delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2005/09/22/19:25:48

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
Subject: Someone was banging on my sshd despite NAT
From: ht AT inf DOT ed DOT ac DOT uk (Henry S. Thompson)
Date: Fri, 23 Sep 2005 00:24:44 +0100
Message-ID: <f5b3bnw3cub.fsf@erasmus.inf.ed.ac.uk>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.17 (Jumbo Shrimp, linux)
MIME-Version: 1.0
X-IsSubscribed: yes
X-MIME-Autoconverted: from quoted-printable to 8bit by delorie.com id j8MNPg8x015389 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This evening I noticed my network load was sky-high even though I
wasn't doing anything.  Turns out IP address 62.65.180.243 was banging
on port 22, causing a new sshd process every few seconds.  Bizarre
thing is that the machine in question, running cygwin on top of XP
SP2, is on a local net which is only NATed out to the internet via my
broadband modem and ISP.

A) How could this happen at all?
B) Anyone else heard of/seen anything like this?

I'm asking on this list because as far as my tired brain can tell,
this must be a complicated Windows+cygwin exploit. . .

ht
- -- 
 Henry S. Thompson, HCRC Language Technology Group, University of Edinburgh
                     Half-time member of W3C Team
    2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440
            Fax: (44) 131 650-4587, e-mail: ht AT inf DOT ed DOT ac DOT uk
                   URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged spam]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFDMz1AkjnJixAXWBoRAmfSAJ9lJiFrAATR42r4IgMJy7m8CoqPpACfTbTK
3Lyv2lsWrf0HHleHJO/kY+Q=
=eKua
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019