I have RouterOS v.6.29 x86 a I have weird connections in firewall. That connections are from our public addresses port 80 to many addresses and random ports as you can see below:
Sep/03/2015 13:09:25 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->169.229.3.90:41590, len 44
Sep/03/2015 14:27:42 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->141.212.122.122:44394, len 44
Sep/03/2015 14:27:42 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->141.212.122.129:50898, len 44
Sep/03/2015 14:42:33 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->216.243.31.2:41680, len 44
Sep/03/2015 14:59:51 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->218.22.211.69:33290, len 48
Sep/03/2015 15:18:21 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->216.243.31.2:47500, len 44
Sep/03/2015 15:25:28 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->94.102.48.194:57026, len 44
Sep/03/2015 16:45:09 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->45.79.165.182:60413, len 44
Sep/03/2015 17:46:40 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->111.248.102.138:12200, len 44
Sep/03/2015 17:58:37 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->141.212.122.123:52196, len 44
Sep/03/2015 17:58:37 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->141.212.122.122:52968, len 44
Sep/03/2015 18:34:11 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->199.203.59.117:26600, len 48
Sep/03/2015 19:33:57 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->141.212.121.192:41590, len 44
Sep/03/2015 19:35:36 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->169.229.3.90:41590, len 44
Sep/03/2015 19:42:40 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->222.186.21.121:77, len 44
Sep/03/2015 19:47:23 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.115:80->177.75.145.200:7491, len 44
Sep/03/2015 19:47:23 firewall,info firewall: output: in:(none) out:WAN, proto TCP (SYN,ACK), 46.13.12.116:80->177.75.145.200:6844, len 44
I have an my public addresses 46.13.12.115 and 116 on WAN bridge, LAN bridge for our local network and NAT between them. It seems that connections make router itself, not coming from LAN. I’m using WebProxy but that connections are common from random port above 1024 to port 80 or 443 and from internal LAN address. Not like that weird from port 80 to random port and from WAN address.
Is there any other RouterOS service that can do that? Or have I same infection on my router? Or it is normal?