Link to home
Start Free TrialLog in
Avatar of wooops
wooops

asked on

SYNFLOOD and ICPMFLOOD problem Need a script please.

Hi, I am having problem with synflood and icmp flood attacks on my webserver on port 80 icmp attacks are comming from program named SPRUT, it send multiply http connection and I cannot stop them. Can someone help me on that please with some automated script or so. I am running SUSE 9.3 Thanks in advance.
Avatar of Kelly Black
Kelly Black
Flag of United States of America image

Analog to synflodd protection insert this in your firewall script before you
allow connections to port 80:
 
# Set your number of max. connections here!
CONNECTION_LIMIT="100"
 
iptables -A INPUT -p tcp --dport 80 --syn -m limit --limit  $CONNECTION_LIMIT/h \ -j LOG --log-prefix 'limit of $CONNECTION_LIMIT connections reached'

You can also edit the firewall to DROP these types of packets with

iptables -A INPUT -s <ip from which dos attack is coming> -j DROP

To find out which ipaddress the attack is coming from, you can use

netstat -apn | grep :80 | awk '{print $5}'| sort

and look for the highest ranked connection.

Let me know if this helps you...

~K Black

You can get several automated firewall packages. The firewall scripting is not so much limited to distro of Linux/Un*x, but upon versions of the iptables firewall binary itself.

One of the many good packages is gShield:

http://muse.linuxmafia.org/gshield/

They all have pretty comprehensive config files, and you should back up the default config before customizing it.

http://www.linuxguruz.com/iptables/

Regards,

~K Black
Avatar of wooops
wooops

ASKER

Ok, is this max conn per user or in global? My server is kinda busy and if i allow only 100 conn in global that will be a huge problem. Is this protection agains SYN flood or just for that progy that sends mass httprequests.
Can you put into the script SYN flood protection from botnets and UDP protection  please?
Thanks in advance.
Best regards.
try portsentry, it will blackhole specific IPs that are performing questionable behavior. It is quite easy to configure and install.

some links for configuration:
http://www.falkotimme.com/howtos/chkrootkit_portsentry/
http://www.securityfocus.com/infocus/1580

source:
http://sourceforge.net/projects/sentrytools/
try to limit the number of concurrent incoming TCP connections per one
client
Avatar of wooops

ASKER

Hi, and sorry all I've been In Spain for summer holidays, thanks for answers.
My server is still with problems and I installed portsentry but nothing seems to stop that program named "SPRUT"
vigannn if you know how to set my server to limit the number of concurrent incoming TCP connections per one
client i'll be more than thankfull. I really don't know how to stop simple windows program. If it was zombies, a lot of them its ok, noone can stop them, but I am angry couse this is just one win program and if someone have good upload almost every server will go down. So please I am desperate to get rid of this one.
Thank you all in advance.
Can you post the output of

lsof -i -P

Did you try the suggestions I gave in the previous posts?
Avatar of wooops

ASKER

Hi,
Sorry kblack05, i wasnt here too.

