portscan2 vs portscan

["Fred McFeeters" <nfolink () hotmail com>]

Do I need to use both?

 

Thanks to this list I was able to stop false positives from portscan2 by
using portscan2-ignoreports-to 80 but I'm still getting a lot of false
positives from portscan when I look at the log's and packet I only see a
source address, it lists the destination address as unknown with no source
or destination ports.

 

Thanks

 

Fred McFeeters

 

p.s sorry for the newbie questions