reverse mapping attempts

Support for security such as Firewalls and securing linux
Post Reply
lightman47
Posts: 1522
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

reverse mapping attempts

Post by lightman47 » 2017/06/27 16:44:11

In the last week or two I have begun accumulating /var/log/secure entries like this with varying addresses:
sshd[8569]: reverse mapping checking getaddrinfo for 190-48-2-231.speedy.com.ar [190.48.2.231] failed - POSSIBLE BREAK-IN ATTEMPT!
It appears that Fail2ban is catching and banning them. This Apache/vstp/ssh server with no root access also runs denyhosts. Need I worry? - I guess the capital-letter warning raises my curiosity. I also realize that 'caught' attempts are a good thing.

Thank you.
Top
User avatar
avij
Retired Moderator
Posts: 3046
Joined: 2010/12/01 19:25:52
Location: Helsinki, Finland
Contact:
Contact avij

Re: reverse mapping attempts

Post by avij » 2017/06/27 17:04:51

Code: Select all

$ host 190.48.2.231
231.2.48.190.in-addr.arpa domain name pointer 190-48-2-231.speedy.com.ar.

$ host 190-48-2-231.speedy.com.ar
Host 190-48-2-231.speedy.com.ar not found: 3(NXDOMAIN)
Although there is a reverse DNS entry for that IP address, the returned name does not point to the same IP address. This is the reason for the warning. I don't think you should be particularly worried about those.
Top
lightman47
Posts: 1522
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: reverse mapping attempts

Post by lightman47 » 2017/06/27 17:27:29

Yeh, the bots are pounding me regularly; I just hadn't seen this particular one until recently and got 'nervous".

Thanks.
Top
Post Reply

Return to “CentOS 7 - Security Support”