strange port connections - help needed

[yoda]

ok, I've got a Netgear DG834 as my gateway, Firewall on, NAT on, RIP set to V2b incomming only.

been getting odd things going on on my network, weird freezes on PC, dropped HTTPS connections... etc

so, I decided to enable the windows firewall and see what it says...

Trouble is, dispite knowing a good deal about TCP/IP, ports, routing, dns and so on... I'm struggling to identify if the dropped connections are security breaches or not...

Since enabling windows firewall i've not seen anything weird going on...

The ports used are a tad confusing... if someone could shed some light...
Apologies for directly copying windows firewall log...

date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
2008-09-21 02:54:19 DROP TCP 216.43.158.12 10.0.0.1 56721 1743 40 R 1468063445 1468063445 0 - - - RECEIVE
2008-09-21 02:54:33 DROP TCP 78.146.194.169 10.0.0.1 60959 1744 40 A 4138876474 2671778218 16385 - - - RECEIVE
2008-09-21 02:54:33 DROP TCP 78.146.194.169 10.0.0.1 60959 1744 40 FA 4138876474 2671778218 16385 - - - RECEIVE
2008-09-21 02:54:39 DROP TCP 78.146.194.169 10.0.0.1 60959 1744 1150 FAP 4138875364 2671778218 16385 - - - RECEIVE
2008-09-21 02:54:48 DROP TCP 71.51.247.129 10.0.0.1 6112 1751 40 AR 3769439645 3258797067 0 - - - RECEIVE
2008-09-21 02:56:23 DROP TCP 75.206.104.253 10.0.0.1 15484 1791 40 R 0 0 0 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1827 40 R 899957157 0 0 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1827 40 R 899957157 0 0 - - - RECEIVE
2008-09-21 02:56:45 DROP TCP 216.171.84.208 10.0.0.1 51413 1797 40 FA 3747089997 3391710581 65535 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1826 40 R 908198439 0 0 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1828 40 R 910200675 0 0 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1828 40 R 910200675 0 0 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1829 40 R 895803515 0 0 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1829 40 R 895803515 0 0 - - - RECEIVE
2008-09-21 02:56:54 DROP TCP 10.0.0.253 10.0.0.1 49152 1832 40 A 899886342 2786999833 6690 - - - RECEIVE
2008-09-21 02:56:55 DROP TCP 10.0.0.254 10.0.0.1 5432 1837 40 A 544 3926794472 2048 - - - RECEIVE
2008-09-21 02:56:55 DROP TCP 10.0.0.254 10.0.0.1 5432 1837 40 FA 544 3926794472 2048 - - - RECEIVE
2008-09-21 02:57:24 DROP TCP 24.94.85.89 10.0.0.1 51938 1858 40 R 2170691422 2170691422 0 - - - RECEIVE
2008-09-21 02:57:24 DROP TCP 24.94.85.89 10.0.0.1 51938 1858 40 R 2170691423 2170691423 0 - - - RECEIVE
2008-09-21 02:57:52 DROP TCP 76.100.172.5 10.0.0.1 24304 1809 40 R 3682313918 0 10240 - - - RECEIVE
2008-09-21 02:57:52 DROP TCP 76.100.172.5 10.0.0.1 24304 1809 82 AP 3682301415 722203925 66 - - - RECEIVE
2008-09-21 02:57:52 DROP TCP 76.100.172.5 10.0.0.1 24304 1809 40 R 3682301457 0 10240 - - - RECEIVE
2008-09-21 02:57:52 DROP TCP 76.100.172.5 10.0.0.1 24304 1809 40 R 3682313960 0 10240 - - - RECEIVE
2008-09-21 02:59:01 DROP UDP 10.0.0.6 10.255.255.255 138 138 234 - - - - - - - RECEIVE
2008-09-21 02:59:30 DROP TCP 79.78.102.169 10.0.0.1 23184 1871 40 R 3271734808 3271734808 0 - - - RECEIVE
2008-09-21 02:59:58 DROP TCP 201.236.165.113 10.0.0.1 33000 1275 40 R 1990511549 1990511549 0 - - - RECEIVE
2008-09-21 03:01:51 DROP TCP 77.31.135.23 10.0.0.1 21526 1381 40 R 2951198507 2951198507 0 - - - RECEIVE
2008-09-21 03:01:51 DROP TCP 77.31.135.23 10.0.0.1 21526 1381 40 R 2951198507 2951198507 0 - - - RECEIVE
2008-09-21 03:03:14 DROP TCP 79.78.102.169 10.0.0.1 23184 1998 40 R 3519903879 3519903879 0 - - - RECEIVE
2008-09-21 03:03:29 DROP TCP 79.78.102.169 10.0.0.1 23184 2057 40 A 3819724676 3502077476 16821 - - - RECEIVE
2008-09-21 03:03:29 DROP TCP 79.78.102.169 10.0.0.1 23184 2057 40 FA 3819724676 3502077476 16821 - - - RECEIVE
2008-09-21 03:04:17 DROP TCP 190.22.6.23 10.0.0.1 6881 2092 40 R 562636184 0 0 - - - RECEIVE
2008-09-21 03:04:17 DROP TCP 190.22.6.23 10.0.0.1 6881 2092 40 R 562636184 0 0 - - - RECEIVE
2008-09-21 03:04:17 DROP TCP 190.22.6.23 10.0.0.1 6881 2092 40 R 562636184 0 0 - - - RECEIVE
2008-09-21 03:04:17 DROP TCP 190.22.6.23 10.0.0.1 6881 2092 40 R 562636184 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2220 40 R 1546575820 0 0 - - - RECEIVE
