Honeypots mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Moving forward with defintion of honeypots

From: <eohlson () hushmail com>
Date: Wed, 21 May 2003 00:13:34 -0700


On Tue, 20 May 2003 21:38:12 -0700 John McCracken <john () mccrackenassociates com>
wrote:

Bernie raises some very good points and I do like the suggested mix
of the
two. However, and this may be capricious, but a question/concern
for those
knowledgeable in the litigation arena; is "monitoring" by definition
sufficient to include an evidentiary collection of data or should
"monitoring and/or intercept" or just "intercept" be added to the
mix?


I also like the blended definition.  There seems to be a difference of
opinion on the intent behind the definition.  Is the intent of a honeypot
to collect evidentiary data for future litigation, in other words a "business"
purpose?  Or is the intent more educational and research oriented?  A
follow-on question might be if a business should knowingly permit _any_
malicious traffic onto their network segment, no matter how compartmentalized?

The purpose is going to vary from implementation to implementation, and
that decision is what should determine when corporate counsel is consulted.
 The purpose behind any specific implementation should be separate from
the definition of the thing itself.

-Eric
Previous By Date Next
Previous By Thread Next

Current thread: