ebooksgratis.com

See also ebooksgratis.com: no banners, no cookies, totally FREE.

CLASSICISTRANIERI HOME PAGE - YOUTUBE CHANNEL
Privacy Policy Cookie Policy Terms and Conditions
Talk:Honeypot (computing) - Wikipedia, the free encyclopedia

Talk:Honeypot (computing)

From Wikipedia, the free encyclopedia

This article is within the scope of Computing WikiProject, an attempt to build a comprehensive and detailed guide to computers and computing. If you would like to participate, you can edit the article attached to this page, or visit the project page, where you can join the project and/or contribute to the discussion.
Start This article has been rated as start-Class on the quality scale
Low This article has been rated as low-importance on the importance scale

Lance Spitzner has some great info on Honeypots at: http://www.trackinghackers.com

Contents

[edit] Honeytokens

I feel that those deserve their own entry, so I added on on his work on "honeytokens" -- non-computer honeypots.

I guess he sees honeytokens as a type of honeypot, but I disagree; I see them as a generalization of the concept.

Of course, editors are free to disagree with me.


Hasn't the phrase Honeypot been used in police stings for a lot longer than it's been used in computer security? Lee M 01:53, 18 Nov 2004 (UTC)



I've always been pretty sure boys-list.com is a honey-pot. It shows child pornography, and is only online sparatically.

Check it often, do ya? —Preceding unsigned comment added by 66.168.71.168 (talk) 06:39, 31 January 2008 (UTC)



[edit] Need for Caution

"Honeypots can carry risks to a network, and must be handled with care. If they are not properly walled off, an attacker can use them to actually break into a system."

I suppose, but I'd like to see this fleshed out. Just what is it that makes a honeypot (which is or should be designed to be secure) more vulnerable than production systems? Is the main danger the danger from the very sophisticated intruders, who would choose to abuse a honeypot in order to show their prowess? I ask because some types of abuse that honeypots detect or thwart are not committed by sophisticated users, they are committed by "script kiddies" or the next level above them. There is such a thing as "production" abuse, with the best example being that committed millions of times daily by spammers. These abusers typically have neither the time nor the desire to concentrate on any one system: they just want enough abusable systems be able to send their spam. If a system is unusual or not immediately obvious as an exploitable target the abuser moves on. His goal is not to abuse any particular system or systems, his goal is to use abuse to cheaply and somewhat anonymously send his spam.

I think there's also a bit of confusion. Lance Spitzer describes, I think, general and very broad honeypots. For those honeypots and for the class of abusers who would tend to try to defeat them (the sophisticated abusers) the warning surely is valid. For single-purpose honeypots (e.g., open relay honeypots) the vulnerability should be about the same as the vulnerability of production systems. The first open relay honeypot I advocated was sendmail (a production software component), run so that it accepted everything and delivered nothing (easy to do on any system with no legitimate email function.) At that time (2001) sendmail -bd was the command needed to run sendmail in that mode. That's where my alias (Minasbeede = "Minus bd") arose. Such a honeypot would be no more nor no less vulnerable than a production system running sendmail as a real server.

Nothing I write is meant to advocate incaution. Comments that assume it is and then criticize it are welcome: part of the essence of caution is that nothing be taken for granted, nothing be overlooked, nothing left unexamined.

Minasbeede 16:35, 14 December 2005 (UTC)

[edit] Disambig

Is it time to make this a disambiguation page, and move the text to honeypot (computers)? That's an awful long list at the top of alternative, non-trivial synonyms. - DavidWBrooks 19:49, 7 February 2006 (UTC)

I say go for it! Many of the linked pages are small now but they look ripe for expansion. -SCEhardT 19:56, 7 February 2006 (UTC)
I'l wait a day to see if anybody complains. - DavidWBrooks 20:06, 7 February 2006 (UTC)
Further thought: The new page should probably be honeypot (electronic) in a similar way to spam (electronic) because the article covers devices that aren't strictly computers -SCEhardT 20:44, 7 February 2006 (UTC)
Well, somebody just did the exact opposite of what I was intending, merging a couple of honeypot sub-terms into this one. - DavidWBrooks 22:34, 7 February 2006 (UTC)

