Maybe I'll try t0rnkit, CERT seems to be afraid of that one. Phil Brutsche wrote: > Tell Mr Garrity to look for some rootkits - the rpc.statd exploit he > mentioned is being actively exploited - enough for CERT to send out an > advisory several times.