strange info in /var/log/secure....
i'm running a mail server and recently saw the following in /var/log/secure:
Aug 22 19:21:21 server1 sshd[23739]: warning: /etc/hosts.allow, line 6: can't verify hostname: getaddrinfo(grid2.sro.nchc.org.tw, AF_INET) failed Aug 22 19:21:21 server1 sshd[23739]: refused connect from 140.110.96.52 (140.110.96.52) 1st entry looks odd...not sure what they were trying to do... 2nd entry looks like an ssh attempt I ran a rootkit checker and checked the open ports...all things look fine. I'm running iptables (REJECT all, allow only what i need) and tcp-wrappers...is the 1st entry from tcpwrappers? Thanks for any and all help!!! zepp |
1st entry is an attempt from Taiwan, your sshd is trying to verify the address and failing.
|
All times are GMT -5. The time now is 07:51 PM. |