LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 08-24-2004, 04:03 PM   #1
zepplin611
Member
 
Registered: Jan 2004
Distribution: AIX 4.3 RH 7,8,9 / Fedora C1/
Posts: 187

Rep: Reputation: 30
strange info in /var/log/secure....


i'm running a mail server and recently saw the following in /var/log/secure:

Aug 22 19:21:21 server1 sshd[23739]: warning: /etc/hosts.allow, line 6: can't verify hostname: getaddrinfo(grid2.sro.nchc.org.tw, AF_INET) failed
Aug 22 19:21:21 server1 sshd[23739]: refused connect from 140.110.96.52 (140.110.96.52)


1st entry looks odd...not sure what they were trying to do...

2nd entry looks like an ssh attempt

I ran a rootkit checker and checked the open ports...all things look fine. I'm running iptables
(REJECT all, allow only what i need) and tcp-wrappers...is the 1st entry from tcpwrappers?

Thanks for any and all help!!!

zepp
 
Old 08-26-2004, 08:06 AM   #2
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.2
Posts: 18,344

Rep: Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746Reputation: 2746
1st entry is an attempt from Taiwan, your sshd is trying to verify the address and failing.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/secure ??? MikeFoo1 Linux - Security 2 06-22-2005 03:42 AM
APF and /var/log/secure.1... tilt32 Linux - Security 5 03-28-2005 07:19 AM
/var/log/secure allelopath SUSE / openSUSE 3 02-15-2005 08:56 AM
Strange results in /var/log/apache/access.log subt13 Linux - Security 2 08-03-2004 01:21 PM
/var/log/secure dragon Linux - Security 6 12-02-2003 08:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:37 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration