SUMMARY: tracking source of statd attack

From: Jeff Wasilko (
Date: Tue Feb 24 1998 - 23:42:31 CST

The only response to my query came from Casper. Thanks!

-----Forwarded message from Casper Dik <casper@holland.Sun.COM>-----

>One of my systems has been hit by the statd exploit a few times:
>statd[842]: attempt to create "/var/statmon/sm//
>I've got the patch for the problem installed, but I'd like to be
>able to trace the source of the attack. Any suggestions?

Run snoop.


-----End of forwarded message-----

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:31 CDT