Re: CentOS 5 sshd does not log IP address of reverse mapping failure [solved, I guess]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Sat, Mar 9, 2013 at 11:57 AM, Tilman Schmidt
<t.schmidt@xxxxxxxxxxxxxxxxxx> wrote:
>
> Mar  3 04:44:48 gimli sshd[12870]: reverse mapping checking getaddrinfo
> for hn.ly.kd.adsl failed - POSSIBLE BREAK-IN ATTEMPT!
> Mar  3 04:44:49 gimli sshd[12871]: Received disconnect from
> 61.163.113.72: 11: Bye Bye
>
> If I set "UseDNS no" the first message disappears and only the second
> one remains.
>
> So it seems there is no way to identify password bruteforcing attempts
> on servers which don't accept password authentication in the first
> place.

Can't you pick some reasonable number of 'received disconnect'
messages to allow from a single IP?

-- 
   Les Mikesell
     lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux