[knot-dns-users] Re: tcp ddos

Thu, 13 Jun 2024 11:43:37 -0700 

daniel:

> What is your CPU (lscpu) and `knotc status workers`?

    # lscpu
    Architecture:             x86_64
      CPU op-mode(s):         32-bit, 64-bit
      Address sizes:          40 bits physical, 48 bits virtual
      Byte Order:             Little Endian
    CPU(s):                   4
      On-line CPU(s) list:    0-3
    Vendor ID:                GenuineIntel
      BIOS Vendor ID:         QEMU
      Model name:             QEMU Virtual CPU version 2.5+
        BIOS Model name:      pc-i440fx-5.2  CPU @ 2.0GHz
        BIOS CPU family:      1
        CPU family:           6
        Model:                6
        Thread(s) per core:   1
        Core(s) per socket:   1
        Socket(s):            4
        Stepping:             3
        BogoMIPS:             4389.68
        Flags:                fpu de pse tsc msr pae mce cx8 apic sep mtrr pge 
mca c
                              mov pse36 clflush mmx fxsr sse sse2 syscall nx lm 
rep_
                              good nopl xtopology cpuid tsc_known_freq pni cx16 
x2ap
                              ic hypervisor lahf_lm cpuid_fault pti
    Virtualization features:  
      Hypervisor vendor:      KVM
      Virtualization type:    full
    Caches (sum of all):      
      L1d:                    128 KiB (4 instances)
      L1i:                    128 KiB (4 instances)
      L2:                     16 MiB (4 instances)
      L3:                     64 MiB (4 instances)
    NUMA:                     
      NUMA node(s):           1
      NUMA node0 CPU(s):      0-3
    Vulnerabilities:          
      Gather data sampling:   Not affected
      Itlb multihit:          KVM: Mitigation: VMX unsupported
      L1tf:                   Mitigation; PTE Inversion
      Mds:                    Vulnerable: Clear CPU buffers attempted, no 
microcode;
                               SMT Host state unknown
      Meltdown:               Mitigation; PTI
      Mmio stale data:        Unknown: No mitigations
      Reg file data sampling: Not affected
      Retbleed:               Not affected
      Spec rstack overflow:   Not affected
      Spec store bypass:      Vulnerable
      Spectre v1:             Mitigation; usercopy/swapgs barriers and __user 
pointe
                              r sanitization
      Spectre v2:             Mitigation; Retpolines; STIBP disabled; RSB 
filling; P
                              BRSB-eIBRS Not affected; BHI Retpoline
      Srbds:                  Not affected
      Tsx async abort:        Not affected
      
    rip.psg.com:/var/lib/knot/signed# knotc status workers
    UDP workers: 4, TCP workers: 10, XDP workers: 0, background workers: 4 
(running: 0, pending: 0)

> How do you install knot (our packages have increased limit on number
> of open files)?

`apt install`

> Could you please provide us with the full list of terminated remote
> addresses? We (Knot projects) have been implementing some anti-DDoS
> solutions, so this could help us.

tcp sample as of a few days ago, https://archive.psg.com/attack.list.gz

randy
--

Reply via email to