Got this message from my server: Monitor on l1 for 'Internet and RPC Server' has detected that the service is down at Tue Feb 19 03:55:01 2002 Checking logs gave me lots of lines like this: Feb 19 03:44:26 l1 sshd[27929]: fatal: Local: Your ssh version is too old and is no longer supported. Please install a newer version. Feb 19 03:44:48 l1 sshd[27931]: fatal: Local: Your ssh version is too old and is no longer supported. Please install a newer version. Feb 19 03:44:59 l1 sshd[27932]: fatal: Local: crc32 compensation attack: network attack detected Feb 19 03:45:15 l1 sshd[27933]: fatal: Local: crc32 compensation attack: network attack detected Feb 19 03:46:03 l1 sshd[27979]: fatal: Local: crc32 compensation attack: network attack detected Feb 19 03:46:20 l1 sshd[27980]: fatal: Local: crc32 compensation attack: network attack detected Feb 19 03:46:36 l1 sshd[27981]: fatal: Local: crc32 compensation attack: network attack detected Feb 19 03:46:52 l1 sshd[27983]: fatal: Local: crc32 compensation attack: network attack detected Feb 19 03:47:08 l1 sshd[27984]: fatal: Local: Corrupted check bytes on input. Feb 19 03:47:39 l1 sshd[27986]: fatal: Local: crc32 compensation attack: network attack detected Feb 19 03:54:24 l1 kernel: eth1: Setting Rx mode to 2 addresses. Feb 19 03:54:24 l1 kernel: eth1: Setting Rx mode to 3 addresses. Feb 19 03:54:24 l1 kernel: eth1: Setting Rx mode to 4 addresses. Feb 19 03:54:24 l1 kernel: eth1: Setting Rx mode to 5 addresses. eth1 is my inside of the firewall. Also in /var/log/messages around that time: Feb 19 03:18:53 l1 sshd[27722]: connect from 65.107.153.146 Feb 19 03:18:53 l1 sshd[27722]: log: Connection from 65.107.153.146 port 2934 Feb 19 03:18:54 l1 sshd[27723]: connect from 65.107.153.146 Feb 19 03:18:54 l1 sshd[27723]: log: Connection from 65.107.153.146 port 3401 Feb 19 03:18:55 l1 sshd[27723]: log: Could not reverse map address 65.107.153.146. Feb 19 03:18:55 l1 sshd[27722]: log: Could not reverse map address 65.107.153.146. Feb 19 03:18:55 l1 sshd[27723]: fatal: Local: Your ssh version is too old and is no longer supported. Please install a newer version. Feb 19 03:19:05 l1 sshd[27724]: connect from 65.107.153.146 Feb 19 03:19:05 l1 sshd[27724]: log: Connection from 65.107.153.146 port 3402 Feb 19 03:19:06 l1 sshd[27724]: log: Could not reverse map address 65.107.153.146. This goes on for different ports. I tried to host 65.107.153.146, nothing came up. nmapping this host showed port 23 open(???). In the logs since this afternoon: Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25601 L=36 S=0x00 I=61935 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25602 L=36 S=0x00 I=61936 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25603 L=36 S=0x00 I=61937 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25604 L=36 S=0x00 I=61938 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25605 L=36 S=0x00 I=61939 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25606 L=36 S=0x00 I=61940 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25607 L=36 S=0x00 I=61941 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25608 L=36 S=0x00 I=61942 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25609 L=36 S=0x00 I=61943 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25610 L=36 S=0x00 I=61944 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25611 L=36 S=0x00 I=61945 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25612 L=36 S=0x00 I=61946 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25613 L=36 S=0x00 I=61947 F=0x0000 T=128 (#1) Feb 19 13:49:54 l1 kernel: Packet log: input DENY eth0 PROTO=17 192.168.0.1:1106 255.255.255.255:25614 L=36 S=0x00 I=61948 F=0x0000 T=128 (#1) eth0 is my Internet side (cablemodem). Someone have any idea what exactly was going on? In the mean time I have rebooted the server, and pulled out the plug to the cablemodem. What can I do best? Rgds Leen