An important component to many DDOS mitigation strategies is TCP-offloading to hardware. So this goes away until hardware catches up. But can it catch up at all with a protocol like this? When I see a single message to form a connection, it makes me worry that this makes it trivially easy to create a horrible DDOS that consumes state and is spoofable. Are my fears unfounded?