< Malicious Malware: Attacking the Attackers | Malicious Malware: Attacking the Attackers, Part 2 >

Scalability of nepenthes

I did some further examination on the scalability of nepenthes. The testbed is a 2.4GHz Pentium III system with 2 GB of physical memory and a 100 MB Ethernet NIC. The system is running on Debian with Linux kernel 2.6.12 and nepenthes 0.1.5 in default configuration. I tested this setup with an increasing number of IP addresses assigned to nepenthes - ranging from just 256 up to more than 32,000. I measured the number of established TCP connections and system load for a period of one hour. This measurement was repeated three times to cancel out statistical effects or burst in the network traffic. The results are plotted in the following two figures:

Average number of established TCP connections


Average system load


As you can see, the scalability is rather good: At the beginning, it is (nearly) linear. However, when the system load reaches 1, the system is occupied with I/O operations and thus the number of established connections decreases. With better hardware (especially processor and NIC), the scalability would be better. Since nepenthes can also be deployed in a distributed way, more flexibility is possible...
This entry was posted by Thorsten Holz on Saturday, February 4. 2006 at 02:14. and is filed under honeynets. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA