We cannot conclude that just because the source IP address of a connection doesn't have forward and reverse DNS info, that the connection is a break-in attempt. This is a content-free entry that wastes valuable visual space in the auth log: Dec 23 2013 18:51:44 localhost sshd[30321]: reverse mapping checking getaddrinfo for 222.109.250.63.static.addr.dsl4u.ca [63.250.109.222] failed - POSSIBLE BREAK-IN ATTEMPT! That was me, logging in from a smartphone, from a Wi-Fi hotspot. Never mind logging; the software should not even be performing these pointless time and bandwidth wasting lookups.