So the way I currently have it the man-in-the-middle is useless because once a client connects to the SSH server all other IP addresses are locked out from that port.
I agree about congestion, but IIRC the TCP connection timeout defaults to 75s so since I'm tolerant to connections across two windows (i.e. two minutes) then I think I'm safe.
Ah, so your server only accepts 1 connection at a time on a given listening port? That is good protection.
I didnt realize there was a TCP standard for the max acceptable amount of retransmissions. But yeah if you can account for this with a pad then you should always be safe.
If you ever opensource your network code I'd love to see it.
I agree about congestion, but IIRC the TCP connection timeout defaults to 75s so since I'm tolerant to connections across two windows (i.e. two minutes) then I think I'm safe.
John.