I am trying to set up a Honeynet (using roo Honeywall CD). My
network architecture is almost the same as the one shown in the
following picture --> http://www.honeynet.org/papers/gen2/figureA.jpg ,
except that between the Honeywall gateway and the honeypots there is a
hub (obviously).
The problem is that even though the PC being used as a Honeywall is
not soooo old (a pentium III) the system keeps having a total CPU
utilization of 100% almost all the time. The processes that are more CPU
intensive are the tcpdump, the hflowd and the snort_inline. The network
in use is a rather small one (it is an experimental network behind a
NAT), so there is not so much traffic. Do you happen to know why is this
happenning? Is it a common thing or not?
There is also another issue. I tried to connect the switch before
the honeywall with the hub after that, just to see what happens. I
mentioned that the internet connectivity was dissapeared for all
computers to the network
(those behind both behind the hub and the switch). Veeeery slow ping
rates and even non-existing connectivity at all. Additionally the Sebek
daemon failed to start for several restarts and the honeywall system
reached a peak of CPU utilization, making it impossible even to connect
to the management interface (eth2). Does anyone have a clue why such a
behavior was observed?
Thanx
George
Received on Oct 12 2005
Intro
