Flood viele Verbindungen ?

[Mario101]

Wen ich in meiner Server Konsole mit Netstat nachschaue wie viele Verbindungen
gerade auf mein Server sind fällt mir immer öfter auf das da merkwürdige Verbindungen drin sind wie die hier :

tcp 0 0 h2985.serverko:www-http h1070860.serve:lionhead SYN_RECV

Versucht das jemand zu Flooden ?

# netstat
Aktive Internetverbindungen (ohne Server)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 h2985.serverko:www-http h1070860.serve:lionhead SYN_RECV
tcp 0 0 h2985.serverko:www-http 220.196.166.196:4667 SYN_RECV
tcp 1 0 localhost:22223 localhost:42334 CLOSE_WAIT
tcp 1 0 localhost:22223 localhost:42312 CLOSE_WAIT
tcp 0 0 gun-forum.de:55029 212.162.12.159:www-http VERBUNDEN
tcp 0 0 h2985.serverko:www-http vs2053187:d2k-tapestry1 TIME_WAIT
tcp 0 0 h2985.serverko:www-http p54869036.:slinkysearch TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.:altav-tunnel TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vs:intraintra TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserve:vmodem TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.v:mcs-mailsvr TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.rbix-config TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver.:csms TIME_WAIT
tcp 0 1706 h2985.serverko:www-http pD9EA07CC.dip0.t-:63615 FIN_WAIT1
tcp 0 0 h2985.serverko:www-http vs2053187.vs:tarantella TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs205318fu-prcallback TIME_WAIT
tcp 0 0 h2985.serverko:www-http u24-234.dsl.vianetw:dsc TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserve:anet-l TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserv:tl1-raw TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187:fxaengine-net TIME_WAIT
tcp 0 0 h2985.serverko:www-http p54869036.dip0.t-ip:tgp TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.v:networklens TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver:unite TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vser:jpegmpeg TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187:trnsprntproxy TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver:4talk TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vser:digivote TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vse:findviatv TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vser:wip-port TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver.:stvp TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver.:enpc TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver.:chmd TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187rdinox-dbase TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserv:res-sap TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs205318:global-cd-port TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vse:ifcp-port TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.v:cart-o-rama TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.v:dyniplookup TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vse:kv-server TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver:xtrms TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vsoweronnud TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vse:mdap-port TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.:cardbox-http TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs205318:creativeserver TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.v:armi-server TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.:mcs-fastmail TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver.:3369 TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs205318psession-prxy TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187:galaxy-server TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver:ccmad TIME_WAIT
tcp 0 0 h2985.serverko:www-http btzn-4db3:srvc_registry TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vs:mc-brk-srv TIME_WAIT
tcp 0 0 gun-forum.de:www-http dsl.dynamic812131:12082 TIME_WAIT
tcp 0 0 h2985.serverko:www-http btzn-4db312:notify_srvr TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.:mcns-tel-ret TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vservkagent TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vser:cdbroker TIME_WAIT
tcp 0 0 gun-forum.de:www-http crawl-66-249-66-1:41169 TIME_WAIT
tcp 0 0 gun-forum.de:www-http dsl88-226-1:incognitorv TIME_WAIT
tcp 0 0 h2985.serverko:www-http u24-234.drinter_agent TIME_WAIT
tcp 0 0 h2985.serverko:www-http port-212-202-7-72.:1119 TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserve:a13-an TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.:sns-channels TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs205318:brcm-comm-port TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserv:sdt-lmd TIME_WAIT
tcp 0 0 h2985.serverko:www-http port-212-202-:ratio-adp TIME_WAIT
tcp 0 0 gun-forum.de:www-http h2243.serverkompe:50766 TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vse:gprs-data TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserv:magbind TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.rism-deploy TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vse:winshadow TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187.vserver.:3325 TIME_WAIT
tcp 0 1024 gun-forum.de:ssh p54A1E384.dip.t-d:25128 VERBUNDEN
tcp 0 0 h2985.serverko:www-http vs2053187.:iscsi-target TIME_WAIT
tcp 0 0 gun-forum.de:www-http crawl-66-249-66-1:38174 TIME_WAIT
tcp 0 0 gun-forum.de:www-http crawl-66-249-66-1:38174 TIME_WAIT
tcp 0 0 h2985.serverko:www-http vs2053187:csd-mgmt-port TIME_WAIT
Aktive Sockets in der UNIX Domäne (ohne Server)
Proto RefZäh Flaggen Typ Zustand I-Node Pfad
unix 2 [ ] DGRAM 78887109 /var/lib/named/dev/log
unix 2 [ ] DGRAM 78887111 /var/lib/ntp/dev/log
unix 2 [ ] DGRAM 5294 @udevd
unix 20 [ ] DGRAM 78887106 /dev/log
unix 2 [ ] DGRAM 79985896
unix 2 [ ] DGRAM 79683218
unix 2 [ ] DGRAM 79683214
unix 2 [ ] DGRAM 79683210
unix 2 [ ] DGRAM 79683186
unix 2 [ ] DGRAM 79682721
unix 2 [ ] DGRAM 79682421
unix 2 [ ] DGRAM 78964640
unix 2 [ ] DGRAM 78909662
unix 2 [ ] DGRAM 78903837
unix 2 [ ] DGRAM 78903672
unix 2 [ ] DGRAM 78901344
unix 2 [ ] DGRAM 78896396
unix 2 [ ] DGRAM 78896003
unix 2 [ ] DGRAM 78895024
unix 2 [ ] DGRAM 78893911
unix 2 [ ] DGRAM 78887920
unix 2 [ ] DGRAM 78887670
unix 2 [ ] DGRAM 77555820
unix 2 [ ] DGRAM 72306926
unix 2 [ ] DGRAM 57783995
unix 2 [ ] DGRAM 41823030
unix 2 [ ] STREAM VERBUNDEN 264281
unix 2 [ ] DGRAM 14975
unix 2 [ ] DGRAM 14950
unix 3 [ ] STREAM VERBUNDEN 14901 /var/run/acpid.socket
unix 3 [ ] STREAM VERBUNDEN 14900

