You are wasting your time trying to "track" them. Most are in Tawain, China or Russia. I am not sure what they are trying to get passwords to on your system that is open to the world. If it is Terminal Services you should enable all login success and failures and set it up so the accout is temporarily disabled after so many failures. This discourages most hackers. In your firewall you should set it up so only allowed IP's can TS in. For IIS you can do it the same way or set up IP authentication. If you have set up your system correctly and enforce strong passwords, you should have no worries about how often or how long people try to hack at it. For example you can try and FTP into my server until you are blue in the face but unless you are coming from an approved IP and then have the proper username and password you'll never get in. JK -----Original Message----- From: windows2000-bounce@xxxxxxxxxxxxx [mailto:windows2000-bounce@xxxxxxxxxxxxx]On Behalf Of Bill Beckett Sent: Wednesday, March 03, 2004 9:14 AM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Security How do you guys (aka the list) handle tracking down hackers without IDS? I know there is a program out there (can't remember the name) that will allow a hacker to scan systems for valid accounts. These accounts, of course, can be disabled but if some are enabled they can just start firing off random passwords. I can see entries/attempts in our sec log but there is no IP to trace them back to. ******************************************************** This Weeks Sponsor StressedPuppy.com Games Feeling stressed out? Check out our games to relieve your stress. http://www.StressedPuppy.com ******************************************************** To Unsubscribe, set digest or vacation mode or view archives use the below link. http://thethin.net/win2000list.cfm