sshd warning, "POSSIBLE BREAK-IN ATTEMPT!" for failed reverse DNS

Posted by rking on Server Fault See other posts from Server Fault or by rking
Published on 2012-10-10T16:03:47Z Indexed on 2012/10/14 3:39 UTC
Read the original article Hit count: 486

Filed under:

ssh

|

reverse-dns

Whenever I SSH somewhere I get something like this in the logs:

sshd[16734]: reverse mapping checking getaddrinfo for
    1.2.3.4.crummyisp.net [1.2.3.4] failed - POSSIBLE BREAK-IN ATTEMPT!

And it is right: if I do host 1.2.3.4 it returns 1.2.3.4.crummyisp.net, but if I do host 1.2.3.4.crummyisp.net it is not found.

I have two questions:

What security threat is there? How could anyone fake a one-way DNS in some threatening way?
Do I have any recourse for fixing this? I'll send my ISP a bug report, but who knows where that'll go.

© Server Fault or respective owner

Related posts about ssh

Problem with hadoop start-dfs.sh

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I installed and configured hadoop on my Ubuntu 14.04 server, virtualized inside of hyper-v, however I am getting an issue when i run start-dfs.sh root@sUbuntu01:/var/log# start-dfs.sh 14/06/04 15:27:08 WARN util.NativeCodeLoader: Unable to load native-hadoop library for your platform... using builtin-java… >>> More
SSH problems (ssh_exchange_identification: read: Connection reset by peer)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I was running 11.10 and decided to do the full upgrade and come up to 12.04 after the update SSH (not SSHD) is now misbehaving when attempting to connect to other OpenSSH instances. I say OpenSSH as I am running a DropBear sshd on my router and I am able to connect to it. When attempting to connect… >>> More
SSH main process ended

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running ubuntu server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
SSH server not working (respawns until stopped)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have a running Ubuntu Server 10.04.1. When I tried to login to the server via ssh, I could not. Instead, I got connection refused error. I tried to ping the machine and I got reply! So, the clear reason is that SSH daemon is stopped. After reboot, I was able to login to my server via ssh. After… >>> More
Cannot SSH after resetting firewall on VPS

as seen on Server Fault - Search for 'Server Fault'
I'm having trouble trying to SSH to my Debian 5 VPS with blacknight. It was working fine until I did the following: Logged into 'Parallels Infrastructure Manager' - Container - Firewall - Set to 'Normal Firewall settings'. It told me there was an error with the IPTables and offered the option again… >>> More

Related posts about reverse-dns

Reverse DNS does not match SMTP banner vs Reverse DNS mismatch

as seen on Server Fault - Search for 'Server Fault'
I have to make decision whether my Reverse DNS should match SMTP banner but Reverse DNS to DNS and vice versa stays different or vice versa. Which one to choose? I have an 2x Exchange 2010 server with one SMTP Sender with TMG 2010. TMG has 2 links connected so that we have 2 separate internet providers… >>> More
What is reverse DNS?

as seen on Server Fault - Search for 'Server Fault'
*.in-addr.arpa domains: lot of requests in my OpenDNS account. I know this should be normal and it's about reverse DNS. I've been reading here and there but still I can't really get how it works and why I get so much requests (higher number than www.google.com). I'd just need someone that, like Einstein… >>> More
Reverse DNS Lookup from the Command Line

as seen on Server Fault - Search for 'Server Fault'
I'd like to get a list of all domains pointed to a certain IP address. Is there a way to get this information from the command line? Nothing like "host", "nslookup" or "dig -x". Those return the hostname of the IP address which, while helpful, is only part of what I want returned. >>> More
How long does a reverse DNS lookup take?

as seen on Stack Overflow - Search for 'Stack Overflow'
How long should I expect a reverse lookup take? 100 milliseconds? 1 second? 10 second? 30 seconds? What's your experience? Why? We're debating adding a feature to our server software which would require a reverse DNS lookup each time a client connects. The lookup would be done synchronously… >>> More
Creating reverse DNS entries which resolve [closed]

as seen on Server Fault - Search for 'Server Fault'
Possible Duplicate: Reverse DNS - how to correctly configure for SMTP delivery I ran a DNS check and ended up with the following error: FAIL: Found reverse DNS entries which don't resolves IP-IP-IP-IP.HOST.DOMAIN.TLD ? ??? All IP's reverse DNS entries should resolve back to IP address (MX… >>> More