Mailing-List: contact cygwin-help AT sourceware DOT cygnus DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT sources DOT redhat DOT com Delivered-To: mailing list cygwin AT sources DOT redhat DOT com Message-ID: <3BDDD0E7.D7BE5A49@cwusa.com> Date: Mon, 29 Oct 2001 16:57:59 -0500 From: Sanjay Magoon Reply-To: sanjay DOT magoon AT cwusa DOT com Organization: Cable & Wireless X-Mailer: Mozilla 4.7 [en] (X11; I; SunOS 5.8 sun4u) X-Accept-Language: en MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: [Fwd: Problem] Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi, I am using a port scanning utility called nessus, which scans servers for vulnerabilities. While running a scan on a customer server, it provokes a bug with cygwin1.dll 1.3.2 which leaves the server disabled. I have noticed that windows server gets locked up and requires a reboot everytime we run the utility on this box that has cygwin1.dll. Have you ever encountered this problem? Please let me know. I have included the original e-mail that explains the problem further, read below. Thanks, Sanjay Please let me know if I should direct this inquiry to someone else and I will be happy to do so. One of my customers has recently been experiencing a problem on their server in which the RPC service seems to die, causing the server to respond sluggishly to the point that it must be rebooted. We noticed that each time this error was found in the event logs just before the RPC service died - "The description for Event ID (0) in Source (sshd) could not be found. It contains the following insertion string(s): sshd: Win32 Process Id = 0x17E : Cygwin Process Id = 0x17E : Bad protocol version identification 'GET / HTTP/ 1.0' from ip address." Also, on a few occasions our monitoring group noted that an error indicating that the Guest user or a Null user login attempt had failed. I asked around a bit and heard that ip address belongs to your group. I'm wondering if perhaps some scans were conducted on the server that exposed some vulnerability and caused this server's problem. This problem began occurring on 9/21/01 and occurred five times until 9/28/01. We have not seen it occur since. Is there any way for you to tell me whether or not this server was being scanned, and if so, what specifically was being scanned or checked? It would also be helpful to know when we can expect more scans, so we can try to fix the issue causing the RPC service to fail and verify that it has worked. -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/