whitequark
commented
3 months ago I would expect smoltcp to be vulnerable; it is not a TCP stack hardened against logic attacks on the state machine, here and elsewhere. I don't think anybody has enumerated the possible DoS avenues and if availability is a concern I would suggest not exposing a smoltcp endpoint to wider Internet.
That said, I do expect it to maintain integrity against malicious remote endpoints and there are, as far as I'm aware, no known issues with that.
I've seen smoltcp TCP sockets staying in SynReceived state for a long time, which seems to indicate that smoltcp stack may be vulnerable to SYN Flood attacks. Is it so? Are SYN Cookies used?