SUMMARY: Strange msgs in syslog from nscd: gethostbyaddr ...

From: Johan Nyberg (nyberg@tsl.uu.se)
Date: Tue Jul 13 1999 - 09:35:21 CDT


Hi,

My original question is at the end. I got two quick replies from Tim
Carlson and James Ford explaining to me what is going on. The problem
is that there are a lot of misconfigured DNS boxes out there for which
the reverse DNS does not match the forward DNS, or people are sending
out a mismatching IP name and address. These messages are not
dangerous, although irritating.

Thanks!

Original question:
-------------------

> Since I turned on more logging I keep getting these messages
> in my syslogs with a frequency of about one per hour:
>
> Jul 12 22:33:16 hostnam nscd[18940]: [ID 484914 user.notice]
> gethostbyaddr: click1.click2net.com. != 216.94.59.230
>
> The IP name and address is not always the one given above, although
> this is the most common one.
>
> Is somebody trying to break in to my systems and if so then what
> should I do?

Johan,

-- 
Johan Nyberg mailto:nyberg@tsl.uu.se  http://www3.tsl.uu.se/~nyberg  
The Svedberg Lab., Uppsala Univ., BOX 533, SE-75121 Uppsala, Sweden
Tel/Fax (office): +46-18-471-3047/3833    Tel (home): +46-18-324314



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:23 CDT