SUMMARY: tracking source of statd attack

Jeff Wasilko (
Wed, 25 Feb 1998 00:42:31 -0500

The only response to my query came from Casper. Thanks!

-----Forwarded message from Casper Dik <casper@holland.Sun.COM>-----

>One of my systems has been hit by the statd exploit a few times:
>statd[842]: attempt to create "/var/statmon/sm//
>I've got the patch for the problem installed, but I'd like to be
>able to trace the source of the attack. Any suggestions?

Run snoop.


-----End of forwarded message-----