HPE Community
Operating System - HP-UX
1833323 Members
3242 Online
110051 Solutions
New Discussion

disconnecting users from a TCP port

 
essilor
Advisor

‎01-31-2005 03:40 AM

‎01-31-2005 03:40 AM

disconnecting users from a TCP port

Is there a way to disconnect a user from a server connection manually?

Eg: If I am unable to shutdown certain server service running on port 10000 and I have users connected on it, can I kill the user connection somehow?

Thanks in advance.
0 Kudos
7 REPLIES 7
Florian Heigl (new acc)
Honored Contributor

‎01-31-2005 03:47 AM

‎01-31-2005 03:47 AM

Re: disconnecting users from a TCP port

Hi,

are You sure their connections still persist?
This should only happen if the server application didn't send them an RST or such.

the most reasonable step against this would be fixing the server or lowering tcp timeouts like CLOSE_WAIT using ndd.

(to answer Your question: it IS possible, but unsupported and I can only advise against doing it.
Ask hp for the documents on how to use ndd command to delete a TCP session out of the IP stack. repeat: they don't support it, if the server goes down, You're quite in trouble. We tested it two or three years ago, it worked and we decided not to use it on production systems.)
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
essilor
Advisor

‎01-31-2005 03:50 AM

‎01-31-2005 03:50 AM

Re: disconnecting users from a TCP port

Thank you for your help.
0 Kudos
Florian Heigl (new acc)
Honored Contributor

‎01-31-2005 04:06 AM

‎01-31-2005 04:06 AM

Re: disconnecting users from a TCP port

an alternative would be using the ipfilter product.
it is able to dynamically load and unload certain rule group, so You could have a 'logoff'-script that blocks user accesses from specific ip ranges.
don't forget to add a second one that removes the rules again.

I'd say go You could go with ndd if this is a one-time affair, otherwise ipfilter might be the better thing.
yesterday I stood at the edge. Today I'm one step ahead.
0 Kudos
Jeff Schussele
Honored Contributor

‎01-31-2005 05:49 AM

‎01-31-2005 05:49 AM

Re: disconnecting users from a TCP port

Hi,

Another option would be to use the lsof -i TCP:10000 command to determine the connections & kill those PIDs using them.
Probably want to grep -v LISTEN so as not to kill the listener if you want to leave it running and you script or one-line this.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Biswajit Tripathy
Honored Contributor

‎01-31-2005 05:57 AM

‎01-31-2005 05:57 AM

Re: disconnecting users from a TCP port

Word of advice. Be careful while doing dynamic load
and unload of rules because IPFilter rules are
always matched top to bottom; so when you
unload and then load some rules, run "ipfstat -ioh"
to make sure that the rule order is what you intend it
to be.

Also, it might be a good idea to configure IPFilter
to send back a RST when you are loading rules
dynamically to block an existing connection.
Otherwise, the client will have no way of knowing
that the connection is blocked and will keep doing
retransmits for some time.

- Biswajit
:-)
0 Kudos
Biswajit Tripathy
Honored Contributor

‎01-31-2005 06:02 AM

‎01-31-2005 06:02 AM

Re: disconnecting users from a TCP port

I believe a combination of Florian's "IPFilter logoff
script" and Jeff's "lsof followed by Kill" is a pretty
good solution to your problem. Ofcourse, as I
suggested, use return-RST in IPFilter block rules.

- Biswajit
:-)
0 Kudos
essilor
Advisor

‎01-31-2005 06:09 AM

‎01-31-2005 06:09 AM

Re: disconnecting users from a TCP port

Thanks a lot guys.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.