Honeypots mailing list archives
Re: Honeypot Defintion - Almost There!
From: Marc Dacier <marc.dacier () eurecom fr>
Date: Fri, 23 May 2003 17:05:30 +0200
Lance,let me follow up on Volker's remark and also on what Fabien and Dave wrote a few days ago.
I'll be a little bit provocative ... no offense please, I'm trying to get things moving :-}
At 09:30 23/05/2003 -0500, you wrote:
Okay folks, attempting to define what a honeypot is has been extremely interesting (and challenging). [...] Based on the feedback we have gotten over the past week, it looks like Option B was the preferred option. That definition is as follows. "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource"
if I say "the definition of a honeypot is a sentence who's value lies in getting a consensus in the honeypots mailing list",I'm sure that you will agree with me that this is certainly not a good definition of the "definition of a honeypot".
Similarly, you should agree that your sentence can not be taken as a definition of a honeypot.
Instead, it is a good sentence to let people understand*what we do with honeypots*, *why we need honeypots*, *why they should pay for honeypots*,
but not *what honeypots are*.In other words, this is a definition of honeypots usage, not of honeypots per se.
As long as we keep focusing on the usage, we will have an endless debate since every new usage could lead to a new definition..
For instance, suppose that I install a honeypot behind my firewall where it should -hopefully- see nothing. I don't want to use that honeypot to monitor anything but, instead, to be a simplistic intrusion detection system. My policy states that, as soon as a single packet reaches the honeypot, my network must be disconnected from the internet because something is wrong with the firewall (ok, it's a silly example and a rather stupid reaction but bare with me :-) ).
Based on this "usage", is this "information system resource" a honeypot ? I would tend to say yes but your definition leads me to believe that you would say no.
Can't we come up with a definition that does not take the usage into account at all ?
Since this is the preferred option of the two, this is what we will go with.
Mmmmm ... the least worst of the two 'definitions' does not make a good one :-) Reactions, remarks ? Cheers, Marc
Current thread:
- RE: Moving forward with defintion of honeypots, (continued)
- RE: Moving forward with defintion of honeypots Fabien Pouget (May 21)
- Honeypot Defintion - Almost There! Lance Spitzner (May 23)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
- Re: Honeypot Defintion - Almost There! Tora (May 23)
- Re: Honeypot Defintion - Almost There! Richard La Bella (Florida Honeynet) (May 23)
- Re: Honeypot Defintion - Almost There! Steve Barnet (May 23)
- Re: Honeypot Defintion - Almost There! Jack McCarthy (May 23)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- Re: Honeypot Defintion - Almost There! Erik S. Johansen (May 23)
- Re: Honeypot Defintion - Almost There! Jon Price (May 25)
- Re: Honeypot Defintion - Almost There! Volker Tanger (May 23)
- Message not available
- Re: Honeypot Defintion - Almost There! Marc Dacier (May 23)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- RE: Honeypot Defintion - Almost There! David Gillett (May 23)
- Re: Honeypot Defintion - Almost There! Marc Dacier (May 23)
- Re: Moving forward with defintion of honeypots Bill McCarty (May 24)
- Re: Moving forward with defintion of honeypots Scarecrow (May 24)
- Re: Moving forward with defintion of honeypots nigel (May 20)
- RE: Moving forward with defintion of honeypots SRH-Lists (May 20)
- RE: Moving forward with defintion of honeypots Thomas,Richard (May 20)
- RE: Moving forward with defintion of honeypots Colm Murphy (May 20)
- RE: Moving forward with defintion of honeypots Gonzalez, Albert (May 20)
- RE: Moving forward with defintion of honeypots eohlson (May 21)