Hello! One of our computers suddenly "lost" its identity and assumed it had a (foreign) IP-adress. After reboot it had its old identity again, but I am worried. What has happened? Have we been hacked, or is this a known bug? Details: We are running SuSe 8.0 on several machines with SuSefirewall2. The only service we accept from outside is ssh. Someone with external_IP is regularly canning our computers on ports 80, 57, 21. 12h after one of these scans ONE of our machines seemed to believe it was THAT machine which scanned us, i.e. it could be connected to normally (via ssh machine_name), but the prompt was user@erternal_ip (instead of user@machine_name) Also the who am i command gave external_ip!user ... date But the file system was still acessible (I tried ll). As stated above, after reboot everything seemed normal again (using find -mount -mmin -600 -type f -print I could not detect any files altered between the scan 12h before and the reboot). Strange also that only one of the scanned machines was affected (identical configuration). How dangerous is this? BTW, how unsafe is openssh protocol 1 exactly? Thanks a lot, Jean-Mathias