Hi. I'm positive that certain users are abusing the bandwidth and perhaps have compromised the server for other uses. I notice a huge amount of bandwidth being consumed by the server and when I do a netstat, I notice things like numerous ircd, tr-rsrb-p1 connections and a huge ammount of http connections from the same IP (or extreamly similar on the same subnet) It takes about 3 minutes to perform a netstat > list.txt command. Beleive me, it's not a slow server...until now. Where should I start? I'm a little taken that the firewall has no effect on these connections.