Honeypots mailing list archives
RE: Birthday of terms honeypot and honeynet
From: "David Gillett" <gillettdavid () fhda edu>
Date: Fri, 23 Jan 2004 08:28:47 -0800
I'd look for an etymological link between the use of the term "honeypot" in computer systems, and its use as a spycraft term dating back to at least the 1950s. In the latter context, a "honeypot" was an operation to lure an opposing diplomat or agent into a compromised situation -- usually sexual -- in order to obtain blackmail material.... David Gillett
-----Original Message----- From: Ian Baker [mailto:ibaker () codecutters org] Sent: January 23, 2004 03:35 To: Aleksey V. Lukatsky Cc: honeypots () securityfocus com Subject: Re: Birthday of terms honeypot and honeynet Aleksey, (Assuming that it's details on the honeypot implementation that you are looking for). Quick synopsis - users dialled-in to a series of modem banks fronting a VAXcluster containing a newpaper story database. After a hacking event (and you had to be hacker-class to get in, back in those largely pre-Internet days..), Ops got together with a couple of developers to develop what they termed a "honeypot". To be honest, it was more of a Trojan in my view at the time (an apparently not-very-secure VAX with external links to much more interesting things than old newspaper stories). Since legitimate users would never break the menu and attempt to access the (IIRC) "set host" command, it was considered a 100% indication of hack/crack activity. Access would immediately shut-down on all other connections in that particular modem bank (investigations from the previous attack indicated that a lot of activity involved trying phone numbers in sequence) and take the bank off-line. Too many attempts on different banks would shutdown the site & divert to backup links. Ops would be automatically paged by the honeypot, and could manually request a phone trace (while watching the actions of the intruder in real-time). I can't talk much about the specific implementation (too long ago) - the discussion had really centred around this Trojan concept that was just starting to become prevalent (I'd looked at something similar while at college in '85, on a CDC mainframe, and had later duplicated some of the functions on a uVAX at a secure establishment). Knowing the people involved, I would not be in the least surprised if the term came up on either an international BBS or something internal to British Telecom (we worked with many of their VAX-based services). I think the main "thrill" was the idea of turning a cracking exploit against the crackers themselves. Can't/won't go into details, but it was used "in anger" and resulted a prosecution during my time with the company. Regards, Ian Baker Webmaster, codecutters.org
Current thread:
- Birthday of terms honeypot and honeynet Aleksey V. Lukatsky (Jan 22)
- <Possible follow-ups>
- Re: Birthday of terms honeypot and honeynet Ian Baker (Jan 23)
- RE: Birthday of terms honeypot and honeynet David Gillett (Jan 23)