This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Someone was banging on my sshd despite NAT


Henry S. Thompson wrote:

> This evening I noticed my network load was sky-high even though I
> wasn't doing anything.  Turns out IP address 62.65.180.243 was banging
> on port 22, causing a new sshd process every few seconds.  Bizarre
> thing is that the machine in question, running cygwin on top of XP
> SP2, is on a local net which is only NATed out to the internet via my
> broadband modem and ISP.
> 
> A) How could this happen at all?
> B) Anyone else heard of/seen anything like this?

A very common event.

> I'm asking on this list because as far as my tired brain can tell,
> this must be a complicated Windows+cygwin exploit. . .

There is no such exploit.

Your question is how did they get to your firewalled PC, the answer is that you
must have port forwarding enabled on your firewall and port 22 is one of the
forwarded ports.  Check your modem and Windows firewall, both are allowing this
to happen... well, if you have sshd running you probably configured Windows XP
firewall to allow that connection, so you should only check your modem.

HTH
-- 
René Berber


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]