Join Log in
Score:0
Chestnut Rice avatar Ubuntu

I am receiving Dozens of [UFW BLOCK] Messages each second on my syslogs server

sk flag
Chestnut Rice

I have a Ubuntu server running currently that has suddenly seen a striking drop in incoming traffic after many months of a high average. I have noticed in my logs that dozens upon dozens of UFW Block messages are generated each minute of a similar kind. You can see the same below.

Nov 15 14:27:23 instance-1 kernel: [163291.543066] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=34658 DF PROTO=TCP SPT=33842 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0 
Nov 15 14:27:42 instance-1 kernel: [163310.995951] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=26888 DF PROTO=TCP SPT=33866 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:28:04 instance-1 kernel: [163332.872929] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.9.80.225 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=20671 DF PROTO=TCP SPT=53912 DPT=443 WINDOW=78 RES=0x00 ACK RST URGP=0 
Nov 15 14:28:22 instance-1 kernel: [163351.244056] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=50298 DF PROTO=TCP SPT=33920 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0 
Nov 15 14:28:43 instance-1 kernel: [163371.603557] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=22370 DF PROTO=TCP SPT=59386 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:29:03 instance-1 kernel: [163391.555748] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=63536 DF PROTO=TCP SPT=33966 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0 
Nov 15 14:29:22 instance-1 kernel: [163411.282287] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=21342 DF PROTO=TCP SPT=33992 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0 
Nov 15 14:29:43 instance-1 kernel: [163431.696134] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=26408 DF PROTO=TCP SPT=59452 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:30:02 instance-1 kernel: [163451.054888] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=9973 DF PROTO=TCP SPT=34044 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:30:23 instance-1 kernel: [163472.053652] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=63549 DF PROTO=TCP SPT=59502 DPT=443 WINDOW=408 RES=0x00 ACK RST URGP=0 
Nov 15 14:30:43 instance-1 kernel: [163491.764167] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=33918 DF PROTO=TCP SPT=34094 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0 
Nov 15 14:31:03 instance-1 kernel: [163511.668000] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=14829 DF PROTO=TCP SPT=34122 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0 
Nov 15 14:31:23 instance-1 kernel: [163532.325401] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=34162 DF PROTO=TCP SPT=59572 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:31:44 instance-1 kernel: [163552.837822] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=29658 DF PROTO=TCP SPT=59590 DPT=443 WINDOW=408 RES=0x00 ACK RST URGP=0 
Nov 15 14:32:03 instance-1 kernel: [163572.375370] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=15828 DF PROTO=TCP SPT=34202 DPT=443 WINDOW=409 RES=0x00 ACK RST URGP=0 
Nov 15 14:32:22 instance-1 kernel: [163591.109170] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=16812 DF PROTO=TCP SPT=47858 DPT=443 WINDOW=192 RES=0x00 ACK RST URGP=0 
Nov 15 14:32:43 instance-1 kernel: [163612.004351] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=2666 DF PROTO=TCP SPT=34256 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:33:03 instance-1 kernel: [163632.189419] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=27812 DF PROTO=TCP SPT=34278 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:33:23 instance-1 kernel: [163652.203641] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=22986 DF PROTO=TCP SPT=47938 DPT=443 WINDOW=186 RES=0x00 ACK RST URGP=0 
Nov 15 14:33:43 instance-1 kernel: [163672.376794] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=17200 DF PROTO=TCP SPT=34326 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:34:03 instance-1 kernel: [163692.273798] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=21450 DF PROTO=TCP SPT=34350 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:34:24 instance-1 kernel: [163712.542638] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=35389 DF PROTO=TCP SPT=48004 DPT=443 WINDOW=192 RES=0x00 ACK RST URGP=0 
Nov 15 14:34:42 instance-1 kernel: [163731.424731] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=4339 DF PROTO=TCP SPT=59778 DPT=443 WINDOW=408 RES=0x00 ACK RST URGP=0 
Nov 15 14:35:04 instance-1 kernel: [163752.927110] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=47.31.199.60 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=53 ID=26752 DF PROTO=TCP SPT=48048 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0 
Nov 15 14:35:22 instance-1 kernel: [163770.767014] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=58 ID=15706 DF PROTO=TCP SPT=22462 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0 
Nov 15 14:35:42 instance-1 kernel: [163790.879044] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=37719 DF PROTO=TCP SPT=22499 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0 
Nov 15 14:36:03 instance-1 kernel: [163811.659551] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=34893 DF PROTO=TCP SPT=10170 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0 
Nov 15 14:36:22 instance-1 kernel: [163830.662021] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=63671 DF PROTO=TCP SPT=59888 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:36:43 instance-1 kernel: [163851.881254] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=30595 DF PROTO=TCP SPT=10199 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0 
Nov 15 14:37:03 instance-1 kernel: [163871.873084] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=56 ID=44464 DF PROTO=TCP SPT=20374 DPT=443 WINDOW=191 RES=0x00 ACK RST URGP=0 
Nov 15 14:37:23 instance-1 kernel: [163891.804772] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=206.84.239.227 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=60 ID=13501 DF PROTO=TCP SPT=34614 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0 
Nov 15 14:37:42 instance-1 kernel: [163911.030568] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=106.78.52.214 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=52374 DF PROTO=TCP SPT=20382 DPT=443 WINDOW=186 RES=0x00 ACK RST URGP=0 
Nov 15 14:38:03 instance-1 kernel: [163932.148186] [UFW BLOCK] IN=ens4 OUT= MAC=42:01:0a:80:00:06:42:01:0a:80:00:01:08:00 SRC=92.204.187.202 DST=10.128.0.6 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=55187 DF PROTO=TCP SPT=60000 DPT=443 WINDOW=398 RES=0x00 ACK RST URGP=0

I am unsure as to what these UFW Blocks are and what they are blocking. If anyone could help me figure out if this is what is blocking my traffic or if this is causing any other issues as well as how to fix it it would be very helpful.

Thank you very much!

46
0 + 5
ufw
log
uz flag
Jos
Do you run a web server on that system? And is its internal IP address 10.128.0.6? In that case, you are blocking legitimate requests (to port 443, so HTTPS requests).
0
Reply
uz flag
Jos
Do `sudo ufw status` to find out the current status of your firewall and its rules.
0
Reply
Chestnut Rice avatar
sk flag
Chestnut Rice
@Jos hey! Thank you very much for responding. That is the correct internal IP for my server. I have turned off the UFW completely, would that possibly help in this situation?
0
Reply
Doug Smythies avatar
gn flag
Doug Smythies
Those are TCP reset packets and they do not interfere with legitimate traffic. See also [here](https://askubuntu.com/questions/914031/ubuntu-ufw-blocks-port-even-though-it-is-enabled/914312#914312).
1
Reply
uz flag
Jos
Well spotted, @DougSmythies.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.