I've also been reading the list for a while, but only introduced my self in the "application form". For the benefit of the wider audience: I'm a system manager for the Computer Science Department of Concordia University in Montreal. We've recently been through the very expensive process of finding, tracing and arresting a pair of intruders. (The process of *prosecuting* them is even worse!) Since then, the University has decided that a security monitoring group would be in order, and I'm on it. I'm interested in anything that would (a) detect intrusion attempts as they occur, (b) prevent them from succeeding, and/or (c) produce nice logs of the incident. In particular, I'd like to hear about any reasonable effective methods of detecting badguys using the compromised accounts of legitimate users. +-------------------------------+----------------------------------+ | Michael Assels, Analyst | Everything is what it is and not | | Comp. Sci., Concordia Univ. | another thing. | | 1455 de Maisonneuve O | - Aristotle (or someone else) | | Montreal, Quebec, H3G 1M8 +----------------------------------+ | Voice: (514) 848-3030 | mjassels@cs.concordia.ca | +-------------------------------+----------------------------------+