From owner-freebsd-questions@FreeBSD.ORG  Mon Mar 27 13:36:07 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id EB74316A401
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Mar 2006 13:36:07 +0000 (UTC)
	(envelope-from wmoran@collaborativefusion.com)
Received: from mx00.pub.collaborativefusion.com
	(mx00.pub.collaborativefusion.com [206.210.89.199])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 706CE43D45
	for <freebsd-questions@freebsd.org>;
	Mon, 27 Mar 2006 13:36:07 +0000 (GMT)
	(envelope-from wmoran@collaborativefusion.com)
Received: from vanquish.pgh.priv.collaborativefusion.com
	(vanquish.pgh.priv.collaborativefusion.com [192.168.2.61])
	by wingspan with esmtp; Mon, 27 Mar 2006 08:36:06 -0500
	id 00056407.4427EA46.00009EEA
Date: Mon, 27 Mar 2006 08:36:06 -0500
From: Bill Moran <wmoran@collaborativefusion.com>
To: Imran Imtiaz <imran@darkstar.thelakecity.com.pk>
Message-Id: <20060327083606.ef3a5fcf.wmoran@collaborativefusion.com>
In-Reply-To: <200603270428.k2R4SX0Q008390@darkstar.thelakecity.com.pk>
References: <200603270428.k2R4SX0Q008390@darkstar.thelakecity.com.pk>
Organization: Collaborative Fusion
X-Mailer: Sylpheed version 2.2.0 (GTK+ 2.8.12; i386-portbld-freebsd6.0)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: what does this message means
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2006 13:36:08 -0000

On Mon, 27 Mar 2006 09:28:33 +0500 (PKT)
Imran Imtiaz <imran@darkstar.thelakecity.com.pk> wrote:

> I got the following in my daily security check logs. what does it mean?
> 
> Mar 26 14:27:17 darkstar sshd[90821]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT!

I means that whoever logged in came from an address with broken DNS.
Specifically, their reverse DNS doesn't match their forward DNS.

Unfortunately, these days it's not a good indicator of how dangerous
the origin is, as a lot of people seem incapable of correctly configuring
DNS.  But it is an indicator that you'll have difficulty tracking
down the source of the login.

-- 
Bill Moran
Collaborative Fusion Inc.