From owner-freebsd-security@freebsd.org  Wed Jul 18 20:07:30 2018
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 33AB81030A77
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Wed, 18 Jul 2018 20:07:30 +0000 (UTC)
 (envelope-from list1@gjunka.com)
Received: from msa1.earth.yoonka.com (yoonka.com [88.98.225.149])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "msa1.earth.yoonka.com",
 Issuer "msa1.earth.yoonka.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 975778A9B0
 for <freebsd-security@freebsd.org>; Wed, 18 Jul 2018 20:07:29 +0000 (UTC)
 (envelope-from list1@gjunka.com)
Received: from ultrabook.yoonka.com (x2f7fcfa.dyn.telefonica.de
 [2.247.252.250]) (authenticated bits=0)
 by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id w6IK7LN1038993
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO)
 for <freebsd-security@freebsd.org>; Wed, 18 Jul 2018 20:07:21 GMT
 (envelope-from list1@gjunka.com)
X-Authentication-Warning: msa1.earth.yoonka.com: Host
 x2f7fcfa.dyn.telefonica.de [2.247.252.250] claimed to be ultrabook.yoonka.com
To: freebsd-security@freebsd.org
From: Grzegorz Junka <list1@gjunka.com>
Subject: Possible break-in attempt?
Message-ID: <594ba84b-0691-8471-4bd4-076d0ae3da98@gjunka.com>
Date: Wed, 18 Jul 2018 20:07:15 +0000
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Language: en-GB-large
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Jul 2018 20:07:30 -0000

Sometimes I am receiving messages like this from my server:

nas.myserver.mydomain.com login failures:
Jul 17 08:35:02 nas sshd[5994]: reverse mapping checking getaddrinfo for 
162.132-254-62.static.virginmediabusiness.co.uk [62.254.132.162] failed 
- POSSIBLE BREAK-IN ATTEMPT!

On different days they are from different IPs and they would-be mapped 
to different reverse dns names. How to deal with those messages/attempts?

GrzegorzJ