sshd/mysql errors.

fbsd fbsd at a1poweruser.com
Thu Jul 6 13:04:46 UTC 2006 

First host73.maxim.net is an individual PC on the maxim.net domain.
You want to find the domain IP address.
nslookup maxim.net gives 192.168.48.66
or use dig maxim.net or whois maxim.net

Looks more and more like the packets are spoofed and maxim.net is as
much a victim as you are.

Adding a firewall deny rule for will 192.168.48.66 stop all traffic
from that domain.


The real question is, do you really have real remote users who ssh
into your system and or have remote users who access your mysql
system?

If not then add a firewall rule to deny the sshd & mysql port
numbers
from entering your system from the public internet.

-----Original Message-----
From: Marwan Sultan [mailto:dead_line at hotmail.com]
Sent: Wednesday, July 05, 2006 11:53 PM
To: fbsd at a1poweruser.com; freebsd-questions at freebsd.org
Subject: RE: sshd/mysql errors.



hello,

  and how to get an ip of unkown hostname, as you knowm i should add
an IP
addresses to the firewall not hostnames,

# nslookup host73.maxim.net
***  can't find host73.hostname_net: Non-existent host/domain

I found hundreds of this line to in my logs

mysqld[28598]: warning: /etc/hosts.allow, line 25: can't verify
hostname:
getaddrinfo(IP-216-185-173-58.mtntel.net, AF_INET) failed

Any advise? please.


>
>First thoughts is you are under attack and hosts.allow is
>doing it's job of denying access.
>
>Add the ip address from the warning message to your firewall
>to stop those attack packets from entering your system.
>
>Good chance attack packets are spoofed.
>
>
>
>-----Original Message-----
>From: owner-freebsd-questions at freebsd.org
>[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Marwan
>Sultan
>Sent: Tuesday, July 04, 2006 6:40 AM
>To: freebsd-questions at freebsd.org
>Subject: sshd/mysql errors.
>
>
>Hello gurus,
>
>my logs full of hundreds of these lines..i starts since few days
and
>up to
>day ..
>
>---------
>Jul  2 00:00:03 server mysqld[28598]: warning: /etc/hosts.allow,
>line 25:
>can't verify hostname: getaddrinfo(host73.hostname_net, AF_INET)
>failed
>
>Jul  2 00:00:27 server sshd[83738]: warning: /etc/hosts.allow, line
>25:
>can't verify hostname: getaddrinfo(host73.hostname_net, AF_INET)
>failed
>----------
>Where hostname_net is the former ISP name for the my server hosting
>ISP.
>but i have the same DNS and routings, the name is changed since
>almost 1
>year and few months.
>
>Also line 25 had nothing to do with this hostname its just the
first
>active
>line in my hosts.allow file
>anyhow i have replaced the line to:
>ALL : .hostname_net : allow
>
>But still same errors everyday every minute! anyadvise please?
>
>Its FreeBSD 4.8R
>
>thank you
>Marwan

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's
FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

More information about the freebsd-questions mailing list