I do configure ufw to deny outgoing trafic by default. On a fresh Ubuntu 12.04 install, I always get some random-like UDP trafic.
I am curious to what generates this & how should I allow it (if I should).
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.789257] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=217 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53787 DPT=6122 LEN=197
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.793820] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=221 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=47086 DPT=6193 LEN=201
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.799648] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=194 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=48428 DPT=6157 LEN=174
Apr 13 16:46:01 ksxxxxxx kernel: [ 5789.799752] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57981 DPT=6151 LEN=205
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.760034] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=227 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=54342 DPT=6161 LEN=207
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.767767] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=211 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=55225 DPT=6131 LEN=191
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.769004] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=194 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=40362 DPT=6184 LEN=174
Apr 13 16:47:01 ksxxxxxx kernel: [ 5849.769114] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=52239 DPT=6122 LEN=205
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.723448] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=227 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=48456 DPT=6179 LEN=207
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.733470] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=195 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=59141 DPT=6113 LEN=175
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.739756] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=210 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=40221 DPT=6100 LEN=190
Apr 13 16:48:01 ksxxxxxx kernel: [ 5909.739860] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=57698 DPT=6197 LEN=205
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.701304] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=227 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=37077 DPT=6127 LEN=207
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.709773] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=211 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=45619 DPT=6149 LEN=191
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.714111] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=194 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=41899 DPT=6106 LEN=174
Apr 13 16:49:01 ksxxxxxx kernel: [ 5969.714278] [UFW BLOCK] IN= OUT=eth0 SRC=91.xxx.136.127 DST=91.xxx.136.251 LEN=225 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=56039 DPT=6163 LEN=205
Looking at pcap you provided, this traffic comes from a program installed by your hoster OVH called real time monitoring: http://help.ovh.co.uk/RealTimeMonitoring
Never heard of it before. It's sending out information about your server health and configuration. You should ask OVH about it and how to uninstall it.
Seems the install isn't "fresh" but rather a modified install by OVH.