Re: [lwip-users] Security implemented in LWIP

[Mike Kleshov]

That's an interesting subject. There are many different classes of
network attacks. Some of them are protocol-specific (recent DNS
vulnerability, TCP syn flood, ARP spoofing etc.), some target
vulnerabilities in particular implementations (e.g. resource
exhaustion), some are generic (flooding link with traffic.) You cannot
counter all of them. The best you can do is evaluate the risks and try
to bring them down to an acceptable level. That 'acceptable level' is
highly dependent on your application requirements.
I don't think that anyone performed a thorough evaluation of lwip in
terms of vulnerability to network attacks. There will definitely be
bugs. For example, a few months ago a bug has been found where a
malformed TCP header could cause a crash:
https://savannah.nongnu.org/bugs/index.php?24596
So, if possible, try to choose simple protocols, e.g. favour UDP over TCP.

Regards,
- mike

2009/1/28 Raunak Rungta <address@hidden>:
> Hi All,
> I am doing a project to analyze the security requirements in connecting the
> set of wireless sensors with the Internet. I am totally new to this area. I
> read about different TCP/IP stack implementations like lwIP, uIP and others.
> Can any one point me some links where I can find how others implementors
> have approached this problem? How they have tried to secure their Wireless
> Sensor Networks from the different possible attacks from Internet? Any links
> to such implementations will also be helpful.
> Thanks in advance,
> Raunak Rungta