< testing the setup... | Nepenthes Scalability, Part II >

Nepenthes Scalability

nepenthes is a versatile tool to capture propagating malware. The basic principle is the following: the tool simulates known vulnerabilities and waits for them to be exploited. Once nepenthes detects an exploitation attempt, it triggers the incoming exploit, and analyzes the incoming payload. This analysis leads to several information, which can be combined to download the malware from another computer system. Thus it is possible to download malware that tries topropagate within the network in an automated way.

Here are some figures that illustrate the scalability of nepenthes. These figures show the performance of nepenthes on a Pentium 4 with 2.6 GHz, 2 GB RAM, and a 100 MBit NIC. The corresponding machine listens to a /18 network (e.g. about 16K IPs) and simulates vulnerable services.

  • Number of established connections:

  • Number of logged downloads (i.e., download attempts):

  • Number of logged submissions (i.e., successful downloads):

  • Average load:


This data was captured on 2006-01-06.
This entry was posted by Thorsten Holz on Saturday, January 7. 2006 at 03:29. and is filed under honeynets. You can leave a response, or trackback from your own blog.

Trackbacks

Trackback specific URI for this entry

    No Trackbacks

Comments

Display comments as (Linear | Threaded)

    No comments


Add Comment


Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA