This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Re: Someone was banging on my sshd despite NAT
- From: René Berber <rberber at prodigy dot net dot mx>
- To: cygwin at cygwin dot com
- Date: Thu, 22 Sep 2005 19:14:30 -0500
- Subject: Re: Someone was banging on my sshd despite NAT
- Openpgp: url=ldap://keyserver.pgp.com
- References: <f5b3bnw3cub.fsf@erasmus.inf.ed.ac.uk>
Henry S. Thompson wrote:
> This evening I noticed my network load was sky-high even though I
> wasn't doing anything. Turns out IP address 62.65.180.243 was banging
> on port 22, causing a new sshd process every few seconds. Bizarre
> thing is that the machine in question, running cygwin on top of XP
> SP2, is on a local net which is only NATed out to the internet via my
> broadband modem and ISP.
>
> A) How could this happen at all?
> B) Anyone else heard of/seen anything like this?
A very common event.
> I'm asking on this list because as far as my tired brain can tell,
> this must be a complicated Windows+cygwin exploit. . .
There is no such exploit.
Your question is how did they get to your firewalled PC, the answer is that you
must have port forwarding enabled on your firewall and port 22 is one of the
forwarded ports. Check your modem and Windows firewall, both are allowing this
to happen... well, if you have sshd running you probably configured Windows XP
firewall to allow that connection, so you should only check your modem.
HTH
--
René Berber
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/