ISP port scanning

[netsider]

I receive alerts from my router of (possible) malicious activity (trying to sound professional here... just kidding). Anyways... I keep getting these messages from my router:

TCP- or UDP-based Port Scan DETECTED on Mon May 20 11:35:47 2013
targeting 173.25.150.217,58220, sent from 97.64.209.36,53

and:

SYN Flood DETECTED on Sun May 19 18:46:42 2013
targeting 67.202.66.202,80, sent from 192.168.0.10,51050

173.25.150.217 is my external address to my ISP. 97.64.x.x is my ISP's DNS server. 192.168.x.x is a device on my local network. 67.202.66.202 is unknown to me.. and isn't tied to me (or my ISP) at all. I tried looking it up and it came back as "Steadfast Networks DNS".

Any ideas what this is, why it's happening, or what the 67.202.x.x address is? Thanks guys

 

[netsider]

*bump* ?

 

[ciggwin]

TCP- or UDP-based Port Scan DETECTED
from 97.64.209.36
http://www.ip-adress.com/whois/97.64.209.36
looks like your ISP
http://www.adminsub.net/tcp-udp-port-finder/58220

A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

So from what you posted, it seems like your ISP is doing a port scan on your router (I think this is quite common but someone else could verify).

It also seems like your local LAN is trying to flood something on Steadfast Networks in Chicago (?)

That is all I can come up wiht

 

[TCM]

67.x.x.x is some webserver you browsed.

And your ISP isn't scanning you. Looks like it took longer than usual to resolve a name and your super-duper router already had its state entry flushed for source port 58220 so the reply was classified as a "scan".

Pro tip: disable these utterly useless "attack detections". Apparently, they are self-justifying lies to make you feel good about your router purchase. They have no real world use whatsoever.