On 12 September 2006 15:43, Michael Sowka wrote:
> ! One thing I did notice as I was looking for logs to send in to the
> list is that the System Events log is that recently I've had a barrage
> of attempted break-ins via ssh (failed logins as root, admin, etc.). I
> trust that OpenSSH is pretty solid, have experienced this before, and
> don't make too much of it... but could this have melted my system?!
Very very unlikely. The failed logins are simple crude automated
bruteforceing worms out there; they've got a list of common passwords and a
list of common usernames and they try every combination. If your password
isn't something fairly obvious, you'll be fine.
> Finding useful info was easy enough (/var/log/ssh), here is an
> excerpt. Speculation: this does seem to support the symptoms I'm
> having (dropped connections from "worker" threads, no response, etc.).
> I don't "read" Win32 logs but I have a hunch someone can ID this
> problem on the spot.
>
> 4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
> - C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed
> 2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32
> error 0 59 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 3757715 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 24253452 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
Did you try rebaseall yet? These are basically the standard cygwin errors
that you get when something is causing the process memory space of a child
process to not match the layout of the parent processes address space.
> HAS MY SYSTEM BEEN COMPROMISED?!
Not the slightest reason to belive so from anything you've described so far.
Don't panic!
BTW, if you have a Logitech webcam, now would be a good time to disable the
associated "Logitech Process Monitor" service. Or is there anything else by
the way of hardware/software that you've installed just recently?
cheers,
DaveK
--
Can't think of a witty .sigline today....
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
