Honeypots mailing list archives
Honeypot Defintion - Almost There!
From: Lance Spitzner <lance () honeynet org>
Date: Fri, 23 May 2003 09:30:56 -0500 (CDT)
Okay folks, attempting to define what a honeypot is has been extremely interesting (and challenging). If nothing else, I think we are all beginning to realize just how powerful and flexible honeypots can be. I've also got a feeling no matter which definition we use, we will not be able to make everyone happy. However, we will try to get there as close as possible :) Based on the feedback we have gotten over the past week, it looks like Option B was the preferred option. That definition is as follows. "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource" Since this is the preferred option of the two, this is what we will go with. HOWEVER, I'm uncomfortable with the word 'monitoring' in the definition. I was thinking we could remove it. Not all honeypots derive their value from being monitored. For example, I may build a honeypot so it gets hacked, just so I can do forensics on it and develop my forensic skills. Sticky honeypots like LaBrea Tarpit are not used to monitor scanning activity, but slow down scans. A deceptive honeypot may not be used to monitor attackers, but used to give the attacker bad or deceiving information. I was thinking that if we remove the word monitoring, the definition is more flexible. It includes the concept of monitoring, but other concepts as well. Am I being to anal here, too detailed oriented? Without the word monitoring, the defintion would look like this. "A honeypot is an information system resource who's value lies in unauthorized or illicit use of that resource" Thoughts? Thanks! lance
Current thread:
- RE: Moving forward with defintion of honeypots, (continued)
- RE: Moving forward with defintion of honeypots Rick Hayes (May 20)
- Re: Moving forward with defintion of honeypots Harish Pillay (May 20)
- Re: Moving forward with defintion of honeypots Bernie, CTA (May 20)
- RE: Moving forward with defintion of honeypots John McCracken (May 20)
- Re: Moving forward with defintion of honeypots Jeremy Bennett (May 20)
- Re: Moving forward with defintion of honeypots Richard H. Cotterell (May 20)
- Re: Moving forward with defintion of honeypots David Goldsmith (May 20)
- Re: Moving forward with defintion of honeypots Graeme Thompson (May 20)
- Re: Moving forward with defintion of honeypots Per Gustav Ousdal (May 20)
- RE: Moving forward with defintion of honeypots Fabien Pouget (May 21)
- Honeypot Defintion - Almost There! Lance Spitzner (May 23)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
- Re: Honeypot Defintion - Almost There! Tora (May 23)
- Re: Honeypot Defintion - Almost There! Richard La Bella (Florida Honeynet) (May 23)
- Re: Honeypot Defintion - Almost There! Steve Barnet (May 23)
- Re: Honeypot Defintion - Almost There! Jack McCarthy (May 23)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- Re: Honeypot Defintion - Almost There! Erik S. Johansen (May 23)
- Re: Honeypot Defintion - Almost There! Jon Price (May 25)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
- Message not available
- Re: Honeypot Defintion - Almost There! Marc Dacier (May 23)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- Re: Honeypot Defintion - Almost There! Marc Dacier (May 23)