I recently launched the client on my school's network and I got a bunch of syn flood attack warnings.
If it goes away in a few minutes, it's probably completely normal. The client wants to be well-connected as quickly as possible and this may set off attack warnings on some systems.
If someone has a chance, it would be helpful to run the client on a machine that is monitored for traffic and connection volume. At least count SYNs to the bitcoin port. Ideally, use the IP for nothing else for awhile and log *all* traffic to it to see if you get probes, attack attempts, and the like. Post your summarized statistical results so we can have a baseline for what's normal. If nobody else does this, I'll try to do it myself tomorrow sometime.