top - 14:13:49 up 234 days, 1:00, 2 users, load average: 0.10, 0.07, 0.07
Tasks: 221 total, 1 running, 220 sleeping, 0 stopped, 0 zombie
Cpu(s): 0.3% us, 0.3% sy, 0.0% ni, 97.4% id, 1.7% wa, 0.3% hi, 0.0% si
Mem: 516008k total, 476116k used, 39892k free, 31768k buffers
Swap: 1052248k total, 217744k used, 834504k free, 66468k cached

PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
19045 root 16 0 2188 1064 752 R 0.7 0.2 0:00.84 top
1 root 16 0 680 68 44 S 0.0 0.0 1:55.43 init
2 root 34 19 0 0 0 S 0.0 0.0 0:00.19 ksoftirqd/0
3 root 10 -5 0 0 0 S 0.0 0.0 2:29.56 events/0
4 root 15 -5 0 0 0 S 0.0 0.0 0:00.08 khelper
9 root 10 -5 0 0 0 S 0.0 0.0 0:00.03 kthread
19 root 10 -5 0 0 0 S 0.0 0.0 2:06.82 kacpid
91 root 10 -5 0 0 0 S 0.0 0.0 1:36.23 kblockd/0
134 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 aio/0
133 root 15 0 0 0 0 S 0.0 0.0 6:02.99 kswapd0
726 root 15 0 0 0 0 S 0.0 0.0 0:00.00 kseriod
934 root 11 -5 0 0 0 S 0.0 0.0 0:00.00 ata/0
1100 root 15 0 0 0 0 S 0.0 0.0 60:14.22 kjournald
2020 root 12 -4 1472 396 392 S 0.0 0.1 0:00.26 udevd
2178 root 14 -2 1460 308 308 S 0.0 0.1 0:00.00 hwscand
3355 root 14 -2 1460 300 300 S 0.0 0.1 0:00.00 hwscand
4094 root 17 0 2116 524 520 S 0.0 0.1 0:00.00 resmgrd
4549 root 16 0 1852 752 632 S 0.0 0.1 5:12.27 syslog-ng
4552 root 17 0 1604 572 396 S 0.0 0.1 0:00.02 klogd
4800 root 16 0 1472 404 400 S 0.0 0.1 0:00.00 acpid
4855 root 16 0 2852 588 584 S 0.0 0.1 0:00.00 powersaved
4984 ntp 16 0 2812 2812 1884 S 0.0 0.5 4:19.71 ntpd
5015 vpopmail 18 0 24648 2004 1776 S 0.0 0.4 0:02.03 spamd
5040 root 16 0 1736 648 596 S 0.0 0.1 0:17.38 cron
5055 vscan 16 0 4172 976 972 S 0.0 0.2 0:19.05 freshclam
5066 root 16 0 15924 1444 1072 S 0.0 0.3 54:57.33 nscd
5108 root 18 0 1908 512 508 S 0.0 0.1 0:00.03 mingetty
5110 root 18 0 2444 564 560 S 0.0 0.1 0:00.00 svscanboot
5112 root 16 0 1492 292 260 S 0.0 0.1 17:36.00 svscan
5113 root 18 0 1320 192 188 S 0.0 0.0 0:00.00 readproctitle
22116 root 16 0 2772 636 632 S 0.0 0.1 0:00.09 login
22146 root 16 0 3048 668 664 S 0.0 0.1 0:00.03 bash
22171 root 15 0 3876 600 596 S 0.0 0.1 0:00.01 yast
22190 root 15 0 22276 1124 1120 S 0.0 0.2 0:01.82 y2base
5291 root 16 0 16280 2684 2652 S 0.0 0.5 4:38.03 httpd2-prefork
10983 named 22 0 31712 1552 1160 S 0.0 0.3 0:23.28 named
32415 root 15 0 0 0 0 S 0.0 0.0 6:08.48 pdflush
3763 root 16 0 1492 456 416 S 0.0 0.1 0:01.11 dhcpcd
19321 root 15 0 0 0 0 S 0.0 0.0 2:06.63 pdflush
21790 vpopmail 15 0 18780 6172 4048 S 0.0 1.2 0:02.41 httpd2-prefork
21791 vpopmail 15 0 18948 6660 4056 S 0.0 1.3 0:02.07 httpd2-prefork
21792 vpopmail 15 0 18920 6000 3968 S 0.0 1.2 0:01.98 httpd2-prefork

