People come up with great ideas for the alert.sh 
script. Unfortunately, I cannot include all
of them, but I didn't want you to miss out 
on the ideas.  So, I've included them here.
If you have any ideas of your own, please send
them to me so other people can learn about them.
Lance Spitzner <lance@spitzner.net>


##### alert_sam.sh
By Aaron D. Turner <aturner@vicinity.com>
His script incorporates advance examples of sam
capabilities of FW1.  Excellent source for 
examples on how to use sam.


##### email.txt 
Example of an email you can send to sites that
are scanning you.


##### ip_icmp.h
Read the source.  Best way to learn what all those
ICMP types/codes are.  I setup my alert.sh to
include this header file with any ICMP alerts so
I can easily tell what ICMP packet is what.  I just
added the following code to the bottom of my
script (you may want to edit ip_icmp.h)

### Send email alert and save log to alert.log
if [ "$icmp_check" -eq 1 ];then
        cat $dir/examples/ip_icmp.h >> $send
fi

##### icmp-iana.txt
ICMP types and code descriptions taken from IANA 
http://www.isi.edu/in-notes/iana/assignments/icmp-parameters


##### nmap-services 
nmap, the scanning tool of choice.  nmap-services, 
best place to learn which ports are what services.
Taken from version nmap V. 2.30BETA17 
http://www.insecure.org/nmap


##### Building Packets 
If you want to test your firewall, you will need
to build your own packets.  The best tools I have
found for this is Nemesis and hping2.  From the 
command line, you can build TCP/UDP/ICMP/ and other 
packets.  I highly recommend these great tools!

Nemesis
http://celerity.bartoli.org/projects/nemesis.html

Hping2
http://www.eaglenet.org/antirez/hping2.html
