From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 55735 invoked by alias); 11 Oct 2019 18:34:18 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 55725 invoked by uid 89); 11 Oct 2019 18:34:17 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham version=3.3.1 spammy=H*u:5.1, HX-OutGoing-Spam-Status:score, inject, H*r:192.168.10 X-HELO: se4b-iad1.servconfig.com Received: from se4b-iad1.servconfig.com (HELO se4b-iad1.servconfig.com) (23.235.198.63) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 11 Oct 2019 18:34:16 +0000 Received: from ecbiz204.inmotionhosting.com ([198.46.81.33]) by se4-iad1.servconfig.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.89) (envelope-from ) id 1iIzjx-0007rg-Ah for cygwin@cygwin.com; Fri, 11 Oct 2019 14:34:14 -0400 Received: from [73.17.103.24] (port=26661 helo=[192.168.10.27]) by ecbiz204.inmotionhosting.com with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.92) (envelope-from ) id 1iIzjt-003QHE-Lv for cygwin@cygwin.com; Fri, 11 Oct 2019 14:34:12 -0400 To: cygwin@cygwin.com From: LMH Subject: why is mintty trying to connect to google through my browser Message-ID: <68829061-b2ec-9b42-9f07-db00977de9a7@molconn.com> Date: Fri, 11 Oct 2019 18:34:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:49.0) Gecko/20100101 Firefox/49.0 SeaMonkey/2.46 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-OutGoing-Spam-Status: No, score=-1.0 X-SpamExperts-Domain: ecbiz204.inmotionhosting.com X-SpamExperts-Username: 198.46.81.33 Authentication-Results: servconfig.com; auth=pass smtp.auth=198.46.81.33@ecbiz204.inmotionhosting.com X-SpamExperts-Outgoing-Class: unsure X-SpamExperts-Outgoing-Evidence: Combined (0.38) X-Recommended-Action: accept X-Report-Abuse-To: spam@se1-lax1.servconfig.com X-IsSubscribed: yes X-SW-Source: 2019-10/txt/msg00065.txt.bz2 Hello, I had an odd thing happen today. I opened a cygwin terminal to do something and got a firewall alert that mintty was attempting to inject network traffic. I did a temporary deny because there is no reason for mintty to make a connection based on what I was doing and I have never seen that alert before (or I would have a firewall rule already). That alert doesn't say where the connection would be made to if the injection was allowed. This temporary block seemed to break my seamonkey connection. My firewall log is full of entries about blocked connections for seamonkey and the reason given is "restricted parent process c:\cygwin\bin\mintty". I did not launch seamonkey using mintty, so I have no idea why the firewall would see mintty as the parent process. All of the seamonkey attempted connections to my email server were also blocked for the same reason. When I closed the terminal, everything went back to normal. It seems like mintty tried to inject some network traffic to the seamonkey process and for some reason, blocking this injection caused the firewall to block all traffic from seamonkey. Why would mintty try to inject network traffic to another process at startup? If it needed ot connect for some reason, why would mintty try to make that connection through another application instead of just making the connection itself? I deleted any firewall rules for mintty and started the terminal again, but that does not reproduce the situation at the moment. I believe this is cygwin 2.3.1. LMH -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple