Re: 100% CPU usage with Windows Sebek 3.0.4/2.1.5 inside a virtual machine?

["Frank S Posluszny, III" <fsp () mitre org>]

Hi Jon,

I wasn't able to duplicate the 100% CPU utilization with either version
of Sebek you mentioned.  According to your stats, the only difference
seems to be that I'm using Fedora Core 3 instead of 4.
Have you been able to narrow down the problem any further?

-Frank P

Jon Andersen said the following on 5/31/2006 10:03 PM:
> Hi,
>
> I have been experimenting with Sebek for the eventual purpose of
> research on current Internet worm threats.  There is a technical problem
> that I haven't figured out yet.  I have tried Sebek 3.0.4 and 2.1.5
> under VMware Workstation 5.5.1 (guest OS Windows XP SP2, host OS Fedora
> Core 4),
>
> Both Sebek 3.0.4 and 2.1.5, after installation, configuration, and first
> reboot, are causing 100% CPU utilization in both the guest and host OS. 
> Sebek is functioning enough that event packets do eventually show up on
> the Sebek server; however, the guest and host run so slowly that its not
> useful.  Has anyone seen this pegged-CPU bug before?  Any workarounds? 
> If not, any recommendations of other Sebek-like tools that can be
> installed inside a virtual machine?
>
> Thanks,