Re: [CentOS] CentOS 5 sshd does not log IP address of reverse mapping failure [solved, I guess]

On Sat, Mar 9, 2013 at 11:57 AM, Tilman Schmidt t.schmidt@phoenixsoftware.de wrote:

Mar 3 04:44:48 gimli sshd[12870]: reverse mapping checking getaddrinfo for hn.ly.kd.adsl failed - POSSIBLE BREAK-IN ATTEMPT! Mar 3 04:44:49 gimli sshd[12871]: Received disconnect from 61.163.113.72: 11: Bye Bye

If I set "UseDNS no" the first message disappears and only the second one remains.

So it seems there is no way to identify password bruteforcing attempts on servers which don't accept password authentication in the first place.

Can't you pick some reasonable number of 'received disconnect' messages to allow from a single IP?