After reading this current thread I wanted to make a reply to the group. A number of people have had a problem with tracking down the intruders, this is not always a problem. I am a Private Investigator that specializes in Computer Crime cases and have had a great deal of success tracking down intruders and plugging system holes that were used. The real problem that I have run into is how far is the victim willing to go with the case? Sometimes all they want to do is stop the intruder, others want to take them to court, and others just want to call the person on the phone and say "Gotcha!" If anyone is having such a problem, here is some basic advice that can help you: 1. Ensure that you have a statement at signon saying "This system is for use by authorized individuals only.....the system monitors any suspected illegal access...." 2. Capture ALL activity of the intruder. 3. Save TWO copies of the logs, one should be completely untouched, while the second can be viewed or printed. Just my two cents on the subject. Joseph Seanor CIBIR Corporation cibir@netcom.com