As a point of reference, I created the following slide a while back
to discuss the tradeoff between scalability and fidelity (here called
breadth and depth). The numbers were based off of what I could find
(and translate into similar metrics) at the time so your millage with
a technique may vary ...
-* michael
On Jan 12, 2007, at 1:08 PM, David Watson wrote:
> Sol_Invictus wrote:
>> Could any of you provide examples of similar types of
>> implementations,
>> hardware performance examples, or any advice on what to be aware of?
>>
>> Our goal is a nice Class B network with random "Configured"
>> systems for more
>> info for some good reporting.. My main question is, would this
>> system
>> handle a class A honeynet?
>>
>> Any advice is always welcome, and I look forward to any replies.
>
> Sol,
>
> The rate of TCP connections and number of hops in your honeyd virtual
> network topology will probably be the main performance factors.
>
> Presumably you have already seen http://www.honeyd.org/performance.php
> and
> http://www.usenix.org/events/sec04/tech/full_papers/provos/
> provos_html/index.html
>
> I`m not data for modern hardware has been published, but you might
> find
> some of the following papers useful:
>
> http://www.cs.wisc.edu/~pb/isink_final.pdf
> http://www.diadem-firewall.org/workshop06/papers/monam06-paper-36.pdf
> http://www.cs.ucsd.edu/~savage/papers/Sosp05.pdf
> http://www.cc.gatech.edu/fac/kalyan/security-sims.htm
>
> Hope that helps!
>
> Thanks,
>
> David
>
> --
> David Watson
> UK Honeynet Project
> www.ukhoneynet.org
> david_at_honeynet.org.uk
>
Received on Jan 16 2007
Intro
