A botnet port scanning my network?

Installing and Using OpenWrt
1

I have a ton of these log entries in my syslog. The interface is a wireguard tunnel to a VPN/cloud provider which provides a public IPv4 via wireguard, that I use to run an experimental email server on my home server. I have never seen it before, what can this be? Port scanning? I tested setting the firewall rule to drop instead of reject, it continues.

I checked the origin on some of those addresses and int seems like coming from Palo Alto networks, Microsoft, Linode, some Indian and Hong Kong ISPs etc. Seems coordinated and targeted.

I suspect since I have reverse DNS entries/PTR set to this IP and other email server protection mechanisms it may be other mail servers spam checking my server?

Is it a misconfiguration of my firewall? Botnet port scanning? They are probing a lot of different ports.

Sun Oct 27 08:09:48 2024 kern.warn kernel: [6348136.035480] drop wg2 in: IN=wg2 OUT= MAC= SRC=139.144.239.72 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=38943 DPT=2222 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:09:54 2024 kern.warn kernel: [6348142.573277] drop wg2 in: IN=wg2 OUT= MAC= SRC=45.148.10.230 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=37282 DPT=56575 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:10:08 2024 kern.warn kernel: [6348156.722507] drop wg2 in: IN=wg2 OUT= MAC= SRC=205.185.124.254 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=36893 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:10:15 2024 kern.warn kernel: [6348163.630032] drop wg2 in: IN=wg2 OUT= MAC= SRC=199.195.252.239 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=54292 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:10:29 2024 kern.warn kernel: [6348177.451661] drop wg2 in: IN=wg2 OUT= MAC= SRC=87.121.86.115 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=34096 PROTO=TCP SPT=60000 DPT=7031 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:10:42 2024 kern.warn kernel: [6348190.401152] drop wg2 in: IN=wg2 OUT= MAC= SRC=194.127.179.3 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56792 DPT=123 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:10:51 2024 kern.warn kernel: [6348199.619444] drop wg2 in: IN=wg2 OUT= MAC= SRC=154.213.184.18 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=54321 PROTO=TCP SPT=49217 DPT=1085 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:10:51 2024 kern.warn kernel: [6348199.655352] drop wg2 in: IN=wg2 OUT= MAC= SRC=95.214.27.40 DST=<tunnel's-public-IP> LEN=62 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=UDP SPT=25481 DPT=161 LEN=42
Sun Oct 27 08:11:08 2024 kern.warn kernel: [6348216.807155] drop wg2 in: IN=wg2 OUT= MAC= SRC=162.62.58.193 DST=<tunnel's-public-IP> LEN=48 TOS=0x00 PREC=0x00 TTL=240 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=29767 SEQ=50194
Sun Oct 27 08:11:13 2024 kern.warn kernel: [6348221.478291] drop wg2 in: IN=wg2 OUT= MAC= SRC=80.75.212.9 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=40213 DPT=40046 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:11:48 2024 kern.warn kernel: [6348256.585577] drop wg2 in: IN=wg2 OUT= MAC= SRC=95.214.27.170 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=54321 PROTO=TCP SPT=56626 DPT=3128 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:11:52 2024 kern.warn kernel: [6348260.810732] drop wg2 in: IN=wg2 OUT= MAC= SRC=104.209.35.59 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=54321 PROTO=TCP SPT=46517 DPT=3306 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:11:54 2024 kern.warn kernel: [6348262.285611] drop wg2 in: IN=wg2 OUT= MAC= SRC=95.214.55.43 DST=<tunnel's-public-IP> LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=50647 DPT=85 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:04 2024 kern.warn kernel: [6348272.607818] drop wg2 in: IN=wg2 OUT= MAC= SRC=88.80.20.