How can I have a NATed address not on my subnet?

Discussion in 'Computer Science & Culture' started by dinosaurs!, Mar 31, 2015.

  1. dinosaurs! Registered Member

    Messages:
    4
    So over the last few days I've received copyright infringement notices for files that were not downloaded by me or any other member of my family. I've even checked the BitTorrent logs for every computer that has it installed (all three of them, out of six computers), and I searched the harddrives for any files that might correspond to the files (allegedly) downloaded.

    Now I'm checking over my router's system, WLAN, and NAT logs, to see if I can find anything relevant, but I found something that confused me (and I thought I understood NAT pretty well). The NAT logs list NAT address and destination IP addresses for all current and recent NAT connections. Almost all of the entries under the NAT address field correspond to IP addresses on my local subnet (192.168.1.0, subnet mask 255.255.255.0, but I also found a few where the pattern was reversed: the NAT address field was an IP address not on my subnet, but the destination address was and IP address that was. So for instance, here are a few entries:
    Code:
    Proto NATed Address                            Destination Address                      State
    tcp   76.115.18.116:58822                      192.168.1.13:64472                       ESTABLISHED
    tcp   76.115.18.116:50322                      192.168.1.12:48727                       ESTABLISHED
    tcp   74.125.20.188:5228                       192.168.1.19:43091                       ESTABLISHED
    udp   95.63.129.70:33960                       192.168.1.12:48727                       ASSURED  
    udp   120.88.52.7:61773                        192.168.1.12:48727                       ASSURED  
    udp   61.15.251.88:24171                       192.168.1.12:48727                       ASSURED  
    
    How does this happen? Is it just a bug (or pseudo-bug) in the NAT logs, where incoming connections from the WAN side are list as "NATed Addresses," and the (NAT side) IP address is listed as the destination address?

    Also, I stupidly left WPS enabled on my gateway (although I could have sworn I turned it off). I'm currently running Wash to make sure the WPS protocol is actually disabled, and not "fake disabled" as happens on a lot of routers.
     
    Last edited: Mar 31, 2015

Share This Page