From owner-freebsd-questions@FreeBSD.ORG Tue Jun 13 07:20:23 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BEBF516A418 for ; Tue, 13 Jun 2006 07:20:23 +0000 (UTC) (envelope-from on@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) by mx1.FreeBSD.org (Postfix) with ESMTP id B42E943D49 for ; Tue, 13 Jun 2006 07:20:22 +0000 (GMT) (envelope-from on@cs.ait.ac.th) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) by mail.cs.ait.ac.th (8.13.1/8.12.11) with ESMTP id k5D7KIAa020089 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 13 Jun 2006 14:20:18 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.13.3/8.12.11) id k5D7KH4U022175; Tue, 13 Jun 2006 14:20:17 +0700 (ICT) Date: Tue, 13 Jun 2006 14:20:17 +0700 (ICT) Message-Id: <200606130720.k5D7KH4U022175@banyan.cs.ait.ac.th> From: Olivier Nicole To: gandalf@messias.qhigh.com In-reply-to: <448E6481.2020002@messias.qhigh.com> (message from User Gandalf on Tue, 13 Jun 2006 09:08:49 +0200) References: <448E6481.2020002@messias.qhigh.com> X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/) Cc: freebsd-questions@freebsd.org Subject: Re: Breakin attempt in the log X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Jun 2006 07:20:23 -0000 > Jun 9 06:34:12 designaproduct sshd[58759]: reverse mapping checking > getaddrinfo for ev1s-67-15-10-78.ev1servers.net failed - POSSIBLE > BREAKIN ATTEMPT! > Is this something I need to fear of? The short reply: No, but that something that the ISP ev1servers.net should clear of if they don't want to see their clients to be banned from some internet resources like yours. The longest and technical reply: You have set-up ssh daemon on your machine to refuse connections that have a missmatched DNS reverse. When one client tries to connect to the ssh daemon on your machine, your machine does a reverse DNS resolution, try to associate a name to the IP address that attempt the connection. Then your machine does a DNS resolution, it tries to associate an IP address to the name found on the previous stage. That IP address should be the same that you see for the client trying to connect to your ssh daemon. If not, it means something is not normal and your ssh daemon refuses the connection. Some ISP do not set-up properly their DNS and reverse DNS, so there are some missmatches. Missmatches can also occur on IP blocs that have just changed from one ISP to another, forward DNS points to thenew values while reverse DNS are still in the cache with old values... Anyway, problem lays with the ISP and the ISP client, not with you. Bests, Olivier