#Alert ver 1.4.2

FILES:
----------------------------------------------------------------

README		This document that you are reading now.
alert.sh	The actual alert script that does all the work.
		This is also your User Defined Alert.
install.sh	Installation script that sets everything up.
test.sh         Test script to verify your configuration when you are 
		all done.
examples	Directory containing examples of advance features.



INSTALLATION:
Installation is very simple.  First, move these files to the 
directory you want to install the IDS Alert script to.  One 
idea is /home/fwadmin/alert_1.4.2.  All logging will happen in that 
directory (log files are small, less then 1MB).  Then run the 
installation script install.sh and follow the instructions.  
Thats it!  


WHATS NEW:
- VER 1.4.3
The function TrackDown has been removed.  This function determined
the email address of the Admin of remote systems scanning your network
and would email them a warning.  This functionality has been removed
due to modifications and greater complexity of the whois database. If
you would like to develop such functionality, PLEASE let me know.
Thanks to Chris Whiting <Chrisw@mckibbon.com> for pointing this out.

- VER 1.4.2
"Generalized" alert.sh script so it can run on almost
all Unix platforms, including Solaris, Linux, and Nokia

- VER 1.4.1
Fixed a 'number' bug.  Each scan would repeatedly be counted
as 1.  Thanks to Karim Amrani <kamrani@cogelog.com> for pointing
this out.

- VER 1.4
Improve performance by exiting sooner on meeting scan limit.
Updated $services variable to recognize ICMP and specific
NATed traffic.

- VER 1.3
Reorganized code so it is much faster.  Larger organizations will
see the greatest speed improvement.

- VER 1.2.1
Cleaned up $message and $send in PHASE 4 function.
Added this under GPL license.

- VER 1.2
Streamlined code, easier to read and add your own modules, ie. functions().
Optional automatic blocking, block the source that is scanning you.



DOCUMENTATION
You can find full documentation online at
http://www.enteract.com/~lspitz/intrusion.html


LICENSE
Distributed under the terms of this General Public License
http://www.gnu.org/copyleft/gpl.html

If you have any recommendations or corrections for this script, or FW-1
alerts in general, I would love to hear from you.

Thanks!

Lance Spitzner, lance@spitzner.net
http://www.enteract.com/~lspitz/papers.html
