Date: Wed, 10 Apr 2002 01:59:24 -0500 From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: <peter.lai@uconn.edu> Cc: <security@freebsd.org> Subject: Re: sshd warning---a lil' help? Message-ID: <004b01c1e05d$419d6920$15ec910c@daleco> References: <002301c1dfc6$e21aa440$70ec910c@daleco> <20020409185049.A17491@cowbert.2y.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks to all 3 of you and esp. Mr. Lai...... I had always been fairly sure of 'a' ... but was hoping 'c' to also be the case until today when a situation arose that prompted the post. The login attempt entry I quoted was a successful one from a trusted machine. Made me wonder if any of the other ones I'd seen in the past from unknown locations/networks might have also authenticated. As of yet, no signs of intrusion .... but my security skills are still in the 'growing' stage. KDK ----- Original Message ----- From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> Cc: <security@FreeBSD.ORG> Sent: Tuesday, April 09, 2002 5:50 PM Subject: Re: sshd warning---a lil' help? > a is true. the message is coming from hosts.allow, which checks for rdns as > a (weak) signal of spoofed packets. You can deny these connections by > by turning on: > > ALL : PARANOID : RFC931 20 : deny > # Provide some protection against clients using a forged source IP address > > > b would have sshd report "password" or keypair "accepted for username". > > c would have shown that user being rejected > > consequently, we don't know from what you've given us to know > if someone logged in successfully to sshd runing with pid 34375 > at that time :) > > On Tue, Apr 09, 2002 at 08:03:02AM -0500, Kevin Kinsey, DaleCo, S.P. wrote: > > Apr 9 07:50:00 elisha sshd[34375]: warning: /etc/hosts.allow, line 23: > > can't verify hostname: getaddrinfo(gbrdialin, AF_INET$) Failed > > > > This computer --- > > > > a - has incorrect or NO reverse DNS ? > > b - tried to authenticate via ssh login and succeeded? > > c - tried to authenticate via ssh login and failed? > > d - other > > > > > > TIA, Kevin Kinsey > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Peter C. Lai > University of Connecticut > Dept. of Residential Life | Programmer > Dept. of Molecular and Cell Biology | Undergraduate Research Assistant > http://cowbert.2y.net/ > 860.427.4542 (Room) > 860.486.1899 (Lab) > 203.206.3784 (Cellphone) > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?004b01c1e05d$419d6920$15ec910c>