Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-10-2004, 05:05 PM   #1
LQ Newbie
Registered: Aug 2004
Posts: 2

Rep: Reputation: 0
Question Logs Explained - Newbie

Can someone please explain the following log to me. I'm new and would like to understand the basic process of what is exactly occuring.

Aug 6 03:22:58 nestle sshdu[26359]: log: Connection from port 1479
Aug 6 03:22:59 nestle sshdu[26359]: log: reverse mapping
checking gethostbyname for failed -
Aug 6 03:23:16 nestle sshdu[26359]: log: Password
authentication for root failed.
Aug 6 03:23:16 nestle sshdu[26359]: log: Closing
connection to


Old 08-11-2004, 04:45 PM   #2
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Centos 7.7 (?), Centos 8.1
Posts: 18,141

Rep: Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671Reputation: 2671
Somebody is trying to connect from IP from port 1479 on that box.
Your sshd does a lookup of the IP address (, gets the name address,
then uses the library call gethostbyname to see if it gets the orig number IP (,
back again.
It dosn't get the same num back, so it concludes it's a possible break-in attempt, and refuses the connection.
Any legit box should resolve it's IP num eg to a name address eg box1.some.where.ctry,
then if you run gethostbyname on box1.some.where.ctry, you should get returned.

if you go to RIPE Whois you get:

description: MobiFon S.A. - Connex GSM
description: 3, Nerva Traian Street
description: Complex M101, Sector 3
description: Bucharest, Romania


Old 08-11-2004, 07:15 PM   #3
Senior Member
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
If you filter ssh access down to only known clients, then you can prevent a lot of unwanted activity.
Old 08-12-2004, 11:49 AM   #4
LQ Newbie
Registered: Aug 2004
Posts: 2

Original Poster
Rep: Reputation: 0
Thanks for the help.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
need LogWatch errors explained MiniMe001 Linux - General 1 06-29-2005 11:17 AM
apache help needed! v well explained drigz Linux - Networking 4 05-18-2004 03:43 PM
User Permission Explained gamehack Debian 6 02-10-2004 10:01 AM
ssh explained LinuxLala Linux - Security 2 10-01-2003 10:11 AM
newbie question: do these logs show a hack attempt lucastic Linux - Security 4 08-13-2003 09:07 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:38 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration