observation: masses of requests to LDAP

public inbox for cygwin@cygwin.com
 help / color / mirror / Atom feed

From: Tobias Wendorff <tobias.wendorff@tu-dortmund.de>
To: cygwin@cygwin.com
Subject: observation: masses of requests to LDAP
Date: Sun, 22 Jan 2023 15:32:27 +0100	[thread overview]
Message-ID: <ae73845c-b970-37ab-f429-65b15cf8540c@tu-dortmund.de> (raw)

Hi there,

our IT department has informed me that masses of requests are being sent 
from my computer to our two LDAP servers on port 389. After a detailed 
investigation, the problem could be clearly traced back to "cygwin".

Firewall logs show that about any tool, even base tools "sort" or 
"less", initiates a request to port 389 on our LDAP servers.

Sorry, I am _not_ going to release "cygcheck.out" to public, since it 
contains sensitive information about the domain and its groups and 
memberships.

Even after reinstalling cygwin from another server, the problem still 
appears. Could it be that this is part of an attack?

Best regards,
Tobias

next             reply	other threads:[~2023-01-22 14:32 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-01-22 14:32 Tobias Wendorff [this message]
2023-01-22 19:24 ` Brian Inglis
2023-01-22 19:26 ` Corinna Vinschen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ae73845c-b970-37ab-f429-65b15cf8540c@tu-dortmund.de \
    --to=tobias.wendorff@tu-dortmund.de \
    --cc=cygwin@cygwin.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).