Oh, sorry, I didn't see this discussion was going on! I hate leaving so many stubs lying around when they're all realated (although after the merge I think Honey trap should be merged into Sting operation). So it's really just the merge of the computer and espionage stuff which are fairly well related, although I did toss quite a bit about the implementation details. Ewlyahoocom 22:47, 7 February 2006 (UTC)

I support the proposal to create a separate Disambig page. RayGates 21:01, 8 February 2006 (UTC)

[edit] Merge

I do not think these terms are similar enough (or small enough) to justify a merge. Plus, a lot of content was lost. I am reverting the merge for now - please discuss here before making such drastic changes. -SCEhardT 22:47, 7 February 2006 (UTC)

Alright, good luck with it. I look forward to seeing what you come up with (as long as its not 5 stubs and no articles ;-). Ewlyahoocom 23:02, 7 February 2006 (UTC)
5 stubs each clearly different and unrelated terms are much more menaingful than a single large poorly structured article. If you think a merge is a good idea, consider if there is still a connection if the page and stubs are translated into another language. Alex Law 23:46, 7 February 2006 (UTC)
You evidently haven't looked at the articles in question. There might be 2, possibly even 3, articles (or stubs) in here but currently the information is spread out horizontally i.e. each of the current articles repeats the same ideas with a lot of duplication, plus some information which might not be encyclopedic. Ewlyahoocom 06:47, 8 February 2006 (UTC)
Speaking as somebody whose three years on wikipedia has seen many a sub-stub grow to such proportion that the problem is keeping its size down, I don't think creating a series of stubs, as the disambiguation would do, is a problem. They will either grow, or not, as wikipedia sees fit. If they don't, they aren't really a problem. But having to wander through a bunch of unrelated topics in a single article to find the tidbit you're searching for - that is a problem. - DavidWBrooks 19:02, 8 February 2006 (UTC)

[edit] Clarifications

I understand all the words but still don't know what this means. If the attacker wants to break in (and the wanting to break in is important) then the attacker will look for anything vulnerable. The warning appears to assume the honeypot is in an environment that requires high security and that the attacker wishes to compromise the high security. Of course you want to be cautious in a high-security case. Many honeypots (e.g., open proxy honeypots) are intended to detect bulk abusers. The abuser doesn't care about any particular site per se, he just wants to exploit vulnerabilites he can find. For such abusers the probability of accomplishing any sort of attack through the honeypot is very small. He checks for apparent vulnerability. If he finds it, he abuses. If not, he goes on to the next IP in the list. It's not careful, meticulous, analytical hacking, it's bulk abuse, done as quickly and simply as possible. As such honeypots are often no more than applications that run under standard environments (e.g., Jackpot, the Bubblegum Proxypot) the greater risk, if there is a risk, resides almost totally in the risks that characterize that environment and not in the honeypot application. I'd think it foolhardy at the very least to deploy any honeypot that is intended to combat hard-core abusers without a very thorough understanding of the security risks and implications. In other words, the people most likely to use honeypots in the high-security environments hardly need this warning: their awareness surpasses that implied by the caution statement. I'd hope. Minasbeede -User:Minasbeede

[edit] Merges suggested (Feb 2007)

I have suggested merging a number of related stub articles into this article. I think it is better for an encyclopedia article to contain descriptions of a number of closely-related topics. As things stand right now, with all the topics stuck on their own pages, it is more like a dictionary. Sure, maybe the short definitions found in the header sections should be copied into Wiktionary, but instead of deletion from Wikipedia, they should be gathered together into one place. It seems to me like this article here is the best candidate. Think about it - if you want to learn about the topic, wouldn't you like to have the most important stuff all on one page? Sure, Wikipedia makes it easy to click on wiki links, but who wants to have to click on every link, sorting the related from the tangential? Cbdorsett 05:49, 11 February 2007 (UTC) Here is a list of the topics, separated so that any distinct issues can be commented on in their own place.