Results from lsof -i -P

sc_serv   11962     root   43u  IPv4  3114823       TCP media.venet-networks.com                                             :8000->84-74-40-76.dclient.hispeed.ch:1057 (CLOSE_WAIT)
sc_serv   12133     root    4u  IPv4   222533       TCP *:7061 (LISTEN)
sc_serv   12133     root    5u  IPv4   222534       TCP *:7060 (LISTEN)
qmail-rem 12371   qmailr    3u  IPv4 13730520       TCP media.venet-networks.com                                             :51125->mta-v4.level3.mail.vip.re4.yahoo.com:25 (ESTABLISHED)
httpd2-pr 12380   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 12380   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 12380   wwwrun  291u  IPv6 13945465       TCP media.srv2.venet-network                                             s.com:80->144.138.102.149:1566 (ESTABLISHED)
httpd2-pr 12748   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 12748   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 12748   wwwrun  291u  IPv6 13754446       TCP media.srv2.venet-network                                             s.com:80->0-3pool240-216.nas6.duluth1.mn.us.da.qwest.net:62195 (ESTABLISHED)
httpd2-pr 12832   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 12832   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 12832   wwwrun  291u  IPv6 13776067       TCP media.srv2.venet-network                                             s.com:80->cpe-069-132-034-006.carolina.res.rr.com:2689 (ESTABLISHED)
httpd2-pr 12844   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 12844   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 12844   wwwrun  291u  IPv6 13925616       TCP media.srv2.venet-network                                             s.com:80->dialup-4.225.2.211.Dial1.Cincinnati1.Level3.net:4041 (ESTABLISHED)
httpd2-pr 12859   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 12859   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 12859   wwwrun  291u  IPv6 13968622       TCP media.srv2.venet-network                                             s.com:80->c-a23ae055.138-1-64736c10.cust.bredbandsbolaget.se:2269 (ESTABLISHED)
httpd2-pr 12868   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 12868   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 12868   wwwrun  291u  IPv6 13962780       TCP media.venet-networks.com                                             :80->dsl-201-98-60-64.prod-infinitum.com.mx:61482 (ESTABLISHED)
httpd2-pr 13252   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13252   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13361   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13361   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13361   wwwrun  291u  IPv6 13841199       TCP media.srv2.venet-network                                             s.com:80->adsl-152-22-87.dab.bellsouth.net:4343 (ESTABLISHED)
httpd2-pr 13468   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13468   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13468   wwwrun  291u  IPv6 13866175       TCP media.srv2.venet-network                                             s.com:80->CPE0015e9d492c9-CM001404e0b858.cpe.net.cable.rogers.com:60684 (ESTABLI                                             SHED)
httpd2-pr 13605   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13605   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13634   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13634   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13634   wwwrun  291u  IPv6 13919137       TCP media.venet-networks.com                                             :80->62.162.208.234:3210 (ESTABLISHED)
httpd2-pr 13643   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13643   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13643   wwwrun  291u  IPv6 13864864       TCP media.venet-networks.com                                             :80->62.162.208.234:3184 (ESTABLISHED)
httpd2-pr 13916   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13916   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13916   wwwrun  291u  IPv6 13875466       TCP media.srv2.venet-network                                             s.com:80->ncfre42.asia.info.net:40872 (ESTABLISHED)
httpd2-pr 13923   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 13923   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 13923   wwwrun  291u  IPv6 13818390       TCP media.srv2.venet-network                                             s.com:80->62.162.224.189:1383 (ESTABLISHED)
httpd2-pr 14114   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14114   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14114   wwwrun  291u  IPv6 13928903       TCP media.srv2.venet-network                                             s.com:80->server109.labinaservers.com:1697 (ESTABLISHED)
httpd2-pr 14139   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14139   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14139   wwwrun  291u  IPv6 13888901       TCP media.venet-networks.com                                             :80->62.162.208.234:3190 (ESTABLISHED)
httpd2-pr 14358   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14358   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14358   wwwrun  291u  IPv6 13854403       TCP media.srv2.venet-networks.com:80->200.162.72.8:63666 (ESTABLISHED)
httpd2-pr 14370   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14370   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14370   wwwrun  291u  IPv6 13953733       TCP media.srv2.venet-networks.com:80->adsl-152-22-87.dab.bellsouth.net:4381 (ESTABLISHED)
httpd2-pr 14374   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14374   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14911   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14911   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14911   wwwrun  291u  IPv6 13902261       TCP media.venet-networks.com:80->62.162.208.234:3202 (ESTABLISHED)
