I think it means the reverse dns isn't correct for that host. On Tue, Apr 13, 2010 at 1:47 AM, wu tingyi <[email protected]> wrote: > Hello all, > ** Alert 1271055172.24104: mailĀ - syslog,sshd-->what dose this mean?
It is an alert, it happened at 1271055172.24104, it is a member of groups syslog and sshd. > 2010 Apr 12 14:52:52 cl6g505->/var/log/secure --->is it means the alert is > save in /var/log/secure? The original event was found in /var/log/secure. > Rule: 5703 (level 10) -> 'Possible breakin attempt (high number of reverse > lookup errors).' > Src IP: l312c09.sitfypj.nyp.edu.sg > User: (none) > Apr 12 14:52:50 cl6g505 sshd[1652]---is it means port no? 1652 is the pid. >: reverse mapping > checking getaddrinfo for l312c09.sitfypj.nyp.edu.sg failed - POSSIBLE > BREAK-IN ATTEMPT! > Apr 12 22:26:38 cl6g505 sshd[1360]: reverse mapping checking getaddrinfo for > l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > Apr 12 21:21:50 cl6g505 sshd[506]: reverse mapping checking getaddrinfo for > l312c09.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > Apr 12 21:09:22 cl6g505 sshd[363]: reverse mapping checking getaddrinfo for > l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > Apr 12 20:51:20 cl6g505 sshd[311]: reverse mapping checking getaddrinfo for > l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > > > Can anybody help me look at the qns? > Can explain me the whole event about? > i need it in a hurry.. > thanks=) > > Regards, > tingyi > -- To unsubscribe, reply using "remove me" as the subject.
