This message is flooding my syslog, how to find where it comes from?Problems allowing outgoing multicast in ufwWhy is ufw logging 'BLOCK' messages regarding a port for which ufw is configured to 'ALLOW' connections?Apache Timeout (Problem loading page) on localhostsyslog error message eating up my HD with wireless messageWhat does this terminal message mean?From where comes /run/resolvconf/interface/eth0.dhclient fileUFW setup for OpenVPN serverHow to find what's dumping to syslog?What's blocking public access to Ubuntu web server?UFW blocking upnp port mapping
Why do rocket engines use nitrogen actuators to operate the fuel/oxidiser valves instead of electric servos?
Why is Heisenberg shown dead in Negro y Azul?
Are the related objects in an SOQL query shared?
“The Fourier transform cannot measure two phases at the same frequency.” Why not?
Is space radiation a risk for space film photography, and how is this prevented?
Is it okay to use different fingers every time while playing a song on keyboard? Is it considered a bad practice?
Piece de Resistance - Introduction & Ace and A's
Would the shaking of an earthquake be visible to somebody in a low-flying aircraft?
What does Argus Filch specifically do?
conditional probability of dependent random variables
Repeated! Factorials!
Should I use (1,3) or (1-3) or (4)?
The Game of the Century - why didn't Byrne take the rook after he forked Fischer?
Need reasons why a satellite network would not work
Is there a command-line tool for converting html files to pdf?
Getting Lost in the Caves of Chaos
Broken bottom bracket?
Why do dragons like shiny stuff?
How to increase Solr JVM memory
…down the primrose path
How do people drown while wearing a life jacket?
Is a switch from R to Python worth it?
C# TCP server/client class
What is the difference between "un plan" and "une carte" (in the context of map)?
This message is flooding my syslog, how to find where it comes from?
Problems allowing outgoing multicast in ufwWhy is ufw logging 'BLOCK' messages regarding a port for which ufw is configured to 'ALLOW' connections?Apache Timeout (Problem loading page) on localhostsyslog error message eating up my HD with wireless messageWhat does this terminal message mean?From where comes /run/resolvconf/interface/eth0.dhclient fileUFW setup for OpenVPN serverHow to find what's dumping to syslog?What's blocking public access to Ubuntu web server?UFW blocking upnp port mapping
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
When I run dmesg
this comes up every second or so:
[22661.447946] [UFW BLOCK] IN=eth0 OUT= MAC=ee:54:32:37:94:5f:f0:4b:3a:4f:80:30:08:00 SRC=35.162.106.154 DST=104.248.41.4 LEN=40 TOS=0x00 PREC=0x00 TTL=37 ID=52549 DF PROTO=TCP SPT=25 DPT=50616 WINDOW=0 RES=0x00 RST URGP=0
How can I trace what is causing this message?
networking
add a comment |
When I run dmesg
this comes up every second or so:
[22661.447946] [UFW BLOCK] IN=eth0 OUT= MAC=ee:54:32:37:94:5f:f0:4b:3a:4f:80:30:08:00 SRC=35.162.106.154 DST=104.248.41.4 LEN=40 TOS=0x00 PREC=0x00 TTL=37 ID=52549 DF PROTO=TCP SPT=25 DPT=50616 WINDOW=0 RES=0x00 RST URGP=0
How can I trace what is causing this message?
networking
1
It is the annoying ufw logging. You can turn it off. It is also possible to configure ufw to use a different log channel, thus it won't contaminate dmesg, but it is very tricky (might require even a little ufw patch).
– peterh
Jul 26 at 19:08
FWIW if you're unfamiliar with UFW, you should probably not have your system connected directly to the internet.
– MooseBoys
Jul 28 at 4:16
add a comment |
When I run dmesg
this comes up every second or so:
[22661.447946] [UFW BLOCK] IN=eth0 OUT= MAC=ee:54:32:37:94:5f:f0:4b:3a:4f:80:30:08:00 SRC=35.162.106.154 DST=104.248.41.4 LEN=40 TOS=0x00 PREC=0x00 TTL=37 ID=52549 DF PROTO=TCP SPT=25 DPT=50616 WINDOW=0 RES=0x00 RST URGP=0
How can I trace what is causing this message?
networking
When I run dmesg
this comes up every second or so:
[22661.447946] [UFW BLOCK] IN=eth0 OUT= MAC=ee:54:32:37:94:5f:f0:4b:3a:4f:80:30:08:00 SRC=35.162.106.154 DST=104.248.41.4 LEN=40 TOS=0x00 PREC=0x00 TTL=37 ID=52549 DF PROTO=TCP SPT=25 DPT=50616 WINDOW=0 RES=0x00 RST URGP=0
How can I trace what is causing this message?
