How to check if my machine has done a host/port sweep?
I have a Linux box (SuSE 8.2) working as a server to a local network, with several services running (DHCP, NIS, NFS, Postfix, etc.)
I've receveid an e-mail from an institutional organism alerting me that one of my machines has been compromised/infected and is scanning their networks or one of the users is scanning their networks. I have the exact time that this happened.
How can I see what happened? Which are the log files that should contain this information? What should I be looking for inside the logs?
Thanks very much in advance