Useless log message "POSSIBLE BREAK-IN ATTEMPT"
Kaz Kylheku
kaz at kylheku.com
Wed Dec 25 16:23:08 EST 2013
We cannot conclude that just because the source IP address of a
connection doesn't have forward and reverse DNS info, that the
connection is a break-in attempt. This is a content-free entry that
wastes valuable visual space in the auth log:
Dec 23 2013 18:51:44 localhost sshd[30321]: reverse mapping checking
getaddrinfo for 222.109.250.63.static.addr.dsl4u.ca [63.250.109.222]
failed - POSSIBLE BREAK-IN ATTEMPT!
That was me, logging in from a smartphone, from a Wi-Fi hotspot.
Never mind logging; the software should not even be performing these
pointless time and bandwidth wasting lookups.
More information about the openssh-unix-dev
mailing list