On Thu, Sep 06, 2001 at 01:03:44PM -0700, Bill Studenmund wrote:
> The point of the paper is that you can watch an ssh session and have a
> good idea when someone is interactivly typing a password.

Doesn't OpenSSH mitigate this by sending bogus packets back to the client?

At least the newer versions do (2.9 and so on).  Are we saying that that
does not work well enough?  Or is it just the fact that we are not on
2.9 yet?