Mail Archives: cygwin/2005/09/22/20:17:13

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2005/09/22/20:17:13

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

To: cygwin AT cygwin DOT com

From: =?ISO-8859-1?Q?Ren=E9_Berber?= <rberber AT prodigy DOT net DOT mx>

Subject: Re: Someone was banging on my sshd despite NAT

Date: Thu, 22 Sep 2005 19:14:30 -0500

Lines: 32

Message-ID: <dgvhd6$vlj$1@sea.gmane.org>

References: <f5b3bnw3cub DOT fsf AT erasmus DOT inf DOT ed DOT ac DOT uk>

Mime-Version: 1.0

User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

In-Reply-To: <f5b3bnw3cub.fsf@erasmus.inf.ed.ac.uk>

OpenPGP: url=ldap://keyserver.pgp.com

X-IsSubscribed: yes

Henry S. Thompson wrote:

> This evening I noticed my network load was sky-high even though I
> wasn't doing anything.  Turns out IP address 62.65.180.243 was banging
> on port 22, causing a new sshd process every few seconds.  Bizarre
> thing is that the machine in question, running cygwin on top of XP
> SP2, is on a local net which is only NATed out to the internet via my
> broadband modem and ISP.
>=20
> A) How could this happen at all?
> B) Anyone else heard of/seen anything like this?

A very common event.

> I'm asking on this list because as far as my tired brain can tell,
> this must be a complicated Windows+cygwin exploit. . .

There is no such exploit.

Your question is how did they get to your firewalled PC, the answer is that=
 you
must have port forwarding enabled on your firewall and port 22 is one of the
forwarded ports.  Check your modem and Windows firewall, both are allowing =
this
to happen... well, if you have sshd running you probably configured Windows=
 XP
firewall to allow that connection, so you should only check your modem.

HTH
--=20
Ren=E9 Berber

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
To:	cygwin AT cygwin DOT com
From:	=?ISO-8859-1?Q?Ren=E9_Berber?= <rberber AT prodigy DOT net DOT mx>
Subject:	Re: Someone was banging on my sshd despite NAT
Date:	Thu, 22 Sep 2005 19:14:30 -0500
Lines:	32
Message-ID:	<dgvhd6$vlj$1@sea.gmane.org>
References:	<f5b3bnw3cub DOT fsf AT erasmus DOT inf DOT ed DOT ac DOT uk>
Mime-Version:	1.0
User-Agent:	Mozilla Thunderbird 1.0.2 (Windows/20050317)
In-Reply-To:	<f5b3bnw3cub.fsf@erasmus.inf.ed.ac.uk>
OpenPGP:	url=ldap://keyserver.pgp.com
X-IsSubscribed:	yes