Am 10.03.2013 03:01, schrieb Les Mikesell:
> On Sat, Mar 9, 2013 at 11:57 AM, Tilman Schmidt
> wrote:
>>
>> Mar 3 04:44:48 gimli sshd[12870]: reverse mapping checking getaddrinfo
>> for hn.ly.kd.adsl failed - POSSIBLE BREAK-IN ATTEMPT!
>> Mar 3 04:44:49 gimli sshd[12871]: Received disconnect fro
On 03/09/2013 09:57 AM, Tilman Schmidt wrote:
> So it seems there is no way to identify password bruteforcing attempts
> on servers which don't accept password authentication in the first
> place.
Yes... you can't detect what you don't receive. If you want to block
hosts that are scanning for vu
On Sat, Mar 9, 2013 at 11:57 AM, Tilman Schmidt
wrote:
>
> Mar 3 04:44:48 gimli sshd[12870]: reverse mapping checking getaddrinfo
> for hn.ly.kd.adsl failed - POSSIBLE BREAK-IN ATTEMPT!
> Mar 3 04:44:49 gimli sshd[12871]: Received disconnect from
> 61.163.113.72: 11: Bye Bye
>
> If I set "UseDNS
Am 08.03.2013 20:51, schrieb Gordon Messmer:
> # tail -f /var/log/secure
> Mar 8 11:46:54 firewall sshd[27455]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=173-xx-xx-xx-washington.hfc.comcastbusiness.net user=root
> Mar 8 11:46:56 firewall sshd[2
On 03/07/2013 08:45 AM, Tilman Schmidt wrote:
>> >As long as you get the IP address for failed logins, ignore reverse
>> >mapping failures.
> Trouble is, I don't:
Are you watching the messages or secure log?
# cat /etc/redhat-release
CentOS release 5.8 (Final)
# tail -f /var/log/secure
Mar 8 11:
Am 08.03.2013 17:40, schrieb Reindl Harald:
> but you can not tell me that such attempts would not be logged
> maybe you have fucked your syslog-configuration or whatever
Tsk, tsk. Language!
> Mar 8 17:35:13 openvas sshd[10017]: Invalid user donotexist from 10.0.0.241
> Mar 8 17:35:13 openvas s
Am 08.03.2013 15:50, schrieb Reindl Harald:
> Am 08.03.2013 15:01, schrieb Tilman Schmidt:
>> Am 07.03.2013 19:49, schrieb Les Mikesell:
[...]
>>> Does it work if you set
>>> UseDNS no
>>> in /etc/ssh/sshd_config?
>>
>> Not really. That seems to remove the "reverse mapping checking failed"
>> messa
On Fri, Mar 8, 2013 at 7:43 AM, Tilman Schmidt
wrote:
> Am 07.03.2013 19:07, schrieb Michael Krug:
>> You could deny all by default and only allow your locations in tcp_wrappers.
>
> Can't do that. People must be able to ssh in from dynamic IPs.
Sure, but as you've noticed, logging the reverse-DN
Am 07.03.2013 19:49, schrieb Les Mikesell:
> On Thu, Mar 7, 2013 at 10:45 AM, Tilman Schmidt
> wrote:
Any ideas how to remedy that situation?
>>>
>>> As long as you get the IP address for failed logins, ignore reverse
>>> mapping failures.
>>
>> Trouble is, I don't:
>
> Does it work if you s
Am 07.03.2013 19:07, schrieb Michael Krug:
> You could deny all by default and only allow your locations in tcp_wrappers.
Can't do that. People must be able to ssh in from dynamic IPs.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
signature.asc
Description: OpenPGP digital signature
_
On Thu, Mar 7, 2013 at 10:45 AM, Tilman Schmidt
wrote:
>>> Any ideas how to remedy that situation?
>>
>> As long as you get the IP address for failed logins, ignore reverse
>> mapping failures.
>
> Trouble is, I don't:
Does it work if you set
UseDNS no
in /etc/ssh/sshd_config?
I don't think it i
bject: Re: [CentOS] CentOS 5 sshd does not log IP address of reverse
> mapping failure
>
> Am 06.03.2013 19:20, schrieb Gordon Messmer:
> > On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
> >> Any ideas how to remedy that situation?
> >
> > As long as you get
Am 06.03.2013 19:20, schrieb Gordon Messmer:
> On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
>> Any ideas how to remedy that situation?
>
> As long as you get the IP address for failed logins, ignore reverse
> mapping failures.
Trouble is, I don't:
Feb 8 00:03:09 dns01 sshd[6119]: reverse mapp
On 03/06/2013 09:45 AM, Tilman Schmidt wrote:
> Any ideas how to remedy that situation?
As long as you get the IP address for failed logins, ignore reverse
mapping failures.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listi
I'm running a mix of CentOS 5 and 6 servers reachable by ssh
from the Internet. Of course I allow only public key authentication
and no root login. In addition I'm running fail2ban to block
obnoxious brute force attack sources.
On CentOS 6 this is working pretty well, but on CentOS 5 there's
one c
15 matches
Mail list logo