Seeing very slow SYN-flood type activity
In the last week or so I've been seeing a bunch of errant traffic on my two Comcast connections (one at home, one at work, but both business class) and am wondering if anyone else is seeing this or if it's just me for some reason. I see a bunch of connections in state SYN_RECV from various disparate yet similar netblocks; it's not a ton of connections at any given moment, and it's not with any pace, so I really don't know what to make of it:
# netstat -n --protocol=inet |grep SYN tcp 0 0 173.160.x.x:80 22.214.171.124:28381 SYN_RECV tcp 0 0 173.160.x.x:53 126.96.36.199:42980 SYN_RECV tcp 0 0 173.160.x.x:53 188.8.131.52:3148 SYN_RECV tcp 0 0 173.160.x.x:25 184.108.40.206:13021 SYN_RECV tcp 0 0 173.160.x.x:25 220.127.116.11:29468 SYN_RECV tcp 0 0 173.160.x.x:25 18.104.22.168:64219 SYN_RECV tcp 0 0 173.160.x.x:443 22.214.171.124:46328 SYN_RECV tcp 0 0 173.160.x.x:443 126.96.36.199:18095 SYN_RECV
They're almost certianly all spoofed; the last few days have been almost exclusively IPs in foreign countries, but today it's a lot of random US ones.
Is this a more widespread "attack" against random Comcast IPs, or is it just me being targeted by someone who doesn't really know what they're doing? Anyone else seeing this?