I've read a number of the replies - had to comment. 1 - Unless the intruder is a complete idiot, you will not be able to track them down, or if you can you will not be able to "prove" the person you found did it. Hard to prosecute unless you have hard evidence (live trace, proprietary docs on intruder's hard drive at home, blah, blah) 2 - You didn't state whether the intruder was internal or external. Most security violations are internal, everyone here jumped on the "kill the Internet hacker" bandwagon ;-) as is so popular these days. 3 - If external and no major harm done, close the doors. If someone wants in to a system bad enough, they will get in -- Internet, dial-in, burglary.... ______________________________ Reply Separator _________________________________ Subject: I got an intruder ... Author: ids@uow.edu.au at internet Date: 11/9/95 4:22 AM I'm presently working on security policies for a customer, they're asking me what to do with intruder ;) I suggest to find the place where the intruder work, ask the company *nicely* to fire the guy, then kill his dog and burn the house :) Do you have suggestion ?? --- Benoit Dicaire - Unix - NRJ Informatique bdicaire@nrj.com - Consultant - (514) 593-9747