Hi What happens if a received SSH packet is greater than the max length for received packets? From something I have seen in the code (common-channel) I am concerned that this causes dropbear to simply terminate. My concern is that this leaves dropbear implementations open to DOS attacks. I am not an expert in C and the code I have checked is v0.52 so I may be wrong or not up-to-date...
Note that we have a customer who is extremely security conscious and would view this as an issue, and since security considerations are on the rise in the market they would probably not be alone (at least not for very long). JD -- J Dave Smith Consultant Engineer Devices - IP Phone Siemens Enterprise Communications Limited Tel: + 44 (0) 1908 817380 Email: [email protected]<blocked::mailto:[email protected]> www.siemens.co.uk/enterprise<http://www.siemens.co.uk/enterprise> Communication for the open minded<http://www.siemens.co.uk/open> Siemens Enterprise Communications Limited. Registered office: Brickhill Street, Willen Lake, Milton Keynes, MK15 0DJ. Registered No: 5903714, England. Siemens Enterprise Communications Limited is a Trademark Licensee of Siemens AG. This communication contains information which is confidential and may also be privileged. It is for the exclusive use of the addressee. If you are not the addressee please note that any distribution, reproduction, copying, publication or use of this communication or the information is prohibited. If you have received this communication in error, please contact us immediately and also delete the communication from your computer. We accept no liability for any loss or damage suffered by any person arising from use of this email. P Please consider the environment - do you really need to print this email?
