Hello, Every single time run bash in a terminal, I get the following firewall alerts,
C:\cygwin\bin\bash.exe An attempt to communicate a foreign process has been detected. Target PID: 1616 Image Name: svchost.exe C:\cygwin\bin\bash.exe A potential threat to network traffic interception or injection has been detected. This is when running a script that invokes bash with the shebang. The same thing happens if I just run bash with no arguments. On every run of bash, bash tries to IPC with svchost.exe. The second alert for network traffic injection suggests that bash.exe is attempting to use svchost to make a network connection. This is common enough since svchost.exe has unfiltered network connection permission on most systems (stupid in my opinion). I have looked in all of the versions of .bashrc and .bash_profile and don't see anything there that looks relevant. I presume that bash is trying to do something like check to see if it needs to be updated. In that case, I have never understood why bash.exe needs to try to connect through another process instead of just making the connection itself. If this is something else, well, who knows. The attempted IPC is entirely unnecessary as blocking both alerts has no effect whatsoever. How should I go about trying to run this down? I can just create the rule to permanently block the IPC and network traffic injection, but I would prefer to stop the connection attempt from what is triggering it. That would allow me to see new alerts if it happens again. This is the version of bash, GNU bash, version 4.3.42(4)-release (i686-pc-cygwin) it would be very helpful as a first step if I could find a verified digital signature for this version of bash. The index here, https://ftp.gnu.org/gnu/bash/ gives an archive of bash with a signature for each tar.gz but not the signature for each version of the extracted binary. Thanks, LMH -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
