[Snort-users] Flow Portscan

James Ashton James at ...11713...
Sat May 29 12:52:04 EDT 2004


Does anyone know of any documentation on setting up flow-portscan in a
high traffic network.

I am receiving several alerts in my DB. Here are 2

Sliding Scale Talker Limit Exceeded
And
Fixed Talker Limit Exceeded


I can only assume that this is kind of an error message telling me to
raise a limit somewhere.. But there is no sliding scale talker limit
variable in flow-portscan.

I want to migrate to flow from portscan2 but I need to actually get some
results first...

Anyone have a sample config for a network that does 150 to 200 Mb/s of
mainly web traffic???






More information about the Snort-users mailing list