Hi all, I have recently found the following lines in /var/log/messages on one of my servers running SuSE 7.0, kernel 2.2.16, openssh-2.1.1p1-19: Dec 28 09:21:10 server -- MARK -- ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ [many many more of this] ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ ^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ Dec 28 14:34:46 server syslogd 1.3-3: restart. This server is connected to the internet via ADSL and sits behind a Zyxcel Prestige 310 where port 22 is NATed to the server. This is for remote administration - everything else on the Zyxcel is closed to the outside world. Looks to me like a buffer overflow with following crash, but then there is this time gap between the long line of ^@'s and the server restart 09:21 - 14:34 which worries me. I have not reached anyone there so I'll have to wait until next week to find out whether they maybe did a hard-boot or something. last shows: reboot system boot 2.2.16 Fri Dec 28 14:34 (1+20:48) reboot system boot 2.2.16 Fri Dec 28 11:56 (1+23:26) Checking the system with chkrootkit gave me only one wierd line: Checking `wted'... 1 deletion(s) between Fri Dec 28 11:56:50 2001 and Fri Dec 28 11:56:50 2001 Anyway, I wonderd if anyone has seen something similar yet and if I have to worry. Thanks in advance for your input. Erwin