RE: Need your helping defining honeypots

["Rick Hayes" <rhayes () vicor com>]

I prefer statement #1.   It seems that the person having a "reason to
believe they are unauthorized" implies that they there is the
possibility that they are authorized.  It seems obvious that no one
should be accessing a honeypot and any access is considered
unauthorized. One could think that because the server is running apache
or sendmail that they are authorized to use it.  Especially, if it is
attached to the Internet. 

-----Original Message-----
From: Lance Spitzner [mailto:lance () honeynet org] 
Sent: Friday, May 16, 2003 2:24 PM
To: honeypots () securityfocus com
Subject: Need your helping defining honeypots


Recently I released a paper attempting to define honeypots. I've
received alot of great feedback on that.  Some of the feedback has been
we may be able to improve on the definition. Honeypots are extremely
flexible and can be used for many different things.  As such, I propose
two different possible definitions.  Comments/input GREATLY appreciated!


Option 1:
---------
A honeypot is a security resource who's value lies in being probed,
attacked, or compromised.


Option 2:
---------
A honeypot is a resource operated to monitor the use by entities 
who are unauthorized, or have reason to believe they are unauthorized, 
to use those resources. 



Do you have a preference for either defintion, a different defintion, or
perhaps a combination of the both?  If so, why? Let us know.

Thanks!

-- 
Lance Spitzner
http://www.tracking-hackers.com