Snort , quit logging that port!
 

Hello,

I recently set up snort and i'm trying to set up a custom snort.conf file as much as possible. The first problem I encountered is that snort keeps logging about a dozen port 13(daytime) connections to my computer every 10 minutes. (Does anyone know the cause of this??)

Either way this is what it looks like:

==> TCP:2375-13 <==
12/08-17:25:13.319544 64.12.*.105:13 -> 10.51.1.100:2375
TCP TTL:110 TOS:0x0 ID:44540 IpLen:20 DgmLen:40 DF
***A**** Seq: 0xF16C8C Ack: 0x7F5B8F5A Win: 0x4000 TcpLen: 20
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+


My computer being the private address. And here is my snort.conf entry for this problem.

pass tcp any 13 -> $HOME_NET any

Should I use something other than 'pass'?


I appreciate any responses, much thanks

Cheers

stakhous