From 2d8bdb6c85c71be8ab2bc70ac042e0666c775a11 Mon Sep 17 00:00:00 2001
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Sun, 18 Jan 2009 10:25:00 -0500
Subject: [PATCH] added example for BREAK-IN in ssh

---
 files/logs/sshd | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/files/logs/sshd b/files/logs/sshd
index 8fce625e..02d33bac 100644
--- a/files/logs/sshd
+++ b/files/logs/sshd
@@ -20,3 +20,7 @@ Feb 25 14:34:11 belka sshd[31607]: User root from ferrari.inescn.pt not allowed
 
 #6 ew filter introduced thanks to report Guido Bozzetto <reportbug@G-B.it>
 Nov 11 23:33:27 Server sshd[5174]: refused connect from _U2FsdGVkX19P3BCJmFBHhjLza8BcMH06WCUVwttMHpE=_@::ffff:218.249.210.161 (::ffff:218.249.210.161)
+
+#7 added exclamation mark to BREAK-IN
+Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT
+Oct 15 19:51:35 server sshd[7592]: Address 1.2.3.4 maps to 1234.bbbbbb.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!