A friend has a Linux machine with many users. Suppose one or more users is doing inappropriate things with the box like sending ping floods or scanning networks. He would want to know about it. Is there any software that is designed specifically to monitor for this kind of stuff and report when it sees something unusual? A program like netstat can detect all sorts of network activity, but it would have to be called at intervals and its output would have to be parsed and analyzed by some other programs. Thanks in advance for any tips. Mike