I have worked on half a dozen different networks over the past six years and the two most effective intrusions I saw were through out-of-the-box Windows NT installations with dial-up modems. Recently I ran my own command files to check the security on 12 newly installed NT boxes and every one of them had most of it security turned off. This looks like it is going to be a continuing problem. Does anyone have any experience with a Windows NT based real-time intrusion detection system that is commercially available? Hog Farmer, formerly with Tropical Hog Improvement Programme