Hi2all A nice paper to start: http://www.enteract.com/~lspitz/ids.html Carnegie Mellon SEI document on responding to intrusions: http://www.securityfocus.com/data/library/sim006.pdf For search documentation on the issue, regarding US laws: www.gao.gov Reports and proceedings, regarding german CERT: http://www.cert.dfn.de/dfn/berichte/ For spending some money, get the step-by-step from SANS: http://www.sans.org/newlook/publications/incident_handling.htm Incidents mailing lists: 1. Send an e-mail message to LISTSERV@SECURITYFOCUS.COM from the subscribed address with a message body of: UNSUBSCRIBE INCIDENTS 2. Send an e-mail message to LISTSERV@SECURITYFOCUS.COM with a message body of: SUBSCRIBE FOCUS-IH Lastname, Firstname [ ]'s bacano --------------------------------------------- Esta mensagem foi enviada usando o WebPOP II. http://www.via-net-works.pt/email