Re: POSSIBLE BREAKIN ATTEMPT in syslog

From: John Wingate (johnww_at_worldpath.net)
Date: 10/25/04

• Next message: Hans Unterberger: "Re: POSSIBLE BREAKIN ATTEMPT in syslog"
• Previous message: dennis: "agent forwarding hop limit"
• In reply to: Justin Finkelstein: "POSSIBLE BREAKIN ATTEMPT in syslog"
• Next in thread: Hans Unterberger: "Re: POSSIBLE BREAKIN ATTEMPT in syslog"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 25 Oct 2004 16:02:09 -0000

Justin Finkelstein <justin@redwiredesign.com> wrote:
> I get daily LogWatch messages from my servers and one of them came up with a
> shedload of messages as follows:
>
> reverse mapping checking getaddrinfo for db2.tallion.com failed - POSSIBLE
> BREAKIN ATTEMPT!

Is db2.tallion.com a host from which you would normally expect
connections?

> Any suggestions as to what else I can do to lock this down and [if possible]
> not have to see/worry about these messages?

If you put "VerifyReverseMapping no" in your sshd configuration file,
you won't see these messages. Having VerifyReverseMapping turned on
is of dubious value anyway.

The default is supposed to be "no", but Apple turns it on for the
version of OpenSSH it supplies for Mac OS X (OpenSSH_3.6.1p1+CAN-2004-0175).
The reverse mapping check in that version is broken, though: we were
seeing these messages on my employer's hosts for *all* IP addresses
resolvable to host names, even when the check should clearly have
succeeded. Since it was providing no useful information other than
that the address was resolvable, we turned it off.

-- 
John Wingate                        Mathematics is the art which teaches
johnww@worldpath.net                one how not to make calculations.
                                                         --Oscar Chisini

• Next message: Hans Unterberger: "Re: POSSIBLE BREAKIN ATTEMPT in syslog"
• Previous message: dennis: "agent forwarding hop limit"
• In reply to: Justin Finkelstein: "POSSIBLE BREAKIN ATTEMPT in syslog"
• Next in thread: Hans Unterberger: "Re: POSSIBLE BREAKIN ATTEMPT in syslog"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages There are currently no logon servers available ... I recently added several Windows 2003 servers to my 2000AD. ... joined the domain fine and I can add domain users to resource ACL's however ... it will not resolve however pinging by only the host portion of the name it ... The redir is bound to 1 NetBt transport. ... (microsoft.public.windows.server.active_directory) Re: Mail not getting thru the domain ... I wonder why Justin would have to host his own DNS servers? ... > unless that website posts replies back to the original Microsoft forum. ... (microsoft.public.windows.server.dns) Re: IPTables rules and hosts that use DHCP ... authentication requests with all sorts of passwords and/or usernames. ... fine until the host I am interested in changes its IP address. ... my sister and I act as backup servers for each ... Do you HAVE to have your SSH server on port 22, ... (comp.os.linux.misc) Re: BizTalk server Topology & scalibilty ... ard bound to a host, and orchestrations can be bound to a host. ... > within the BizTalk engine across multiple engines on different servers. ... >> this configuration) servers running SQL in cluster. ... (microsoft.public.biztalk.server) Re: 2003 Server vs. Linux ... is, of course, cheaper to host because the entrance prices for the systems ... Most hosting providers' servers run - IIRC - Free BSD or some ... Linux would undoubtedly be cheaper at first. ... (microsoft.public.windows.server.general)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint