Hey everyone, I've encountered tor relay traffic over port 21 is triggering some (overly aggressive?) snort rules. Our ISP recently sent us a slew of snort warnings that were triggered by our obfsproxies creating circuits with tor relays that run on port 21 (I've confirmed this). The warnings are of the form: ftp_pp: Telnet command on FTP command channel [**] [Classification: Generic Protocol Command Decode] [Priority: 3] ftp_pp: FTP response length overflow [**] [Classification: Attempted User Privilege Gain] [Priority: 1] {TCP} ftp_pp: Evasive Telnet command on FTP command channel [**] [Classification: Potentially Bad Traffic] [Priority: 2] (Lawl.) They described the quantity as "overwhelming." I have no idea if this rule is enabled by default or configurable in some way. I am not familiar with snort. Has anyone ever encountered this before? If encrypted relay traffic to port 21 does indeed trigger these widely distributed warnings, it might be a good idea for "best practices" to suggest avoiding relays on this port. Thanks.