Netgear WGR614 -strange filering

When an Android 3.1 tablet thingie connects (on demand) by WI-FI (not phone) to Android marketpace. All kinds of tracking and ad sites come into play. The ones we normally block in HOSTS and other methods on Windows PCs.

I added to the Netgear614 filter sites and filter keywords both "analytics" and "[www.google-analytics.com" to make sure both get whacked.

(1) Router is like a sieve. Typical pair of log entries
[Site blocked: www.google-analytics.com] from source (tablet ip), Wednesday, Oct 19,2011 21:33:51
[Site allowed: www.google-analytics.com] from source (tablet IP), Wednesday, Oct 19,2011 21:32:56
This pair appears all along as I browse that marketplace - it allows, it blocks, it allows, it blocks, what's going on? Did it connect to analytics or did it not connect to analytics?

(2) I also see this kind of entries on and off:
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [74.125.113.138], Wednesday, Oct 19,2011 21:35:07
What's that all about? Google CIDR is 74.125.0.0/16 - what was it scanning?

Can't get into that tablet. There's no TCPview, firewall log, to look at, nothing. All locked up. And connecting to the entire universe.

To moderators - if this belongs in the firewalls or some other place, please move, thank you.