "to lure or entrap". Often honeypots don't lure. You just put them out there and the bad guys find them on their own intiative, nothing special is done to insare the attacker. The Honeynet Project has being doing this for years now.Mhmm I think this is difficult to put concisely. Basically you want to define something like a mousetrap without cheese -- the only thing I can think of that does something like that in the real world is a minefield.Second, many people are including in the definition how honeypots are used to learn or research. Once again, while honeypots can do this, they can do so much more. They can be used for preventing attacks (such as LaBrea Tarpit) or be used purely for detection similar to an IDS system (such as Honeyd). We have to be very careful in our defintion to ensure we do not imply why we would want to use a honeypot.I fully agree with this -- it's the old mechanism versus policy argument I guess.Based on all the feedback we have been getting, I've narrowed this down into two options. Thoughts? OPTION A -------- "A honeypot is an information system resource who's value lies in being probed, attacked, or compromised" OPTION B -------- "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource"Among those I still prefer the first one. Actually if you just drop "decoy" from my attempt I still like it: "A honeypot is an information system resource set up for the purpose of monitoring and logging the activities of entities that probe, attack or compromise it." Cheers, Christian. -- ________________________________________________________________________ http://www.whoop.org
Current thread:
- Moving forward with defintion of honeypots Lance Spitzner (May 20)
- Re: Moving forward with defintion of honeypots Etaoin Shrdlu (May 20)
- Re: Moving forward with defintion of honeypots Christian Kreibich (May 20)
- RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Christian Kreibich (May 20)
- Re: Moving forward with defintion of honeypots Perraju (May 21)
- Re: Moving forward with defintion of honeypots Richard La Bella (Florida Honeynet) (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- RE: Moving forward with defintion of honeypots Rick Hayes (May 20)
- Re: Moving forward with defintion of honeypots Harish Pillay (May 20)
- Re: Moving forward with defintion of honeypots Bernie, CTA (May 20)
- RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- Re: Moving forward with defintion of honeypots Richard H. Cotterell (May 20)
- Re: Moving forward with defintion of honeypots David Goldsmith (May 20)
- Re: Moving forward with defintion of honeypots Graeme Thompson (May 20)
(Thread continues...)