HPE Community
Operating System - HP-UX
1833873 Members
1763 Online
110063 Solutions
New Discussion

Re: close_wait problem

 
jack Hu_1
Advisor

‎11-28-2002 10:33 PM

‎11-28-2002 10:33 PM

close_wait problem

Dear Sirs:
My 11.0 L2000 server, diagmond have this message on syslog.log
l2000a diagmond[15060]: Exit due to system port failure

And I re-start it fail.
I found that after someone do security scan my server.
The netstat -an | grep -i close_wait
have many entry from the scan server IP.
Also the netstat -an | grep 1508 have beed used by this IP.
I use ndd -get command to this
all. and Use ndd -set to remove all entry from that IP.
But the 1508 port still not release.
# netstat -an | grep 1508
tcp 0 0 *.1508 *.* LISTEN
tcp 0 0 202.14.8.4.1508 172.18.122.7.1786 CLOSE_WAIT
Can anyone have any suggestion, that I can re-start diagmond but not to reboot system.
And also which OS or tool can fix this problem.(if scan again)
thanks
Jack Hu
0 Kudos
Reply
4 REPLIES 4
U.SivaKumar_2
Honored Contributor

‎11-28-2002 11:31 PM

‎11-28-2002 11:31 PM

Re: close_wait problem

Hi,

First find out whether diagmind is already running .

#ps -ef | grep diagmond | grep -v grep

If it is already running it has occupied port 1508 so you will not able to start another diagmond.

A single CLOSE_WAIT does not mean that somebody is scanning your Server .

Identyfy this IP address 172.18.122.7
origin pool and ISP.

Restrict access to diagmond port only from your
network using some firewall.


regards,
U.SivaKumar



Innovations are made when conventions are broken
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎11-28-2002 11:40 PM

‎11-28-2002 11:40 PM

Re: close_wait problem

Hi,

If you want to clear all close_wait sessions without a reboot. execute this script from
Mr.Tim Fulford

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
jack Hu_1
Advisor

‎11-29-2002 12:21 AM

‎11-29-2002 12:21 AM

Re: close_wait problem

first:
1.there is no diagmond
running.
2.the scan is from my company's security checking issue.
3.I also have the same problem
on 10.20 OS.
4.the script I run, still can't work.the port 1508 still be used by this IP.
Jack Hu
0 Kudos
Reply
U.SivaKumar_2
Honored Contributor

‎11-29-2002 12:52 AM

‎11-29-2002 12:52 AM

Re: close_wait problem

Hi,

Reboot the server then .


172.18.122.7 is the what server ? HP-UX ?
Go to that machine and see whether any application in running on that which uses your Server's port

regards,
U.SivaKumar
Innovations are made when conventions are broken
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.