Honeypots mailing list archives

Re: statd exploit ???

From: Jamie <aouf77 () dsl pipex com>
Date: Wed, 30 Oct 2002 23:32:32 +0000

On Wednesday 30 October 2002 22:29, Sriram Newsgroups wrote:

My honeypt recorded this  packet. It looks to be a statd exploit (port
32768). I can't narrow it down to what exactly this exploit does or its
nature.

Here is the sample packet

[snipped]


I think it's the statdx2 exploit - which as your packet dump shows is trying 
to exploit a format string vulnerability in statd. This exploit is over two 
years old now.... doesn't time fly !

-jamie.

Current thread:

statd exploit ??? Sriram Newsgroups (Oct 30)
- Re: statd exploit ??? Jamie (Oct 30)
- Re: statd exploit ??? Chris Reining (Oct 30)
- Re: statd exploit ??? mike (Oct 30)