Does this set of logs cover the time period of the events you described?
It seems to be after activating the BBB filter:
Code:
160829:210726 phd[21655]: E udp_tph:sendto_error:to = 23.23.189.57:33434, ret = -1 (of 136), errno = Operation not permitted (1):
(that is: YYMMDD:time)
Where:
Code:
NetRange: 23.20.0.0 - 23.23.255.255
CIDR: 23.20.0.0/14
NetName: AMAZON-EC2-USEAST-10
NetHandle: NET-23-20-0-0-1
Parent: NET23 (NET-23-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS16509
Organization: Amazon.com, Inc. (AMAZO-4)
RegDate: 2011-09-19
Updated: 2014-09-03
Comment: The activity you have detected originates from a dynamic hosting environment.
and this is a Wifi/3G unit, which I don't recall your mentioning.