I did not include Honeymonkey because I think it is too far removed, but it of course should remain as a "see also" link. Cbdorsett 05:54, 11 February 2007 (UTC)

  • Merge All I agree with Cbdorsett. I noted these merge proposals while clearing a Backlog. I would do the merges myself right now, but it would probably be more fruitful if the interested party who tagged them proceeded. Alan.ca 12:24, 11 February 2007 (UTC)
  • Merge all There's no real defining characteristic that distinguishes any of those from a honeypot (victim host is even defined to be another term for honeypot). Currently, it seems that we have multiple forks of the same article, with varying degrees of information. Mindmatrix 15:36, 11 February 2007 (UTC)

Since nothing's been done since February, and I - as a new reader to this article - support the merge, I have merged honeynet. EuroSong talk 23:32, 24 August 2007 (UTC)

[edit] CIA honeypot

Is Freedom of Information act used by the CIA and NSA as a honeypot? Odessaukrain 16:49, 9 March 2007 (UTC)

[edit] Etymology issues

I removed the Etymology section since it was uncited, and I believe it to be suspicious. The reason is that I thought that the term came from the nickname for bedpan as being a "honeypot" and that this malware host is like a bedpan for software. I of course cannot include this in the article because it is completely researched, but given other possibilities for the origin and in the spirit of keeping Wikipedia accurate rather than long, I'm removing it. If it is added again I hope that it cites sources I will not be a pain and I'll leave it where it is.

Tyler (talk) 17:09, 7 April 2008 (UTC)


aa - ab - af - ak - als - am - an - ang - ar - arc - as - ast - av - ay - az - ba - bar - bat_smg - bcl - be - be_x_old - bg - bh - bi - bm - bn - bo - bpy - br - bs - bug - bxr - ca - cbk_zam - cdo - ce - ceb - ch - cho - chr - chy - co - cr - crh - cs - csb - cu - cv - cy - da - de - diq - dsb - dv - dz - ee - el - eml - en - eo - es - et - eu - ext - fa - ff - fi - fiu_vro - fj - fo - fr - frp - fur - fy - ga - gan - gd - gl - glk - gn - got - gu - gv - ha - hak - haw - he - hi - hif - ho - hr - hsb - ht - hu - hy - hz - ia - id - ie - ig - ii - ik - ilo - io - is - it - iu - ja - jbo - jv - ka - kaa - kab - kg - ki - kj - kk - kl - km - kn - ko - kr - ks - ksh - ku - kv - kw - ky - la - lad - lb - lbe - lg - li - lij - lmo - ln - lo - lt - lv - map_bms - mdf - mg - mh - mi - mk - ml - mn - mo - mr - mt - mus - my - myv - mzn - na - nah - nap - nds - nds_nl - ne - new - ng - nl - nn - no - nov - nrm - nv - ny - oc - om - or - os - pa - pag - pam - pap - pdc - pi - pih - pl - pms - ps - pt - qu - quality - rm - rmy - rn - ro - roa_rup - roa_tara - ru - rw - sa - sah - sc - scn - sco - sd - se - sg - sh - si - simple - sk - sl - sm - sn - so - sr - srn - ss - st - stq - su - sv - sw - szl - ta - te - tet - tg - th - ti - tk - tl - tlh - tn - to - tpi - tr - ts - tt - tum - tw - ty - udm - ug - uk - ur - uz - ve - vec - vi - vls - vo - wa - war - wo - wuu - xal - xh - yi - yo - za - zea - zh - zh_classical - zh_min_nan - zh_yue - zu -