What might these blocks be?
-
75.139.202.185 is Charter which is my isp but not sure I've noticed these blocks before. Any thoughts on what they may be?
-
Very strange, that's what they rare. Random guess since they look like random high ports. P2P application that was shut down and UPNP closed the ports. My guess would be not, but grasping at straws. Being a local IP makes it all the more suspicious.
If you can capture some of the packets, you could check to see what protocol is being used. Could give hints.
-
Where are you seeing a local IP??
Sure looks like your trypical UDP noise to me.. P2P is very common source of this sure.
I don't even both logging such noise. I turn off logging of default blocks and create my own block rule to only log tcp syn.
-
I'm not aware of any p2p on the network recently but I won't rule that out as possible. p2p did cross my mind but seeing the IP was my isp I thought something else may be going on. These have since stopped though so I'm not sure what the cause was. Thanks for the feedback.
-
It could be just random noise generated by script kiddies. After all, you don't have to ask anyone's permission to send random UDP traffic to random IP addresses, you just do it and the recipient of that traffic sees just random unrelated UDP packets hitting his firewall if he has logging on it.