 

[Seb.]

Hallo,

poste mal die Ausgabe von

netstat -n

 

[Mario101]

Netstat -N bringt das was mich etwas wundert ist die obere IP mit
SYN_RECV

netstat -n
Aktive Internetverbindungen (ohne Server)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 81.169.156.166:80 85.107.10.83:1318 SYN_RECV
tcp 1 0 127.0.0.1:22223 127.0.0.1:42334 CLOSE_WAIT
tcp 1 0 127.0.0.1:22223 127.0.0.1:42312 CLOSE_WAIT
tcp 0 0 81.169.156.166:55029 212.162.12.159:80 VERBUNDEN
tcp 0 0 81.169.156.166:37999 80.249.114.2:25 VERBUNDEN
tcp 0 0 81.169.155.228:80 84.167.86.70:61279 TIME_WAIT
tcp 0 0 81.169.155.228:80 84.161.207.119:2978 TIME_WAIT
tcp 0 0 81.169.156.166:22 84.161.227.132:16079 VERBUNDEN
tcp 0 0 81.169.155.228:80 84.161.207.119:2642 TIME_WAIT
tcp 0 0 81.169.156.166:80 84.161.227.132:28219 TIME_WAIT
tcp 0 0 81.169.156.166:80 84.161.227.132:28218 TIME_WAIT
tcp 0 0 81.169.155.228:80 84.167.86.70:61281 TIME_WAIT
Aktive Sockets in der UNIX Domäne (ohne Server)
Proto RefZäh Flaggen Typ Zustand I-Node Pfad
unix 2 [ ] DGRAM 78887109 /var/lib/named/dev/lo
g
unix 2 [ ] DGRAM 78887111 /var/lib/ntp/dev/log
unix 2 [ ] DGRAM 5294 @udevd
unix 20 [ ] DGRAM 78887106 /dev/log
unix 2 [ ] DGRAM 79985896
unix 2 [ ] DGRAM 79683218
unix 2 [ ] DGRAM 79683214
unix 2 [ ] DGRAM 79683210
unix 2 [ ] DGRAM 79683186
unix 2 [ ] DGRAM 79682721
unix 2 [ ] DGRAM 79682421
unix 2 [ ] DGRAM 78964640
unix 2 [ ] DGRAM 78909662
unix 2 [ ] DGRAM 78903837
unix 2 [ ] DGRAM 78903672
unix 2 [ ] DGRAM 78901344
unix 2 [ ] DGRAM 78896396
unix 2 [ ] DGRAM 78896003
unix 2 [ ] DGRAM 78895024
unix 2 [ ] DGRAM 78893911
unix 2 [ ] DGRAM 78887920
unix 2 [ ] DGRAM 78887670
unix 2 [ ] DGRAM 77555820
unix 2 [ ] DGRAM 72306926
unix 2 [ ] DGRAM 57783995
unix 2 [ ] DGRAM 41823030
unix 2 [ ] STREAM VERBUNDEN 264281
unix 2 [ ] DGRAM 14975
unix 2 [ ] DGRAM 14950
unix 3 [ ] STREAM VERBUNDEN 14901 /var/run/acpid.socket
unix 3 [ ] STREAM VERBUNDEN 14900