Date: Tue, 13 Jun 2006 14:20:17 +0700 (ICT) From: Olivier Nicole <on@cs.ait.ac.th> To: gandalf@messias.qhigh.com Cc: freebsd-questions@freebsd.org Subject: Re: Breakin attempt in the log Message-ID: <200606130720.k5D7KH4U022175@banyan.cs.ait.ac.th> In-Reply-To: <448E6481.2020002@messias.qhigh.com> (message from User Gandalf on Tue, 13 Jun 2006 09:08:49 %2B0200) References: <448E6481.2020002@messias.qhigh.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Jun 9 06:34:12 designaproduct sshd[58759]: reverse mapping checking > getaddrinfo for ev1s-67-15-10-78.ev1servers.net failed - POSSIBLE > BREAKIN ATTEMPT! > Is this something I need to fear of? The short reply: No, but that something that the ISP ev1servers.net should clear of if they don't want to see their clients to be banned from some internet resources like yours. The longest and technical reply: You have set-up ssh daemon on your machine to refuse connections that have a missmatched DNS reverse. When one client tries to connect to the ssh daemon on your machine, your machine does a reverse DNS resolution, try to associate a name to the IP address that attempt the connection. Then your machine does a DNS resolution, it tries to associate an IP address to the name found on the previous stage. That IP address should be the same that you see for the client trying to connect to your ssh daemon. If not, it means something is not normal and your ssh daemon refuses the connection. Some ISP do not set-up properly their DNS and reverse DNS, so there are some missmatches. Missmatches can also occur on IP blocs that have just changed from one ISP to another, forward DNS points to thenew values while reverse DNS are still in the cache with old values... Anyway, problem lays with the ISP and the ISP client, not with you. Bests, Olivier
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200606130720.k5D7KH4U022175>