Subject: Re: Code-red worm (snicker snicker...)
To: Michael Kukat <>
From: Hubert Feyrer <>
List: netbsd-users
Date: 08/02/2001 20:51:33
On Thu, 2 Aug 2001, Michael Kukat wrote:
> Depends on the nature of the overflow, how it handles it. Maybe some only can
> run binary code, as bytes of the running binary are replaced, and others might
> be able to execute a completely new program, like one of those shell scripts.
> Remember this statd (or was it lockd)-bug in Linux? I have seen it from the
> inside, as i got such a hacked disk into my hands to analyze it. This was exact
> the thing i mentioned, a little bunch of shell commands, opening a root shell
> on some port >1024.

The question the is how that script got there in the first place.

And yes, I still see these rstatd-probes regularly on the console of my
NetBSD systems.

 - Hubert

Want to get a clue on IPv6 but don't know where to start? Try this:
* Basics ->
* Setup  -> 
Of course with your #1 IPv6 ready operating system ->