I have the following setup:
- The router (Netgear DG834Gv5) is upstairs and connects to the ADSL, connected to it is a Cat5 going to a PDSL
- Downstairs, the PDSL joins and goes to a second router (D-Link G624T) which I've turned into a Wireless bridge (disabling DHCP etc.)
- The downstairs router 'bridges' the wireless signal so that I have coverage around the entire house
I recently noticed that the LAN port on the lower floor router is going crazy, which suggests that there is heavy activity going through, when checking the upstairs the internet light is flashing.
After doing some investigation, it only happens when my brothers laptop is connected which to me is suggesting he is either downloading torrents which are hammering the router and he isn't telling me, or his computer is infected and it is hammering the router. I locked down the router and only allowed a handful of ports through (HTTP, HTTPS etc.) and told it to log anything else which tried to access it. Apart from a large number of attempted connections to Steam and Valve servers by his computer, there also seemed to be a couple of random connections including several to Korea (18.104.22.168) on port 27031... which kind of got the alarm bells ringing.
Is it me being paranoid to think that his computer is infected/recruited and how should I pursue the matter?