I think I get it -- bittorrent added this thing called the "DNA server" and I believe it's UPnP enabled. Even though I wasn't running bittorrent at all, this service connected to the router via UPnP, opened the ports, and started traffic. For the record, I still haven't used bittorrent to download anything, I merely installed the software and that was enough to get this to start on its own. This morning, I was running WireShark and turned my cable modem back on and noticed traffic coming from my computer to utorrent.com & bittorrent.com. Moments later the behavior started again. That got me to thinking "hmm, Bittorrent isn't running, so what is?" - and I recalled reading something on their website about a distributed download accelerator called DNA so I looked into it. WireShark was going crazy with the DNS lookups at that point.. so I uninstalled DNA server, saw more communication to the bittorrent servers and then the DNS lookups stopped. I had, according to my router's WISH list, just under 300 open UDP sessions before that uninstall. Five minutes later, it was down to 13 active connections. What's interesting to me is why when I blocked the ports from Symantec Multitier Protection's firewall, that the traffic was still permitted and would not block. Perhaps there is some kind of interaction between the firewall & upnp? Anyhow, I checked it over lunch now and the issue is gone. Thanks for pointing me in the right direction. Travis