Got the following interesting suggestion from Steve VanDevender
[stevev_at_hexadecimal.uoregon.edu]:
"There have been a lot of problems lately with root exploits of the
Solaris rpc.statd. It's possible someone tried one of those against your
system not knowing that you aren't running Solaris, or is trying to
engineer an equivalent Digital UNIX exploit and is using your system for
testing. It is common for exploits to use the 'id' command to show
whether the exploit has obtained root access."
Richard Eisenman - Manager, Computing Systems and Infrastructure
W.S.U. Tri-Cities
richarde_at_tricity.wsu.edu
http://www.tricity.wsu.edu/~richarde
Received on Fri Jul 23 1999 - 19:19:15 NZST