From owner-freebsd-questions@FreeBSD.ORG Fri Mar 31 04:06:44 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E66B916A400 for ; Fri, 31 Mar 2006 04:06:44 +0000 (UTC) (envelope-from jdow@earthlink.net) Received: from elasmtp-banded.atl.sa.earthlink.net (elasmtp-banded.atl.sa.earthlink.net [209.86.89.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id ED67143D6A for ; Fri, 31 Mar 2006 04:06:41 +0000 (GMT) (envelope-from jdow@earthlink.net) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=dk20050327; d=earthlink.net; b=gc8guX2CD3tqfijOYruKP9QvikiQoqvX4E8sI3zVxjx9as7AHOqgg/pK0lxFJlMc; h=Received:Message-ID:From:To:References:Subject:Date:MIME-Version:Content-Type:Content-Transfer-Encoding:X-Priority:X-MSMail-Priority:X-Mailer:X-MimeOLE:X-ELNK-Trace:X-Originating-IP; Received: from [71.116.139.228] (helo=Wednesday) by elasmtp-banded.atl.sa.earthlink.net with asmtp (Exim 4.34) id 1FPAuH-0004Yz-1B for freebsd-questions@freebsd.org; Thu, 30 Mar 2006 23:06:41 -0500 Message-ID: <155301c65478$84e97960$0225a8c0@Wednesday> From: "jdow" To: References: <20060331034841.1387.qmail@web35812.mail.mud.yahoo.com> Date: Thu, 30 Mar 2006 20:06:41 -0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2670 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670 X-ELNK-Trace: bb89ecdb26a8f9f24d2b10475b5711206e5ed52b220b26f147c2994249bc326921d3d10cbb2a3225350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c X-Originating-IP: 71.116.139.228 Subject: Re: sshd BREAKIN ? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 04:06:45 -0000 From: "Tang Ho Yim" >I got a error messages from /var/log/auth.log which is about sshd...... > > .....sshd : reverse mapping checking getaddrinfo for core-01.148.rdcw.com failed - > POSSIBLE BREAKIN ATTEMPT ! > > all my sshd_config is default setting except I have change to "PasswordAuthentication > NO , PermitEmptyPasswords NO , and ChallengeResponseAuthentication NO" > > Is that I am being hack ? > last command show who is login before but it seem ok.... > What should I do ? Somebody is trying; and, that somebody is failing. You need something akin to "DenyHosts" (which works on tcpwrappers) or one of the other BSD compatible tools of a roughly similar sort. I'd suggest wandering through the list archive. In the last month or two we've been over this before, repeatedly. {^_^}