Hi, I have set up a DNS, WWW, FTP and E-Mail server using Suse Linux 6.2. The machine is also used as PROXY for my clients to connect to the internet. Now I recognized with the help of the netstat command that there are a lot of connections to the internet that seem to be strange. Special IP adresses or URL concerning spam of xxx stuff are somehow connected to my server. As far as I can tell from the netstat output these IPs connect to the www port or use a few other port numbers at the same time. So I guess my system is insecure and someone has a backdoor to my server. Can anyone tell me how to recognize intrusions using Linux commands ? And how can I stop the abuse of my system. I am not so familiar with Linux and was happy to have set up a system which can do all internet related stuff my company needs. But now it seems to become a problem. Ciao, Joerg Reiners