Port scanning concern

[Jason P.]

Hi folks.

These days I've been noticing port scanning attempts in my UFW log that 
I can barely understand.

First, I'm behind the router's firewall and this is supposed to protect 
me from the outside.

Second and more strange is that the attacker's ip is Medibuntu's repo one.


[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45681 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45682 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45683 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45684 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45685 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45686 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45687 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45688 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45689 WINDOW=0 RES=0x00 RST URGP=0

[UFW BLOCK] SRC=88.191.127.22 DST=local_ip LEN=40 TOS=0x00 PREC=0x00 
TTL=51 ID=0 DF PROTO=TCP SPT=80 DPT=45690 WINDOW=0 RES=0x00 RST URGP=0


I don't want to seem paranoid, but although I'm not 100% sure, I believe 
some time ago I installed an unsigned package from there. I'd appreciate 
your help so I could sleep better hehe.


Thanks to all!