I've seen it a couple of times:

/var/log/messages-20121111:Nov 10 21:35:17 bob dhclient[1114]: parse_option_buffer: malformed option dhcp.<unknown> (code 105): option length exceeds option buffer length.
/var/log/messages-20121118:Nov 16 22:02:35 bob dhclient[1114]: parse_option_buffer: malformed option dhcp.slp-service-scope (code 79): option length exceeds option buffer length.
/var/log/messages-20121125:Nov 21 22:48:13 bob dhclient[1114]: parse_option_buffer: malformed option dhcp.slp-service-scope (code 79): option length exceeds option buffer length.

I'm on 24.77.240.0/22

Sean


On Wed, Dec 5, 2012 at 6:51 AM, Trevor Cordes <trevor@tecnopolis.ca> wrote:
Starting Nov 29 04:16:10 I start seeing a new error in my /v/l/messages
from dhclient (the DHCP client for my Shaw internet connection):

Nov 29 04:16:10 pog dhclient[1271]: parse_option_buffer: malformed option
dhcp.fqdn (code 81): option length exceeds option buffer length.

And it repeats every 30-39s for hours, then sometimes stops for a while.
Sometimes skips a day but then starts up again.

Is someone trying a known DHCP buffer overflow attack on my Shaw segment
or is this something legit that Shaw is passing out that linux doesn't
understand?  I know what fqdn means, though why it should exceed buffer
limits is beyond me.

Can others check their logs and see if they're getting this too?

There was 1 other weird dhclient error before this started:
Nov 27 06:52:55 pog dhclient[1271]: parse_option_buffer: malformed option
dhcp.uap-servers (code 98): option length exceeds option buffer length.
_______________________________________________
Roundtable mailing list
Roundtable@muug.mb.ca
http://www.muug.mb.ca/mailman/listinfo/roundtable



--
Sean Walberg <sean@ertw.com>    http://ertw.com/