Jasper Wang’s blog

In a quiet place, a person can hear his own thoughts.

Firewall_log_analysis

Posted at — Nov 2, 2019

After setup the ufw firewall, I can see log file on my server.


To test my firewall is set properly, I use the online port scan tool to scan the ports of my server.


The result is correct only port 80 and 22 are open.

Then I try to run a node.js file on my server, and I open the port 8080, then run the port scan again. It shows that 8080 now is open.


The next thing I gonna to do is to figure out those source ip addresses.

All of the sources are coming from 5 places:

Clearly the main visitors are from China, are they keeping spying on me? I don’t know. But both of them are hugo gient related to network in China.

I also installed an Apache web server, so I can also see who visited my web by accessing another file.

Most of the record are GET request. Only one is a POST request. I don’t how to explain his behavior.