[RndTbl] Shaw DHCP weirdness or attack?
Trevor Cordes
trevor at tecnopolis.ca
Wed Dec 5 06:51:48 CST 2012
Starting Nov 29 04:16:10 I start seeing a new error in my /v/l/messages
from dhclient (the DHCP client for my Shaw internet connection):
Nov 29 04:16:10 pog dhclient[1271]: parse_option_buffer: malformed option
dhcp.fqdn (code 81): option length exceeds option buffer length.
And it repeats every 30-39s for hours, then sometimes stops for a while.
Sometimes skips a day but then starts up again.
Is someone trying a known DHCP buffer overflow attack on my Shaw segment
or is this something legit that Shaw is passing out that linux doesn't
understand? I know what fqdn means, though why it should exceed buffer
limits is beyond me.
Can others check their logs and see if they're getting this too?
There was 1 other weird dhclient error before this started:
Nov 27 06:52:55 pog dhclient[1271]: parse_option_buffer: malformed option
dhcp.uap-servers (code 98): option length exceeds option buffer length.
More information about the Roundtable
mailing list