httpd2-pr 14933   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14933   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14933   wwwrun  291u  IPv6 13935990       TCP media.venet-networks.com:80->62.162.208.234:3220 (ESTABLISHED)
httpd2-pr 14934   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14934   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14934   wwwrun  291u  IPv6 13917829       TCP media.venet-networks.com:80->62.162.208.234:3208 (ESTABLISHED)
httpd2-pr 14936   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14936   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14936   wwwrun  291u  IPv6 13967762       TCP media.venet-networks.com:80->c-21eae055.754-1-64736c20.cust.bredbandsbolaget.se:3848 (ESTABLISHED)
httpd2-pr 14938   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14938   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14938   wwwrun  291u  IPv6 13891183       TCP media.srv2.venet-networks.com:80->dialup-4.225.2.211.Dial1.Cincinnati1.Level3.net:4031 (ESTABLISHED)
httpd2-pr 14939   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14939   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14939   wwwrun  291u  IPv6 13930398       TCP media.venet-networks.com:80->62.162.208.234:3214 (ESTABLISHED)
httpd2-pr 14945   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14945   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14945   wwwrun  291u  IPv6 13935041       TCP media.venet-networks.com:80->62.162.208.234:3218 (ESTABLISHED)
httpd2-pr 14952   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14952   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14952   wwwrun  291u  IPv6 13887366       TCP media.srv2.venet-networks.com:80->ncfre42.asia.info.net:41049 (ESTABLISHED)
httpd2-pr 14960   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 14960   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 14960   wwwrun  291u  IPv6 13937376       TCP media.srv2.venet-networks.com:80->pool-68-162-9-20.nwrk.east.verizon.net:50535 (ESTABLISHED)
httpd2-pr 15043     root    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15043     root    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15200   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15200   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15200   wwwrun  291u  IPv6 13887391       TCP media.srv2.venet-networks.com:80->cpe-74-72-46-187.nyc.res.rr.com:2487 (ESTABLISHED)
httpd2-pr 15201   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15201   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15201   wwwrun  291u  IPv6 13898062       TCP media.venet-networks.com:80->62.162.208.234:3194 (ESTABLISHED)
httpd2-pr 15363   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15363   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15370   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15370   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15445   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15445   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15538   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15538   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15538   wwwrun  291u  IPv6 13917964       TCP media.srv2.venet-networks.com:80->adsl-19-42-251.asm.bellsouth.net:50835 (ESTABLISHED)
httpd2-pr 15560   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15560   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15560   wwwrun  291u  IPv6 13963925       TCP media.venet-networks.com:80->dsl-201-98-60-64.prod-infinitum.com.mx:61492 (ESTABLISHED)
httpd2-pr 15722   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15722   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15788   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15788   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15788   wwwrun  291u  IPv6 13924555       TCP media.srv2.venet-networks.com:80->adsl196-23-57-217-196.adsl196-10.iam.net.ma:61296 (ESTABLISHED)
httpd2-pr 15789   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15789   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15789   wwwrun  291u  IPv6 13920267       TCP media.srv2.venet-networks.com:80->server109.labinaservers.com:1685 (ESTABLISHED)
httpd2-pr 15794   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15794   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15794   wwwrun  291u  IPv6 13966946       TCP media.srv2.venet-networks.com:80->static.host94030.sulanet.net:21416 (ESTABLISHED)
httpd2-pr 15795   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15795   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15795   wwwrun  291u  IPv6 13963569       TCP media.srv2.venet-networks.com:80->202.137.118.26:2327 (ESTABLISHED)
httpd2-pr 15798   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15798   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15798   wwwrun  291u  IPv6 13922122       TCP media.srv2.venet-networks.com:80->nc66-138-3-66.netcommander.com:3365 (ESTABLISHED)
httpd2-pr 15799   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15799   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 15799   wwwrun  291u  IPv6 13965983       TCP media.srv2.venet-networks.com:80->pool-71-105-33-42.lsanca.dsl-w.verizon.net:2332 (ESTABLISHED)
httpd2-pr 15800   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 15800   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16014   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16014   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16014   wwwrun  291u  IPv6 13951812       TCP media.srv2.venet-networks.com:80->86.41.213.115:62771 (ESTABLISHED)
httpd2-pr 16016   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16016   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16016   wwwrun  291u  IPv6 13943842       TCP media.venet-networks.com:80->195.222.35.246:1764 (ESTABLISHED)
httpd2-pr 16017   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16017   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16017   wwwrun  291u  IPv6 13968117       TCP media.srv2.venet-networks.com:80->252-26.125-70.tampabay.res.rr.com:4818 (ESTABLISHED)
