From owner-freebsd-questions@FreeBSD.ORG Wed Oct 19 06:20:15 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D19A16A41F for ; Wed, 19 Oct 2005 06:20:15 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (relay1.kaspersky-labs.com [212.5.80.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 84B4F43D45 for ; Wed, 19 Oct 2005 06:20:13 +0000 (GMT) (envelope-from dawnshade@mail.ru) Received: from relay1.kaspersky-labs.com (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id 3835D17196 for ; Wed, 19 Oct 2005 10:00:31 +0400 (MSD) Received: from antispam.localhost (localhost [127.0.0.1]) by relay1.kaspersky-labs.com (ESMTP) with SMTP id EE61517195 for ; Wed, 19 Oct 2005 10:00:30 +0400 (MSD) Received: by relay1.kaspersky-labs.com (ESMTP, from userid 230) id E6BF11718B; Wed, 19 Oct 2005 10:00:30 +0400 (MSD) Received: from avp_server3.avp.ru (mx.avp.ru [212.5.80.12]) by relay1.kaspersky-labs.com (ESMTP) with ESMTP id CC6BD1719A for ; Wed, 19 Oct 2005 10:00:30 +0400 (MSD) Received: from moscow2.avp.ru ([10.64.0.4]) by avp_server3.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 19 Oct 2005 10:00:31 +0400 Received: from moscow.avp.ru ([10.64.0.3]) by moscow2.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 19 Oct 2005 10:00:30 +0400 Received: from [172.16.128.10] ([172.16.128.10]) by moscow.avp.ru with Microsoft SMTPSVC(6.0.3790.1830); Wed, 19 Oct 2005 10:00:30 +0400 From: dawnshade To: freebsd-questions@freebsd.org Date: Wed, 19 Oct 2005 10:00:13 +0400 User-Agent: KMail/1.8.2 References: <20051018171938.GB2305@zeus.itg.uiuc.edu> In-Reply-To: <20051018171938.GB2305@zeus.itg.uiuc.edu> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200510191000.13507.dawnshade@mail.ru> X-OriginalArrivalTime: 19 Oct 2005 06:00:30.0503 (UTC) FILETIME=[69209370:01C5D472] X-SpamTest-Version: SMTP-Filter Version 2.0.0 [0125], KAS/Release X-Spamtest-Info: Pass through X-Anti-Virus: Kaspersky Anti-Virus for MailServers 5.5.2/RELEASE, bases: 19102005 #145596, status: clean Subject: Re: possible breakin attempt? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Oct 2005 06:20:15 -0000 On Tuesday 18 October 2005 21:19, Anthony Philipp wrote: > Hello, > > In my daily emails from my box I noticed this: > > Oct 17 16:13:03 lupin sshd[51861]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:05 > lupin sshd[51863]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:08 > lupin sshd[51865]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:21 > lupin sshd[51869]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:21 > lupin sshd[51867]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:30 > lupin sshd[51873]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:32 > lupin sshd[51875]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:34 > lupin sshd[51871]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:37 > lupin sshd[51877]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:37 > lupin sshd[51879]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:40 > lupin sshd[51881]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:43 > lupin sshd[51883]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:55 > lupin sshd[51885]: reverse mapping checking getaddrinfo for > 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! > > I was just wondering exactly how dangerous this is, and what I can > do about it. > > Thanks for any additional help! just connections to sshd from ip which have reverse name, but not have A record in DNS provider. Usually for DSL, dialup hosts. see man ssd_config for directive UseDNS or just block tcp/22 from not trusted hosts.