Courtney INSTALL file

Here's the quick way to get courtney installed and running:

1)	Get libpcap and tcpdump from ftp.ee.lbl.gov, patch them,
	and compile them according to their instruction files.

2)	Get perl5 from ftp.uu.net and compile it according to
        its instructions.

3)      As root, start courtney with the command

             ./courtney.pl &

By default, attacks will be logged via syslog at the "ALERT" 
logging level.


OSF/1 -- DIGITAL UNIX  
---------------------
"tcpdump: long jumps not supported"
-----
Notes for running Courtney V1.2 on the Digital AXP under Digital UNIX.
To prevent tcpdump from dying with "tcpdump: long jumps not supported":

  1) Remove sunrpc and tcpmux or substitute their values. 
     These ports are not defined under Digital UNIX.
  2) Remove 
        ports "1 or 10 or 100 or 1000 or 5000" and 
        ports "6001 or 6002 or 6010 or 6011 or 6012" 
     from the tcpdump filter. There must be too many options.
     

The following changes are shown below in the following courtney.pl 
code snipit.

FROM:

<open (TCPDUMP, "$tcpdump '\
<    (icmp[0] == 8 ) or \
<    (port sunrpc) or \
<    ((port (1 or 10 or 100 or 1000 or 5000 or 10000 or 20000 or 30000) or \
<      (port (6000 or 6001 or 6002 or 6010 or 6011 or 6012)) ) and \
<      (tcp[13] & 18 == 2) )  or \
<    (port (tcpmux or \
<           echo or \
<           discard or \
<           systat or \
         ... other stuff ...

TO:

>open (TCPDUMP, "$tcpdump '\
>    (icmp[0] == 8 ) or \
>    ((port (10000 or 20000 or 30000) or \
>      (port (6000))  ) and \
>      (tcp[13] & 18 == 2) )  or \
>    (port (  \
>           echo or \
>           discard or \
>           systat or \
         ... other stuff ...

