hello guys i have this problem im sharing internet with a neigbor, the problem is, i by curiosity was watching the traffic on my router and found out a big data flow when i go to analize deeper the traffic i see there is a ton of ports open coming from the client pc of my friend, like 40 ports from his pc pointing to the port 53 of various randoms ip, what it intrigued me is the fact it is pointing even the local ip 192.168.1.1 as :53 which is weird cause looks like he is trying to scan ports or do dns poisoning / rebinding, can someone more tech savy tell me what im seeing here? may this be some kind of attack? why so many ports pointing to dns? even unexistent dns ports? most weird thing is, when i see that router active lights blinking, my other router conected to the same lan starts to blink crazily (the tx transmit data light like as if it were pulling data from my phone or pc and both lights blink synchronizedly, yes i set custom blinking lights to blink only when upload tx on wan or lan are happening)
You as the owner of the internet connection will be responsible for the data usage to your address, this included the neighbors data flow.
Running 40 or more normally a couple of 100 DNS lookups isn’t really the problem (especially if the neighbor have one or more windows computers). The problem or the most interesting is the DNS answer the lookup return?
And then the question arrises if you really want to know what your neighbor actually look at and do on the internet?
And if your neighbor have his own router on your shared line with masq you will only see one mac and ip address.
It's not uncommon nowadays for a single webpage to download resources (stylesheets, scripts, images, ...) from a dozen of different domains. And each requests to a different domain requires a DNS request. A couple of those webpages, two devices browsing the internet, and 50 DNS requests are "normal".