That is weird that it should be Kaspersky that is triggering something off in the router firewall.
afaik UDP null port is a scan for open and listening ports, but I dont know why it should be doing this outbound via the router. I wonder if it downloads using a p2p type technology?
Ive just done a search and there seems to be a couple of others whom have noticed this behaviour from Kaspersky.. I also found
this.
In there the OP lists the same kaspersky IP addy as being blocked after installing Kaspersky AV by his firewall.
Below that someone mentions "
proacive defense which is checking the online database for whitelisted applications. it's not sending any personal data just check sums of the applications."
I do find it a bit weirded though that an AV type prog should be exhibiting the type of behaviour that triggers off a well known protocol analysis for IDS.
Theres a bit more about protocol analysis
here[Protocol analysis] focuses on reviewing the strictly formatted data of network traffic, otherwise known as protocols. Each packet is wrapped in predefined layers of different protocols. IDS authors, recognizing this, implemented engines that unwrap and inspect these layers, according to the protocol standards or RFC. Each wrapper has several fields with expected or normal values. Anything that violates or is outside of these standards is likely malicious. The IDS inspects each field of the different protocols of an incoming packet: IP, TCP, and UDP. If something violates a protocol rule, for instance, if it contains an unexpected value, an alert is generated. Protocol analysis uses a detailed knowledge of expected or normal packet field values to discover malicious traffic
The question I cant answer and what I find strange, is why something (kasperspy) is sending out udp packets that dont seem to adhere to the protocol standards