IN IDS mailing list, you wrote: >I'm a system manager for the Computer Science Department of Concordia >University in Montreal. We've recently been through the very expensive >process of finding, tracing and arresting a pair of intruders. (The >process of *prosecuting* them is even worse!) Since then, the University >has decided that a security monitoring group would be in order, and I'm >on it. > >I'm interested in anything that would (a) detect intrusion attempts as >they occur, (b) prevent them from succeeding, and/or (c) produce nice >logs of the incident. In particular, I'd like to hear about any >reasonable effective methods of detecting badguys using the compromised >accounts of legitimate users. Hi, can you tell me more about the two intruders, are they canadians ? I'm looking for case studies, I can show to my customers :) I should be in montreal around the 19 th february, is it possible to meet you ? (~ 1 hr) Have a nice one, --- Benoit Dicaire - NRJ Informatique - HTTP://www.NRJ.Com (514) 593-9747 - Intranet / Internet security consultant