On Thu, 6 Sep 2001, Bill Studenmund wrote:

> On Thu, 6 Sep 2001, Jim Breton wrote:
>
> > On Thu, Sep 06, 2001 at 01:03:44PM -0700, Bill Studenmund wrote:
> > > The point of the paper is that you can watch an ssh session and have a
> > > good idea when someone is interactivly typing a password.
> >
> > Doesn't OpenSSH mitigate this by sending bogus packets back to the client?

Just heard from one of the OpenSSH folks, the same one who pointed me to
the paper. They don't have a solution at this time which is effective
against this attack. So it's not just a matter of needing an upgrade. :-(

Take care,

Bill