[PLUG] Please explain SSHD log entry
Kristian Erik Hermansen
kristian.hermansen at gmail.com
Sun Jan 20 16:35:09 UTC 2008
On Jan 20, 2008 8:15 AM, Rich Shepard <rshepard at appl-ecosys.com> wrote:
> Now and then I see an entry in the sshd log that looks like this one:
>
> **Unmatched Entries**
> warning: /etc/hosts.allow, line 8: host name/address mismatch: 67.138.24.31 != ns1.gloeblinks.com
>
> Since /etc/hosts.allow -- particularly line 8 -- has neither that IP
> address (belongs to Electric Lightwave) nor that domain name, why do I get
> this warning? The only explanation that occurs to me is that the system
> recognized an unauthorized cracking attempt and prevented it, but did not
> have a better warning message to offer. Is that all it is?
It means that dns and reverse dns did not return the same info. They
appeared to be separate hosts...
--
Kristian Erik Hermansen
"Know something about everything and everything about something."
More information about the PLUG
mailing list