Hi all, I have been seeing my firewall block traffic from opera. If I am reading correctly, it appears opera is trying to initiate a session with my computer. I noticed this happening after the last upgrade.
I would prefer that opera and google do NOT initiate connections to my computer.
Does anyone know what this traffic is???
Thanks!
bill
Details below.
Looking up the SRC addresses - the majority are opera and a couple are google. I am fairly certain they are all related.
IP address107.167.110.247
Hostnamepat-ash2.opera.com
TypePublic
CIDR107.167.110.247/24
--there are about 20-50 of these in my logs - which is opera address space.
Jul 15 10:45:03 caballito kernel: [ 510.969452] [UFW BLOCK] IN=enp4s0 OUT= MAC=b8:97:5a:f0:c0:55:a0:04:60:39:0f:6c:08:00 SRC=107.167.110.247 DST=192.168.1.36 LEN=114 TOS=0x00 PREC=0x00 TTL=55 ID=36996 DF PROTO=TCP SPT=5222 DPT=47634 WINDOW=68 RES=0x00 ACK PSH URGP=0
Jul 15 10:45:04 caballito kernel: [ 511.968333] [UFW BLOCK] IN=enp4s0 OUT= MAC=b8:97:5a:f0:c0:55:a0:04:60:39:0f:6c:08:00 SRC=107.167.110.247 DST=192.168.1.36 LEN=41 TOS=0x00 PREC=0x00 TTL=55 ID=7085 DF PROTO=TCP SPT=5222 DPT=47644 WINDOW=29 RES=0x00 ACK PSH URGP=0
Jul 15 10:39:27 caballito kernel: [ 175.778323] [UFW BLOCK] IN=enp4s0 OUT=
--and many addresses from this subnet too which is google.
MAC=b8:97:5a:f0:c0:55:a0:04:60:39:0f:6c:08:00 SRC=216.58.218.106 DST=192.168.1.36 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=41506 PROTO=TCP SPT=443 DPT=59648 WINDOW=357 RES=0x00 ACK FIN URGP=0
Jul 15 10:39:30 caballito kernel: [ 178.206452] [UFW BLOCK] IN=enp4s0 OUT= MAC=b8:97:5a:f0:c0:55:a0:04:60:39:0f:6c:08:00 SRC=216.58.218.106 DST=192.168.1.36 LEN=115 TOS=0x00 PREC=0x00 TTL=57 ID=42778 PROTO=TCP SPT=443 DPT=59648 WINDOW=357 RES=0x00 ACK PSH URGP=0
Jul 15 10:39:50 caballito kernel: [ 198.135999] [UFW BLOCK] IN=enp4s0 OUT= MAC=b8:97:5a:f0:c0:55:a0:04:60:39:0f:6c:08:00 SRC=216.58.218.99 DST=192.168.1.36 LEN=115 TOS=0x00 PREC=0x00 TTL=57 ID=30561 PROTO=TCP SPT=443 DPT=42078 WINDOW=349 RES=0x00 ACK PSH URGP=0