[CLUE-Tech] possible breakin attempt
Carl Schelin
co_bofh at yahoo.com
Thu Oct 28 13:13:20 MDT 2004
Any other information in the logs? A quick google of
the "reverse mapping checking getaddrinfo" phrase
found some 208 pages from July. Not much info on a
specific hack. They all seem to be attempting to log
in as test or user with some default password.
My ssh only listens to an internal interface so I
don't have any of these in my logs.
Carl
--- Mike <lister-clue at gantsfort.com> wrote:
> Can anyone shed light on these messages in
> /var/log/auth.log:
>
> (all on one line but will line wrap here)
>
> Aug 30 12:46:50 mg2 sshd[10555]: reverse mapping
> checking getaddrinfo
> for ip-202-147-54-103.asianetcom.net failed -
> POSSIBLE BREAKIN ATTEMPT!
>
> There were 9 such messages on Aug 30th and 107 on
> Oct 9th.
>
> What are they trying to exploit?
>
> ckrootkit and rkhunter found nothing. What else I
> should check?
>
> Thanks,
>
> Mike
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
More information about the clue-tech
mailing list