SecurityFocus

Moving forward with defintion of honeypots May 20 2003 03:23AM
Lance Spitzner (lance honeynet org) (17 replies)

Re: Moving forward with defintion of honeypots May 24 2003 04:47AM
Bill McCarty (bmccarty apu edu) (1 replies)

Re: Moving forward with defintion of honeypots May 24 2003 07:38PM
Scarecrow (scarecrow runeweaver com)

Honeypot Defintion - Almost There! May 23 2003 02:30PM
Lance Spitzner (lance honeynet org) (6 replies)

Re: Honeypot Defintion - Almost There! May 24 2003 02:29AM
Erik S. Johansen (security sperling no) (1 replies)

Re: Honeypot Defintion - Almost There! May 25 2003 12:27AM
Jon Price (jon nytimes com)

Re: Honeypot Defintion - Almost There! May 23 2003 03:58PM
Jack McCarthy (lists jackmccarthy com) (1 replies)

Re: Honeypot Defintion - Almost There! May 23 2003 05:24PM
Valdis Kletnieks vt edu

Re: Honeypot Defintion - Almost There! May 23 2003 03:37PM
Steve Barnet (barnet chem wisc edu)

Re: Honeypot Defintion - Almost There! May 23 2003 03:05PM
Marc Dacier (marc dacier eurecom fr) (2 replies)

Lance,
let me follow up on Volker's remark and also on what Fabien and Dave wrote
a few days ago.

I'll be a little bit provocative ... no offense please, I'm trying to get
things moving :-}

At 09:30 23/05/2003 -0500, you wrote:
>Okay folks, attempting to define what a honeypot is has
>been extremely interesting (and challenging).
>[...]
>Based on the feedback we have gotten over the past week,
>it looks like Option B was the preferred option. That
>definition is as follows.
>
> "A honeypot is an information system resource who's
> value lies in monitoring unauthorized or illicit use
> of that resource"

if I say
"the definition of a honeypot is a sentence who's value lies
in getting a consensus in the honeypots mailing list",

I'm sure that you will agree with me that this is certainly not a good
definition of the "definition of a honeypot".

Similarly, you should agree that your sentence can not be taken as a
definition of a honeypot.

Instead, it is a good sentence to let people understand
*what we do with honeypots*, *why we need honeypots*, *why they should pay
for honeypots*,
but not
*what honeypots are*.

In other words, this is a definition of honeypots usage, not of honeypots
per se.

As long as we keep focusing on the usage, we will have an endless debate
since every new usage could lead to a new definition..

For instance, suppose that I install a honeypot behind my firewall where
it should -hopefully- see nothing. I don't want to use that honeypot to
monitor anything but, instead, to be a simplistic intrusion detection
system. My policy states that, as soon as a single packet reaches the
honeypot, my network must be disconnected from the internet because
something is wrong with the firewall (ok, it's a silly example and a
rather stupid reaction but bare with me :-) ).

Based on this "usage", is this "information system resource" a honeypot ? I
would tend to say yes but your definition leads me to believe that you
would say no.

Can't we come up with a definition that does not take the usage into
account at all ?

>Since this is the preferred option of the two, this is
>what we will go with.

Mmmmm ... the least worst of the two 'definitions' does not make a good one :-)

Reactions, remarks ?

Cheers,
Marc

[ reply ]

RE: Honeypot Defintion - Almost There! May 23 2003 04:07PM
David Gillett (gillettdavid fhda edu)

Re: Honeypot Defintion - Almost There! May 23 2003 03:35PM
Valdis Kletnieks vt edu

Re: Honeypot Defintion - Almost There! May 23 2003 02:48PM
Volker Tanger (volker tanger discon de) (1 replies)

Re: Honeypot Defintion - Almost There! May 23 2003 03:28PM
Tora (tagetora users sourceforge net)

Re: Honeypot Defintion - Almost There! May 23 2003 02:40PM
Richard La Bella \(Florida Honeynet\) (richard sfhn org)

Re: Moving forward with defintion of honeypots May 21 2003 06:36PM
Chris Burton (cyberhiker99 yahoo com)

RE: Moving forward with defintion of honeypots May 21 2003 08:37AM
Fabien Pouget (Fabien Pouget eurecom fr)

Re: Moving forward with defintion of honeypots May 21 2003 01:22AM
Per Gustav Ousdal (pgo-ml ousdal com)

Re: Moving forward with defintion of honeypots May 20 2003 09:37PM
Graeme Thompson (gdthompson optushome com au)

Re: Moving forward with defintion of honeypots May 20 2003 07:56PM
David Goldsmith (dgoldsmith sans org)

Re: Moving forward with defintion of honeypots May 20 2003 05:49PM
Richard H. Cotterell (seec mail retina ar)

Re: Moving forward with defintion of honeypots May 20 2003 05:06PM
Jeremy Bennett (jeremy_f_bennett yahoo com)

Re: Moving forward with defintion of honeypots May 20 2003 03:37PM
Bernie, CTA (cta hcsin net) (1 replies)

RE: Moving forward with defintion of honeypots May 21 2003 04:38AM
John McCracken (john mccrackenassociates com)

Re: Moving forward with defintion of honeypots May 20 2003 03:30PM
Harish Pillay (harish maringotree com)

RE: Moving forward with defintion of honeypots May 20 2003 02:46PM
Rick Hayes (rhayes vicor com)

Re: Moving forward with defintion of honeypots May 20 2003 02:36PM
Richard La Bella \(Florida Honeynet\) (richard sfhn org) (1 replies)

Re: Moving forward with defintion of honeypots May 20 2003 04:52PM
Jeremy Bennett (jeremy_f_bennett yahoo com)

Re: Moving forward with defintion of honeypots May 20 2003 02:24PM
Christian Kreibich (christian whoop org) (1 replies)

Re: Moving forward with defintion of honeypots May 21 2003 07:13AM
Perraju (perrajukv ideasp com)

RE: Moving forward with defintion of honeypots May 20 2003 02:08PM
John McCracken (john mccrackenassociates com)

Re: Moving forward with defintion of honeypots May 20 2003 01:56PM
Christian Kreibich (christian whoop org)

Re: Moving forward with defintion of honeypots May 20 2003 01:46PM
Etaoin Shrdlu (shrdlu deaddrop org)