How can i find what generates a NetScan Abuse and how to prevent it?

I have a VPS, on which i have some docker containers running. From time to time i receive a message, similar to the one below, from my VPS provider that a NetScan abuse was detected from my server. As it can be seen, the source ip is my server's ip, using random ports and trying to scan different local IPs on a fixed port. Sometimes is a port used by my docker containers, sometimes not.

> #               Netscan detected from host     49.x.x.x               #
    > ##########################################################################
    >
    > time                protocol src_ip src_port          dest_ip dest_port
    > ---------------------------------------------------------------------------
    > Mon Sep 14 16:22:53 2020 TCP     49.x.x.x 51360 =>  172.20.162.202 5432
    > Mon Sep 14 16:22:53 2020 TCP     49.x.x.x 40062 =>  172.20.162.216 5432
    > Mon Sep 14 16:22:53 2020 TCP     49.x.x.x 41904 =>  172.20.162.221 5432
    > Mon Sep 14 16:22:53 2020 TCP     49.x.x.x 56428 =>  172.20.162.230 5432
    > Mon Sep 14 16:22:53 2020 TCP     49.x.x.x 59682 =>  172.20.162.249 5432

And the list goes on...

My question is : how can i find out what triggers such behaviour and how can i prevent it?

LE : my ip route result :

default via 172.31.1.1 dev eth0 proto dhcp metric 100
49.x.x.x dev eth0 proto kernel scope link src 49.x.x.x metric 100
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.31.1.1 dev eth0 proto dhcp scope link metric 100
172.255.0.0/24 dev br-632ed70d0651 proto kernel scope link src 172.255.0.1
172.255.1.0/24 dev br-0d6c24afff89 proto kernel scope link src 172.255.1.1

Solution 1:

Don't try to route private IP addresses to the Internet. If that network is used by your Docker containers, make sure Docker is up and the virtual network was created correctly.