From owner-freebsd-questions@FreeBSD.ORG Thu Jul 6 13:04:45 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFC0216A4DD for ; Thu, 6 Jul 2006 13:04:45 +0000 (UTC) (envelope-from fbsd@a1poweruser.com) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6150843D46 for ; Thu, 6 Jul 2006 13:04:45 +0000 (GMT) (envelope-from fbsd@a1poweruser.com) Received: from barbish ([70.39.69.56]) by mta10.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20060706130444.FEHO10784.mta10.adelphia.net@barbish>; Thu, 6 Jul 2006 09:04:44 -0400 From: "fbsd" To: "Marwan Sultan" , Date: Thu, 6 Jul 2006 09:04:39 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Importance: Normal Cc: Subject: RE: sshd/mysql errors. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Jul 2006 13:04:46 -0000 First host73.maxim.net is an individual PC on the maxim.net domain. You want to find the domain IP address. nslookup maxim.net gives 192.168.48.66 or use dig maxim.net or whois maxim.net Looks more and more like the packets are spoofed and maxim.net is as much a victim as you are. Adding a firewall deny rule for will 192.168.48.66 stop all traffic from that domain. The real question is, do you really have real remote users who ssh into your system and or have remote users who access your mysql system? If not then add a firewall rule to deny the sshd & mysql port numbers from entering your system from the public internet. -----Original Message----- From: Marwan Sultan [mailto:dead_line@hotmail.com] Sent: Wednesday, July 05, 2006 11:53 PM To: fbsd@a1poweruser.com; freebsd-questions@freebsd.org Subject: RE: sshd/mysql errors. hello, and how to get an ip of unkown hostname, as you knowm i should add an IP addresses to the firewall not hostnames, # nslookup host73.maxim.net *** can't find host73.hostname_net: Non-existent host/domain I found hundreds of this line to in my logs mysqld[28598]: warning: /etc/hosts.allow, line 25: can't verify hostname: getaddrinfo(IP-216-185-173-58.mtntel.net, AF_INET) failed Any advise? please. > >First thoughts is you are under attack and hosts.allow is >doing it's job of denying access. > >Add the ip address from the warning message to your firewall >to stop those attack packets from entering your system. > >Good chance attack packets are spoofed. > > > >-----Original Message----- >From: owner-freebsd-questions@freebsd.org >[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Marwan >Sultan >Sent: Tuesday, July 04, 2006 6:40 AM >To: freebsd-questions@freebsd.org >Subject: sshd/mysql errors. > > >Hello gurus, > >my logs full of hundreds of these lines..i starts since few days and >up to >day .. > >--------- >Jul 2 00:00:03 server mysqld[28598]: warning: /etc/hosts.allow, >line 25: >can't verify hostname: getaddrinfo(host73.hostname_net, AF_INET) >failed > >Jul 2 00:00:27 server sshd[83738]: warning: /etc/hosts.allow, line >25: >can't verify hostname: getaddrinfo(host73.hostname_net, AF_INET) >failed >---------- >Where hostname_net is the former ISP name for the my server hosting >ISP. >but i have the same DNS and routings, the name is changed since >almost 1 >year and few months. > >Also line 25 had nothing to do with this hostname its just the first >active >line in my hosts.allow file >anyhow i have replaced the line to: >ALL : .hostname_net : allow > >But still same errors everyday every minute! anyadvise please? > >Its FreeBSD 4.8R > >thank you >Marwan _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/