Re: sshd warning---a lil' help?
From: Kevin Kinsey, DaleCo, S.P. (kdk@daleco.biz)
Date: 04/10/02
- Next message: Peter Leftwich: "Re: `pkg_info | grep -i openssh` ; echo "2.9 vs 3.0.2?" [cjc]"
- Previous message: Peter Pentchev: "Re: Verifying that a security patch has done it's thing..."
- In reply to: Peter C. Lai: "Re: sshd warning---a lil' help?"
- Next in thread: Andy Farkas: "hosts.allow and RFC931 - was: sshd warning---a lil' help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz> To: <peter.lai@uconn.edu> Date: Wed, 10 Apr 2002 01:59:24 -0500
Thanks to all 3 of you and esp. Mr. Lai......
I had always been fairly sure of 'a' ... but was hoping 'c' to also be the
case
until today when a situation arose that prompted the post. The login
attempt entry
I quoted was a successful one from a trusted machine. Made me wonder if any
of the other ones
I'd seen in the past from unknown locations/networks might have also
authenticated.
As of yet, no signs of intrusion .... but my security skills are still in
the 'growing' stage.
KDK
----- Original Message -----
From: "Peter C. Lai" <sirmoo@cowbert.2y.net>
To: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>
Cc: <security@FreeBSD.ORG>
Sent: Tuesday, April 09, 2002 5:50 PM
Subject: Re: sshd warning---a lil' help?
> a is true. the message is coming from hosts.allow, which checks for rdns
as
> a (weak) signal of spoofed packets. You can deny these connections by
> by turning on:
>
> ALL : PARANOID : RFC931 20 : deny
> # Provide some protection against clients using a forged source IP address
>
>
> b would have sshd report "password" or keypair "accepted for username".
>
> c would have shown that user being rejected
>
> consequently, we don't know from what you've given us to know
> if someone logged in successfully to sshd runing with pid 34375
> at that time :)
>
> On Tue, Apr 09, 2002 at 08:03:02AM -0500, Kevin Kinsey, DaleCo, S.P.
wrote:
> > Apr 9 07:50:00 elisha sshd[34375]: warning: /etc/hosts.allow, line 23:
> > can't verify hostname: getaddrinfo(gbrdialin, AF_INET$) Failed
> >
> > This computer ---
> >
> > a - has incorrect or NO reverse DNS ?
> > b - tried to authenticate via ssh login and succeeded?
> > c - tried to authenticate via ssh login and failed?
> > d - other
> >
> >
> > TIA, Kevin Kinsey
> >
> >
> >
> >
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
> --
> Peter C. Lai
> University of Connecticut
> Dept. of Residential Life | Programmer
> Dept. of Molecular and Cell Biology | Undergraduate Research Assistant
> http://cowbert.2y.net/
> 860.427.4542 (Room)
> 860.486.1899 (Lab)
> 203.206.3784 (Cellphone)
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Peter Leftwich: "Re: `pkg_info | grep -i openssh` ; echo "2.9 vs 3.0.2?" [cjc]"
- Previous message: Peter Pentchev: "Re: Verifying that a security patch has done it's thing..."
- In reply to: Peter C. Lai: "Re: sshd warning---a lil' help?"
- Next in thread: Andy Farkas: "hosts.allow and RFC931 - was: sshd warning---a lil' help?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
