The only response to my query came from Casper. Thanks!
-----Forwarded message from Casper Dik <casper@holland.Sun.COM>-----
>One of my systems has been hit by the statd exploit a few times:
>
>statd[842]: attempt to create "/var/statmon/sm//
>
>I've got the patch for the problem installed, but I'd like to be
>able to trace the source of the attack. Any suggestions?
Run snoop.
Casper
-----End of forwarded message-----
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:31 CDT