In sshd log, we often see lots of messages like
reverse mapping checking getaddrinfo for ... POSSIBLE BREAKIN ATTEMPT!
That may indicate someone is trying to brute force ssh break in. This thread has some good suggestion on how to combat the attack: http://www.debian-administration.org/articles/187.
Comments
Anonymous
January 3, 2011
1 year 4 weeks
Uh, NO
I don't see any date on the original entry, so it may be very old, but it could not be farther from the truth. Every time I log into my server (SSH), it does a reverse address lookup, and ALWAYS puts this entry into my logs. It always says the same thing. It just means that the server could not complete a reverse lookup. On the other hand, if you do see a LOT of these, it can also mean someone is trying to hack in, but the main point here, is it is not Always a hacker. Another website may have had your new IP in the past, and someone was not told about that older site haveing a new IP.
voyageur
January 3, 2011
1 year 4 weeks
You are very right
I will fix my wording. In fact, in servers that complains about legitimate logins as "... POSSIBLE BREAKIN ATTEMPT...", I sometimes put an entry in /etc/hosts, and tells the server what the IP is.