I'm tracking down an individual that has attacked both my personal site, as well as one of my customers' sites. In this particular attempt, when his 'normal' site was blocked by IP address, he immediately started to use dial-up sites all over his local area, then ranged further into the US. On my system, he had installed a password sniffer. I suspect that this was a common mode of operation for him. Naturally, I logged all of the attempts at the router level. I emailed the logs to the origin ISPs, and (with one notable exception) was met with huge indifference. In the queries, I am asking only for a confirm/deny of the user's name - I am not asking the ISP's involved to release the name of the dialup users. That, of course, will come later. Right now, I'm just trying to confirm that the same individual is launching the attacks. A police report has been filed, and a restraining order will be served tommorow. What's a better way to ask for, and obtain log information in a timely fashion? Wait 6 months for a court trial, when everyone has purged their logs? Clues would be appreciated. -- Dave Rand dlr@bungi.com http://www.bungi.com