[CLUE-Tech] possible breakin attempt
Mike
lister-clue at gantsfort.com
Mon Nov 8 22:41:41 MST 2004
On Thu, Oct 28, 2004 at 09:34:57AM -0600, Mike wrote:
> Can anyone shed light on these messages in /var/log/auth.log:
>
> (all on one line but will line wrap here)
>
> Aug 30 12:46:50 mg2 sshd[10555]: reverse mapping checking getaddrinfo
> for ip-202-147-54-103.asianetcom.net failed - POSSIBLE BREAKIN ATTEMPT!
[snip]
A follow up on this topic. I changed the port number that sshd listens
on and the attempted logins on nonexistent accounts went down to zero
over the last week and a half. At first I didn't like the idea because
it seemed like security through obscurity, but it keeps the knuckleheads
from filling up my log files. And, since I'm the only one who logs into
this box (supposed to anyhow :)) it works for my setup.
Mike
More information about the clue-tech
mailing list