2008-09-21 03:06:56 DROP TCP 10.0.0.254 10.0.0.1 5432 2229 40 A 544 213261021 2048 - - - RECEIVE
2008-09-21 03:06:56 DROP TCP 10.0.0.254 10.0.0.1 5432 2229 40 FA 544 213261021 2048 - - - RECEIVE
2008-09-21 03:06:54 DROP TCP 87.248.113.14 10.0.0.1 80 2199 1064 A 3427801252 1417243776 32768 - - - RECEIVE
2008-09-21 03:06:54 DROP TCP 87.248.113.14 10.0.0.1 80 2199 1064 A 3427802276 1417243776 32768 - - - RECEIVE
2008-09-21 03:06:54 DROP TCP 87.248.113.14 10.0.0.1 80 2199 1064 A 3427803300 1417243776 32768 - - - RECEIVE
2008-09-21 03:06:54 DROP TCP 87.248.113.14 10.0.0.1 80 2199 1009 FAP 3427804324 1417243776 32768 - - - RECEIVE
2008-09-21 03:06:54 DROP TCP 87.248.113.14 10.0.0.1 80 2199 40 FA 3427805293 1417243777 32768 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2217 40 R 1550975956 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2217 40 R 1550975956 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2218 40 R 1558396522 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2218 40 R 1558396522 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2219 40 R 1550360742 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2219 40 R 1550360742 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2220 40 R 1546575820 0 0 - - - RECEIVE
2008-09-21 03:06:55 DROP TCP 10.0.0.253 10.0.0.1 49152 2222 40 A 1552646033 411406423 6690 - - - RECEIVE
2008-09-21 03:07:31 DROP TCP 79.78.102.169 10.0.0.1 23184 2135 40 R 398245183 398245183 0 - - - RECEIVE
2008-09-21 03:07:38 DROP TCP 24.77.18.146 10.0.0.1 51202 2268 40 R 200378462 200378462 0 - - - RECEIVE
2008-09-21 03:09:01 DROP UDP 10.0.0.6 10.255.255.255 138 138 234 - - - - - - - RECEIVE
2008-09-21 03:09:13 DROP TCP 87.248.112.8 10.0.0.1 80 2324 52 SA 1534494018 117151305 65535 - - - RECEIVE
2008-09-21 03:09:16 DROP TCP 87.248.112.8 10.0.0.1 80 2324 52 SA 1534494018 117151305 65535 - - - RECEIVE
2008-09-21 03:09:22 DROP TCP 87.248.112.8 10.0.0.1 80 2324 52 SA 1534494018 117151305 65535 - - - RECEIVE
2008-09-21 03:09:35 DROP TCP 89.176.61.246 10.0.0.1 1902 2354 40 R 330003774 330003774 0 - - - RECEIVE
2008-09-21 03:14:38 DROP TCP 69.151.209.253 10.0.0.1 53694 2544 40 AR 4010623514 1051583341 0 - - - RECEIVE
2008-09-21 03:16:17 DROP TCP 41.234.79.141 10.0.0.1 28758 1982 40 R 4132609896 4132609896 0 - - - RECEIVE
2008-09-21 03:16:17 DROP TCP 41.234.79.141 10.0.0.1 28758 1982 40 R 4132609896 4132609896 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2624 40 R 2180613782 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2624 40 R 2180613782 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2625 40 R 2182430795 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2625 40 R 2182430795 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2626 40 R 2190776827 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2626 40 R 2190776827 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2627 40 R 2193757231 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2627 40 R 2193757231 0 0 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.253 10.0.0.1 49152 2629 40 A 2192971296 320580305 6690 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.254 10.0.0.1 5432 2633 40 A 544 2749458624 2048 - - - RECEIVE
2008-09-21 03:16:56 DROP TCP 10.0.0.254 10.0.0.1 5432 2633 40 FA 544 2749458624 2048 - - - RECEIVE
2008-09-21 03:17:28 DROP TCP 72.130.154.63 10.0.0.1 52422 2649 129 AP 3760463001 540063382 65006 - - - RECEIVE
2008-09-21 03:18:19 DROP TCP 75.190.249.167 10.0.0.1 14192 2690 52 SA 2278925182 2223020823 8192 - - - RECEIVE
2008-09-21 03:19:00 DROP TCP 71.51.247.129 10.0.0.1 6112 2730 40 AR 1505672068 809980700 0 - - - RECEIVE
2008-09-21 03:19:39 DROP TCP 91.84.80.167 10.0.0.1 32565 2765 40 R 773311896 773311896 0 - - - RECEIVE
2008-09-21 03:19:38 DROP TCP 91.84.80.167 10.0.0.1 32565 2765 40 R 773311895 773311895 0 - - - RECEIVE
2008-09-21 03:19:38 DROP TCP 91.84.80.167 10.0.0.1 32565 2765 40 R 773311895 773311895 0 - - - RECEIVE
2008-09-21 03:19:48 DROP TCP 67.170.146.9 10.0.0.1 38795 2769 40 R 2669329323 2669329323 0 - - - RECEIVE
2008-09-21 03:19:48 DROP TCP 67.170.146.9 10.0.0.1 38795 2769 40 R 2669329323 2669329323 0 - - - RECEIVE
