Re: SecurityFocus new honeypot article announcement

[Lance Spitzner <lance () honeynet org>]

On Mon, 27 Oct 2003, Michael Sierchio wrote:

> A very simple elucidation, though -- tarpits are devised specifically
> to slow down an attack by crafted protocol tricks (rapidly decreasing
> window size, etc.) and honeypots are designed to provide an environment
> to observe them by posing as attractive targets.

> From my personal opinion, I would have to disagree.  Your definition
above is based on what honeypots do.  I do not consider that the 
definition of a honeypot.  Honeypots can do MANY different things, 
they can lure, deceive, detect, gather information, used for incident 
response, etc.  Attempting to define a honeypot on what it does most 
likely will not work.  A honeypot is nothing more then a tool that can 
do many different things for you, you just apply what you want to get 
done.  One of the things the maillist has attempted to do is define 
honeypots.

 "A honeypot is an information system resource whose value lies in 
        unauthorized or illicit use of that resource"

In the case of this definition, tarpitting could fall under as a 
honeypot.  For example, in the case of LaBrea, attackers interact
with unused IP space.  That attempt is considered unauthorized,
so LaBrea would tarpit them.  Tarpitting is nothing more then one
more service a honeypot can provide.

lance