Date: Mon, 27 Mar 2006 08:36:06 -0500 From: Bill Moran <wmoran@collaborativefusion.com> To: Imran Imtiaz <imran@darkstar.thelakecity.com.pk> Cc: freebsd-questions@freebsd.org Subject: Re: what does this message means Message-ID: <20060327083606.ef3a5fcf.wmoran@collaborativefusion.com> In-Reply-To: <200603270428.k2R4SX0Q008390@darkstar.thelakecity.com.pk> References: <200603270428.k2R4SX0Q008390@darkstar.thelakecity.com.pk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 27 Mar 2006 09:28:33 +0500 (PKT) Imran Imtiaz <imran@darkstar.thelakecity.com.pk> wrote: > I got the following in my daily security check logs. what does it mean? > > Mar 26 14:27:17 darkstar sshd[90821]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT! I means that whoever logged in came from an address with broken DNS. Specifically, their reverse DNS doesn't match their forward DNS. Unfortunately, these days it's not a good indicator of how dangerous the origin is, as a lot of people seem incapable of correctly configuring DNS. But it is an indicator that you'll have difficulty tracking down the source of the login. -- Bill Moran Collaborative Fusion Inc.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060327083606.ef3a5fcf.wmoran>