Honeypots mailing list archives
Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine?
From: Jon Andersen <janderse () umich edu>
Date: Thu, 1 Jun 2006 23:40:24 -0400
I've now tried Sebek 3.0.4 under VMware GSX server 3.2.1 as well. Curiously, in this version I do not get 100% CPU usage. Instead, Sebek doesn't send out any network packets. I used Ethereal to capture all traffic from the host OS, as well as at the Sebek server, and there wasn't any traffic. Running the Sebek configuration again showed that Sebek was installed, at least the configured values showed up when the configuration program was run after rebooting the virtual machine.
Is there a debug flag or build for Sebek that might help me figure out what is going wrong?
-Jon Andersen Graduate Student 734-763-4521 (work) 734-763-8428 (home) Computer Science & Engineering - Rm 4917 University of Michigan On Jun 1, 2006, at 12:01 AM, Michael A. Davis wrote:
You are the second person to mention this and I think it might be a VMWare 5.5 thing. I don't have access to 5.x of Vmware so I cannot test. In 4.x itworks without causing 100% CPU. Thanks, Michael A. Davis Chief Executive Officer Savid Technologies, Inc. Main: 708.243.2850 http://www.savidtech.comThis email may contain confidential and privileged information for the soleuse of the intended recipient. Any review or distribution by others isstrictly prohibited. If you are not the intended recipient, please contactthe sender and delete all copies of this message.-----Original Message----- From: Jon Andersen [mailto:janderse () umich edu] Sent: Wednesday, May 31, 2006 9:03 PM To: honeypots () securityfocus com Subject: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? Hi, I have been experimenting with Sebek for the eventual purpose of research on current Internet worm threats. There is a technical problem that I haven't figured out yet. I have tried Sebek 3.0.4 and 2.1.5 under VMware Workstation 5.5.1 (guest OS Windows XP SP2, host OS Fedora Core 4), Both Sebek 3.0.4 and 2.1.5, after installation, configuration, and first reboot, are causing 100% CPU utilization in both the guest and host OS. Sebek is functioning enough that event packets do eventually show up on the Sebek server; however, the guest and host run so slowly that its not useful. Has anyone seen this pegged-CPU bug before? Any workarounds? If not, any recommendations of other Sebek-like tools that can be installed inside a virtual machine? Thanks, -Jon Andersen Graduate Student 734-763-4521 (work) 734-763-8428 (home) Computer Science & Engineering - Rm 4917 University of Michigan
Current thread:
- 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? Jon Andersen (May 31)
- RE: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? Michael A. Davis (Jun 01)
- Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? Jon Andersen (Jun 02)
- Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? Frank S Posluszny, III (Jun 01)
- Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? Jon Andersen (Jun 02)
- <Possible follow-ups>
- Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? msquire (Jun 02)
- Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? omarmdx (Jun 02)
- RE: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine? Michael A. Davis (Jun 01)