sshd warning, "POSSIBLE BREAK-IN ATTEMPT!" for failed reverse DNS

Posted by rking on Server Fault See other posts from Server Fault or by rking
Published on 2012-10-10T16:03:47Z Indexed on 2012/10/14 3:39 UTC
Read the original article Hit count: 491

Filed under:
|

Whenever I SSH somewhere I get something like this in the logs:

sshd[16734]: reverse mapping checking getaddrinfo for
    1.2.3.4.crummyisp.net [1.2.3.4] failed - POSSIBLE BREAK-IN ATTEMPT!

And it is right: if I do host 1.2.3.4 it returns 1.2.3.4.crummyisp.net, but if I do host 1.2.3.4.crummyisp.net it is not found.

I have two questions:

  1. What security threat is there? How could anyone fake a one-way DNS in some threatening way?

  2. Do I have any recourse for fixing this? I'll send my ISP a bug report, but who knows where that'll go.

© Server Fault or respective owner

Related posts about ssh

Related posts about reverse-dns