[IonCable]

I got a D-Link router connected to my Comcast Cable modem. I was checking the log the other day and saw a HUGE list of

Found SYN Flood

What is this? What do I do about it? Should I worrY?

I also get a lot of Ping of Death found too.

[ghporter]

Note that while you were receiving these floods, you did not lose your connection to the Internet. That says that your router was doing its job, and it protected you from these attacks. Make sure that you ALWAYS keep your router set to ignore external requests/pings, and you should stay protected from such attacks.

Yes they were attacks, but these sorts of attacks are random in nature, and ususlly the result of a "script kiddie" trying out a new script. It's important to note that sometimes your ISP will ping you to determine whether or not you're still connected, or for verification of routing at their end. These pings are limited, aimed at your modem, not your LAN, and only occasional. Your router can tell the difference, and your log will either ignore such allowable pings, or identify them as non-problems. It's when the pings reach the level of "ping of death," which is a ping saturation attack, that they become a problem.

You should report CONSISTENT attacks from similar sources, or at similar times to your ISP for investigation (assuming your ISP understands such things, which Comcast should), because they not only pose a threat to you, they use a lot of bandwidth.

[kampl]

A SYN flood is a DoS attack where by an attacker sends multiple TCP packets with the SYN flag set to open a connection to a server. The server sends a SYN/ACK but never receives an ACK back to complete the connection and the session remains half open until the timeout value is reached. A successful attack would exceed the max number of open connections the server can maintain thus causing it to ignore all connections until space in the table is available.

A PING of Death, as I recall, is a relatively old exploit (five or six years ago) that most modern OSes are not vulnerable to. An attacker would send an echo request with a total size greater than 65535 bytes which once received and all fragments reassembled (65535 bytes being an extremely large/illegal packet according to RFCs) would overrun a buffer and cause the target to hang or crash or nothing depending on target OS.

In so far as worrying about this, PING of Death can be disregarded when OS X is the target. SYN flood can be annoying if you are trying to run a server (http, smtp what have you) or is a distributed attack and it saturates all available bandwidth. There isn't a whole lot you could do about SYN floods without more modern firewalls running SYN Defender or Floodguard to protect your servers, and depending on the number of hosts intiating the attacks you may run out of bandwidth anyway depending on the pipe size at their end.

Hope that explains things to a degree.