X-Spam-Check-By: sourceware.org
From: "Dave Korn" <dave DOT korn AT artimi DOT com>
To: <cygwin AT cygwin DOT com>
Subject: RE: Potential bug in sshd
Date: Tue, 12 Sep 2006 15:50:35 +0100
Message-ID: <02a801c6d67a$ce09c9e0$a501a8c0@CAM.ARTIMI.COM>
MIME-Version: 1.0
Content-Type: text/plain; 	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook 11
In-Reply-To: <91dd2cd50609120742v6b31dacbj56af222eaefc3c69@mail.gmail.com>
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Note-from-DJ: This may be spam

On 12 September 2006 15:43, Michael Sowka wrote:


> ! One thing I did notice as I was looking for logs to send in to the
> list is that the System Events log is that recently I've had a barrage
> of attempted break-ins via ssh (failed logins as root, admin, etc.). I
> trust that OpenSSH is pretty solid, have experienced this before, and
> don't make too much of it... but could this have melted my system?!

  Very very unlikely.  The failed logins are simple crude automated
bruteforceing worms out there; they've got a list of common passwords and a
list of common usernames and they try every combination.  If your password
isn't something fairly obvious, you'll be fine.

> Finding useful info was easy enough (/var/log/ssh), here is an
> excerpt. Speculation: this does seem to support the symptoms I'm
> having (dropped connections from "worker" threads, no response, etc.).
> I don't "read" Win32 logs but I have a hunch someone can ID this
> problem on the spot.
> 
>   4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
> - C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed
>      2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32
>     error 0 59 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 3757715 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 24253452 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487

  Did you try rebaseall yet?  These are basically the standard cygwin errors
that you get when something is causing the process memory space of a child
process to not match the layout of the parent processes address space.

> HAS MY SYSTEM BEEN COMPROMISED?!

  Not the slightest reason to belive so from anything you've described so far.
Don't panic!

  BTW, if you have a Logitech webcam, now would be a good time to disable the
associated "Logitech Process Monitor" service.  Or is there anything else by
the way of hardware/software that you've installed just recently?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/