Path: utzoo!attcan!uunet!peregrine!elroy!aero!sunburn!donndeli
From: donndeli@sunburn.aero.org (James Donndelinger)
Newsgroups: comp.protocols.appletalk
Subject: Monitor Program
Message-ID: <49509@aerospace.AERO.ORG>
Date: 14 Apr 89 21:57:18 GMT
Sender: news@aerospace.aero.org
Reply-To: donndeli@aerospace.aero.org (James Donndelinger)
Organization: The Aerospace Corporation, El Segundo, CA
Lines: 10

I haven't received any responses on a monitor program so I thought I
would rephrase the question.  What I'm really looking for is the
capability to examine packets to determine: if someone is attempting
to guess login IDs or passwords, and if there is any unusual activity
from a given account (i.e. a hacker has broken into an account and is
attempting to do things the legitimate user has never or rarely done).
Any information or pointers to information you can supply would be
greatly appreciated. 

~Jim