How to identify suspicious activity on your network?


I'm fairly new to the use of OpenWrt. I installed it months ago after I realized that the firmware on my R7800 was pretty garbage for qos/sqm, and someone had suggested hynman's openwrt build. I have a decent amount of networking knowledge but nothing like most of the users on here, but I have learned a lot since looking around in the settings (mostly not touching).

I have BanIP enabled and BCP38 as well, mostly default settings otherwise. Recently I've noticed a few "-" named leases under my DHCP leases, which I do not remember seeing before. Because of Covid, no one really comes over, so I don't see why I would have more network devices leased. Should I be worried about this? For months before this I would only see identified devices that did not have a "-" where a normal human readable device name would be. As an aside, when I turned on BCP38 and BanIP, I can no longer ping google. Is one of the lists blocking me from doing so?

I'm wondering if anyone has a few tips for me to know what I should be looking for under the system logs or elsewhere to identify if anything shady might be going on, or if they could point me to a good resource for such a matter. Thank you! :slightly_smiling_face:

(Below are images of my settings for BanIP and BCP38. BCP38 I left as is, and for BanIP I just turned on some of the lists which seemed relevant. Any reason not to?)

Analyze firewall traffic for specific device? - #2 by vgaetera