[TriLUG] some ssh questions
Jeremy Portzer
jeremyp at pobox.com
Mon Dec 16 14:34:37 EST 2002
On Mon, 2002-12-16 at 13:50, Greg Brown wrote:
>
> When I check my netstat (netstat -a) on my home 7.x machine I see that I'm
> connected to a very odd address inbound which is the following address:
> 21.41.51.152-in-addr.arpa
>
> 152.51.41.21 is my work IP address (not really, but let's pretend for the
> sake of argument) so it's fairly clear that my work network is doing
> something to my outbound traffic to get a weird network address showing up
> in my netstat table like that - but I go back to my keys I get from
> connecting via work and check them against my keys from connecting on the
> home net and they are the same. Oh - and if I fail a login on purpose and
> check my messages log the hostname from the originating machine (as it
> appears on my home 7.x server) is 21.41.51.152-in-addr.arpa.
That is the standard syntax for reverse DNS entries. I don't think
that's a problem at all, though it's a bit strange. If you run netstat
with the "-n" option, which doesn't do reverse DNS lookups, you should
see a normal IP address.
Is it possible that the reverse DNS for your work IP is misconfigured to
give that response, instead of a human-readable name? What is the
output of "host 152.51.41.21" ? You should see something like:
21.41.51.152-in-addr.arpa domain name pointer realname.domain.tld
If you're getting this instead:
21.41.51.152-in-addr.arpa domain name pointer 21.41.51.152-in-addr.arpa
then that would explain the strange entry in netstat. Someone needs to
fix the reverse DNS.
Hope this helps,
Jeremy
More information about the TriLUG
mailing list