Site Navigation

Date:      Wed, 19 Oct 2005 10:00:13 +0400
From:      dawnshade <dawnshade@mail.ru>
To:        freebsd-questions@freebsd.org
Subject:   Re: possible breakin attempt?
Message-ID:  <200510191000.13507.dawnshade@mail.ru>
In-Reply-To: <20051018171938.GB2305@zeus.itg.uiuc.edu>
References:  <20051018171938.GB2305@zeus.itg.uiuc.edu>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

On Tuesday 18 October 2005 21:19, Anthony Philipp wrote:
> Hello,
>
> In my daily emails from my box I noticed this:
>
> Oct 17 16:13:03 lupin sshd[51861]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:05
> lupin sshd[51863]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:08
> lupin sshd[51865]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:21
> lupin sshd[51869]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:21
> lupin sshd[51867]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:30
> lupin sshd[51873]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:32
> lupin sshd[51875]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:34
> lupin sshd[51871]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:37
> lupin sshd[51877]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:37
> lupin sshd[51879]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:40
> lupin sshd[51881]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:43
> lupin sshd[51883]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:55
> lupin sshd[51885]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT!
>
> I was just wondering exactly how dangerous this is, and what I can
> do about it.
>
> Thanks for any additional help!


just connections to sshd from ip which have reverse name, but not have A 
record in DNS provider.
Usually for DSL, dialup hosts.
see man ssd_config for directive UseDNS or just block tcp/22 from not trusted 
hosts.

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510191000.13507.dawnshade>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact