[Snort-users] Tuning guidelines/HOWTO for flow-portscan anyone?

McCash, John John.McCash at ...10979...
Tue May 18 08:24:09 EDT 2004


Hi All,
	There's been a bit of discussion on the list about flow-portscan, most of it negative. From what I've seen, however, it doesn't appear that anyone knows how to tune this beast. Please correct me if I'm wrong here. The only positive commentary seems to have been from those for whom the default settings, or other defaults posted here by various parties, work. Does anybody have a set of rules of thumb for how to get flow-portscan tuned properly?

	Or has everyone just given up on it, and gone back to portscan2 until flow-portscan becomes soup?
		Thanks lots
			John
------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]




More information about the Snort-users mailing list