strange info in /var/log/secure....
i'm running a mail server and recently saw the following in /var/log/secure:
Aug 22 19:21:21 server1 sshd[23739]: warning: /etc/hosts.allow, line 6: can't verify hostname: getaddrinfo(grid2.sro.nchc.org.tw, AF_INET) failed
Aug 22 19:21:21 server1 sshd[23739]: refused connect from 140.110.96.52 (140.110.96.52)
1st entry looks odd...not sure what they were trying to do...
2nd entry looks like an ssh attempt
I ran a rootkit checker and checked the open ports...all things look fine. I'm running iptables
(REJECT all, allow only what i need) and tcp-wrappers...is the 1st entry from tcpwrappers?
Thanks for any and all help!!!
zepp
|