Incorrect log entries?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Like everybody I have a million of those braindead brute force ssh
attacks towards my machine, so normally I don't care about this type of
errors. But to me the log entry below caught my attention.

Nov 21 18:53:31 server sshd[9798]: warning: /etc/hosts.allow, line 14:
host name/name mismatch: !=
Nov 21 18:53:32 server sshd[9798]: Address maps to, but this does not map back to the address -
Nov 21 18:53:32 server sshd[9798]: Failed password for root from port 36670 ssh2
Nov 21 18:53:32 server sshd[9799]: Failed password for root from port 36670 ssh2

On line 14 in hosts.allow there is the entry ALL: [my.private.server]

Does the log entry say that it tried to reverse lookup to find a match
against line 14 but broke down, or is this some new hack to bypass


Re: Incorrect log entries?

Quoted text here. Click to load it

You are seeing a reverse lookup failure.  Dig suggests misconfigured
DNS records:  1H IN PTR           1H IN CNAME               1H IN A

I have no idea what is now, but it refuses connections
on port 80, so probably is not a web server.  :)

John Wingate                        Mathematics is the art which teaches                one how not to make calculations.
                                                         --Oscar Chisini

Site Timeline