hi,

first of all sorry for my english.

nearly daily one hears messages over compromite computers in all world, times small companies or also unix-project-server or also still much different one.

the aggressors will be mostly determined never.

Which are all measures around a break-down to determine, log files naturally, but which exactly. That depends naturally on the services and the infrastructure. But perhaps generally which is everywhere possible and which can be possible.

In the log files it stands ip's and time-entered with which one identify a hacker. Naturally only if it´s the real IP. This is kept anonymous usually with proxy or socks. But as these 2 possibilities are safe, and give it perhaps more ?.

would be grateful over each experience and assistance by you

Honeypots and honeynets can reveal more info about the attacker and thier activities. Sometimes revealing a handle you can start tracing.

If something on your network has already been compromised you can use that to your advantage by making it into a honeypot and watching his activities.

Any type of IDS system would help.

Sometimes files dropped and other things can lead to clues on who he is. He may brag about it to his friends as well.

Sorry, this normally would be alot longer and detailed but I am really tired today.

Check the event log if a windows system was compromised. A few programs create logs in the event log with some detailed information on the attacker, such sa Dameware Mini Remote Control which is a popular tool. But as gman24 said, setting up a honeypot on your network is the ultimate "venus trap" in catching out unwanted access.

U can log all lan/wan activity , it's another good source of informations. U can use Tcpview from Sysinternals.com .

U never find the ip of your attacker, except it's a newb', but u can observe which ports are compromized.

Enjoy !