networking
networking
edited Jul 26 at 2:56
Zanna
52.6k14 gold badges149 silver badges250 bronze badges
52.6k14 gold badges149 silver badges250 bronze badges
asked Jul 25 at 11:46
peterretiefpeterretief
9687 silver badges11 bronze badges
9687 silver badges11 bronze badges
1
It is the annoying ufw logging. You can turn it off. It is also possible to configure ufw to use a different log channel, thus it won't contaminate dmesg, but it is very tricky (might require even a little ufw patch).
– peterh
Jul 26 at 19:08
FWIW if you're unfamiliar with UFW, you should probably not have your system connected directly to the internet.
– MooseBoys
Jul 28 at 4:16
add a comment |
1
It is the annoying ufw logging. You can turn it off. It is also possible to configure ufw to use a different log channel, thus it won't contaminate dmesg, but it is very tricky (might require even a little ufw patch).
– peterh
Jul 26 at 19:08
FWIW if you're unfamiliar with UFW, you should probably not have your system connected directly to the internet.
– MooseBoys
Jul 28 at 4:16
1
1
It is the annoying ufw logging. You can turn it off. It is also possible to configure ufw to use a different log channel, thus it won't contaminate dmesg, but it is very tricky (might require even a little ufw patch).
– peterh
Jul 26 at 19:08
It is the annoying ufw logging. You can turn it off. It is also possible to configure ufw to use a different log channel, thus it won't contaminate dmesg, but it is very tricky (might require even a little ufw patch).
– peterh
Jul 26 at 19:08
FWIW if you're unfamiliar with UFW, you should probably not have your system connected directly to the internet.
– MooseBoys
Jul 28 at 4:16
FWIW if you're unfamiliar with UFW, you should probably not have your system connected directly to the internet.
– MooseBoys
Jul 28 at 4:16
add a comment |
2 Answers
2
active
oldest
votes
The existing answer is correct in its technical analysis of the firewall log entry, but it's missing one point that makes the conclusion incorrect. The packet
- Is a
RST
(reset) packet - from
SRC=35.162.106.154
- to your host at
DST=104.248.41.4
- via
TCP
- from his port
SPT=25
- to your port
DPT=50616
- and has been
BLOCK
ed by UFW.
Port 25 (the source port) is commonly used for email. Port 50616 is in the ephemeral port range, meaning there's no consistent user for this port. A TCP "reset" packet can be sent in response to a number of unexpected situations, such as data arriving after a connection has been closed, or data being sent without first establishing a connection.
35.162.106.154
reverse-resolves to cxr.mx.a.cloudfilter.net
, a domain used by the CloudMark email filtering service.
Your computer, or someone pretending to be your computer, is sending data to one of CloudMark's servers. The data is arriving unexpectedly, and the server is responding with a RST
to ask the sending computer to stop. Given that the firewall is dropping the RST
rather than passing it through to some application, the data that's causing the RST
to be sent isn't coming from your computer. Instead, you're probably seeing backscatter from a denial-of-service attack, where the attacker is sending out floods of packets with forged "from" addresses in an attempt to knock CloudMark's mail servers offline (perhaps to make spamming more effective).
3
+1 for the great analysis! I had no idea...
– PerlDuck
Jul 26 at 7:10
add a comment |
The messages stems from UFW, the "uncomplicated firewall" and it tells you that someone
- from
SRC=35.162.106.154
- tried to connect to your host at
DST=104.248.41.4
- via
TCP
- from their port
SPT=25
- to your port
DPT=50616
- and that UFW has successfully
BLOCK
ed that attempt.
According to this site
the source address 35.162.106.154 is some Amazon machine (probably an AWS).
According to this site
the port 50616 may be used for Xsan Filesystem Access.
So it's an attempt from IP=35.162.106.154 to access your files. Quite normal
and nothing to be really worried about because that's what firewalls are for:
rejecting such attempts.
It seems the attempted connection is from an amazon account, port 25 is a mail port should I report this or just ignore it? Spamming my logs
– peterretief
Jul 25 at 12:09
6
@peterretief you can block it at your router; then you won't see it. But it might be wise to report this to your ISP.
– Rinzwind
Jul 25 at 12:11
8
Actually it says „RST“ not „SYN“ so it is a denied outgoing SMTP attempt packet which was filtered out.
– eckes
Jul 26 at 7:40
3
The other answer seems more likely to be correct to me.
