Once again my Winbox has been totally hosed by sshd. I forgot to disable it after a reboot and when I came home the machine was barely working at all.
It appears that some lamer asswipe was trying to bruteforce me, but poor fool was looking for root password. Heh… This is a windows machine, and I have no user called root so he is never going to find it :)
Unfortunately, all these requests put strain on my poor little machine to the point where it keels over and dies. My EventViewer is overflowing with sshd events, and errors. I think the sshd service forks so many children that it runs out of working memory. And if some of the login attempts hang for the 2 minute login grace period, it is likely that the system simply cannot allocate space for other services, including registry lookups and such.
Again, I don’t think I was pwn3d. My registry is intact, and I don’t see any other signs of tampering with my system. Just the consistent brute force pounding every other day. I tweeked the sshd_config to limit the grace period to 20 sec, lowered the number of max concurrent auth attempts and to drop any excessive traffic. This should help conserving the resources…
However, considering the fact that cygwin is not rock solid, I no longer feel completely safe running this service on my machine. I don’t want some silly cygwin based buffer overflow to compromise my machine. So I’m taking sshd off again for a while. I might need to find another solution to access my desktop remotely :P