sshd warning, "POSSIBLE BREAK-IN ATTEMPT!" for failed reverse DNS
Posted
by
rking
on Server Fault
See other posts from Server Fault
or by rking
Published on 2012-10-10T16:03:47Z
Indexed on
2012/10/14
3:39 UTC
Read the original article
Hit count: 491
ssh
|reverse-dns
Whenever I SSH somewhere I get something like this in the logs:
sshd[16734]: reverse mapping checking getaddrinfo for
1.2.3.4.crummyisp.net [1.2.3.4] failed - POSSIBLE BREAK-IN ATTEMPT!
And it is right: if I do host 1.2.3.4
it returns 1.2.3.4.crummyisp.net
,
but if I do host 1.2.3.4.crummyisp.net
it is not found.
I have two questions:
What security threat is there? How could anyone fake a one-way DNS in some threatening way?
Do I have any recourse for fixing this? I'll send my ISP a bug report, but who knows where that'll go.
© Server Fault or respective owner