SecurityFocus

Moving forward with defintion of honeypots May 20 2003 03:23AM
Lance Spitzner (lance honeynet org) (17 replies)

Re: Moving forward with defintion of honeypots May 24 2003 04:47AM
Bill McCarty (bmccarty apu edu) (1 replies)

Re: Moving forward with defintion of honeypots May 24 2003 07:38PM
Scarecrow (scarecrow runeweaver com)

Honeypot Defintion - Almost There! May 23 2003 02:30PM
Lance Spitzner (lance honeynet org) (6 replies)

Re: Honeypot Defintion - Almost There! May 24 2003 02:29AM
Erik S. Johansen (security sperling no) (1 replies)

Re: Honeypot Defintion - Almost There! May 25 2003 12:27AM
Jon Price (jon nytimes com)

Re: Honeypot Defintion - Almost There! May 23 2003 03:58PM
Jack McCarthy (lists jackmccarthy com) (1 replies)

I'm coming in late on this discussion, but here's my thought:

"A honeypot is an information system device who's value lies in collecting and
analyzing unauthorized or illicit use of that resource."

Would the word 'collecting' pose a legal or privacy issue?

-Jack

--- Lance Spitzner <lance (at) honeynet (dot) org [email concealed]> wrote:
> Okay folks, attempting to define what a honeypot is has
> been extremely interesting (and challenging). If
> nothing else, I think we are all beginning to realize just
> how powerful and flexible honeypots can be. I've also got
> a feeling no matter which definition we use, we will not
> be able to make everyone happy. However, we will try to
> get there as close as possible :)
>
> Based on the feedback we have gotten over the past week,
> it looks like Option B was the preferred option. That
> definition is as follows.
>
> "A honeypot is an information system resource who's
> value lies in monitoring unauthorized or illicit use
> of that resource"
>
>
> Since this is the preferred option of the two, this is
> what we will go with. HOWEVER, I'm uncomfortable with the
> word 'monitoring' in the definition. I was thinking we
> could remove it. Not all honeypots derive their value
> from being monitored. For example, I may build a honeypot
> so it gets hacked, just so I can do forensics on it and
> develop my forensic skills. Sticky honeypots like LaBrea
> Tarpit are not used to monitor scanning activity, but
> slow down scans. A deceptive honeypot may not be used to
> monitor attackers, but used to give the attacker bad or
> deceiving information. I was thinking that if we remove
> the word monitoring, the definition is more flexible.
> It includes the concept of monitoring, but other concepts
> as well.
>
> Am I being to anal here, too detailed oriented? Without
> the word monitoring, the defintion would look like this.
>
> "A honeypot is an information system resource who's
> value lies in unauthorized or illicit use of that
> resource"
>
>
> Thoughts?
>
> Thanks!
>
> lance
>
>
>
>

[ reply ]

Re: Honeypot Defintion - Almost There! May 23 2003 05:24PM
Valdis Kletnieks vt edu

Re: Honeypot Defintion - Almost There! May 23 2003 03:37PM
Steve Barnet (barnet chem wisc edu)

Re: Honeypot Defintion - Almost There! May 23 2003 03:05PM
Marc Dacier (marc dacier eurecom fr) (2 replies)

RE: Honeypot Defintion - Almost There! May 23 2003 04:07PM
David Gillett (gillettdavid fhda edu)

Re: Honeypot Defintion - Almost There! May 23 2003 03:35PM
Valdis Kletnieks vt edu

Re: Honeypot Defintion - Almost There! May 23 2003 02:48PM
Volker Tanger (volker tanger discon de) (1 replies)

Re: Honeypot Defintion - Almost There! May 23 2003 03:28PM
Tora (tagetora users sourceforge net)

Re: Honeypot Defintion - Almost There! May 23 2003 02:40PM
Richard La Bella \(Florida Honeynet\) (richard sfhn org)

Re: Moving forward with defintion of honeypots May 21 2003 06:36PM
Chris Burton (cyberhiker99 yahoo com)

RE: Moving forward with defintion of honeypots May 21 2003 08:37AM
Fabien Pouget (Fabien Pouget eurecom fr)

Re: Moving forward with defintion of honeypots May 21 2003 01:22AM
Per Gustav Ousdal (pgo-ml ousdal com)

Re: Moving forward with defintion of honeypots May 20 2003 09:37PM
Graeme Thompson (gdthompson optushome com au)

Re: Moving forward with defintion of honeypots May 20 2003 07:56PM
David Goldsmith (dgoldsmith sans org)

Re: Moving forward with defintion of honeypots May 20 2003 05:49PM
Richard H. Cotterell (seec mail retina ar)

Re: Moving forward with defintion of honeypots May 20 2003 05:06PM
Jeremy Bennett (jeremy_f_bennett yahoo com)

Re: Moving forward with defintion of honeypots May 20 2003 03:37PM
Bernie, CTA (cta hcsin net) (1 replies)

RE: Moving forward with defintion of honeypots May 21 2003 04:38AM
John McCracken (john mccrackenassociates com)

Re: Moving forward with defintion of honeypots May 20 2003 03:30PM
Harish Pillay (harish maringotree com)

RE: Moving forward with defintion of honeypots May 20 2003 02:46PM
Rick Hayes (rhayes vicor com)

Re: Moving forward with defintion of honeypots May 20 2003 02:36PM
Richard La Bella \(Florida Honeynet\) (richard sfhn org) (1 replies)

Re: Moving forward with defintion of honeypots May 20 2003 04:52PM
Jeremy Bennett (jeremy_f_bennett yahoo com)

Re: Moving forward with defintion of honeypots May 20 2003 02:24PM
Christian Kreibich (christian whoop org) (1 replies)

Re: Moving forward with defintion of honeypots May 21 2003 07:13AM
Perraju (perrajukv ideasp com)

RE: Moving forward with defintion of honeypots May 20 2003 02:08PM
John McCracken (john mccrackenassociates com)

Re: Moving forward with defintion of honeypots May 20 2003 01:56PM
Christian Kreibich (christian whoop org)

Re: Moving forward with defintion of honeypots May 20 2003 01:46PM
Etaoin Shrdlu (shrdlu deaddrop org)