I'm not sure how this is happening but I may have a security hole open somewhere in my openwrt router. I do not have a DMZ setup and I do not have any port forwards setup to my internal network.
I enabled a firewall on my desktop machine and I'm seeing this:
[262883.557909] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=13.227.49.156 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=0 DF PROTO=TCP SPT=443 DPT=55340 WINDOW=0 RES=0x00 RST URGP=0
[262883.560954] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=13.227.49.156 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=230 ID=0 DF PROTO=TCP SPT=443 DPT=55340 WINDOW=0 RES=0x00 RST URGP=0
[262903.510450] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=52.45.33.138 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=2566 DF PROTO=TCP SPT=443 DPT=60214 WINDOW=0 RES=0x00 RST URGP=0
[262903.510560] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=52.45.33.138 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=42 ID=2567 DF PROTO=TCP SPT=443 DPT=60214 WINDOW=0 RES=0x00 RST URGP=0
[262904.436265] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=204.154.111.117 DST=10.1.3.192 LEN=40 TOS=0x08 PREC=0x20 TTL=44 ID=51288 DF PROTO=TCP SPT=443 DPT=57000 WINDOW=0 RES=0x00 RST URGP=0
[262904.439876] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=204.154.111.117 DST=10.1.3.192 LEN=40 TOS=0x08 PREC=0x20 TTL=44 ID=51292 DF PROTO=TCP SPT=443 DPT=57000 WINDOW=0 RES=0x00 RST URGP=0
[262906.635800] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=204.154.111.115 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=49 ID=51865 DF PROTO=TCP SPT=443 DPT=42616 WINDOW=0 RES=0x00 RST URGP=0
[262909.004365] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=204.154.111.115 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=52503 DF PROTO=TCP SPT=443 DPT=42618 WINDOW=0 RES=0x00 RST URGP=0
[262909.004837] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=204.154.111.115 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=52504 DF PROTO=TCP SPT=443 DPT=42618 WINDOW=0 RES=0x00 RST URGP=0
[262909.004840] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=204.154.111.115 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=52505 DF PROTO=TCP SPT=443 DPT=42618 WINDOW=0 RES=0x00 RST URGP=0
[262909.923511] [UFW BLOCK] IN=enx00e04c6803aa OUT= MAC=00:e0:4c:68:03:aa:a0:f3:c1:8f:8b:e4:08:00 SRC=205.185.216.10 DST=10.1.3.192 LEN=40 TOS=0x00 PREC=0x00 TTL=50 ID=0 DF PROTO=TCP SPT=443 DPT=48968 WINDOW=0 RES=0x00 RST URGP=0
How is it possible that a public IP is trying to connect to a machine on my private network?? Has my router been hacked?
Thanks,
Chris