I have router and a home network. If I use ssh to access my 6.4 SuSE linux box with an external address, the messages log is ok. If I use ssh to access the Linux box from with in the network, I get the following message in /var/log/messages: Apr 16 00:40:29 linux166 sshd[282]: log: Address 192.168.1.100 maps to delltower, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT! I have the following entry in the /etc/hosts: 192.168.1.100 delltower Can anyone help me understand how this does not map back works, or a way to fix it so I don't get this breakin attempt. That way a real breakin attempt will catch my attention. Thanks Mark Condic
Well you could set up internal dns for your network. For example you could setup a 1.168.192.in-addr.arpa zone file and put ptr records in their for your machines. And also maybe setup all your machines on your domain i.e if you use mydomain.com you could have a mydomain.com zone file where you had delltower.mydomain.com IN A 192.168.1.100. Of course you should only allow queries to these private zones from your local LAN. >
Apr 16 00:40:29 linux166 sshd[282]: log: Address 192.168.1.100 maps to delltower, but this does not map back to the address - POSSIBLE BREAKIN ATTEMPT!
I have the following entry in the /etc/hosts: 192.168.1.100 delltower
Can anyone help me understand how this does not map back works, or a way to fix it so I don't get this breakin attempt. That way a real breakin attempt will catch my attention.
Thanks Mark Condic
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (2)
-
Mark Condic
-
semat