I just switched antivirus programs a few weeks ago from NAV to Bit Defender and in doing so lost the Norton Internet Worm Protection (i.e the builtin firewall). So I decided to enable the windows firewall and also turned on logging. I also have a FW built in to my netgear wgr614 router which is supposed to be blocking everying except for 3 or 4 ports that I have forwarded. When I check the Windows FW log however I see thousands of entries where the action column is set to "DROP" for ports that shouldn't even be getting through the hardware firewall. For example TCP ports 2188 and 2273, and UDP port 8088 none of which are forwarded. How are they getting as far as the software firewall?
My IP has not changed for several months and none of the IP's below are my WAN IP.
Here's a couple of examples.
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
2007-07-01 22:32:05 DROP UDP 74.100.189.35 192.168.1.2 45685 8088 42 - -- - - - - RECEIVE
2007-07-01 20:30:38 DROP TCP 204.2.179.48 192.168.1.2 80 2188 1452 A 4075071033 456793686 27466 - - - RECEIVE2007-07-01 21:01:54 DROP TCP 69.2.120.39 192.168.1.2 443 2273 1169 AP
2133527059 111240437 18356 - - - RECEIVETIA