Let me start by saying I know nothing about firewalls and ports. However I have just started looking at the router logs on my wireless network. And I'm a little worried. For example I seem to be getting masses of Access Frowards from an almost sequential list of ports i.e:
116|09/02/2006 15:24:28 |192.168.1.34:1591 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 117|09/02/2006 15:24:28 |192.168.1.34:1589 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 118|09/02/2006 15:24:28 |192.168.1.34:1587 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 119|09/02/2006 15:24:28 |192.168.1.34:1585 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 120|09/02/2006 15:24:27 |192.168.1.34:1583 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 121|09/02/2006 15:24:27 |192.168.1.34:1581 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 122|09/02/2006 15:24:27 |192.168.1.34:1579 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 123|09/02/2006 15:24:27 |192.168.1.34:1577 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 125|09/02/2006 15:24:27 |192.168.1.34:1575 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 126|09/02/2006 15:24:26 |192.168.1.34:1573 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 127|09/02/2006 15:24:26 |192.168.1.34:1571 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W) 128|09/02/2006 15:24:26 |192.168.1.34:1569 |69.16.237.154:80 |ACCESS FORWARD Firewall default policy: TCP (L to W)To my untrained eye, it seems odd that this access just goes through all the available ports (I have many more logs - it seemed to start with port 1028 and goes up to 4999 before starting again). This is keeping the router busy all the time with up to 10 accesses per minute solidly throughout the day. Is this normal? Some of the destination ips seem to be expected (Google etc) others just point mysteriously at RIPE.NET or LIQUIDWEB.COM which we haven't knowingly visited but maybe they are adverts or something?
Am I worrying unncessarily?
thanks for any advice