So over the last few days I've received copyright infringement notices for files that were not downloaded by me or any other member of my family. I've even checked the BitTorrent logs for every computer that has it installed (all three of them, out of six computers), and I searched the harddrives for any files that might correspond to the files (allegedly) downloaded. Now I'm checking over my router's system, WLAN, and NAT logs, to see if I can find anything relevant, but I found something that confused me (and I thought I understood NAT pretty well). The NAT logs list NAT address and destination IP addresses for all current and recent NAT connections. Almost all of the entries under the NAT address field correspond to IP addresses on my local subnet (192.168.1.0, subnet mask 255.255.255.0, but I also found a few where the pattern was reversed: the NAT address field was an IP address not on my subnet, but the destination address was and IP address that was. So for instance, here are a few entries: Code: Proto NATed Address Destination Address State tcp 76.115.18.116:58822 192.168.1.13:64472 ESTABLISHED tcp 76.115.18.116:50322 192.168.1.12:48727 ESTABLISHED tcp 74.125.20.188:5228 192.168.1.19:43091 ESTABLISHED udp 95.63.129.70:33960 192.168.1.12:48727 ASSURED udp 120.88.52.7:61773 192.168.1.12:48727 ASSURED udp 61.15.251.88:24171 192.168.1.12:48727 ASSURED How does this happen? Is it just a bug (or pseudo-bug) in the NAT logs, where incoming connections from the WAN side are list as "NATed Addresses," and the (NAT side) IP address is listed as the destination address? Also, I stupidly left WPS enabled on my gateway (although I could have sworn I turned it off). I'm currently running Wash to make sure the WPS protocol is actually disabled, and not "fake disabled" as happens on a lot of routers.