…Correct me if I’m wrong, but don’t nearly all of these attacks also exist in roughly-equivalent form against TCP, where they’re well-known and have been protected against for a very long time? Certainly window manipulation is a known technique to cause TCP connection exhaustion.
This has shades of SystemD reimplementing Kaminsky’s DNS cache poisoning bug six years after it made headlines and was fixed everywhere else.
we knew this was going to happen but nobody listened because the performance was too sexy
Once again, my unwillingness to learn about new things has paid off.