Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
Subject: Someone was banging on my sshd despite NAT
From: ht AT inf DOT ed DOT ac DOT uk (Henry S. Thompson)
Date: Fri, 23 Sep 2005 00:24:44 +0100
Message-ID: <f5b3bnw3cub.fsf@erasmus.inf.ed.ac.uk>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.17 (Jumbo Shrimp, linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This evening I noticed my network load was sky-high even though I
wasn't doing anything.  Turns out IP address 62.65.180.243 was banging
on port 22, causing a new sshd process every few seconds.  Bizarre
thing is that the machine in question, running cygwin on top of XP
SP2, is on a local net which is only NATed out to the internet via my
broadband modem and ISP.

A) How could this happen at all?
B) Anyone else heard of/seen anything like this?

I'm asking on this list because as far as my tired brain can tell,
this must be a complicated Windows+cygwin exploit. . .

ht
- -- 
 Henry S. Thompson, HCRC Language Technology Group, University of Edinburgh
                     Half-time member of W3C Team
    2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440
            Fax: (44) 131 650-4587, e-mail: ht AT inf DOT ed DOT ac DOT uk
                   URL: http://www.ltg.ed.ac.uk/~ht/
[mail really from me _always_ has this .sig -- mail without it is forged spam]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFDMz1AkjnJixAXWBoRAmfSAJ9lJiFrAATR42r4IgMJy7m8CoqPpACfTbTK
3Lyv2lsWrf0HHleHJO/kY+Q=
=eKua
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/