possible breakin attempt?

dawnshade dawnshade at mail.ru
Tue Oct 18 23:20:15 PDT 2005 

On Tuesday 18 October 2005 21:19, Anthony Philipp wrote:
> Hello,
>
> In my daily emails from my box I noticed this:
>
> Oct 17 16:13:03 lupin sshd[51861]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:05
> lupin sshd[51863]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:08
> lupin sshd[51865]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:21
> lupin sshd[51869]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:21
> lupin sshd[51867]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:30
> lupin sshd[51873]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:32
> lupin sshd[51875]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:34
> lupin sshd[51871]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:37
> lupin sshd[51877]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:37
> lupin sshd[51879]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:40
> lupin sshd[51881]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:43
> lupin sshd[51883]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT! Oct 17 16:13:55
> lupin sshd[51885]: reverse mapping checking getaddrinfo for
> 211-234-119-139.kidc.net failed - POSSIBLE BREAKIN ATTEMPT!
>
> I was just wondering exactly how dangerous this is, and what I can
> do about it.
>
> Thanks for any additional help!


just connections to sshd from ip which have reverse name, but not have A 
record in DNS provider.
Usually for DSL, dialup hosts.
see man ssd_config for directive UseDNS or just block tcp/22 from not trusted 
hosts.

More information about the freebsd-questions mailing list