Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.security.ssh > #81

Re: openssh doesn't appear to do the inaddr-arpa lookups correctly

From dagon@dagon.net (Dagon)
Newsgroups comp.security.ssh
Subject Re: openssh doesn't appear to do the inaddr-arpa lookups correctly
Date 2011-05-09 18:23 -0700
Organization Dagon.net
Message-ID <cmgm98-aqo.ln1@dagon.net> (permalink)
References <4dc873f5$0$22095$742ec2ed@news.sonic.net>

Show all headers | View raw

horus <horus@sonic.net> wrote:
>Wouldn't it be nice if?
>or am I dreaming?

dreaming.  openssh does this correctly, and always has.  Even
if it logs it confusingly, it's doing the right thing.

>ps: log example:
>reverse mapping checking getaddrinfo for 
>212-210-195-2.blah.net-[212.210.195.2] failed - POSSIBLE BREAK-IN ATTEMPT! : 
>2 time(s)

Please post a more complete example.  Include the actual IP address and
hostname being used in addition to the log message.

My guess is that it's coming from a broken client, whose IP address really
doesn't have a PTR record, or for whom the reverse mapping has no
matching forward mapping.

If 212.210.195.2 is the correct IP address, this has no public DNS
reverse mapping:
$ host -t PTR 2.195.210.212.in-addr.arpa. 
Host 2.195.210.212.in-addr.arpa. not found: 3(NXDOMAIN)
--
Mark Rafn    dagon@dagon.net    <http://www.dagon.net/>

Back to comp.security.ssh | Previous | NextPrevious in thread | Find similar

Thread

openssh doesn't appear to do the inaddr-arpa lookups correctly "horus" <horus@sonic.net> - 2011-05-09 16:08 -0700
  Re: openssh doesn't appear to do the inaddr-arpa lookups correctly Nico Kadel-Garcia <nkadel@gmail.com> - 2011-05-09 19:06 -0700
  Re: openssh doesn't appear to do the inaddr-arpa lookups correctly dagon@dagon.net (Dagon) - 2011-05-09 18:23 -0700

csiph-web