what does this message means
Bill Moran
wmoran at collaborativefusion.com
Mon Mar 27 13:36:08 UTC 2006
On Mon, 27 Mar 2006 09:28:33 +0500 (PKT)
Imran Imtiaz <imran at darkstar.thelakecity.com.pk> wrote:
> I got the following in my daily security check logs. what does it mean?
>
> Mar 26 14:27:17 darkstar sshd[90821]: reverse mapping checking getaddrinfo for genesis-27-156-16-del.genesipr.com failed - POSSIBLE BREAKIN ATTEMPT!
I means that whoever logged in came from an address with broken DNS.
Specifically, their reverse DNS doesn't match their forward DNS.
Unfortunately, these days it's not a good indicator of how dangerous
the origin is, as a lot of people seem incapable of correctly configuring
DNS. But it is an indicator that you'll have difficulty tracking
down the source of the login.
--
Bill Moran
Collaborative Fusion Inc.
More information about the freebsd-questions
mailing list