How many ports is considered a portsweep/portscan?

[James Lay <jlay () slave-tothe-box net>]

Subject pretty much says it all...there are certain machines that I want to
be able to detect a portsweep or scan, but not when they scan say 4 or 5
ports like booting up with netbios checking out other machines on a network
(I think that¹s why I¹m seeing these FP¹s).  Sfportscan is set to low, but
I¹m not sure what else I can set?  Thanks all.

James

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users