2008-09-21 03:19:48 DROP TCP 67.170.146.9 10.0.0.1 38795 2769 40 R 2669329324 2669329324 0 - - - RECEIVE
2008-09-21 03:19:48 DROP TCP 67.170.146.9 10.0.0.1 38795 2769 40 R 2669329324 2669329324 0 - - - RECEIVE
2008-09-21 03:20:44 DROP TCP 75.54.206.250 10.0.0.1 43449 2360 40 AR 2156809154 2051696174 0 - - - RECEIVE
2008-09-21 03:21:54 DROP TCP 118.136.60.178 10.0.0.1 49782 2838 40 R 3737156104 0 0 - - - RECEIVE
2008-09-21 03:21:59 DROP TCP 60.241.243.182 10.0.0.1 6881 2841 40 R 385394772 0 0 - - - RECEIVE
2008-09-21 03:21:59 DROP TCP 60.241.243.182 10.0.0.1 6881 2841 40 R 385394772 0 0 - - - RECEIVE
2008-09-21 03:21:59 DROP TCP 60.241.243.182 10.0.0.1 6881 2841 40 R 385394772 0 0 - - - RECEIVE
2008-09-21 03:21:59 DROP TCP 60.241.243.182 10.0.0.1 6881 2841 40 R 385394772 0 0 - - - RECEIVE
2008-09-21 03:21:59 DROP TCP 60.241.243.182 10.0.0.1 6881 2841 40 R 385394772 0 0 - - - RECEIVE
2008-09-21 03:24:03 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 AP 2877659757 490449435 15988 - - - RECEIVE
2008-09-21 03:24:03 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877661171 0 10240 - - - RECEIVE
2008-09-21 03:24:03 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877673674 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877665413 490449435 15988 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877666827 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877679330 0 10240 - - - RECEIVE
2008-09-21 03:24:01 DROP UDP 10.0.0.6 10.255.255.255 138 138 234 - - - - - - - RECEIVE
2008-09-21 03:24:03 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877672260 0 10240 - - - RECEIVE
2008-09-21 03:24:03 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877661171 490449435 15988 - - - RECEIVE
2008-09-21 03:24:03 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877662585 0 10240 - - - RECEIVE
2008-09-21 03:24:03 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877675088 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877662585 490449435 15988 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877663999 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877676502 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877663999 490449435 15988 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877665413 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877677916 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877666827 490449435 15988 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877668241 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877680744 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877668241 490449435 15988 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877669655 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877682158 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877669655 490449435 15988 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877671069 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877683572 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877671069 490449435 15988 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877672483 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 40 R 2877684986 0 10240 - - - RECEIVE
2008-09-21 03:24:04 DROP TCP 71.205.112.116 10.0.0.1 39271 2849 1454 A 2877672483 490449435 15988 - - - RECEIVE
2008-09-21 03:24:53 DROP TCP 67.191.236.194 10.0.0.1 59174 2947 285 AP 5673383 702770110 65052 - - - RECEIVE
2008-09-21 03:24:56 DROP TCP 80.221.133.56 10.0.0.1 6800 2951 40 R 367577673 367577673 0 - - - RECEIVE
2008-09-21 03:24:56 DROP TCP 80.221.133.56 10.0.0.1 6800 2951 40 R 367577673 367577673 0 - - - RECEIVE
2008-09-21 03:24:56 DROP TCP 80.221.133.56 10.0.0.1 6800 2951 40 R 367577674 367577674 0 - - - RECEIVE
2008-09-21 03:25:37 DROP TCP 203.213.70.100 10.0.0.1 34500 2959 71 AP 1656739267 2358633476 64749 - - - RECEIVE
2008-09-21 03:25:37 DROP TCP 203.213.70.100 10.0.0.1 34500 2959 108 AP 1656739298 2358633476 64749 - - - RECEIVE
2008-09-21 03:25:37 DROP TCP 203.213.70.100 10.0.0.1 34500 2959 61 AP 1656739366 2358633476 64749 - - - RECEIVE
2008-09-21 03:25:37 DROP TCP 203.213.70.100 10.0.0.1 34500 2959 157 AP 1656739387 2358633476 64749 - - - RECEIVE
2008-09-21 03:25:37 DROP TCP 203.213.70.100 10.0.0.1 34500 2959 707 AP 1656739504 2358633476 64749 - - - RECEIVE

