From: Tobias Wendorff <tobias.wendorff@tu-dortmund.de>
To: cygwin@cygwin.com
Subject: observation: masses of requests to LDAP
Date: Sun, 22 Jan 2023 15:32:27 +0100 [thread overview]
Message-ID: <ae73845c-b970-37ab-f429-65b15cf8540c@tu-dortmund.de> (raw)
Hi there,
our IT department has informed me that masses of requests are being sent
from my computer to our two LDAP servers on port 389. After a detailed
investigation, the problem could be clearly traced back to "cygwin".
Firewall logs show that about any tool, even base tools "sort" or
"less", initiates a request to port 389 on our LDAP servers.
Sorry, I am _not_ going to release "cygcheck.out" to public, since it
contains sensitive information about the domain and its groups and
memberships.
Even after reinstalling cygwin from another server, the problem still
appears. Could it be that this is part of an attack?
Best regards,
Tobias
next reply other threads:[~2023-01-22 14:32 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-22 14:32 Tobias Wendorff [this message]
2023-01-22 19:24 ` Brian Inglis
2023-01-22 19:26 ` Corinna Vinschen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ae73845c-b970-37ab-f429-65b15cf8540c@tu-dortmund.de \
--to=tobias.wendorff@tu-dortmund.de \
--cc=cygwin@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).