please help me to understand why Comcast detects multiple attempts to address my Synology NAS internet ID from outside
As
@Steven Lee pointed out, this information is at least incomplete and probably not entirely accurate, so I can only speculate based on what you say.
First a tiny bit of background: The general way of setting up a home internet connection (99.9999% of the cases or so) is through whatever hardware infrastructure (e.g. fiber or DSL) which enters into a modem, which is generally also a router. This router has a public IP address that's in principle visible from the internet. The essence of a router is that it is the link between two networks, in this case an external one (the internet) and your local home network. On this home network, you have your WiFi access point (often integrated in the same modem/router device), IPTV, computer and any servers. This home network also uses IP addresses, but these addresses are not visible from the outside.
When an agent somewhere on the internet connects to your IP address, this connection requests ends up at your router. Since ComCast provides the connection between your router and the overall internet infrastructure, they can (and do) monitor this traffic. This incoming request will then be handled by the router, but by default, it's not set to actually handle anything. This is because unless we explicitly tell the router where the incoming traffic should be directed to, it wouldn't even know which device on the home network to send it to. Note that the router doesn't 'know' anything about Diskstations, iPhones, Windows laptops or smart TV's etc. - it just sees nodes with an internal network address and as far as the router is concerned, they're all equal. So unless we tell the router "if a request of type X comes in, send it to this local IP address", no attempts to access your network from the outside will end up anywhere at all. They'll just fall dead on the floor inside the router.
Now, how does ComCast 'know' that there are 'attacks' on your Diskstation? If a request is made by one IP address to another, it uses a 'port' to signify what kind of traffic this is. You could imagine these 'ports' as mailboxes in the hallway of the same office building, with the office building having just one street address (this would be the IP address in our analogy). So for instance, opening a connection with a machine via port 80 is the usual way of approaching a web server for HTML etc., port 21 is used for FTP (file transfer), etc. One interesting instance here is port 5000, which is commonly used by Synology/Diskstation for several purposes, including accessing its management console. So if ComCast detects an attempt to connect to your public IP address over port 5000, it may file this in a user-friendly way as an access attempt to a Diskstation device.
Now, the issue with port 5000 is that it is used by a whole slew of devices, services and apps. Some of those are legitimate (e.g. Diskstation or OctoPrint, a 3D printer print server, or UPNP, a Windows service that's running by default on all Windows machines) and some of those are so-called Trojan horses: viruses that embed themselves in a system and open a backdoor (using port 5000 for instance) to allow access from the outside world.
So based on the scant information you gave, I
suspect that ComCast is seeing incoming connection attempts to your IP address on port 5000, and it displays this to you as 'Diskstation' because it's one of the common uses for that type of traffic. However, from the above you can also surmise that: (1) you actually don't know for sure it's really Diskstation-related, and I'd go so far as to say, it probably isn't, and (2) the connection attempt reported by ComCast only extends as far as your router, because ComCast also can't look at the local network side of your router (!) and (3) even if the connection attempts reach your router, your router won't forward them to your Diskstation unless you explicitly tell it to do so.
Of course, it's in ComCast's interest to show how many attempts to access your IP address they have monitored in order to keep you convinced that their security systems are worth paying for. Nothing wrong with that, but pretty much every IP address out there receives truckloads of access attempts everyday, so I wouldn't feel too special about it. This is why we have routers and firewalls. Without them, you wouldn't get much use out of your computer, at all.
and the drive is taken out of access entirely (only the power on light remains on)?
Given that the traffic likely never reaches your Diskstation, there's no causal relationship between it and the power failure you're experiencing. The 'drive' going down is probably the server itself going into power saving mode. Perhaps it's set to do so with the 'Wake on Lan' option enabled, but this WoL option is notoriously unreliable as it depends on how the local network is configured to handle such wake-up requests. This would result in the Diskstation going to sleep and not be woken up, because the nudge to wake never reaches it. I'd recommend configuring your Diskstation to remain awake, but if you use mechanical hard drives (as opposed to SSD's), to have those spin down after a set period. This ensures your Diskstation remains approachable, but with the slight delay of the drives spinning up if they have gone to sleep.
Hope this helps in any way. And I hope you now understand why I'm somewhat skeptical about your claims that the problem is Diskstation-related. It really doesn't look that way to me.