– Barmar
Jul 26 at 16:21
5
@Barmar Indeed, and very kindly put. That one should be the accepted answer.
– PerlDuck
Jul 26 at 16:23
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "89"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1160962%2fthis-message-is-flooding-my-syslog-how-to-find-where-it-comes-from%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
The existing answer is correct in its technical analysis of the firewall log entry, but it's missing one point that makes the conclusion incorrect. The packet
- Is a
RST
(reset) packet - from
SRC=35.162.106.154
- to your host at
DST=104.248.41.4
- via
TCP
- from his port
SPT=25
- to your port
DPT=50616
- and has been
BLOCK
ed by UFW.
Port 25 (the source port) is commonly used for email. Port 50616 is in the ephemeral port range, meaning there's no consistent user for this port. A TCP "reset" packet can be sent in response to a number of unexpected situations, such as data arriving after a connection has been closed, or data being sent without first establishing a connection.
35.162.106.154
reverse-resolves to cxr.mx.a.cloudfilter.net
, a domain used by the CloudMark email filtering service.
Your computer, or someone pretending to be your computer, is sending data to one of CloudMark's servers. The data is arriving unexpectedly, and the server is responding with a RST
to ask the sending computer to stop. Given that the firewall is dropping the RST
rather than passing it through to some application, the data that's causing the RST
to be sent isn't coming from your computer. Instead, you're probably seeing backscatter from a denial-of-service attack, where the attacker is sending out floods of packets with forged "from" addresses in an attempt to knock CloudMark's mail servers offline (perhaps to make spamming more effective).
3
+1 for the great analysis! I had no idea...
– PerlDuck
Jul 26 at 7:10
add a comment |
The existing answer is correct in its technical analysis of the firewall log entry, but it's missing one point that makes the conclusion incorrect. The packet
- Is a
RST
(reset) packet - from
SRC=35.162.106.154
- to your host at
DST=104.248.41.4
- via
TCP
- from his port
SPT=25
- to your port
DPT=50616
- and has been
BLOCK
ed by UFW.
Port 25 (the source port) is commonly used for email. Port 50616 is in the ephemeral port range, meaning there's no consistent user for this port. A TCP "reset" packet can be sent in response to a number of unexpected situations, such as data arriving after a connection has been closed, or data being sent without first establishing a connection.
35.162.106.154
reverse-resolves to cxr.mx.a.cloudfilter.net
, a domain used by the CloudMark email filtering service.
Your computer, or someone pretending to be your computer, is sending data to one of CloudMark's servers. The data is arriving unexpectedly, and the server is responding with a RST
to ask the sending computer to stop. Given that the firewall is dropping the RST
rather than passing it through to some application, the data that's causing the RST
to be sent isn't coming from your computer. Instead, you're probably seeing backscatter from a denial-of-service attack, where the attacker is sending out floods of packets with forged "from" addresses in an attempt to knock CloudMark's mail servers offline (perhaps to make spamming more effective).
3
+1 for the great analysis! I had no idea...
– PerlDuck
Jul 26 at 7:10
add a comment |
The existing answer is correct in its technical analysis of the firewall log entry, but it's missing one point that makes the conclusion incorrect. The packet
- Is a
RST
(reset) packet - from
SRC=35.162.106.154
- to your host at
DST=104.248.41.4
- via
TCP
- from his port
SPT=25
- to your port
DPT=50616
- and has been
BLOCK
ed by UFW.
Port 25 (the source port) is commonly used for email. Port 50616 is in the ephemeral port range, meaning there's no consistent user for this port. A TCP "reset" packet can be sent in response to a number of unexpected situations, such as data arriving after a connection has been closed, or data being sent without first establishing a connection.
35.162.106.154
reverse-resolves to cxr.mx.a.cloudfilter.net
, a domain used by the CloudMark email filtering service.
Your computer, or someone pretending to be your computer, is sending data to one of CloudMark's servers. The data is arriving unexpectedly, and the server is responding with a RST
to ask the sending computer to stop. Given that the firewall is dropping the RST
rather than passing it through to some application, the data that's causing the RST
to be sent isn't coming from your computer. Instead, you're probably seeing backscatter from a denial-of-service attack, where the attacker is sending out floods of packets with forged "from" addresses in an attempt to knock CloudMark's mail servers offline (perhaps to make spamming more effective).
The existing answer is correct in its technical analysis of the firewall log entry, but it's missing one point that makes the conclusion incorrect. The packet
- Is a
RST
(reset) packet - from
SRC=35.162.106.154
- to your host at
DST=104.248.41.4
- via
TCP
- from his port
SPT=25
- to your port
DPT=50616
- and has been
BLOCK
ed by UFW.
