Sometime you log in from the company 192.168.0.0 block and you notice
the WAN link is listed as your address compare the last digits in the
address. Sometimes they might be mapped 1:1 to each other. Regardless,
perform a "host" on your 192 address. That will return an address. Is
that address within the 192.168.0.0 network or is it within the WAN
network? What do you get when you use "host" on the dotted quad address
you get back and see what happens.
Any manner of interesting things can be going on here. One possibility
is aliased addresses. Another is an invisible proxy server.
Of course, the simple thing might be to call corporate IT and see if
they can explain what you see.
This is probably as much clue as you can get with the rather thin data
set you issued in your question.
{^_^}
----- Original Message -----
From: "Ow Mun Heng" <ow.mun.heng@xxxxxxx>
> Hi All,
>
> I use SSH for remote logins to my server(only I(1 person) have
> access). However, I tend to login from a variety of places. hence when I
do
> a "last | less" I can see either the IP address or the Hostname I was
> logging in from.
>
> The problem here is that somehow, out (company) DNS servers or something
> does not update itself in such a way that it verifies the hostname. eg : 1
> ip address can have 2 hostnames. I'm not sure why or how this is possible.
>
> And My company has an ip say 192.168.0.1 block and WAN link has 10.0.0.1
> block. In the last output, I see I have logged in from 10.0.0.1 block
when,
> clearly I have not. I'm sure it's not a big problem as in someone cracked
my
> server, but being paranoid, can I
>
> 1. Reverse DNS lookup?
> 2. Just state the IP address
> 3. Have both the IP and DNS name in the syslog?
>
> how about having more verbose levels of Logging. Changing LogLevel to
> Debug(sshd_config) doesn't give too much details.
>
> Can I buy a clue here?
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
