OK,
Pings.
To Ping someone or an IP is to use the computer or router to send a Sort of "knock knock" request to the IP or server/computer name.
On most devices you can Ping other devices on your LAN as there is no block to this.
A lot of devices though, have this disabled for the WAN (Wide Are Network + Internet) side of things.
This keeps the Public IP your ISP gives your Modem somewhat secret.
Like most things on the internet it an be abused.
The Network Utility in Applications/Utilities has the ability to send Pings.
The normal function is to send 10 pings and see if any get lost and to see how long they take to get a response.
You will see that there is an option to send Unlimited Pings. It is this that gets abused. There are ways of sending many pings very quickly as an Attack.
This can result in your Internet connection failing as the device or computer get tied up dealing with the Pings.
On the other hand certain apps like iChat use a Ping to confirm that it is the correct place/computer is is talking to.
For iChat it works like this.
One end send the Visible Invite (The Pop up to Invite to an A/V Chat).
This is sent by iChat on Port 5678
iChat then moves to port 16402 to do the Connection Process using the SIP (Session Initiation Protocol).
Part of this process is to send a Ping to confirm where the Visible Invite went to is the place/computer that is responding to the SIP Request. As you can be logged in twice to a Screen Name it confirms that the you are responding - It also stops someone eavesdropping and pretending to be you.
iChat will not work in A/C Chat unless this function is Allowed.
*Denial of Service (DoS)*
This is somewhat of a hang over from the days when groups of "Hackers" used to organise a time to bring down a web server.
Lots of people would all go to the same web site (requesting a page)
Then they would hit the refresh button over and over (Many Request for the page).
eventually so many requests are made that the web server cannot cope and the whole server would "go down" and lose it's Internet Connection.
Strictly speaking it does not have to be application related like a web server/page but has to involve the computer doing something to reply.
With DoS (if your device has it) it has a preset threshold where it will regard the data coming to your computer as being "Too Much, Too Quickly", and cut the one port the data is coming in on.
With iChat Video there is a vast amount of data that can come very fast with modern Internet Speeds and you bump into the Threshold even before you see your Buddies Video pic.
There is no way to adjust the Threshold so it needs to be Disabled for iChat to work.
*Stateful Packet Inspection (SPI)*
Works in a similar manner to DoS in that it tries to Inspect the incoming stream and judge if it should be allowed. With modern speeds there come a point when it cannot cope and it again shuts the port it is happening on to "Protect" the whole Internet Connection.
Again for iChat it needs to be Disabled if you have it.
Limiting iChat to use only 500kbps of your Bandwidth (a portion of your Internet speed in most cases) may get around the Threshold of DoS and help SPI cope.
There are some risks to Disabling these settings but mostly this depends on how big a target you appear to be on the Internet.
There is a smaller risk of suffering drive by attacks. However I have never suffered one in 5 years of using iChat.
I have not suggested changing any of the other settings in your device.
7:55 PM Thursday; July 1, 2010
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"