Re: SecurityFocus new honeypot article announcement

[oudot laurent <oudot () rstack org>]

Michael Sierchio a écrit:
> oudot laurent wrote:
>
> > > The article might have sounded better informed if it understood
> > > the distinction between honeypot and tarpit.
> >
> >
> > Do you mean that we should not talk about tarpits downto the honeypots 
> > community ??
>
>
> I think I was expressing my desire for more beef, 

greedy man :-)

> obviously
> not appropriate to the "executive summary" or "Readers Digest"
> version, sorry.  Context, I try to remind myself, context...
>
> A very simple elucidation, though -- tarpits are devised specifically
> to slow down an attack by crafted protocol tricks (rapidly decreasing
> window size, etc.) and honeypots are designed to provide an environment
> to observe them by posing as attractive targets.

I totally agree with you, but notice that both technologies converge. 
Devels from Honeyd or KFSensor (for example) are working hard to 
integrate tarpiting capabilities into honeypots.

Though they have not the same goal, they both fool evil hackers or 
worms, with their own means. That's an explanation of this tendency.

See you,

laurent