ufw log files
Feb 17 06:25:42 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=178.83.61.33 DST=178.79.166.61 LEN=56 TOS=0x00 PREC=0x00 TTL=54 ID=49204 DF PROTO=TCP SPT=32858 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
Feb 17 06:57:53 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=178.198.109.232 DST=178.79.166.61 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=31963 DF PROTO=TCP SPT=54030 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
Feb 17 07:27:00 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=178.239.224.217 DST=178.79.166.61 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=33001 DF PROTO=TCP SPT=4316 DPT=23 WINDOW=5808 RES=0x00 CWR ECE SYN URGP=0
Feb 17 08:02:01 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=61.235.46.146 DST=178.79.166.61 LEN=404 TOS=0x00 PREC=0x00 TTL=115 ID=38879 PROTO=UDP SPT=2041 DPT=1434 LEN=384
Feb 17 08:11:12 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=178.26.1.0 DST=178.79.166.61 LEN=56 TOS=0x00 PREC=0x00 TTL=55 ID=32543 DF PROTO=TCP SPT=48303 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
Feb 17 08:12:12 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=95.102.170.179 DST=178.79.166.61 LEN=64 TOS=0x00 PREC=0x00 TTL=33 ID=20689 DF PROTO=TCP SPT=2558 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Feb 17 08:12:15 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=95.102.170.179 DST=178.79.166.61 LEN=64 TOS=0x00 PREC=0x00 TTL=33 ID=21323 DF PROTO=TCP SPT=2558 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Feb 17 08:17:36 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=178.79.52.191 DST=178.79.166.61 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=57232 DF PROTO=TCP SPT=1760 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Feb 17 08:17:39 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=178.79.52.191 DST=178.79.166.61 LEN=64 TOS=0x00 PREC=0x00 TTL=37 ID=57610 DF PROTO=TCP SPT=1760 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0
Feb 17 08:52:06 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=178.83.16.176 DST=178.79.166.61 LEN=56 TOS=0x00 PREC=0x00 TTL=54 ID=31272 DF PROTO=TCP SPT=37127 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
Feb 17 08:56:50 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=29831 PROTO=UDP SPT=16474 DPT=551 LEN=41
Feb 17 08:56:51 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=29853 PROTO=UDP SPT=16474 DPT=551 LEN=41
Feb 17 08:56:54 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=29897 PROTO=UDP SPT=16474 DPT=551 LEN=41
Feb 17 08:57:00 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=29973 PROTO=UDP SPT=16474 DPT=551 LEN=41
Feb 17 08:58:27 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=31176 PROTO=UDP SPT=47599 DPT=551 LEN=41
Feb 17 08:58:28 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=31186 PROTO=UDP SPT=47599 DPT=551 LEN=41
Feb 17 08:58:31 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=31240 PROTO=UDP SPT=47599 DPT=551 LEN=41
Feb 17 08:58:37 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=31323 PROTO=UDP SPT=47599 DPT=551 LEN=41
Feb 17 09:01:16 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=95 TOS=0x00 PREC=0x00 TTL=115 ID=33257 PROTO=UDP SPT=36112 DPT=551 LEN=75
Feb 17 09:03:19 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=34623 PROTO=UDP SPT=11325 DPT=551 LEN=41
Feb 17 09:03:20 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=34626 PROTO=UDP SPT=11325 DPT=551 LEN=41
Feb 17 09:03:23 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=34660 PROTO=UDP SPT=11325 DPT=551 LEN=41
Feb 17 09:03:29 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.7.61 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=115 ID=34712 PROTO=UDP SPT=11325 DPT=551 LEN=41
Feb 17 09:16:38 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=44537 DF PROTO=TCP SPT=20349 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:16:41 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=44566 DF PROTO=TCP SPT=20349 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:16:47 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=44629 DF PROTO=TCP SPT=20349 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:17:46 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=175.181.106.193 DST=178.79.166.61 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=56947 DF PROTO=TCP SPT=1510 DPT=1080 WINDOW=512 RES=0x00 SYN URGP=0
Feb 17 09:17:52 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=7815 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:17:54 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=7847 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:17:57 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=7900 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:18:03 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=8061 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:19:34 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=46531 DF PROTO=TCP SPT=19992 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:19:34 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=10234 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:19:36 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=10263 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:19:37 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=46562 DF PROTO=TCP SPT=19992 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:19:39 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=10332 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:19:43 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=46626 DF PROTO=TCP SPT=19992 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:19:45 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=10452 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:20:23 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=95 TOS=0x00 PREC=0x00 TTL=117 ID=11311 PROTO=UDP SPT=12157 DPT=551 LEN=75
Feb 17 09:24:20 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=50378 DF PROTO=TCP SPT=54088 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:24:23 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=50411 DF PROTO=TCP SPT=54088 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:24:29 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=195.161.25.61 DST=178.79.166.61 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=50480 DF PROTO=TCP SPT=54088 DPT=551 WINDOW=65535 RES=0x00 SYN URGP=0
Feb 17 09:25:31 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=18150 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:25:33 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=18171 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:25:36 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=18227 PROTO=UDP SPT=12157 DPT=551 LEN=41
Feb 17 09:25:42 plato kernel: [UFW BLOCK] IN=eth0 OUT= MAC=fe:fd:b2:4f:a6:3d:88:43:e1:a3:fa:7f:08:00 SRC=188.162.153.71 DST=178.79.166.61 LEN=61 TOS=0x00 PREC=0x00 TTL=117 ID=18333 PROTO=UDP SPT=12157 DPT=551 LEN=41
Can anyone tell me what they mean? Is someone doing a scan on my ports?
9 Replies
this list
Do I have to enable anything in the firewall to enable linode monitoring?
Seems like a dumb move on UFW's part…
> logs all blocked packets not matching the default policy (with rate limiting), as well as packets matching logged rules
So it shouldn't generally be logging a whole heck of a lot by default (if the default policy is 'deny' and there's no specifically-logged rules). It can, of course, be configured to the administrator's wishes.
@Guspaz:
It wasn't the typical scenario I was thinking about, but the attack vector scenario. If somebody decides to send you a chunk of blocked traffic, your log files would fill up fast.
It may have been tuned a little differently in the latest version (I'm still on 8.04) but my ufw-generated LOG rules use rate-limiting (as hoopycat mentioned) with a limit of "avg 3/min burst 10", so it's not really going to log very much even with a targeted attack.
– David