Log message
Damien Miller
djm at mindrot.org
Tue Mar 14 11:18:26 EST 2006
On Mon, 13 Mar 2006, Linux wrote:
> Hi,
>
> I'm working on some project which is sort of log filter.
> Last few days I noticed that there are some wacky people
> scanning sshd port all the time from anywhere.
> Although sshd reports it with syslog error message which is
> very helpful, I'd like to know the source ip address with
> following message:
>
> canohost.c: around line #100
>
> if (getaddrinfo(name, NULL, &hints, &aitop) != 0) {
> logit("reverse mapping checking getaddrinfo for %.700s "
> "from address %.100s failed - POSSIBLE BREAKIN ATTEMPT!",
> ntop, name);
> return xstrdup(ntop);
> }
Good point, fixed. The other message of this type already logged the
address.
The new message will look like:
logit("reverse mapping checking getaddrinfo for %.700s "
"[%s] failed - POSSIBLE BREAK-IN ATTEMPT!", name, ntop);
-d
More information about the openssh-unix-dev
mailing list