Mail Archives: cygwin/2019/10/11/14:35:09

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2019/10/11/14:35:09

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:message-id:date:mime-version

:content-type:content-transfer-encoding; q=dns; s=default; b=fuG

0uUpPBxf+HTpn0Rikl5/Wg86zUqef0bzH8JqJ3Xg4KyxcWCExpUwARFmQGTG/jF9

oWNX5Bz42Qu+yjnJYaB+lx0teKz9X5uh+OBLKjl7ObJyGY5WwXRbQrBIDoTMnGDB

qVg6IO5Oq5aDf15IOldS6RenXYf4ueWeDLaatDiE=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:message-id:date:mime-version

:content-type:content-transfer-encoding; s=default; bh=DTUG4zTmI

SszRqPqJjXYPCzHqVc=; b=QAjwq2edymrqYVA/qjzVINK9NU26zfHplq6Fbnb4D

nP0KTMUswqfMd2eXdzMza1W/PmtB60qwpcV4PpC+CX817S7rKI7RkxX+SJEcQ0aS

EWe7q1prZqaxz2wZHC8+Pta7LoccJD+h8Cdkq9hVuQ11w7CNhUh7J0VAyuK4oouO

RU=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 spammy=H*u:5.1, HX-OutGoing-Spam-Status:score, inject, H*r:192.168.10

X-HELO: se4b-iad1.servconfig.com

To: cygwin AT cygwin DOT com

From: LMH <lmh_users-groups AT molconn DOT com>

Subject: why is mintty trying to connect to google through my browser

Message-ID: <68829061-b2ec-9b42-9f07-db00977de9a7@molconn.com>

Date: Fri, 11 Oct 2019 14:33:43 -0400

User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46

MIME-Version: 1.0

X-OutGoing-Spam-Status: No, score=-1.0

X-SpamExperts-Domain: ecbiz204.inmotionhosting.com

X-SpamExperts-Username: 198.46.81.33

Authentication-Results: servconfig.com; auth=pass smtp.auth=198 DOT 46 DOT 81 DOT 33 AT ecbiz204 DOT inmotionhosting DOT com

X-SpamExperts-Outgoing-Class: unsure

X-SpamExperts-Outgoing-Evidence: Combined (0.38)

X-Recommended-Action: accept

X-Report-Abuse-To: spam AT se1-lax1 DOT servconfig DOT com

X-IsSubscribed: yes

Hello,

I had an odd thing happen today. I opened a cygwin terminal to do something and got a
firewall alert that mintty was attempting to inject network traffic. I did a
temporary deny because there is no reason for mintty to make a connection based on
what I was doing and I have never seen that alert before (or I would have a firewall
rule already). That alert doesn't say where the connection would be made to if the
injection was allowed.

This temporary block seemed to break my seamonkey connection. My firewall log is full
of entries about blocked connections for seamonkey and the reason given is
"restricted parent process c:\cygwin\bin\mintty". I did not launch seamonkey using
mintty, so I have no idea why the firewall would see mintty as the parent process.
All of the seamonkey attempted connections to my email server were also blocked for
the same reason. When I closed the terminal, everything  went back to normal.

It seems like mintty tried to inject some network traffic to the seamonkey process
and for some reason, blocking this injection caused the firewall to block all traffic
from seamonkey.

Why would mintty try to inject network traffic to another process at startup? If it
needed ot connect for some reason, why would mintty try to make that connection
through another application instead of just making the connection itself?

I deleted any firewall rules for mintty and started the terminal again, but that does
not reproduce the situation at the moment.

I believe this is cygwin 2.3.1.

LMH

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:message-id:date:mime-version
	:content-type:content-transfer-encoding; q=dns; s=default; b=fuG
	0uUpPBxf+HTpn0Rikl5/Wg86zUqef0bzH8JqJ3Xg4KyxcWCExpUwARFmQGTG/jF9
	oWNX5Bz42Qu+yjnJYaB+lx0teKz9X5uh+OBLKjl7ObJyGY5WwXRbQrBIDoTMnGDB
	qVg6IO5Oq5aDf15IOldS6RenXYf4ueWeDLaatDiE=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:message-id:date:mime-version
	:content-type:content-transfer-encoding; s=default; bh=DTUG4zTmI
	SszRqPqJjXYPCzHqVc=; b=QAjwq2edymrqYVA/qjzVINK9NU26zfHplq6Fbnb4D
	nP0KTMUswqfMd2eXdzMza1W/PmtB60qwpcV4PpC+CX817S7rKI7RkxX+SJEcQ0aS
	EWe7q1prZqaxz2wZHC8+Pta7LoccJD+h8Cdkq9hVuQ11w7CNhUh7J0VAyuK4oouO
	RU=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Spam-SWARE-Status:	No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 spammy=Hu:5.1, HX-OutGoing-Spam-Status:score, inject, Hr:192.168.10
X-HELO:	se4b-iad1.servconfig.com
To:	cygwin AT cygwin DOT com
From:	LMH <lmh_users-groups AT molconn DOT com>
Subject:	why is mintty trying to connect to google through my browser
Message-ID:	<68829061-b2ec-9b42-9f07-db00977de9a7@molconn.com>
Date:	Fri, 11 Oct 2019 14:33:43 -0400
User-Agent:	Mozilla/5.0 (Windows NT 5.1; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46
MIME-Version:	1.0
X-OutGoing-Spam-Status:	No, score=-1.0
X-SpamExperts-Domain:	ecbiz204.inmotionhosting.com
X-SpamExperts-Username:	198.46.81.33
Authentication-Results:	servconfig.com; auth=pass smtp.auth=198 DOT 46 DOT 81 DOT 33 AT ecbiz204 DOT inmotionhosting DOT com
X-SpamExperts-Outgoing-Class:	unsure
X-SpamExperts-Outgoing-Evidence:	Combined (0.38)
X-Recommended-Action:	accept
X-Report-Abuse-To:	spam AT se1-lax1 DOT servconfig DOT com
X-IsSubscribed:	yes