Firewall Logs

#1

Since few days I see something in my firewall logs that I don’t understand.
it seems that my private IP try to reach some public IPs based in China, Ukraine etc
Any idea ? :thinking:

root@poc:~# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      693/sshd            
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      661/nginx: master p 
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      661/nginx: master p 
tcp6       0      0 :::22                   :::*                    LISTEN      693/sshd            
tcp6       0      0 :::80                   :::*                    LISTEN      661/nginx: master p 
tcp6       0      0 :::443                  :::*                    LISTEN      661/nginx: master p 
udp        0      0 0.0.0.0:68              0.0.0.0:*                           434/dhclient     
Allow IN
22
80
443

Allow OUT
53
80
443
May 21 11:58:56 poc kernel: [ 8084.597845] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=142.252.253.38 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=29482 DF PROTO=TCP SPT=80 DPT=46339 WINDOW=32160 RES=0x00 ACK FIN URGP=0 
May 21 22:52:33 poc kernel: [47301.637369] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=60.191.0.244 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=43697 DF PROTO=TCP SPT=80 DPT=24144 WINDOW=229 RES=0x00 ACK FIN URGP=0 
May 21 23:03:21 poc kernel: [47948.807178] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=60.191.23.59 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=63318 DF PROTO=TCP SPT=443 DPT=38935 WINDOW=237 RES=0x00 ACK FIN URGP=0 
May 22 01:08:04 poc kernel: [55432.189851] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=175.19.128.222 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=34026 DF PROTO=TCP SPT=80 DPT=4703 WINDOW=30016 RES=0x00 ACK FIN URGP=0 
May 22 11:39:50 poc kernel: [93337.563849] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=46.149.90.50 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=56593 WINDOW=0 RES=0x00 RST URGP=0 
May 22 14:39:00 poc kernel: [104087.831688] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=5.251.166.123 LEN=40 TOS=0x00 PREC=0x20 TTL=64 ID=0 DF PROTO=TCP SPT=80 DPT=63701 WINDOW=0 RES=0x00 RST URGP=0 
May 22 17:14:13 poc kernel: [  150.649622] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=151.61.92.196 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=28699 DF PROTO=TCP SPT=80 DPT=52855 WINDOW=229 RES=0x00 ACK FIN URGP=0
May 22 18:14:16 poc kernel: [ 3753.076201] [UFW BLOCK] IN= OUT=ens2 SRC=10.64.xx.xx DST=102.185.100.221 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=19141 DF PROTO=TCP SPT=80 DPT=52079 WINDOW=229 RES=0x00 ACK FIN URGP=0