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=52875 PROTO=TCP SPT=53695 DPT=5440 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:10 2024 kern.warn kernel: [6348278.646104] drop wg2 in: IN=wg2 OUT= MAC= SRC=78.29.29.126 DST=<tunnel's-public-IP> LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=15634 DF PROTO=TCP SPT=43538 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:18 2024 kern.warn kernel: [6348286.096778] drop wg2 in: IN=wg2 OUT= MAC= SRC=185.200.116.82 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=232 ID=54321 PROTO=TCP SPT=51840 DPT=1080 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:21 2024 kern.warn kernel: [6348288.932767] drop wg2 in: IN=wg2 OUT= MAC= SRC=103.102.230.3 DST=<tunnel's-public-IP> LEN=40 TOS=0x08 PREC=0x20 TTL=241 ID=54321 PROTO=TCP SPT=55916 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:31 2024 kern.warn kernel: [6348299.220691] drop wg2 in: IN=wg2 OUT= MAC= SRC=162.216.149.247 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=54321 PROTO=TCP SPT=53700 DPT=9992 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:40 2024 kern.warn kernel: [6348308.062431] drop wg2 in: IN=wg2 OUT= MAC= SRC=211.38.185.112 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=22288 PROTO=TCP SPT=37196 DPT=34567 WINDOW=28504 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:51 2024 kern.warn kernel: [6348318.927115] drop wg2 in: IN=wg2 OUT= MAC= SRC=179.43.149.122 DST=<tunnel's-public-IP> LEN=52 TOS=0x00 PREC=0x00 TTL=54 ID=14535 PROTO=TCP SPT=32816 DPT=1510 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:53 2024 kern.warn kernel: [6348321.786885] drop wg2 in: IN=wg2 OUT= MAC= SRC=45.33.112.95 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=14619 PROTO=TCP SPT=60000 DPT=22055 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:56 2024 kern.warn kernel: [6348324.714496] drop wg2 in: IN=wg2 OUT= MAC= SRC=205.210.31.217 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=54321 PROTO=TCP SPT=54459 DPT=2443 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:12:58 2024 kern.warn kernel: [6348326.588617] drop wg2 in: IN=wg2 OUT= MAC= SRC=185.234.216.91 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=36960 PROTO=TCP SPT=49936 DPT=3047 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:13:00 2024 kern.warn kernel: [6348328.419419] drop wg2 in: IN=wg2 OUT= MAC= SRC=117.200.205.175 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=9823 PROTO=TCP SPT=40993 DPT=9000 WINDOW=65433 RES=0x00 SYN URGP=0
Sun Oct 27 08:13:03 2024 kern.warn kernel: [6348331.281992] drop wg2 in: IN=wg2 OUT= MAC= SRC=147.185.133.173 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=54321 PROTO=TCP SPT=51126 DPT=47170 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:13:14 2024 kern.warn kernel: [6348342.145334] drop wg2 in: IN=wg2 OUT= MAC= SRC=205.185.124.254 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=54321 PROTO=TCP SPT=41278 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:13:17 2024 kern.warn kernel: [6348345.474924] drop wg2 in: IN=wg2 OUT= MAC= SRC=92.63.197.210 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=34952 PROTO=TCP SPT=40612 DPT=7793 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:13:25 2024 kern.warn kernel: [6348353.358882] drop wg2 in: IN=wg2 OUT= MAC= SRC=146.88.241.38 DST=<tunnel's-public-IP> LEN=74 TOS=0x00 PREC=0x00 TTL=234 ID=54321 PROTO=UDP SPT=33397 DPT=5353 LEN=54
Sun Oct 27 08:13:30 2024 kern.warn kernel: [6348357.947598] drop wg2 in: IN=wg2 OUT= MAC= SRC=83.222.190.122 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=20355 PROTO=TCP SPT=61000 DPT=7402 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:13:51 2024 kern.warn kernel: [6348379.224508] drop wg2 in: IN=wg2 OUT= MAC= SRC=79.124.58.222 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=59717 PROTO=TCP SPT=43158 DPT=33817 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:23 2024 kern.warn kernel: [6348411.764952] drop wg2 in: IN=wg2 OUT= MAC= SRC=45.156.130.38 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=64136 PROTO=TCP SPT=17849 DPT=2018 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:29 2024 kern.warn kernel: [6348417.279173] drop wg2 in: IN=wg2 OUT= MAC= SRC=143.42.173.101 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=54321 PROTO=TCP SPT=37177 DPT=8081 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:36 2024 kern.warn kernel: [6348423.998478] drop wg2 in: IN=wg2 OUT= MAC= SRC=195.246.120.122 DST=<tunnel's-public-IP> LEN=28 TOS=0x00 PREC=0x00 TTL=246 ID=61797 PROTO=UDP SPT=61000 DPT=33281 LEN=8
