jvogel at ...8466...
Thu Aug 12 05:39:02 EDT 2004
I tested flow-portscan.
Is it normal that snort detect a "scanner limit" only that the
server-learning-time is exceeded.
If i set server-learning-time to 360 and scan from a client to the server it
5min "Talker Limits" and after this time "Scanner Limits"
If this is normal and i use the default value 28800 i will get 8 hours
"Talker Limits" instead of "Scanner Limits"?
Which sense make the sliding scale?
Thx for info
More information about the Snort-users