I'm getting too many UFW blocks

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
Kyowash
Level 3
Level 3
Posts: 106
Joined: Mon Sep 25, 2017 1:22 pm
Location: /dev/full

I'm getting too many UFW blocks

Post by Kyowash » Thu Feb 15, 2018 2:47 pm

I noticed a lot of UFW BLOCK entries in the /var/log/syslog file:

Code: Select all

Feb 15 19:24:18 linuxmint kernel: [  387.893548] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55738 DF PROTO=TCP SPT=59146 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:24:33 linuxmint kernel: [  402.287662] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31068 DF PROTO=TCP SPT=59147 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:24:39 linuxmint kernel: [  408.077110] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15812 DF PROTO=TCP SPT=59148 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:24:59 linuxmint kernel: [  428.965558] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4259 DF PROTO=TCP SPT=59149 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:25:19 linuxmint kernel: [  448.970117] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52571 DF PROTO=TCP SPT=59150 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:25:40 linuxmint kernel: [  469.039877] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15378 DF PROTO=TCP SPT=59151 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:25:59 linuxmint kernel: [  488.976889] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=42245 DF PROTO=TCP SPT=59152 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:26:19 linuxmint kernel: [  508.949522] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=15312 DF PROTO=TCP SPT=59153 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:26:40 linuxmint kernel: [  529.014449] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=33868 DF PROTO=TCP SPT=59154 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:01 linuxmint kernel: [  550.922648] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29002 DF PROTO=TCP SPT=59155 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:21 linuxmint kernel: [  570.855323] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=14124 DF PROTO=TCP SPT=59156 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:52 linuxmint kernel: [  601.475590] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=63908 DF PROTO=TCP SPT=59157 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:27:52 linuxmint kernel: [  601.830366] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=61026 DF PROTO=TCP SPT=59158 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0 
Feb 15 19:28:02 linuxmint kernel: [  611.947608] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC address] SRC=192.168.0.1 DST=192.168.0.157 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=2582 DF PROTO=TCP SPT=59159 DPT=2869 WINDOW=14600 RES=0x00 SYN URGP=0
192.168.0.1 is my router's IP address. Rarely the traffic comes from a different address:

Code: Select all

Feb 15 19:18:35 linuxmint kernel: [   44.295124] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC] SRC=69.50.130.31 DST=192.168.0.157 LEN=568 TOS=0x00 PREC=0x00 TTL=48 ID=43558 DF PROTO=TCP SPT=80 DPT=49315 WINDOW=63 RES=0x00 ACK PSH URGP=0
Feb 15 19:18:51 linuxmint kernel: [   60.439163] [UFW BLOCK] IN=enp3s0 OUT= MAC=[my MAC] SRC=69.50.130.31 DST=192.168.0.157 LEN=568 TOS=0x00 PREC=0x00 TTL=48 ID=43559 DF PROTO=TCP SPT=80 DPT=49315 WINDOW=63 RES=0x00 ACK PSH URGP=0
What should I do about it?

User avatar
littlehuman
Level 1
Level 1
Posts: 43
Joined: Sun Jan 07, 2018 7:41 pm

Re: I'm getting too many UFW blocks

Post by littlehuman » Sat Feb 17, 2018 9:34 am

Regarding the lot of blocked connections from your gateway to your computer on tcp/2869, it might be due to UPnP requests.
You should check your router config and consider disabling UPnP in if you do not absolutely need it, as this can be a security risk.
This should eliminate the above requests from your gateway to your computer.

Here is a good article on this => https://www.howtogeek.com/122487/htg-ex ... rity-risk/
A the bottom of the article, Should You Disable UPnP? explains pretty well whether or not you should disable it and what it implies.
"Bruce Schneier taught Chuck Norris how to divide by zero as they stood silent in an elevator" - schneierfacts.com

Post Reply

Return to “Other networking topics”