[knot-dns-users] Re: tcp ddos

Fri, 14 Jun 2024 05:42:44 -0700 

Thanks!

Four CPU cores aren't many, but they should still handle thousands of TCP 
connections per second.

You could also reduce 
https://www.knot-dns.cz/docs/3.3/singlehtml/index.html#tcp-max-clients (the 
default should be 500k).
But it's a blind guess. It would be nice to see `perf top` during an attack.

Daniel

On 6/13/24 20:43, Randy Bush wrote:

daniel:


What is your CPU (lscpu) and `knotc status workers`?


     # lscpu
     Architecture:             x86_64
       CPU op-mode(s):         32-bit, 64-bit
       Address sizes:          40 bits physical, 48 bits virtual
       Byte Order:             Little Endian
     CPU(s):                   4
       On-line CPU(s) list:    0-3
     Vendor ID:                GenuineIntel
       BIOS Vendor ID:         QEMU
       Model name:             QEMU Virtual CPU version 2.5+
        BIOS Model name:      pc-i440fx-5.2  CPU @ 2.0GHz
        BIOS CPU family:      1
        CPU family:           6
        Model:                6
        Thread(s) per core:   1
        Core(s) per socket:   1
        Socket(s):            4
        Stepping:             3
        BogoMIPS:             4389.68
        Flags:                fpu de pse tsc msr pae mce cx8 apic sep mtrr pge 
mca c
                              mov pse36 clflush mmx fxsr sse sse2 syscall nx lm 
rep_
                              good nopl xtopology cpuid tsc_known_freq pni cx16 
x2ap
                              ic hypervisor lahf_lm cpuid_fault pti
     Virtualization features:
       Hypervisor vendor:      KVM
       Virtualization type:    full
     Caches (sum of all):
       L1d:                    128 KiB (4 instances)
       L1i:                    128 KiB (4 instances)
       L2:                     16 MiB (4 instances)
       L3:                     64 MiB (4 instances)
     NUMA:
       NUMA node(s):           1
       NUMA node0 CPU(s):      0-3
     Vulnerabilities:
       Gather data sampling:   Not affected
       Itlb multihit:          KVM: Mitigation: VMX unsupported
       L1tf:                   Mitigation; PTE Inversion
       Mds:                    Vulnerable: Clear CPU buffers attempted, no 
microcode;
                               SMT Host state unknown
       Meltdown:               Mitigation; PTI
       Mmio stale data:        Unknown: No mitigations
       Reg file data sampling: Not affected
       Retbleed:               Not affected
       Spec rstack overflow:   Not affected
       Spec store bypass:      Vulnerable
       Spectre v1:             Mitigation; usercopy/swapgs barriers and __user 
pointe
                              r sanitization
       Spectre v2:             Mitigation; Retpolines; STIBP disabled; RSB 
filling; P
                              BRSB-eIBRS Not affected; BHI Retpoline
       Srbds:                  Not affected
       Tsx async abort:        Not affected
rip.psg.com:/var/lib/knot/signed# knotc status workers 
     UDP workers: 4, TCP workers: 10, XDP workers: 0, background workers: 4 
(running: 0, pending: 0)


How do you install knot (our packages have increased limit on number
of open files)?


`apt install`


Could you please provide us with the full list of terminated remote
addresses? We (Knot projects) have been implementing some anti-DDoS
solutions, so this could help us.


tcp sample as of a few days ago, https://archive.psg.com/attack.list.gz

randy

--

Reply via email to