Tuning guidelines/HOWTO for flow-portscan anyone?

["McCash, John" <John.McCash () andrew com>]

Hi All,
        There's been a bit of discussion on the list about flow-portscan, most of it negative. From what I've seen, 
however, it doesn't appear that anyone knows how to tune this beast. Please correct me if I'm wrong here. The only 
positive commentary seems to have been from those for whom the default settings, or other defaults posted here by 
various parties, work. Does anybody have a set of rules of thumb for how to get flow-portscan tuned properly?

        Or has everyone just given up on it, and gone back to portscan2 until flow-portscan becomes soup?
                Thanks lots
                        John
------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]


-------------------------------------------------------
This SF.Net email is sponsored by: SourceForge.net Broadband
Sign-up now for SourceForge Broadband and get the fastest
6.0/768 connection for only $19.95/mo for the first 3 months!
http://ads.osdn.com/?ad_id%62&alloc_ida84&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users