Breakin attempt in the log
Olivier Nicole
on at cs.ait.ac.th
Tue Jun 13 07:20:23 UTC 2006
> Jun 9 06:34:12 designaproduct sshd[58759]: reverse mapping checking
> getaddrinfo for ev1s-67-15-10-78.ev1servers.net failed - POSSIBLE
> BREAKIN ATTEMPT!
> Is this something I need to fear of?
The short reply:
No, but that something that the ISP ev1servers.net should clear of if
they don't want to see their clients to be banned from some internet
resources like yours.
The longest and technical reply:
You have set-up ssh daemon on your machine to refuse connections that
have a missmatched DNS reverse.
When one client tries to connect to the ssh daemon on your machine,
your machine does a reverse DNS resolution, try to associate a name to
the IP address that attempt the connection. Then your machine does a
DNS resolution, it tries to associate an IP address to the name found
on the previous stage. That IP address should be the same that you see
for the client trying to connect to your ssh daemon. If not, it means
something is not normal and your ssh daemon refuses the connection.
Some ISP do not set-up properly their DNS and reverse DNS, so there
are some missmatches. Missmatches can also occur on IP blocs that have
just changed from one ISP to another, forward DNS points to thenew
values while reverse DNS are still in the cache with old values...
Anyway, problem lays with the ISP and the ISP client, not with you.
Bests,
Olivier
More information about the freebsd-questions
mailing list