0

I recently installed DenyHosts and after a few remote logins I noticed that sshd: 8.23.224.110 had been added to the host.deny file after /var/log/auth.log showed a few sshd: Did not receive identification string from 8.23.224.110. This appears to be no-ip.com.

I use ddclient to dynamically update my ip-address to point to my hostname at no-ip.com; something like [email protected] so that instead of having to ssh to a dynamic ip I can always just connect to the above host.

I don't understand why 8.23.224.110 would be trying to connect to my ssh service however, can anyone shed some light on this? Is it some kind of by product of me ssh'ing to the no-ip hosted hostname? Is it likely to be problematic now DenyHosts has banned it?

Anthon
  • 78,313
  • 42
  • 165
  • 222
fpghost
  • 727
  • 2
  • 8
  • 21

2 Answers2

1

Have you tried sending log captures to their abuse report? They may have something that has been compromised, or mis-behaving on their network. A long shot, but there are times when it does work.

Comment:        For abuse complaints please open a trouble ticket
Comment:        at http://www.no-ip.com/ticket or email [email protected]
Grim76
  • 19
  • 2
0

I'm not sure why they would be, either. Possibly they're doing some sort of automated security check. Best to ask them. I'd guess that blocking it won't lead to any problems.

It doesn't have anything to do with you running ssh your-host.no-ip.org. That connection will show as coming from whichever machine you ssh from.

derobert
  • 107,579
  • 20
  • 231
  • 279
  • Yeah, I see the connection from remote host too in the logs. Curious as no what `no-ip` are doing then. – fpghost Apr 03 '13 at 18:07