In keeping with trying to stimulate some good topics and hopefully help myself learn here is yet another query.

I have been working harder to understand the areas of exactly what are the most common hacker search tools and what is up with all the port scanning. As we all know many got hit by that Nimda virus one week ago today. I was really trying to watch over my network administrators back to learn how to prevent. With some knowledge I knew that the best way was to close down or deny any suspecious requests. I asked around and for a linux box I was told to look at the log files.

What I would like in response is any information with a detailed ordered list of what someone should do in these cases. Not just on linux but winnt, freebsd, whatever. I am sure there are many regulars on here who would really like to know where to get started from finding the intruding ip to tracing it and denying it.