Port 25 (the source port) is commonly used for email. Port 50616 is in the ephemeral port range, meaning there's no consistent user for this port. A TCP "reset" packet can be sent in response to a number of unexpected situations, such as data arriving after a connection has been closed, or data being sent without first establishing a connection.
35.162.106.154
reverse-resolves to cxr.mx.a.cloudfilter.net
, a domain used by the CloudMark email filtering service.
Your computer, or someone pretending to be your computer, is sending data to one of CloudMark's servers. The data is arriving unexpectedly, and the server is responding with a RST
to ask the sending computer to stop. Given that the firewall is dropping the RST
rather than passing it through to some application, the data that's causing the RST
to be sent isn't coming from your computer. Instead, you're probably seeing backscatter from a denial-of-service attack, where the attacker is sending out floods of packets with forged "from" addresses in an attempt to knock CloudMark's mail servers offline (perhaps to make spamming more effective).
answered Jul 25 at 20:49
MarkMark
9211 gold badge7 silver badges12 bronze badges
9211 gold badge7 silver badges12 bronze badges
3
+1 for the great analysis! I had no idea...
– PerlDuck
Jul 26 at 7:10
add a comment |
3
+1 for the great analysis! I had no idea...
– PerlDuck
Jul 26 at 7:10
3
3
+1 for the great analysis! I had no idea...
– PerlDuck
Jul 26 at 7:10
+1 for the great analysis! I had no idea...
– PerlDuck
Jul 26 at 7:10
add a comment |
The messages stems from UFW, the "uncomplicated firewall" and it tells you that someone
- from
SRC=35.162.106.154
- tried to connect to your host at
DST=104.248.41.4
- via
TCP
- from their port
SPT=25
- to your port
DPT=50616
- and that UFW has successfully
BLOCK
ed that attempt.
According to this site
the source address 35.162.106.154 is some Amazon machine (probably an AWS).
According to this site
the port 50616 may be used for Xsan Filesystem Access.
So it's an attempt from IP=35.162.106.154 to access your files. Quite normal
and nothing to be really worried about because that's what firewalls are for:
rejecting such attempts.
It seems the attempted connection is from an amazon account, port 25 is a mail port should I report this or just ignore it? Spamming my logs
– peterretief
Jul 25 at 12:09
6
@peterretief you can block it at your router; then you won't see it. But it might be wise to report this to your ISP.
– Rinzwind
Jul 25 at 12:11
8
Actually it says „RST“ not „SYN“ so it is a denied outgoing SMTP attempt packet which was filtered out.
– eckes
Jul 26 at 7:40
3
The other answer seems more likely to be correct to me.
– Barmar
Jul 26 at 16:21
5
@Barmar Indeed, and very kindly put. That one should be the accepted answer.
– PerlDuck
Jul 26 at 16:23
add a comment |
The messages stems from UFW, the "uncomplicated firewall" and it tells you that someone
- from
SRC=35.162.106.154
- tried to connect to your host at
DST=104.248.41.4
- via
TCP
- from their port
SPT=25
- to your port
DPT=50616
- and that UFW has successfully
BLOCK
ed that attempt.
According to this site
the source address 35.162.106.154 is some Amazon machine (probably an AWS).
According to this site
the port 50616 may be used for Xsan Filesystem Access.
So it's an attempt from IP=35.162.106.154 to access your files. Quite normal
and nothing to be really worried about because that's what firewalls are for:
rejecting such attempts.
It seems the attempted connection is from an amazon account, port 25 is a mail port should I report this or just ignore it? Spamming my logs
– peterretief
Jul 25 at 12:09
6
@peterretief you can block it at your router; then you won't see it. But it might be wise to report this to your ISP.
– Rinzwind
Jul 25 at 12:11
8
Actually it says „RST“ not „SYN“ so it is a denied outgoing SMTP attempt packet which was filtered out.
– eckes
Jul 26 at 7:40
3
The other answer seems more likely to be correct to me.
– Barmar
Jul 26 at 16:21
5
@Barmar Indeed, and very kindly put. That one should be the accepted answer.
– PerlDuck
Jul 26 at 16:23
add a comment |
The messages stems from UFW, the "uncomplicated firewall" and it tells you that someone
- from
SRC=35.162.106.154
- tried to connect to your host at
DST=104.248.41.4
- via
TCP
- from their port
SPT=25
- to your port
DPT=50616
- and that UFW has successfully
BLOCK
ed that attempt.
