Thanks for ur help=) On Tue, Apr 13, 2010 at 8:36 PM, dan (ddp) <[email protected]> wrote:
> I think it means the reverse dns isn't correct for that host. > > On Tue, Apr 13, 2010 at 1:47 AM, wu tingyi <[email protected]> wrote: > > Hello all, > > ** Alert 1271055172.24104: mail - syslog,sshd-->what dose this mean? > > It is an alert, it happened at 1271055172.24104, it is a member of > groups syslog and sshd. > > > 2010 Apr 12 14:52:52 cl6g505->/var/log/secure --->is it means the alert > is > > save in /var/log/secure? > > The original event was found in /var/log/secure. > > > Rule: 5703 (level 10) -> 'Possible breakin attempt (high number of > reverse > > lookup errors).' > > Src IP: l312c09.sitfypj.nyp.edu.sg > > User: (none) > > Apr 12 14:52:50 cl6g505 sshd[1652]---is it means port no? > > 1652 is the pid. > > >: reverse mapping > > checking getaddrinfo for l312c09.sitfypj.nyp.edu.sg failed - POSSIBLE > > BREAK-IN ATTEMPT! > > Apr 12 22:26:38 cl6g505 sshd[1360]: reverse mapping checking getaddrinfo > for > > l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > > Apr 12 21:21:50 cl6g505 sshd[506]: reverse mapping checking getaddrinfo > for > > l312c09.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > > Apr 12 21:09:22 cl6g505 sshd[363]: reverse mapping checking getaddrinfo > for > > l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > > Apr 12 20:51:20 cl6g505 sshd[311]: reverse mapping checking getaddrinfo > for > > l312c10.sitfypj.nyp.edu.sg failed - POSSIBLE BREAK-IN ATTEMPT! > > > > > > Can anybody help me look at the qns? > > Can explain me the whole event about? > > i need it in a hurry.. > > thanks=) > > > > Regards, > > tingyi > > > > > -- > To unsubscribe, reply using "remove me" as the subject. >
