[knot-dns-users] Re: tcp ddos

daniel: # lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Address sizes: 40 bits physical, 48 bits virtual Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Vendor ID: GenuineIntel BIOS Vendor ID: QEMU Model name: QEMU Virtual CPU version 2.5+ BIOS Model name: pc-i440fx-5.2 CPU @ 2.0GHz BIOS CPU family: 1 CPU family: 6 Model: 6 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 4 Stepping: 3 BogoMIPS: 4389.68 Flags: fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca c mov pse36 clflush mmx fxsr sse sse2 syscall nx lm rep_ good nopl xtopology cpuid tsc_known_freq pni cx16 x2ap ic hypervisor lahf_lm cpuid_fault pti Virtualization features: Hypervisor vendor: KVM Virtualization type: full Caches (sum of all): L1d: 128 KiB (4 instances) L1i: 128 KiB (4 instances) L2: 16 MiB (4 instances) L3: 64 MiB (4 instances) NUMA: NUMA node(s): 1 NUMA node0 CPU(s): 0-3 Vulnerabilities: Gather data sampling: Not affected Itlb multihit: KVM: Mitigation: VMX unsupported L1tf: Mitigation; PTE Inversion Mds: Vulnerable: Clear CPU buffers attempted, no microcode; SMT Host state unknown Meltdown: Mitigation; PTI Mmio stale data: Unknown: No mitigations Reg file data sampling: Not affected Retbleed: Not affected Spec rstack overflow: Not affected Spec store bypass: Vulnerable Spectre v1: Mitigation; usercopy/swapgs barriers and __user pointe r sanitization Spectre v2: Mitigation; Retpolines; STIBP disabled; RSB filling; P BRSB-eIBRS Not affected; BHI Retpoline Srbds: Not affected Tsx async abort: Not affected rip.psg.com:/var/lib/knot/signed# knotc status workers UDP workers: 4, TCP workers: 10, XDP workers: 0, background workers: 4 (running: 0, pending: 0) `apt install` tcp sample as of a few days ago, https://archive.psg.com/attack.list.gz randy