Excess net activity on cable modem

[ChromWolf]

For maybe 30 or so minutes, my internet connection was down. Cable Modem had to re-establish connection, which it did. However, now the activity light is constantly on, as though I'm downloading something---but that's not the case. Downloading websites in order to browse is extremely slow, and my computer couldn't stay connected to AIM for more than about 5 minutes.

My ISP is Mediacom, and I've got two computers networked (not wireless) behind a LinkSys router. The router's incomming logs note several dozens of attempts at inbound access; many of the IP's listed have the same first two octets as my Cable Modem's IP, but some do not. Common ports access is attempted through are 135, 445, 3677-3678, 3713-3714, and 3754-3755. Out of curiosity, I tried pinging a couple; most timed out, but a couple gave me a responses of less than 200 ms.

What could be going on here? Is this a DoS attack, and if so, beyond calling Mediacom (it's a bit late, but I'm being bad and posting anyway), how can I find out what this is, and how to put a stop it? Is there any way to know if this is targetted at me specifically, or someone's just scanning large IP blocks with my first two IP octets?

For the record, I've done pretty much all the applicable steps recommended in the sticked "how to secure a network" thread...

What can I do?

[mbossman2]

it could be a lot of things:
-your ISP could be doing an update to the modem (but that shouldn't take more than 5-10 minutes, unless you have a bad modem)
-it could be a DoS attack and the best solution for that is to notify the ISP and let them handle it

My advice is to rely on your firewall defenses and have the ISP check their logs to see if they see something out of the ordinary and then let them act on it..