Snort 126:3 rule Warning on Umbrel

Hi there,
I got this notification from Snort IDS I have installed on my firewall.
The rule is 126:3 and reports as: (ftp_telnet) Telnet Subnegotiation Begin Command without Subnegotiation End

It is generating communication from my Umbrel device to an external IP.
The external port it is connecting to is 23, which is commonly used for telnet communications.

The IP seems to be hosted by: Qwest Communications International

Apps I am running:

  • bitcoin
  • bluewallet
  • circuitbreaker
  • electrs
  • lightning
  • lightning-terminal
  • lnmarkets
  • lnplus
  • mempool
  • thunderhub
  • torq

Is this normal? Expected from any of these apps? Any recommendations?

Thanks in advance :slight_smile:

I believe that’s just Tor, but I’ll try confirm

1 Like