So today my dedicated server (running RH9) was shut down by my host. They pulled the plug after seeing an insane amount of UDP traffic slamming this one IP. Now, I unfortunately don't have much experience with this at all. I've tried to do my best to keep the box secure and tied down as best as possible. What I'd like to try and get from the community here is tips on what to look for on my server when my host brings the server back up for me during business hours. Ways to detect things that would be abnormal and how to track down where on the server it is coming from (what script is generating the traffic?). Things like that. Any help would be GREATLY appreciated. Thank you now for any time and effort you put forth.