Okay, maybe I should have narrowed the question ... I'm pretty aware of where to get copies of BO2K, and where to go for info. What I was asking was how in particular does one detect something that could come in many different forms (since source code is being released)? Preventative measures are good, but I'm also interested in contigency measures. For example, is there a way to setup a firewall to detect suspicious traffic? Failing that (and leaving the specific scope of this list), is there a centrally managed tool that can monitors all of the running processes on each workstation, and report anomalies? Ideally, the checking would involve a lot more than just tracking the process name, but it would be a good start. I'm sure that the people on this list can think of something even more clever ... Jen - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
