Date: Tue, 9 Apr 2002 18:50:49 -0400 From: "Peter C. Lai" <sirmoo@cowbert.2y.net> To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> Cc: security@freebsd.org Subject: Re: sshd warning---a lil' help? Message-ID: <20020409185049.A17491@cowbert.2y.net> In-Reply-To: <002301c1dfc6$e21aa440$70ec910c@daleco>; from kdk@daleco.biz on Tue, Apr 09, 2002 at 08:03:02AM -0500 References: <002301c1dfc6$e21aa440$70ec910c@daleco>
next in thread | previous in thread | raw e-mail | index | archive | help
a is true. the message is coming from hosts.allow, which checks for rdns as a (weak) signal of spoofed packets. You can deny these connections by by turning on: ALL : PARANOID : RFC931 20 : deny # Provide some protection against clients using a forged source IP address b would have sshd report "password" or keypair "accepted for username". c would have shown that user being rejected consequently, we don't know from what you've given us to know if someone logged in successfully to sshd runing with pid 34375 at that time :) On Tue, Apr 09, 2002 at 08:03:02AM -0500, Kevin Kinsey, DaleCo, S.P. wrote: > Apr 9 07:50:00 elisha sshd[34375]: warning: /etc/hosts.allow, line 23: > can't verify hostname: getaddrinfo(gbrdialin, AF_INET$) Failed > > This computer --- > > a - has incorrect or NO reverse DNS ? > b - tried to authenticate via ssh login and succeeded? > c - tried to authenticate via ssh login and failed? > d - other > > > TIA, Kevin Kinsey > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Peter C. Lai University of Connecticut Dept. of Residential Life | Programmer Dept. of Molecular and Cell Biology | Undergraduate Research Assistant http://cowbert.2y.net/ 860.427.4542 (Room) 860.486.1899 (Lab) 203.206.3784 (Cellphone) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020409185049.A17491>