Sun Oct 27 08:14:44 2024 kern.warn kernel: [6348432.593437] drop wg2 in: IN=wg2 OUT= MAC= SRC=193.41.206.142 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=54321 PROTO=TCP SPT=43854 DPT=8728 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:50 2024 kern.warn kernel: [6348438.649190] drop wg2 in: IN=wg2 OUT= MAC= SRC=74.91.127.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=42284 PROTO=TCP SPT=18968 DPT=27021 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:51 2024 kern.warn kernel: [6348439.672508] drop wg2 in: IN=wg2 OUT= MAC= SRC=64.62.156.112 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=35483 DPT=9990 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:52 2024 kern.warn kernel: [6348439.929177] drop wg2 in: IN=wg2 OUT= MAC= SRC=74.91.127.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=47814 PROTO=TCP SPT=41558 DPT=27021 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:52 2024 kern.warn kernel: [6348440.141660] drop wg2 in: IN=wg2 OUT= MAC= SRC=13.59.91.49 DST=<tunnel's-public-IP> LEN=52 TOS=0x08 PREC=0x20 TTL=43 ID=28904 PROTO=TCP SPT=58441 DPT=8092 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:53 2024 kern.warn kernel: [6348441.148175] drop wg2 in: IN=wg2 OUT= MAC= SRC=74.91.127.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=47814 PROTO=TCP SPT=41558 DPT=27021 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:14:58 2024 kern.warn kernel: [6348445.915719] drop wg2 in: IN=wg2 OUT= MAC= SRC=74.91.127.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=32208 PROTO=TCP SPT=19127 DPT=27021 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:15:19 2024 kern.warn kernel: [6348467.762672] drop wg2 in: IN=wg2 OUT= MAC= SRC=154.213.185.224 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=3575 PROTO=TCP SPT=40581 DPT=5006 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:15:37 2024 kern.warn kernel: [6348485.665451] drop wg2 in: IN=wg2 OUT= MAC= SRC=205.210.31.55 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=54321 PROTO=TCP SPT=57265 DPT=11553 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:15:38 2024 kern.warn kernel: [6348486.311061] drop wg2 in: IN=wg2 OUT= MAC= SRC=178.211.139.105 DST=<tunnel's-public-IP> LEN=40 TOS=0x08 PREC=0x20 TTL=243 ID=54321 PROTO=TCP SPT=57180 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:15:40 2024 kern.warn kernel: [6348488.663699] drop wg2 in: IN=wg2 OUT= MAC= SRC=85.209.11.79 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=46415 PROTO=TCP SPT=51286 DPT=3166 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:15:46 2024 kern.warn kernel: [6348494.671241] drop wg2 in: IN=wg2 OUT= MAC= SRC=162.216.150.222 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=56882 DPT=463 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:10 2024 kern.warn kernel: [6348518.659873] drop wg2 in: IN=wg2 OUT= MAC= SRC=64.62.156.23 DST=<tunnel's-public-IP> LEN=74 TOS=0x00 PREC=0x00 TTL=50 ID=44498 DF PROTO=UDP SPT=16083 DPT=34980 LEN=54
Sun Oct 27 08:16:11 2024 kern.warn kernel: [6348519.772997] drop wg2 in: IN=wg2 OUT= MAC= SRC=52.226.0.37 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=54321 PROTO=TCP SPT=43294 DPT=2304 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:15 2024 kern.warn kernel: [6348523.233665] drop wg2 in: IN=wg2 OUT= MAC= SRC=162.142.125.88 DST=<tunnel's-public-IP> LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=20808 PROTO=TCP SPT=52301 DPT=2087 WINDOW=42340 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:15 2024 kern.warn kernel: [6348523.710178] drop wg2 in: IN=wg2 OUT= MAC= SRC=74.91.127.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=43747 PROTO=TCP SPT=34709 DPT=27021 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:18 2024 kern.warn kernel: [6348526.182845] drop wg2 in: IN=wg2 OUT= MAC= SRC=74.91.127.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=3842 PROTO=TCP SPT=19880 DPT=27021 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:28 2024 kern.warn kernel: [6348536.764328] drop wg2 in: IN=wg2 OUT= MAC= SRC=74.91.127.86 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=43747 PROTO=TCP SPT=34709 DPT=27021 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:28 2024 kern.warn kernel: [6348536.834649] drop wg2 in: IN=wg2 OUT= MAC= SRC=217.64.141.68 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=31041 DF PROTO=TCP SPT=26800 DPT=8291 WINDOW=14600 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:38 2024 kern.warn kernel: [6348546.442397] drop wg2 in: IN=wg2 OUT= MAC= SRC=83.222.190.122 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=7719 PROTO=TCP SPT=61000 DPT=49155 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:16:41 2024 kern.warn kernel: [6348549.033579] drop wg2 in: IN=wg2 OUT= MAC= SRC=52.81.208.164 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=54321 PROTO=ICMP TYPE=8 CODE=0 ID=64554 SEQ=0
