Henry S. Thompson wrote: > This evening I noticed my network load was sky-high even though I > wasn't doing anything. Turns out IP address 62.65.180.243 was banging > on port 22, causing a new sshd process every few seconds. Bizarre > thing is that the machine in question, running cygwin on top of XP > SP2, is on a local net which is only NATed out to the internet via my > broadband modem and ISP. > > A) How could this happen at all? > B) Anyone else heard of/seen anything like this?
A very common event. > I'm asking on this list because as far as my tired brain can tell, > this must be a complicated Windows+cygwin exploit. . . There is no such exploit. Your question is how did they get to your firewalled PC, the answer is that you must have port forwarding enabled on your firewall and port 22 is one of the forwarded ports. Check your modem and Windows firewall, both are allowing this to happen... well, if you have sshd running you probably configured Windows XP firewall to allow that connection, so you should only check your modem. HTH -- René Berber -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
