From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16987 invoked by alias); 11 Oct 2019 19:11:21 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 16979 invoked by uid 89); 11 Oct 2019 19:11:21 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=designer, downloads, theme, Bell X-HELO: mout.kundenserver.de Received: from mout.kundenserver.de (HELO mout.kundenserver.de) (212.227.126.135) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 11 Oct 2019 19:11:19 +0000 Received: from [192.168.178.45] ([95.91.242.246]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MLzSD-1iao9V2euX-00HuOZ for ; Fri, 11 Oct 2019 21:11:16 +0200 Subject: Re: why is mintty trying to connect to google through my browser To: cygwin@cygwin.com References: <68829061-b2ec-9b42-9f07-db00977de9a7@molconn.com> From: Thomas Wolff Message-ID: <8ec45a75-3ca7-f28c-0403-95dff5667855@towo.net> Date: Fri, 11 Oct 2019 19:11:00 -0000 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <68829061-b2ec-9b42-9f07-db00977de9a7@molconn.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-10/txt/msg00067.txt.bz2 Am 11.10.2019 um 20:33 schrieb LMH: > Hello, > > I had an odd thing happen today. I opened a cygwin terminal to do something and got a > firewall alert that mintty was attempting to inject network traffic. I did a > temporary deny because there is no reason for mintty to make a connection based on > what I was doing and I have never seen that alert before (or I would have a firewall > rule already). That alert doesn't say where the connection would be made to if the > injection was allowed. > > This temporary block seemed to break my seamonkey connection. My firewall log is full > of entries about blocked connections for seamonkey and the reason given is > "restricted parent process c:\cygwin\bin\mintty". I did not launch seamonkey using > mintty, so I have no idea why the firewall would see mintty as the parent process. > All of the seamonkey attempted connections to my email server were also blocked for > the same reason. When I closed the terminal, everything went back to normal. > > It seems like mintty tried to inject some network traffic to the seamonkey process > and for some reason, blocking this injection caused the firewall to block all traffic > from seamonkey. > > Why would mintty try to inject network traffic to another process at startup? If it > needed ot connect for some reason, why would mintty try to make that connection > through another application instead of just making the connection itself? It does neither of that. Mintty only ever accesses the network if you open the Options dialog. It occasionally looks up the current mintty version for an indication that you could update (disable with CheckVersionUpdate=0), and it downloads contents if you drag a URL onto the Theme configuration field (also planned for the Bell Wave file) or click on the "Color Scheme Designer" button. > I deleted any firewall rules for mintty and started the terminal again, but that does > not reproduce the situation at the moment. This, and the fact that your system claimed mintty to be the parent of Seamonkey, suggests that something is or was utterly broken on your system. Thomas -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple