We have installed BRO in our campus and it is working fine. We are exploring the detection capability of BRO. It detects scanning and generating alarm but only once for particular ip address, may be after that it is dropping packets from those particular ip address who have scanned the network. If is it, how we can stop bro for not dropping packets. If there is any configuration please let us know. We have gone through the document on the site, but we did not get exacty what to do.
please reply with some explanation …
Failure is success if we learn from it