smoltcp icon indicating copy to clipboard operation
smoltcp copied to clipboard
verified publisher icon smoltcp-rs

TCP SYN flood possible?

Open lasiotus opened this issue 1 year ago • 1 comments

I've seen smoltcp TCP sockets staying in SynReceived state for a long time, which seems to indicate that smoltcp stack may be vulnerable to SYN Flood attacks. Is it so? Are SYN Cookies used?

lasiotus avatar Jul 28 '24 19:07 lasiotus

I would expect smoltcp to be vulnerable; it is not a TCP stack hardened against logic attacks on the state machine, here and elsewhere. I don't think anybody has enumerated the possible DoS avenues and if availability is a concern I would suggest not exposing a smoltcp endpoint to wider Internet.

That said, I do expect it to maintain integrity against malicious remote endpoints and there are, as far as I'm aware, no known issues with that.

whitequark avatar Aug 06 '24 15:08 whitequark