Re: Hardware Performance of Honeyd

[Michael Bailey <mibailey () eecs umich edu>]

As a point of reference, I created the following slide a while back  
to discuss the tradeoff between scalability and fidelity (here called  
breadth and depth). The numbers were based off of what I could find  
(and translate into similar metrics) at the time so your millage with  
a technique may vary ...

-* michael

Attachment: BreadthAndDepth.pdf
Description:

On Jan 12, 2007, at 1:08 PM, David Watson wrote:

> Sol_Invictus wrote:
> > Could any of you provide examples of similar types of  
> > implementations,
> > hardware performance examples, or any advice on what to be aware of?
> >
> > Our goal is a nice Class B network with random "Configured"  
> > systems for more
> > info for some good reporting..  My main question is, would this  
> > system
> > handle a class A honeynet?
> >
> > Any advice is always welcome, and I look forward to any replies.
>
> Sol,
>
> The rate of TCP connections and number of hops in your honeyd virtual
> network topology will probably be the main performance factors.
>
> Presumably you have already seen http://www.honeyd.org/performance.php
> and
> http://www.usenix.org/events/sec04/tech/full_papers/provos/ 
> provos_html/index.html
>
> I`m not data for modern hardware has been published, but you might  
> find
> some of the following papers useful:
>
> http://www.cs.wisc.edu/~pb/isink_final.pdf
> http://www.diadem-firewall.org/workshop06/papers/monam06-paper-36.pdf
> http://www.cs.ucsd.edu/~savage/papers/Sosp05.pdf
> http://www.cc.gatech.edu/fac/kalyan/security-sims.htm
>
> Hope that helps!
>
> Thanks,
>
> David
>
> --
> David Watson
> UK Honeynet Project
> www.ukhoneynet.org
> david () honeynet org uk