A while back logcheck alerted me to the entries in my syslog: Unusual System Events =-=-=-=-=-=-=-=-=-=-= 20:05:37 hawking dhcpd-2.2.x: Discarding packet with invalid hlen. 20:05:43 hawking dhcpd-2.2.x: Discarding packet with invalid hlen. 20:33:52 hawking sshd[26972]: scanned from xxx.xxx.130.196 with SSH-1.0-SSH_Version_Mapper. Don't panic. 20:33:52 hawking sshd[26971]: Did not receive identification string from xxx.xxx.130.196 20:44:04 hawking dhcpd-2.2.x: Discarding packet with invalid hlen. 20:44:10 hawking dhcpd-2.2.x: Discarding packet with invalid hlen. The (obscured) IP address is definitely from the "outside" (Poland, AFAICS) - definitely not somewhere I've been communicating with. I'm not too worried about the ssh keyscan, although it has never happened to me before. The only thing is that I'm running woody, and security updates tend to percolate through here a bit later than potato. But the dhcpd messages has not occurred before either. And taking them together, it makes me slightly uncomfortable. But I may be overly paranoid. I'm not even sure whether dhcpd was reacting to packets from my local lan or the internet. The firewalling I have in place only allows incoming connections for ssh. UDP is locked down so only DNS works there. And by mistake (fixed now), it also allowed incoming DHCP requests from the internet. Tripwire hasn't flagged anything up (other than stuff that I know that *I* changed). Opinions (or even facts) welcome: Should I be worried ? Is somebody studying the locks ? Should I tighten things up more? How many questions can you fit in a line? -- Karl E. Jørgensen karl@jorgensen.com www.karl.jorgensen.com ==== Today's fortune: It took the computational power of three Commodore 64s to fly to the moon. It takes at least a 486 to run Windows 95. Something is wrong here.
Attachment:
pgpH8re2L6JlD.pgp
Description: PGP signature