Honeypots: RE: Sebek benchmarks?

["Siles, Raul" <raul.siles () hp com>]

Hieu,
I would recommend to add some testing of the new Sebek write functionality added in the Linux 2.6 Sebek client.
Check the "sbk_install.sh" file and specifically the WRITE_TRACKING config variable.

It is still an experimental feature mainly due to performance issues that cause stability problems. Therefore your 
benchmarks would help to tune it.

Additionally, if you could share the methodology you will follow and the tools you are going to use, it could help 
others to perform similar tests with different Linux kernel versions and even different Linux Sebek versions, such as 
the Linux 2.4 one. This would provide a more complete analysis.

As Ed, I'd love to see what you come up with.
Raúl Siles
GSE

-----Original Message-----
From: NAHieu [mailto:nahieu () gmail com] 
Sent: martes, 10 de enero de 2006 05:22
To: honeypots () securityfocus com
Subject: Sebek benchmarks?

Hello,

I am figuring out how much overhead Sebek costs on Linux 2.6
environment. I looked everywhere for a document that carried out any
benchmark on Sebek, but to no avail. Does such a paper/document
exists, but I dont know??

If it doesnt, I would like to run some benchmarks myself. I imagine
that these kind of benchmarks are necessary:
- Filesystem benchmark (because Sebek patches some I/O related syscalls)
- Network benchmark (Sebek patches socket syscall)
- ... (what more ?)

Anybody could please recommend me exactly which (standard) benchmarks
I should run? I will post the result to the list.

Many thanks.
Hieu