I have been using my own VPS to attempt to understand how linux logs attacks. I have a text file with the correct password in and simply run proxychains hydra.
However, I notice that for some reason my home IP always shows on the auth.log file on the server im attacking, in the following format:
"reverse mapping checking getaddrinfo for MYHOMEIP failed - POSSIBLE BREAK-IN ATTEMPT!"
It confuses me because I have about 10 proxies (socks4 and socks5) in my proxychain file. I am using dynamic chains and the command I run is the following:
"proxychains hydra -s 22 -v -V -l root -P /usr/share/wordlists/testlist.txt -t 4 -w 60 SERVERIP ssh"
I have tried the above with tor and it worked fine plus my home IP was never shown in the auth.log (it showed some tor IP). However I would like to know how to get this to work/why it currently isnt working with proxy chains.
My only thought is that all the proxies in the proxy chains file are either failing or passing my information? However I feel this is unlikely (I check the proxies are up before running the command).
Any advice would be appreciated!