Help with logs.

Support for security such as Firewalls and securing linux
Post Reply
slakjawd
Posts: 4
Joined: 2007/07/13 14:27:47

Help with logs.

Post by slakjawd » 2007/07/14 16:54:52

I keep on seeing this in my secure log. I am kind of new to Linux and I understand the failed password part but what does the "does not map back to the address" part mean?


Jul 14 07:33:17 test sshd[5458]: Failed password for invalid user adita from ::ffff:83.65.141.94 port 44516 ssh2
Jul 14 07:33:17 test sshd[5459]: Received disconnect from ::ffff:83.65.141.94: 11: Bye Bye
Jul 14 07:33:18 test sshd[5460]: Invalid user adlai from ::ffff:83.65.141.94
Jul 14 07:33:18 test sshd[5461]: input_userauth_request: invalid user adlai
Jul 14 07:33:18 test sshd[5460]: Address 83.65.141.94 maps to elderew.hiweb.at, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!

foxb
Posts: 1924
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

Help with logs.

Post by foxb » 2007/07/14 18:19:01

This is automated attack.

Just move your ssh port to other number than standard 22.

This will stop the attacks.

As for the message it has different address than dns name.

Post Reply

Return to “CentOS 4 - Security Support”