On 2012-12-05 Sean Walberg wrote:
I've seen it a couple of times:
/var/log/messages-20121111:Nov 10 21:35:17 bob dhclient[1114]: parse_option_buffer: malformed option dhcp.<unknown> (code 105): option length exceeds option buffer length.
I'm on 24.77.240.0/22
I did a packet cap and wireshark to view. Something very weird is going on here. Wireshark says the DHCP packets at the time of error are malformed.
It's from 50.72.224.1, which appears to be a Shaw router? I'm on a 50.72 network. It doesn't appear to be the normal Shaw DHCP server.
The packet is 50.72.224.1:67 to 255.255.255.255:68, 308 bytes
It's telling me my client IP is <insert not my ip here> "Relay agent" 50.72.224.1 (same as above) client mac: AsustekC brand (hmmmm...)
It gets cutoff in the middle of the fqdn option, hence probably the malformation and /v/l/messages error.
So my guess now is probably some nitwit has a DHCP server working the Shaw network side rather than their internal side? Or maybe a deliberate hack attempt to hand out bogus IPs?
Sucks that it has to fill my logs with 648 errors so far today...