The source IP is my own router. The ports started on 2050. The port numbers have gradually gone up and is now at 2919. The destination IP is my PC that is running the firewall. The destination port is always 2869. These are all on the TCP protocol.
Next, I have received three outgoing blocks since this had first occurred. The source program is svchost. Source IP is my computer on port 1048, 1025, and 1453. The destination is my ISP. When I go to IP lookup it actually gives a specific location of my ISP which is not their main location. In fact if I look my ISP up in the phone book this location is not listed. Eww, It has just happened again as I have been typing this. This time it is port 1048 once again. Source DNS listed is what I named the computer. These are on the UDP protocol.
I have done some in depth malware checks with my commonly used anti-spyware and a/v programs. Also I scanned through my HJT log and found nothing.
I had a unsecure wireless network. Mostly because I had trouble about a month ago find a good guide for configuring WEP. I turned the wireless network off. It has stopped now but I believe that it stopped before I turned it off.
Why would my own router be hitting my computer?
Why is svchost calling out to this particular location furthest away from my house?
Edit: My software firewall is ZoneAlarm free and my router is a Linksys WRT54G.
Edit 2: More specific questions.
This may be related to power outage at my house but does not seem likely that is the case. I no longer get internet activity from my router. I can configure the router so I can see that it is working properly. I can see that the DNS servers it has assigned are correct and the same as before. Also if I clear the DHCP and renew it the same DNS comes up as before. So now my router is busted.
Any ideas on what is going on? Can a power surge cause a router to malfunction in this manor?
Another New update:
I am up to 1550 blocks since Feb 02. Now three of them are listed in ZoneAlarm as "high" risk. About 50-75 are these from partially blocking game connections since I no longer want to put ZoneAlarm in gaming mode. I despretly want to find out what is going on here.
I can only view the last 1000 blocks. I must have missed the other high risk ones but I was able to look one up. The IP was from Beijing, China. The netname was A1DIALUP-NET. The destination port was 80.
The blockings now come from a variety of IPs and 26458 seems to be a popular port. Nearly all of them now are UDP blocks up there are some TCPs thrown in there.
Netstat from command prompt show two open ports without IE running.
1. local: TCP [computername]:2437 foreign: 72-165-61-141.dia.static.qwest.net:27039
2. local: TCP [computername]:2730 foreign: 72-165-61-141.dia.static.qwest.net:27039
Edited by Titan8990, 07 February 2008 - 11:49 PM.