For clarity...
10.0.0.253 is gateway
10.0.0.6 is my laptop
10.0.0.2 is my server (if it comes up...)
10.0.0.1 is workstation

Any help appreciated

 

[yoda]

Additional info...

I've just caught AVG scanning an outbound email... but I've not got outlook open...
it's sending to ppp121-45-35-225.lns10.adl2.internode.on.net

I'm blocking AVG from accessing the internet using windows firewall...

Anyone have any info about this?

 

[Nix]

Have you scanned for trojans?

 

[yoda]

yes... but these days any scanner is at bet 99.9% acurite, this could this be something new?

I turned the logging on on my netgear to email me... it's reporting hundreds of DOS atacks an hour....

I'm tempted to phone my ISP and ask for a new static IP and see if it follows me...

 

[Dist]

are you use torrents? Netgear routers often detect torrent traffic as a possible DOS attack. Even hours, sometimes days, after you close your torrent program people will not realize you are no longer an available source and still continue to attempt to connect to you, thinking you are still part of the torrent.

Also why do you want to block AVG? it wont be able to get new updates. Surely you should block whatever is sending the outbound email?

 

[yoda]

torrents yes... would i get better results if i disable DOS detection?

Well, i've blocked AVG to stop the outbound emails, however, windows firewall does not seem to be stopping AVG at all since it updates ok...

might go and get zone alarm if they still do a free version...

:edit
Whats the command line to view curent TCP connections?

 

[Dist]

the command line command is netstat, if you need more specific results, like the program or whatever causing the connections do netstat ? and it will show the extra parts to the command you can use.

 

[oddjob62]

Assuming you're using utorrent....
http://www.utorrent.com/faq.php#Hel..._sending_e-mails.2Faccessing_the_web.2Fetc.21

It's simply some people using port 25 (usually SMTP) for their torrent connection port.