Date: Wed, 18 Jul 2018 22:58:35 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Grzegorz Junka <list1@gjunka.com> Cc: freebsd-security@freebsd.org Subject: Re: Possible break-in attempt? Message-ID: <4DFA0BF5-1CF0-4100-9743-E011E5097B7E@patpro.net> In-Reply-To: <fd0ab13d-0dda-fa5d-a867-533720d9f47f@gjunka.com> References: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com> <368EABCF-A10A-49E9-9473-7753F6BEAA50@patpro.net> <fd0ab13d-0dda-fa5d-a867-533720d9f47f@gjunka.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 18 juil. 2018, at 22:25, Grzegorz Junka <list1@gjunka.com> wrote:
>=20
> I am interested what security precaution FreeBSD is trying to do here. =
Is the sshd server receiving an ssh login request from an IP, that can't =
be resolved back to a domain in the reverse DNS (PTR) record for that =
IP?
this is quite usual with some ISP:
$ host 62.254.132.162
162.132.254.62.in-addr.arpa domain name pointer =
162.132-254-62.static.virginmediabusiness.co.uk.
$ host 162.132-254-62.static.virginmediabusiness.co.uk
Host 162.132-254-62.static.virginmediabusiness.co.uk not found: =
3(NXDOMAIN)
it's not a feature of FreeBSD, it's a feature of OpenSSH.=20
=46rom man sshd_config:
UseDNS Specifies whether sshd(8) should look up the remote host =
name,
and to check that the resolved host name for the remote IP
address maps back to the very same IP address.
If this option is set to =E2=80=9Cno=E2=80=9D, then only =
addresses and not host
names may be used in ~/.ssh/known_hosts from and =
sshd_config
Match Host directives. The default is =E2=80=9Cyes=E2=80=9D.=
Patrick=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4DFA0BF5-1CF0-4100-9743-E011E5097B7E>