All of that to prep for this.
I recently jumped on the #Sophos bandwagon due to work and my general curiosity of learning something new. What does this mean? Well for me, its downloading everything I can get my hands on, and Sophos offers loads of free stuff for folks to test their wares.
I installed Sophos UTM 9.2 (the free for home use virtual appliance) on my wifes mac mini since it was the closest to the router and had an extra thunderbolt connection... <She is/was not amused with this but that is a different story>
After the initial setup, turning every setting on, having fun with the kids (captured wifi portals are cool), I finally have the setup in what I would call a stable run condition.
Now we come to the title of this post.
It became quite clear very quickly that there are WAY too many applications, networks, protocols trying to talk to devices within my network. Come on Apple, do you *have* to have that many UDP ports to make things happen? I remember when it was easy enough to put a rule in that said, if my laptop started the conversation, NAT the return requests and allow them through. Well that works. What doesn't work is when you have an app that registers you on a service, then who knows what network or port will attempt to send you a push update, or poll your device to see if you are still there.
When it comes to my android phone, I have many apps that I have grown to depend on, these apps pretty much go dormant when I am connected to my Wifi now, then wake up when I turn wifi off or go outside. I have been going through the logs and making rules to allow the applications and protocols through that I deem worthy but then I came across a few networks that were blacklisted, based out of country, and not so savory. Taking inventory of my phone I do not see any obvious contenders. In fact, I recently received a new tablet from my employer and have taken great care to only install corporate-ish type apps that I would use for work purposes only. But yet, there it is in my firewall log file, unsolicited inbound connection attempts to this device as well.
I will follow up with another post when I find out the culprit, but to all my friends, make sure you are using some kind firewall at home. Use antivirus/antispyware on EVERY device, yes even your phone.