SUMMARY: tracking source of statd attack

Jeff Wasilko (jeffw@smoe.org)
Wed, 25 Feb 1998 00:42:31 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: gr.smith@napier.ac.uk: "SUMMARY: Hi Collision rate using Solaris 2.5.1 & hme"
Previous message: erin o'neill: "SUMMARY Re: More on the Sunnodename"

The only response to my query came from Casper. Thanks!

-----Forwarded message from Casper Dik <casper@holland.Sun.COM>-----

>One of my systems has been hit by the statd exploit a few times:
>
>statd[842]: attempt to create "/var/statmon/sm//
>
>I've got the patch for the problem installed, but I'd like to be
>able to trace the source of the attack. Any suggestions?

Run snoop.

Casper

-----End of forwarded message-----

Next message: gr.smith@napier.ac.uk: "SUMMARY: Hi Collision rate using Solaris 2.5.1 & hme"
Previous message: erin o'neill: "SUMMARY Re: More on the Sunnodename"