JIM, This sounds good to me. But I work for the USPS, so what do I know? Donald M Day NISSC-USPS Raleigh NC dday@email.usps.gov ADP Security Specialist (only one here**so I am the Lone Security Ranger) ______________________________ Reply Separator _________________________________ Subject: RFC: Intrusion Scenario archive/repository Author: _ids (SMTP.IDS) at SSWGATE Date: 11/30/94 12:08 PM Good Morning to All, I am curious to get comments (good or bad) regarding the desirability/feasibility of establishing an Intrusion Scenario archive/repository. IMHO the first step in developing any type of intrusion detection package is knowing what to look for i.e. knowing what an intrusion looks like. Would it be worth the effort to create a central repository of intrusion scenarios (descriptions)? Entries in the archive would conform to a standard format (information content) to facilitate searching/analysis. This archive would benefit those developing ID systems. It would benefit system administrators by allowing them to search out intrusion scenarios applicable to their particular system/operating environment. Thanks Jim Truitt PS I realize that some people will consider such an archive to be a primer on intruding, but I think the possible benefits outway this side effect.