[q3k]

I don't see a spec (and the code is not obvious at first glance), but isn't this susceptible to a replay attack for 60s if the initial UDP packet is sniffed?

From what I can tell, the packet is {32 bytes of MAC}:{timestamp}, and MAC = HMACSHA256(timestamp + secret_key), and the 'used' timestamp-nonces are not stored anywhere. This means that this packet is reusable by any host, even one knocking from another IP (eg. an attacker on your LAN or on the public Internet).

EDIT: Ah, no, the response is encrypted with a symmetric cipher (MOSH_MALLET_CCRYPT_KEY). So that particular attack won't work. Leaving this post in case someone also makes a similar assumption to this when reading the code.