On 03/07/2013 08:45 AM, Tilman Schmidt wrote: >> >As long as you get the IP address for failed logins, ignore reverse >> >mapping failures. > Trouble is, I don't: Are you watching the messages or secure log? # cat /etc/redhat-release CentOS release 5.8 (Final) # tail -f /var/log/secure Mar 8 11:46:54 firewall sshd[27455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=173-xx-xx-xx-washington.hfc.comcastbusiness.net user=root Mar 8 11:46:56 firewall sshd[27455]: Failed password for root from 173.xx.xx.xx port 51437 ssh2 The standard configuration should be logging the IP address of failed logins. I don't think I have access to any hosts where the reverse lookup is broken, so I'm not sure if what you're seeing is a result of a logging bug related to PTR mismatch, or what.