First host73.maxim.net is an individual PC on the maxim.net domain. You want to find the domain IP address. nslookup maxim.net gives 192.168.48.66 or use dig maxim.net or whois maxim.net
Looks more and more like the packets are spoofed and maxim.net is as much a victim as you are. Adding a firewall deny rule for will 192.168.48.66 stop all traffic from that domain. The real question is, do you really have real remote users who ssh into your system and or have remote users who access your mysql system? If not then add a firewall rule to deny the sshd & mysql port numbers from entering your system from the public internet. -----Original Message----- From: Marwan Sultan [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 05, 2006 11:53 PM To: [EMAIL PROTECTED]; [email protected] Subject: RE: sshd/mysql errors. hello, and how to get an ip of unkown hostname, as you knowm i should add an IP addresses to the firewall not hostnames, # nslookup host73.maxim.net *** can't find host73.hostname_net: Non-existent host/domain I found hundreds of this line to in my logs mysqld[28598]: warning: /etc/hosts.allow, line 25: can't verify hostname: getaddrinfo(IP-216-185-173-58.mtntel.net, AF_INET) failed Any advise? please. > >First thoughts is you are under attack and hosts.allow is >doing it's job of denying access. > >Add the ip address from the warning message to your firewall >to stop those attack packets from entering your system. > >Good chance attack packets are spoofed. > > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Marwan >Sultan >Sent: Tuesday, July 04, 2006 6:40 AM >To: [email protected] >Subject: sshd/mysql errors. > > >Hello gurus, > >my logs full of hundreds of these lines..i starts since few days and >up to >day .. > >--------- >Jul 2 00:00:03 server mysqld[28598]: warning: /etc/hosts.allow, >line 25: >can't verify hostname: getaddrinfo(host73.hostname_net, AF_INET) >failed > >Jul 2 00:00:27 server sshd[83738]: warning: /etc/hosts.allow, line >25: >can't verify hostname: getaddrinfo(host73.hostname_net, AF_INET) >failed >---------- >Where hostname_net is the former ISP name for the my server hosting >ISP. >but i have the same DNS and routings, the name is changed since >almost 1 >year and few months. > >Also line 25 had nothing to do with this hostname its just the first >active >line in my hosts.allow file >anyhow i have replaced the line to: >ALL : .hostname_net : allow > >But still same errors everyday every minute! anyadvise please? > >Its FreeBSD 4.8R > >thank you >Marwan _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
