Hi,

A post by Andy Bennett made me read an article by Marcus Ranum. This made me analyse log files on my vps and I came accross two lines like below

Apr  2 00:59:34 hermann sshd[20368]: reverse mapping checking getaddrinfo for isjhr-nxt.eduhr.ro [193.231.42.110] failed - POSSIBLE BREAK-IN ATTEMPT!
Apr  2 00:59:34 hermann sshd[20368]: Invalid user oracle from 193.231.42.110

Is my understanding of these log entries correct? The first line says that someone ssh-ed me from a domain isjhr-nxt.eduhr.ro but this domain does not map to 193.231.42.110. The second line says that this person (programm) tried semething like "ssh oracle@my.vps". Moreover, I do not have to worry about such entries.

Cheers,
Sam

PS: I changed my real hostname to hermann cause I found that name funny when I watched Inglorious Bastards.

--
Samuel Bächler
Obere Bläsistrasse 1
8049 Zürich

Web: boeser.ch
Tel:   +41(0)43 817 46 28
Mob: +41(0)79 478 49 42