4/18    I'm interested in doing some traffic analysis to see if
        the sshd trojan can be detected by looking at traffic patterns.
        I seem to remember people's inbound sshd connections
        being dropped now fairly frequently [but soda stayed up].
        Can anybody authoritatively speak to whether just some
        sshds were dropped or when one was dropped all were dropped.
        Also I assume outbound sshes were not dropped. I'm curious
        whether the sshd bug was in maybe the checkpointing routine
        when it was writing out to the sniffer log, or it was
        something more random/complex. Unless I get a good lead
        I probably wont pursue this because I'm sort of busy
        now and it's a lot of data to trawl though potentially or
        lot of work to reconstruct. Basically looking for a large
        clustering of sshd drops in time and space without evidence
        of a reboot [other protocols dropped] and not a normal shutdown
        might be smoke -> fire signal.
        \_ Even if this particular ssh trojan was causing the daemon to drop
           connections, why would you assume that this would be true of other
           ssh trojans? -dans
           \- why do you assume i assume it is true of other trojans.
              obviously my concern is we dont know where the soda hacker
              came from and what he did with the sniffed info. assuming
              this same person installed the same buggy trojan elsewhere
              is hardly a stretch. a better question might be: is the
              trojan buggy on just freebsd. and the issueis sshd not
              ssh. ssh trojan and sshd trojan have different implications.