The following technical report is available from http://aib.informatik.rwth-aachen.de/: Fabien Pouget, Thorsten Holz: A Pointillist Approach for Comparing Honeypots AIB 2005-05 The concept of electronic decoys ("honeypots"), which are network resources that are deployed to be probed, attacked, and eventually compromised, is used in the area of IT security to learn more about attack patterns and attackers' behavior in real-world networks. Our research focuses on gathering detailed statistics on the threats over a long period of time in order to get a better understanding of their characteristics. In this perspective, we are deploying honeypots of different interaction levels in various locations. At a first glance, these honeypots can be considered as permanent sensors that gather statistical information on a long-term perspective. Generally speaking, honeypots are often classified by their level of interaction. For instance, it is admitted that a high interaction approach is suited for recording hacker shell commands, while a low interaction approach provides limited information on the attackers' activities. So far, there exists no serious comparison to express the level of information on which both approaches differ. Thanks to the environment that we are deploying, we are able to provide a rigorous comparison between the two approaches, both qualitatively and quantitatively. The proposed analysis leads to an interesting study of malicious activities hidden by the noise of less interesting ones. Furthermore, it shows the complementarities of the two approaches: a high interaction honeypot allows controlling the relevance of low interaction honeypot configurations. Thus, both interaction levels are required to build an efficient network of distributed honeypots.