You detected unusual activity on your server? Strange packets going thru your network? Your box has been compromised? First, don’t panic! Disconnect it from the network and start investigations…
SecurityFocus has published a first article (two others will follow soon) regarding the tools and best practices to analyse a compromised system. Very interesting to read:
SecurityFocus HOME Infocus: Incident Response Tools For Unix, Part One: Syste