X-Recipient: archive-cygwin@delorie.com X-SWARE-Spam-Status: No, hits=4.9 required=5.0 tests=AWL,BAYES_50,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,RFC_ABUSE_POST,T_RP_MATCHES_RCVD,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: sourceware.org Message-ID: <11457.95026.qm@web35305.mail.mud.yahoo.com> Date: Wed, 15 Jun 2011 06:09:19 -0700 (PDT) From: steve Subject: Cygwin ssh vs NIPS To: cygwin@cygwin.com MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Delivered-To: mailing list cygwin@cygwin.com I have been using Cygwin for several years to remotely manage my servers via ssh. In the last month our SiteProtector start killing my ssh connections. It is flagging it as a DOS. The specific NIPS rule is "ssh_ChallengeResponse_BO". "This signature looks at 32768 bytes of SSH connection traffic beginning 1024 bytes after the software version information has been exchanged. The signature fires when if finds 48 consecutive characters of ASCII data. The number of bytes is examine (pan.ssh.search.charcount) and the number of consecutive ASCII bytes to trigger the signature (pan.ssh.search.threshold) are user configurable." Anyone have any suggestions. This is driving me F'n crazy...had to start to use Putty....scp with Putty sux. Any help is appreciated! Thanks Paj -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple