SUMMARY: tracking source of statd attack

From: Jeff Wasilko (jeffw@smoe.org)
Date: Tue Feb 24 1998 - 23:42:31 CST


The only response to my query came from Casper. Thanks!

-----Forwarded message from Casper Dik <casper@holland.Sun.COM>-----

>One of my systems has been hit by the statd exploit a few times:
>
>statd[842]: attempt to create "/var/statmon/sm//
>
>I've got the patch for the problem installed, but I'd like to be
>able to trace the source of the attack. Any suggestions?

Run snoop.

Casper

-----End of forwarded message-----



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:31 CDT