LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page I got flood....
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-20-2008, 02:31 AM   #1
backroger
Member
 
Registered: Dec 2004
Posts: 81

Rep: Reputation: 15
I got flood....

Hi folks...

Is this an attack spam/flooding? If so how can I prevent this?

Code:
[root@user ~]# netstat -pantua
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      2256/portmap
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      2529/httpd
tcp        0      0 0.0.0.0:21                  0.0.0.0:*                   LISTEN      2496/vsftpd
tcp        0      0 10.x.x.x:53                 0.0.0.0:*                   LISTEN      2452/named
tcp        0      0 127.0.0.1:53                0.0.0.0:*                   LISTEN      2452/named
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      2469/sshd
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      2410/cupsd
tcp        0      0 0.0.0.0:7000                0.0.0.0:*                   LISTEN      4451/nxagent
tcp        0      0 127.0.0.1:953               0.0.0.0:*                   LISTEN      2452/named
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      2529/httpd
tcp        0      0 10.x.x.x:80                24.152.242.17:1336          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1276          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1278          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1279          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1328          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1329          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1330          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1331          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1333          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1334          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1335          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1320          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1321          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1322          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1323          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1324          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1325          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1326          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1327          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1312          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1313          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1314          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1315          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1316          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1317          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1318          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1319          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1304          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1305          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1306          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1307          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1308          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1309          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1310          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1311          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1296          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1297          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1298          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1299          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1300          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1301          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1302          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1303          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1288          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1289          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1290          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1291          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1292          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1293          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1294          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1295          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1280          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1281          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1282          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1283          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1284          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1285          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1286          TIME_WAIT   -
tcp        0      0 10.x.x.x:80                24.152.242.17:1287          TIME_WAIT   -
udp        0      0 0.0.0.0:32768               0.0.0.0:*                               2452/named
udp        0      0 10.x.x.x:53                 0.0.0.0:*                               2452/named
udp        0      0 127.0.0.1:53                0.0.0.0:*                               2452/named
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               2256/portmap
udp        0      0 0.0.0.0:631                 0.0.0.0:*                               2410/cupsd
[root@user ~]#
Last edited by backroger; 06-20-2008 at 10:38 AM.
 
Old 06-20-2008, 10:31 AM   #2
blackhole54
Senior Member
 
Registered: Mar 2006
Posts: 1,896

Rep: Reputation: 61
Is your concern all of those TIME_WAITs? That could be normal behavior depending on how busy your web server is. After a connections is closed, that connection will stay in TIME_WAIT for some period (1 minute?).

Also, please look at the "code tag" comment in my signature.
 
Old 06-20-2008, 10:40 AM   #3
backroger
Member
 
Registered: Dec 2004
Posts: 81

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by blackhole54 View Post
Is your concern all of those TIME_WAITs? That could be normal behavior depending on how busy your web server is. After a connections is closed, that connection will stay in TIME_WAIT for some period (1 minute?).

Also, please look at the "code tag" comment in my signature.
I see....is there a setting for TIME_WAITS? 1 minute is too long maybe 10 seconds is enough.

Oh...btw..thanks for the code tags.

Reason for Editing:

Nevermind....I just read the apache configuration....thanks.
Last edited by backroger; 06-20-2008 at 11:48 AM. Reason: Nevermind....I just read the apache configuration....thanks.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
anti flood AlexJ Linux - Security 3 12-07-2010 02:01 PM
New Firewall - SYN Flood kriggo15 Linux - Security 34 12-15-2005 04:19 PM
SYN flood 98steve600 Linux - General 1 03-28-2005 03:27 AM
ping flood name_in_use450 Linux - Networking 2 08-06-2004 02:57 PM
Big flood hydr0grn Linux - Networking 4 01-01-2004 03:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:22 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration