08 October, 2011
01 October, 2011
SSH gives out error messages like this:
Sep 28 09:50:09 s0 sshd: reverse mapping checking getaddrinfo for adsl86-34-217-144.romtelecom.net [126.96.36.199] failed - POSSIBLE BREAK-IN ATTEMPT!Why does it label it as POSSIBLE BREAK-IN ATTEMPT!? How is it more of a possible break-in attempt than a user attempting to connect more than a few times with a wrong password? This has bugged me a bit recently when helping a few people who aren't really used to linux - its shouting at them that something is SERIOUSLY WRONG!!! and when they look through their log files, they've fixated on this (as far as I can) relatively minor misconfiguration of a remote user's network.