httpd2-pr 16023   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16023   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16023   wwwrun  291u  IPv6 13934594       TCP media.venet-networks.com:80->62.162.208.234:3216 (ESTABLISHED)
httpd2-pr 16028   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16028   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16042   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16042   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16054   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16054   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16059   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16059   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16061   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16061   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16061   wwwrun  291u  IPv6 13946860       TCP media.srv2.venet-networks.com:80->server109.labinaservers.com:1741 (ESTABLISHED)
httpd2-pr 16112   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16112   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16112   wwwrun  291u  IPv6 13968130       TCP media.srv2.venet-networks.com:80->202.56.131.130:2949 (ESTABLISHED)
httpd2-pr 16122   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16122   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16122   wwwrun  291u  IPv6 13936355       TCP media.venet-networks.com:80->62.162.208.234:3222 (ESTABLISHED)
httpd2-pr 16308   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16308   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16308   wwwrun  291u  IPv6 13959835       TCP media.srv2.venet-networks.com:80->pat3.rider.edu:12385 (ESTABLISHED)
httpd2-pr 16312   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16312   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16312   wwwrun  291u  IPv6 13952699       TCP media.srv2.venet-networks.com:80->crawl-66-249-65-133.googlebot.com:52174 (ESTABLISHED)
httpd2-pr 16358   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16358   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16358   wwwrun  291u  IPv6 13967729       TCP media.srv2.venet-networks.com:80->adsl-68-79-203-49.dsl.emhril.ameritech.net:1338 (ESTABLISHED)
httpd2-pr 16365   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16365   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16365   wwwrun  291u  IPv6 13967813       TCP media.srv2.venet-networks.com:80->relay1.froeling.com:4779 (ESTABLISHED)
httpd2-pr 16377   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16377   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16377   wwwrun  291u  IPv6 13965223       TCP media.srv2.venet-networks.com:80->10001269119.0000030759.acesso.oni.pt:2862 (ESTABLISHED)
httpd2-pr 16385   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16385   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16385   wwwrun  291u  IPv6 13951150       TCP media.srv2.venet-networks.com:80->64-13-124-178.anc.clearwire-dns.net:4776 (ESTABLISHED)
httpd2-pr 16517   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16517   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16517   wwwrun  291u  IPv6 13964332       TCP media.srv2.venet-networks.com:80->static.host94030.sulanet.net:21228 (ESTABLISHED)
httpd2-pr 16521   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 16521   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 16521   wwwrun  291u  IPv6 13962503       TCP media.venet-networks.com:80->dsl-201-98-60-64.prod-infinitum.com.mx:61481 (ESTABLISHED)
sshd      16559     root    3u  IPv6 13961531       TCP media.venet-networks.com:22->server109.labinaservers.com:1781 (ESTABLISHED)
httpd2-pr 20281     root    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 20281     root    4u  IPv6  6703606       TCP *:443 (LISTEN)
drwebd    30071    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30072    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30073    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30074    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30075    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30076    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30077    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30078    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30079    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30080    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30081    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30082    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30084    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30085    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30086    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
drwebd    30087    drweb    4u  IPv4    13562       TCP localhost:3000 (LISTEN)
httpd2-pr 32201   wwwrun    3u  IPv6  6703605       TCP *:80 (LISTEN)
httpd2-pr 32201   wwwrun    4u  IPv6  6703606       TCP *:443 (LISTEN)
httpd2-pr 32201   wwwrun  291u  IPv6 13968189       TCP media.srv2.venet-networks.com:80->adsl-33-114-84.shv.bellsouth.net:50663 (ESTABLISHED)

And NO i did not install gshield, to tell you the truth, I'm not sure how to do it, becouse in README file it says DO NOT TRY TO INSTALL REMOTELY.
And i have no access physically,
Problems are bigger and bigger, I dont know what to do anymore.
Now i run Suse 10.0 and if in my server 500 users are online, you can bearly open a site.
I dont know where problem lies, but if someone can help me I'll be more then thankfull.
ASKER CERTIFIED SOLUTION
Avatar of Kelly Black
Kelly Black
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of wooops

ASKER

Hello kblack05
This did't help either, but thanks for you time. I'kk probably buy a router and that is expensive.
Kind regards,
Alen
You could use the Linux box AS the router and firewall both at once, quite easy to do actually. Have a look at gShield. It has a straightforward config file, and once you understand the values it can be set up to do routing, NAT/PAT, and firewall security in a matter of minutes...

http://www.tucows.com/preview/48519