RE: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine?

["Michael A. Davis" <mike () datanerds net>]

You are the second person to mention this and I think it might be a VMWare
5.5 thing. I don't have access to 5.x of Vmware so I cannot test. In 4.x it
works without causing 100% CPU.

Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
Main: 708.243.2850
http://www.savidtech.com

This email may contain confidential and privileged information for the sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please contact
the sender and delete all copies of this message. 

> -----Original Message-----
> From: Jon Andersen [mailto:janderse () umich edu] 
> Sent: Wednesday, May 31, 2006 9:03 PM
> To: honeypots () securityfocus com
> Subject: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside 
> a virtual machine?
>
> Hi,
>
> I have been experimenting with Sebek for the eventual purpose 
> of research on current Internet worm threats.  There is a 
> technical problem that I haven't figured out yet.  I have 
> tried Sebek 3.0.4 and
> 2.1.5 under VMware Workstation 5.5.1 (guest OS Windows XP 
> SP2, host OS Fedora Core 4),
>
> Both Sebek 3.0.4 and 2.1.5, after installation, 
> configuration, and first reboot, are causing 100% CPU 
> utilization in both the guest and host OS.  Sebek is 
> functioning enough that event packets do eventually show up 
> on the Sebek server; however, the guest and host run so 
> slowly that its not useful.  Has anyone seen this pegged-CPU 
> bug before?  Any workarounds?  If not, any recommendations of 
> other Sebek-like tools that can be installed inside a virtual machine?
>
> Thanks,
>
> -Jon Andersen
> Graduate Student
> 734-763-4521 (work)
> 734-763-8428 (home)
> Computer Science & Engineering - Rm 4917 University of Michigan