Snort mailing list archives
Tuning guidelines/HOWTO for flow-portscan anyone?
From: "McCash, John" <John.McCash () andrew com>
Date: Tue, 18 May 2004 10:23:08 -0500
Hi All, There's been a bit of discussion on the list about flow-portscan, most of it negative. From what I've seen, however, it doesn't appear that anyone knows how to tune this beast. Please correct me if I'm wrong here. The only positive commentary seems to have been from those for whom the default settings, or other defaults posted here by various parties, work. Does anybody have a set of rules of thumb for how to get flow-portscan tuned properly? Or has everyone just given up on it, and gone back to portscan2 until flow-portscan becomes soup? Thanks lots John ------------------------------------------------------------------------------------------------ This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any unauthorized use of this email is prohibited. ------------------------------------------------------------------------------------------------ [mf2] ------------------------------------------------------- This SF.Net email is sponsored by: SourceForge.net Broadband Sign-up now for SourceForge Broadband and get the fastest 6.0/768 connection for only $19.95/mo for the first 3 months! http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Tuning guidelines/HOWTO for flow-portscan anyone? McCash, John (May 18)