Recently, I've noticed on my home router (DLink DIR 635) a lot blocked connection attempts being logged to our Windows Vista machine - roughly one every 4-5 seconds. The destination port is always UDP 15126 but the source IP addresses come from a wide range of different sources - China, Greece, Sweden, USA, India - you name it.

I installed Wireshark on this Vista machine and did a filter for "udp.port == 15125" and was disturbed to see that every 15-20 minutes or so, the router doesn't seem to block these packets anymore and there's a stream of chatter back and forth from my PC to these remote destinations (all over UDP, usually not more than a 256 byte string payload to each IP address). However the router does block some other connection attempts during this time too.

The only thing I can guess is going on is that there's something on the PC initiating these connections out or my D Link router is so crap it gives up blocking after a while and just allows traffic in.

The question is, what it could be? This PC is a bit of a mess, I must admit (the family PC with lots of crap installed, despite my attempts to clean it up!) and it's had BitTorrents on it too, so could it possibly be this? Does anyone know anything about UDP port 15126? I can't find any legitimate service that uses this port.

In the meantime I'm disabling uPnP on the DLink, removing any firewall rules in Vista that I don't recognize or want and gutting this PC of useless crap. Any ideas or advice would be greatly appreciated.

Thanks in advance! :)

Go for a malware and Virus check on the PC...If the PC is affected by virus then the malicious programs would initiate connections outbound on random ports without your knowledge through background processes. Router couldn't stop this because connection was initiated from the PC.