According to this site
the source address 35.162.106.154 is some Amazon machine (probably an AWS).
According to this site
the port 50616 may be used for Xsan Filesystem Access.
So it's an attempt from IP=35.162.106.154 to access your files. Quite normal
and nothing to be really worried about because that's what firewalls are for:
rejecting such attempts.
The messages stems from UFW, the "uncomplicated firewall" and it tells you that someone
- from
SRC=35.162.106.154
- tried to connect to your host at
DST=104.248.41.4
- via
TCP
- from their port
SPT=25
- to your port
DPT=50616
- and that UFW has successfully
BLOCK
ed that attempt.
According to this site
the source address 35.162.106.154 is some Amazon machine (probably an AWS).
According to this site
the port 50616 may be used for Xsan Filesystem Access.
So it's an attempt from IP=35.162.106.154 to access your files. Quite normal
and nothing to be really worried about because that's what firewalls are for:
rejecting such attempts.
edited Jul 26 at 2:58
Zanna
52.6k14 gold badges149 silver badges250 bronze badges
52.6k14 gold badges149 silver badges250 bronze badges
answered Jul 25 at 11:59
PerlDuckPerlDuck
9,1731 gold badge18 silver badges44 bronze badges
9,1731 gold badge18 silver badges44 bronze badges
It seems the attempted connection is from an amazon account, port 25 is a mail port should I report this or just ignore it? Spamming my logs
– peterretief
Jul 25 at 12:09
6
@peterretief you can block it at your router; then you won't see it. But it might be wise to report this to your ISP.
– Rinzwind
Jul 25 at 12:11
8
Actually it says „RST“ not „SYN“ so it is a denied outgoing SMTP attempt packet which was filtered out.
– eckes
Jul 26 at 7:40
3
The other answer seems more likely to be correct to me.
– Barmar
Jul 26 at 16:21
5
@Barmar Indeed, and very kindly put. That one should be the accepted answer.
– PerlDuck
Jul 26 at 16:23
add a comment |
It seems the attempted connection is from an amazon account, port 25 is a mail port should I report this or just ignore it? Spamming my logs
– peterretief
Jul 25 at 12:09
6
@peterretief you can block it at your router; then you won't see it. But it might be wise to report this to your ISP.
– Rinzwind
Jul 25 at 12:11
8
Actually it says „RST“ not „SYN“ so it is a denied outgoing SMTP attempt packet which was filtered out.
– eckes
Jul 26 at 7:40
3
The other answer seems more likely to be correct to me.
– Barmar
Jul 26 at 16:21
5
@Barmar Indeed, and very kindly put. That one should be the accepted answer.
– PerlDuck
Jul 26 at 16:23
It seems the attempted connection is from an amazon account, port 25 is a mail port should I report this or just ignore it? Spamming my logs
– peterretief
Jul 25 at 12:09
It seems the attempted connection is from an amazon account, port 25 is a mail port should I report this or just ignore it? Spamming my logs
– peterretief
Jul 25 at 12:09
6
6
@peterretief you can block it at your router; then you won't see it. But it might be wise to report this to your ISP.
– Rinzwind
Jul 25 at 12:11
@peterretief you can block it at your router; then you won't see it. But it might be wise to report this to your ISP.
– Rinzwind
Jul 25 at 12:11
8
8
Actually it says „RST“ not „SYN“ so it is a denied outgoing SMTP attempt packet which was filtered out.
– eckes
Jul 26 at 7:40
Actually it says „RST“ not „SYN“ so it is a denied outgoing SMTP attempt packet which was filtered out.
– eckes
Jul 26 at 7:40
3
3
The other answer seems more likely to be correct to me.
– Barmar
Jul 26 at 16:21
The other answer seems more likely to be correct to me.
– Barmar
Jul 26 at 16:21
5
5
@Barmar Indeed, and very kindly put. That one should be the accepted answer.
– PerlDuck
Jul 26 at 16:23
@Barmar Indeed, and very kindly put. That one should be the accepted answer.
– PerlDuck
Jul 26 at 16:23
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1160962%2fthis-message-is-flooding-my-syslog-how-to-find-where-it-comes-from%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
It is the annoying ufw logging. You can turn it off. It is also possible to configure ufw to use a different log channel, thus it won't contaminate dmesg, but it is very tricky (might require even a little ufw patch).
– peterh
Jul 26 at 19:08
FWIW if you're unfamiliar with UFW, you should probably not have your system connected directly to the internet.
– MooseBoys
Jul 28 at 4:16