Reply To: CapPortAS max 152 processess.

Home Page Forums Network Management Signal a BUG CapPortAS max 152 processess. Reply To: CapPortAS max 152 processess.

#51522

I suspected that the problem is in some P2P software on the clients, so I did a

netstat | grep :1208[0-1]

to display all connections on ports 12080, 12081 . I suspect that, if a user is not authenticated, it causes the problem.
It’s a DoS situation:

root@zeroshell root> netstat  | grep :120
tcp 0 0 172.16.12.1:12080 172.16.12.20:50326 SYN_RECV
tcp 0 0 172.16.12.1:12081 172.16.16.12:54480 SYN_RECV
tcp 0 0 172.16.12.1:12080 172.16.12.58:51404 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49279 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59684 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.58:51416 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.58:51620 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.55:63323 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63917 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63957 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.58:51623 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49244 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.20:50321 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.12:54481 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49299 TIME_WAIT
tcp 0 0 172.16.12.1:12082 172.16.12.70:61932 TIME_WAIT
tcp 0 0 172.16.12.1:12082 172.16.14.25:1138 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.184:49583 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49236 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59680 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.12.58:51408 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59707 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49267 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.21:61060 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59683 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.58:51382 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63918 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.104:59665 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49280 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49207 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49289 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49252 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.58:51380 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.14.43:57009 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63916 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.118:63899 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.20:50309 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.14.43:57010 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59681 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.12:54483 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.20:50308 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.12.118:63885 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.37:53893 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49276 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.58:51417 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63950 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63936 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.12.192:51393 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.58:51422 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.14.26:51102 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49253 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.20:50307 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.39:52805 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59713 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.58:51395 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49292 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59676 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59690 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.12:54475 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49270 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49245 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.184:49585 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59675 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63954 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.58:51403 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.12.40:50910 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63883 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63896 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.37:53892 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49199 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59701 TIME_WAIT
tcp 0 0 172.16.12.1:12082 172.16.12.130:53790 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59689 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49217 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63915 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49265 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49268 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59708 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49204 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.118:63887 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.39:52826 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49308 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.12:54474 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.21:61059 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59704 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49306 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49285 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.55:63319 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.118:63898 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63968 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63967 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49274 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49290 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.14.26:51103 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49291 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63908 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.39:52819 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59695 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.58:51601 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49266 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49275 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49239 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49281 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49295 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49233 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59714 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49222 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.104:59682 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49206 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49293 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.58:51410 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.12.118:63884 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63891 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59687 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49278 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59702 TIME_WAIT
tcp 0 0 172.16.12.1:12082 172.16.12.234:56233 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63943 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63945 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.118:63900 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.14.26:51104 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59678 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59711 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63904 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.58:51621 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.190:50762 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63927 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.58:51610 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.39:52818 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.104:59694 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.39:52806 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49269 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59685 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59696 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.190:50717 TIME_WAIT
tcp 0 0 172.16.12.1:12082 172.16.12.179:53936 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.40:50909 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.55:63324 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.12.39:52831 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63902 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.58:51618 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59674 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.39:52828 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.58:51426 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.190:50653 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.58:51437 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59673 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.58:51393 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.12:54484 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59686 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.14.18:63971 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49208 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.118:63881 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.190:50740 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59703 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.12:54478 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.12:54309 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49234 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.192:51390 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59677 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63966 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49237 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63930 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.12.118:63888 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63923 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49219 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.58:51605 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49238 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.190:50688 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63906 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59709 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.20:50315 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.12:54482 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.16.75:49288 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.58:51624 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.20:50310 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.118:63903 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.38:49254 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63895 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.40:50908 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.14.18:63944 ESTABLISHED
tcp 0 0 172.16.12.1:12082 172.16.12.239:51247 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.39:52814 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.75:49301 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.38:49251 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.12.118:63889 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49284 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49302 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59700 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.75:49205 ESTABLISHED
tcp 0 0 172.16.12.1:12080 172.16.12.58:51425 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59679 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59688 ESTABLISHED
tcp 0 0 172.16.12.1:12082 172.16.16.:blueberry-lm TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.37:53891 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.16.104:59688 ESTABLISHED
tcp 0 0 172.16.12.1:12082 172.16.16.:blueberry-lm TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.37:53891 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59697 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.104:59716 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63897 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63901 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.118:63905 TIME_WAIT
tcp 0 0 172.16.12.1:12081 172.16.16.75:49296 TIME_WAIT
tcp 0 0 172.16.12.1:12080 172.16.12.58:51622 ESTABLISHED
tcp 0 0 172.16.12.1:12081 172.16.16.104:59715 TIME_WAIT

Is possible that a (inside) user have more than 1 tcp connection to the captive portal (172.16.12.1) on port 12080/1 ?
I think no, so it means that is a “bad” user. I tried to “eliminate” he/she putting a rule in the firewall. But there is another problem: I should use the INPUT chain, but every rule that I add is always after the CapPort rules. (Using “View”). SO, even if I found who is the badboy I cannot (remotely) stop it.
Please help me.
Marco