Hardware Performance of Honeyd

["Sol_Invictus" <sol () haveyoubeentested org>]

Greetings All!



I'm designing a honeynet for a client and would like to see how large we can
go.  My Client has a Dual Processor Dual Core Zeon system with 4 GB of
memory and lots of disk space. They also have 2 Gig E ports.



We are thinking about running Honeyd on this box.  The Honeynet will be used
as a test bed to test network scanners.  We'd like to set up as many
different types of systems as possible and get the largest range of IP's
possible so that we can test the ability to scan large networks.



I've done a lot of work for this client and they understand that this is my
first honeynet project. (especially for the price I'm giving them for the
experience)  ;-)



I've read a number of the docs, articles and books around, but one thing I
haven't seen are examples of what people are able to do within their
hardware limitations.



Could any of you provide examples of similar types of implementations,
hardware performance examples, or any advice on what to be aware of?



Initially we're looking at probably a bandwidth issue for the scanner but we
can scale back the speed of the scans in order to gain accuracy.  We're not
concerned with Logging or the outcome of the attacks from the honeynet
itself, we're more concerned with having a target range that will have some
meat to it.



Our goal is a nice Class B network with random "Configured" systems for more
info for some good reporting..  My main question is, would this system
handle a class A honeynet?



Any advice is always welcome, and I look forward to any replies.



Thanks!



Sol Invictus.  (Name was changed to protect all involved)  ;-)