Honeypots mailing list archives
RE: Honeypot Defintion - Almost There!
From: "Chris Carlson \(OTG\)" <ccarls () microsoft com>
Date: Fri, 23 May 2003 15:45:55 -0700
I like Richard's version but I had to put my own spin on it ;-) 'A honeypot is an information gathering tool that derives it's value from unauthorized or illicit use.' -----Original Message----- From: Richard.Salgado () usdoj gov [mailto:Richard.Salgado () usdoj gov] Sent: Friday, May 23, 2003 12:37 PM To: honeypots () securityfocus com Subject: Re: Honeypot Defintion - Almost There! Date: 05/23/2003 03:39 pm -0400 (Friday) From: Richard Salgado To: "honeypots () securityfocus com@inetgw".WTGATE2.CRMGW Subject: Re: Honeypot Defintion - Almost There! Looks like it's getting close. Tweaking to correct the grammar, how's this: A honeypot is an information system resource that derives its value from its unauthorized or illicit use.
lance () honeynet org@inetgw 05/23/03 10:30AM >>>
Okay folks, attempting to define what a honeypot is has been extremely interesting (and challenging). If nothing else, I think we are all beginning to realize just how powerful and flexible honeypots can be. I've also got a feeling no matter which definition we use, we will not be able to make everyone happy. However, we will try to get there as close as possible :) Based on the feedback we have gotten over the past week, it looks like Option B was the preferred option. That definition is as follows. "A honeypot is an information system resource who's value lies in monitoring unauthorized or illicit use of that resource" Since this is the preferred option of the two, this is what we will go with. HOWEVER, I'm uncomfortable with the word 'monitoring' in the definition. I was thinking we could remove it. Not all honeypots derive their value from being monitored. For example, I may build a honeypot so it gets hacked, just so I can do forensics on it and develop my forensic skills. Sticky honeypots like LaBrea Tarpit are not used to monitor scanning activity, but slow down scans. A deceptive honeypot may not be used to monitor attackers, but used to give the attacker bad or deceiving information. I was thinking that if we remove the word monitoring, the definition is more flexible. It includes the concept of monitoring, but other concepts as well. Am I being to anal here, too detailed oriented? Without the word monitoring, the defintion would look like this. "A honeypot is an information system resource who's value lies in unauthorized or illicit use of that resource" Thoughts? Thanks! lance
Current thread:
- RE: Honeypot Defintion - Almost There! Lobur, Julia M (May 23)
- <Possible follow-ups>
- RE: Honeypot Defintion - Almost There! eric () infobro com (May 23)
- RE: Honeypot Defintion - Almost There! Jack McCarthy (May 23)
- Re: Honeypot Defintion - Almost There! Richard.Salgado () usdoj gov (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)
- Re: Honeypot Defintion - Almost There! Valdis . Kletnieks (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)
- RE: Honeypot Defintion - Almost There! Chris Carlson (OTG) (May 23)