Router Security Log

Discussion in 'other firewalls' started by martinrub, Oct 1, 2013.

Thread Status:
Not open for further replies.
  1. martinrub

    martinrub Registered Member

    Joined:
    Oct 1, 2013
    Posts:
    2
    Location:
    UK
    My Netgear DG835G router sends me daily emails similar to the one attached below. The source is my iPod Touch. The communications occur around the same time each day. Destination addresses include Google, ebay, Amazon, Apple.

    I am intrigued to know what is happening and why. And why all the DNS communications. The email log sent to me usually bears the title Suspected Spam.

    Any ideas or thoughts would be much appreciated.

    Martin

    Code:
    Mon, 2013-09-30 17:55:36 - UDP Packet - Source:192.168.0.2,58095 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:00 - TCP Packet - Source:192.168.0.2,62358 Destination:72.44.81.81,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,51342 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,61592 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,49320 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,53899 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,49995 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,58419 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,61468 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,62686 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,63821 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,60084 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,56119 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,56711 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,59632 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,49932 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:56:37 - UDP Packet - Source:192.168.0.2,57866 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,62888 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,56511 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,50964 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,60519 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,53046 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,54564 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,65228 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,64936 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,50475 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,64337 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,54609 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,55788 Destination:208.67.222.222,53 - [DNS rule matchp
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,53633 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,59432 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:38 - UDP Packet - Source:192.168.0.2,64013 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62411 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62413 Destination:66.211.178.168,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62411 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62413 Destination:66.211.178.168,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62411 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62413 Destination:66.211.178.168,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:42 - TCP Packet - Source:192.168.0.2,62413 Destination:66.211.178.168,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62413 Destination:66.211.178.168,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62413 Destination:66.211.178.168,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62411 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62413 Destination:66.211.178.168,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:57:43 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:57:44 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:58:38 - UDP Packet - Source:192.168.0.2,61848 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:38 - UDP Packet - Source:192.168.0.2,61854 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,56873 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,60973 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,61903 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,53357 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,53712 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,50456 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,53575 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,59729 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,51216 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,49194 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,62516 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,56359 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,57568 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:39 - UDP Packet - Source:192.168.0.2,52217 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:58:52 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:58:52 - TCP Packet - Source:192.168.0.2,62411 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:58:52 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:58:52 - TCP Packet - Source:192.168.0.2,62410 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:58:52 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:58:52 - TCP Packet - Source:192.168.0.2,62411 Destination:66.135.211.99,80 - [HTTP rule match]
    Mon, 2013-09-30 17:58:52 - TCP Packet - Source:192.168.0.2,62412 Destination:66.135.211.100,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:59:10 - UDP Packet - Source:192.168.0.2,60529 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:10 - TCP Packet - Source:192.168.0.2,62414 Destination:157.55.8.236,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:59:31 - UDP Packet - Source:192.168.0.4,64555 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:35 - TCP Packet - Source:192.168.0.2,62415 Destination:157.55.8.236,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:59:36 - UDP Packet - Source:192.168.0.2,56081 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:36 - UDP Packet - Source:192.168.0.2,61378 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:36 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:36 - TCP Packet - Source:192.168.0.2,62415 Destination:157.55.8.236,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:59:36 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:36 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:36 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:36 - TCP Packet - Source:192.168.0.2,62415 Destination:157.55.8.236,443 - [HTTPS rule match]
    Mon, 2013-09-30 17:59:37 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:37 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:37 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:37 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:38 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:38 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:38 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:38 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:39 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:39 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:39 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:39 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,55062 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,61831 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,49502 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:40 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,61351 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,56271 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,57381 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,57820 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,64356 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,53256 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,51863 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,54855 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,61036 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,57823 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,51791 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,50280 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:40 - UDP Packet - Source:192.168.0.2,60370 Destination:208.67.222.222,53 - [DNS rule match]
    Mon, 2013-09-30 17:59:41 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:41 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:41 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:41 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:43 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:43 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:43 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:43 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:47 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:47 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:47 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:56 - TCP Packet - Source:192.168.0.2,62419 Destination:173.194.67.108,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:56 - TCP Packet - Source:192.168.0.2,62418 Destination:17.158.8.28,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:56 - TCP Packet - Source:192.168.0.2,62417 Destination:173.194.67.109,993 - [Any(TCP) rule match]
    Mon, 2013-09-30 17:59:56 - TCP Packet - Source:192.168.0.2,62416 Destination:17.151.225.38,993 - [Any(TCP) rule match]
     
  2. m0unds

    m0unds Guest

    no idea about the timing, but of the IPs i checked...

    ebay, ebay api, google, hotmail, apple are represented.

    maybe your ipod was asleep and woke up for some reason and connected to all those services for updates or something. dns lookups are very likely related to the device resolving the ns records of the systems it's communicating with.
     
  3. martinrub

    martinrub Registered Member

    Joined:
    Oct 1, 2013
    Posts:
    2
    Location:
    UK
    Thank you for your kind trouble. As always, a fresh pair of eyes... I wonder if this traffic is happening all the time but the size of the log is limited, so the report is merely the over-written log at the point just before the router emailed it as part of its once-a-day email security-log reports.

    Therefore, if I turn off all background apps, the log should contain details of traffic only up to that point. And if only one app were open in the background, the log should fill up only with its activity. A more modern router might be more discerning before it labelled the report "suspected spam".

    Once again, many thanks.

    Martin
     
Loading...
Thread Status:
Not open for further replies.