From owner-freebsd-security  Tue Apr  9 15:50:55 2002
Delivered-To: freebsd-security@freebsd.org
Received: from d188h80.mcb.uconn.edu (d188h80.mcb.uconn.edu [137.99.188.80])
	by hub.freebsd.org (Postfix) with SMTP id 74C5A37B400
	for <security@freebsd.org>; Tue,  9 Apr 2002 15:50:50 -0700 (PDT)
Received: (qmail 17518 invoked by uid 1001); 9 Apr 2002 22:50:49 -0000
Date: Tue, 9 Apr 2002 18:50:49 -0400
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>
Cc: security@freebsd.org
Subject: Re: sshd warning---a lil' help?
Message-ID: <20020409185049.A17491@cowbert.2y.net>
Reply-To: peter.lai@uconn.edu
References: <002301c1dfc6$e21aa440$70ec910c@daleco>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <002301c1dfc6$e21aa440$70ec910c@daleco>; from kdk@daleco.biz on Tue, Apr 09, 2002 at 08:03:02AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

a is true. the message is coming from hosts.allow, which checks for rdns as
a (weak) signal of spoofed packets.  You can deny these connections by
by turning on:

ALL : PARANOID : RFC931 20 : deny
# Provide some protection against clients using a forged source IP address


b would have sshd report "password" or keypair "accepted for username".

c would have shown that user being rejected

consequently, we don't know from what you've given us to know
if someone logged in successfully to sshd runing with pid 34375
at that time :)

On Tue, Apr 09, 2002 at 08:03:02AM -0500, Kevin Kinsey, DaleCo, S.P. wrote:
> Apr  9 07:50:00 elisha sshd[34375]: warning: /etc/hosts.allow, line 23:
> can't verify hostname: getaddrinfo(gbrdialin, AF_INET$) Failed
> 
> This computer ---
> 
>      a - has incorrect or NO reverse DNS ?
>      b - tried to authenticate via ssh login and succeeded?
>      c - tried to authenticate via ssh login and failed?
>      d - other
> 
> 
> TIA, Kevin Kinsey
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Peter C. Lai
University of Connecticut
Dept. of Residential Life | Programmer
Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
http://cowbert.2y.net/
860.427.4542 (Room)
860.486.1899 (Lab)
203.206.3784 (Cellphone)

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message