Hi! The current (german) Linux Magazin has quite interesting articles on detecting network scans, rootkits, incident response and so on. I liked the article on searching for traces (in german: "Spurensuche"), which shows how to use netcat to save the output of commands to another machine (called the "forensic computer"). The introduction to root kits is also quite good. It shows how to make use of the /proc hierarchy to find hidden files and provides some links, e.g.: http://security.alldas.de/analysis/?aid=2 (analysis of the linux rootkit yoyo.tar.gz), http://www.theorygroup.com/Theory/rootkits.html (Rootkits - How Intruders Hide), and, of course: http://project.honeynet.org/papers/ (Know Your Enemy). Of course, the articles do not provide in-depth discussions of these subjects. But they are quite informative and might be a good first source of information. Regards, Albert Brandl