Sun Oct 27 08:17:17 2024 kern.warn kernel: [6348585.013355] drop wg2 in: IN=wg2 OUT= MAC= SRC=167.94.145.92 DST=<tunnel's-public-IP> LEN=60 TOS=0x00 PREC=0x00 TTL=51 ID=14012 PROTO=TCP SPT=58861 DPT=3584 WINDOW=42340 RES=0x00 SYN URGP=0
Sun Oct 27 08:17:22 2024 kern.warn kernel: [6348590.738208] drop wg2 in: IN=wg2 OUT= MAC= SRC=198.235.24.90 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=54321 PROTO=TCP SPT=53425 DPT=56222 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:17:29 2024 kern.warn kernel: [6348597.508893] drop wg2 in: IN=wg2 OUT= MAC= SRC=195.251.255.69 DST=<tunnel's-public-IP> LEN=32 TOS=0x08 PREC=0x20 TTL=44 ID=41677 DF PROTO=ICMP TYPE=8 CODE=0 ID=30477 SEQ=4794
Sun Oct 27 08:17:54 2024 kern.warn kernel: [6348622.587994] drop wg2 in: IN=wg2 OUT= MAC= SRC=156.234.200.240 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=36474 PROTO=TCP SPT=22597 DPT=30445 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:17:55 2024 kern.warn kernel: [6348623.193256] drop wg2 in: IN=wg2 OUT= MAC= SRC=156.234.200.240 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=234 ID=34051 PROTO=TCP SPT=53247 DPT=30445 WINDOW=53270 RES=0x00 SYN URGP=0
Sun Oct 27 08:18:17 2024 kern.warn kernel: [6348645.443127] drop wg2 in: IN=wg2 OUT= MAC= SRC=218.161.95.98 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=28690 PROTO=TCP SPT=48738 DPT=88 WINDOW=56637 RES=0x00 SYN URGP=0
Sun Oct 27 08:18:21 2024 kern.warn kernel: [6348648.885264] drop wg2 in: IN=wg2 OUT= MAC= SRC=198.235.24.88 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x60 TTL=249 ID=57406 PROTO=TCP SPT=54555 DPT=179 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:18:27 2024 kern.warn kernel: [6348655.418734] drop wg2 in: IN=wg2 OUT= MAC= SRC=108.165.46.206 DST=<tunnel's-public-IP> LEN=444 TOS=0x00 PREC=0x00 TTL=51 ID=15226 DF PROTO=UDP SPT=5213 DPT=5060 LEN=424
Sun Oct 27 08:18:28 2024 kern.warn kernel: [6348656.573406] drop wg2 in: IN=wg2 OUT= MAC= SRC=46.101.145.169 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=24299 PROTO=TCP SPT=47917 DPT=58002 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:18:29 2024 kern.warn kernel: [6348657.830985] drop wg2 in: IN=wg2 OUT= MAC= SRC=199.45.154.190 DST=<tunnel's-public-IP> LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=60238 PROTO=TCP SPT=42272 DPT=1883 WINDOW=42340 RES=0x00 SYN URGP=0
Sun Oct 27 08:18:34 2024 kern.warn kernel: [6348662.207928] drop wg2 in: IN=wg2 OUT= MAC= SRC=206.168.34.132 DST=<tunnel's-public-IP> LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=34532 PROTO=TCP SPT=3081 DPT=6499 WINDOW=42340 RES=0x00 SYN URGP=0
Sun Oct 27 08:18:44 2024 kern.warn kernel: [6348672.069801] drop wg2 in: IN=wg2 OUT= MAC= SRC=87.120.116.167 DST=<tunnel's-public-IP> LEN=40 TOS=0x00 PREC=0x20 TTL=244 ID=31574 PROTO=TCP SPT=53833 DPT=1209 WINDOW=1024 RES=0x00 SYN URGP=0
Sun Oct 27 08:19:05 2024 kern.warn kernel: [6348693.115732] drop wg2 in: IN=wg2 OUT= MAC= SRC=167.94.138.134 DST=<tunnel's-public-IP> LEN=46 TOS=0x00 PREC=0x00 TTL=34 ID=38406 PROTO=UDP SPT=61897 DPT=10001 LEN=26
Sun Oct 27 08:19:16 2024 kern.warn kernel: [6348704.426286] drop wg2 in: IN=wg2 OUT= MAC= SRC=162.216.149.153 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=54399 DPT=13389 WINDOW=65535 RES=0x00 SYN URGP=0
Sun Oct 27 08:19:20 2024 kern.warn kernel: [6348708.781679] drop wg2 in: IN=wg2 OUT= MAC= SRC=198.235.24.182 DST=<tunnel's-public-IP> LEN=44 TOS=0x00 PREC=0x00 TTL=58 ID=54321 PROTO=TCP SPT=56713 DPT=9080 WINDOW=65535 RES=0x00 SYN URGP=0
2

Yes, this looks like port scans from bots, they are probing the most common ports.

3

That is normal everyday internet noise.

4

Ok, thanks. Can I change the log level to not include these entries in my syslog?

5 
ubus call system board

You have rule called "in" with explicit logging, logging all is not default. Better log what hits end of in/out/forward chains.

6

?

@GasGas277,

Just to be clear, this email server on your Wireguard connection isn't configured to be an Open SMTP Relay - correct?

1 Like
7

No, it is not configured as an open SMTP relay.

1 Like
8

Please elaborate on system version, and probably config/firewall content. The log is added by you, it is not there by default.

1 Like