Operating System - HP-UX
1834216 Members
2671 Online
110066 Solutions
New Discussion

killing/blocking/flooding a service port

 
Bill McNAMARA_1
Honored Contributor

killing/blocking/flooding a service port

Hi,

I've got a service that listens on port 4242.
It is an embedded java webserver (Chai Server)

If I type
netstat -an 4242
I can see it listing.
Great.

For a troubleshooting lab,
I want to kill that service, but have no easy way to do it via the application,
can I use any command to stop it listening:

ie: ipcs or equivalent

or even flood it with garbage so it crashes..

Later,
Bill
It works for me (tm)
22 REPLIES 22
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi,

Use ndd (only applicable to HP-UX 11.00) to force close the connection (though not recommended) via tcp_discon and/or tcp_discon_by_addr.

Details at:

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xbe06a22d6d27d5118fef0090279cd0f9,00.html

Hope this helps. Regards.

Steven Sim Kok Leong
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

could you show me in a script?!

Later,
Bill
It works for me (tm)
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

can inetd.sec help?

I tries adding the service to the file, but it still listened?

port = 5999 now
/etc/services 5999 = grmd

in inetd.sec
grmd deny *

inetd -c

however, the port listens and operates as normal

Bill
It works for me (tm)
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi,

I don't have a HP box to test a script right now but it should go along the following lines, something like this:

#!/sbin/sh
#using tcp_discon

port_no=12345 # replace as appropriate
id=`ndd -get /dev/tcp tcp_status|grep LISTEN|grep "$port_no"|awk '{print $1}'``
ndd -set /dev/tcp tcp_discon 0x$id

This is just a stub. You will need to test it out carefully to make sure that it always returns the id reliably ie. you may need to refine the grep.

I wish I have HP-UX at home and superuser access back in office. Can't wait for the testbed i2000 to come.

Hope this helps. Regards.

Steven Sim Kok Leong
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi Bill,

/var/adm/inetd.sec will not help.

One workaround I can think of is that you run a service on that port before you start your server. In this way, your java server on startup will not be able to bind to the port because your other application has already bind on it eg. running sshd on that port.

Hope this helps. Regards.

Steven Sim Kok Leong
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi,

Does your program uses /etc/services to define the port bound during daemon startup?

If it does, then simply comment out that line in /etc/services file and your program startup (I assume binds to a number of ports) will fail to bind to that particular service port.

Hope this helps. Regards.

Steven Sim Kok Leong
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

ndd -get /dev/tcp tcp_status|grep LISTEN

does not return 5999

netstat -an | grep 5999 does

It works for me (tm)
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

This is what lsof reports

java 26788 root 11u inet 0x45e63c68 0t0 TCP kibo:4242 (LISTEN)
java 26788 root 12u inet 0x45882e68 0t0 TCP kibo:5999 (LISTEN)

This is what netstat -an | grep 5999
reports

kibo:root> netstat -an | grep 5999
tcp 0 0 1.2.3.4.5999 *.* LISTEN


It works for me (tm)
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

attached is the
o/p of
ndd -get /dev/tcp tcp_status|grep LISTEN


It works for me (tm)
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

kibo:root> ndd -get /dev/tcp tcp_status | grep 176f
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN

Apparently this 176f is 5999 (hex)
It works for me (tm)
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

I don't think ndd can actually kill/stop the service...

?


kibo:root> ndd -get /dev/tcp tcp_status|grep LISTEN|grep "176f"
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN
kibo:root> ndd -set /dev/tcp tcp_discon 0x0000000045102468
kibo:root> netstat -an | grep 5999
tcp 0 0 1.2.3.49.5999 *.* LISTEN
kibo:root> ndd -get /dev/tcp tcp_status|grep LISTEN|grep "176f"
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN
kibo:root> ndd -set /dev/tcp tcp_discon 0x0000000045102468
kibo:root> ndd -get /dev/tcp tcp_status|grep LISTEN|grep "176f"
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN
kibo:root> netstat -an | grep 5999
tcp 0 0 1.2.3.49.5999 *.* LISTEN
It works for me (tm)
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi,

How about trying tcp_discon_by_addr?

If that still doesn't work, and you don't want the service to be bind at 5999, how about trying running another SSHD daemon on that particular 5999 port before you start the application. Will that be suitable for your testing since the actual application will not be binding to 5999?

Hope this helps. Regards.

Steven Sim Kok Leong
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi Bill,

Just a hunch, I doubt this helps but nevertheless, how about trying without the zeros in front?

kibo:root> ndd -set /dev/tcp tcp_discon 0x45102468

Hope this helps. Regards.

Steven Sim Kok Leong
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

Still no luck, the service is running.

I can't bind another service as this script must be run after boot after the app has started. (otherwise you can't start the app)

Any other ideas?

Later,
Bill
It works for me (tm)
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi Bill,

If you just want to deny connections to it, then your suggestion of /var/adm/inetd.sec should work only if the application service is spawned from inetd.

Alternatively, does your application time-out if a connection is established to the port? If it doesn't time-out very quickly. From perhaps 2 to 3 client PCs, perform a telnet loop to port 5999.

while :;
do
telnet server 5999 &
done

What is the limit to the number of connections that your server application can serve. Is there a configuration parameter for it?

If there is a limit (say 100), then the multiple established telnet connections to the port will use up the application serving limit and block any other subsequent connection to it.

Hope this helps. Regards.

Steven Sim Kok Leong
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

kibo:root> telnet kibo 5999
Trying...
telnet: Unable to connect to remote host: Connection refused
kibo:root> telnet kibo 4242
Trying...
telnet: Unable to connect to remote host: Connection refused

yea, it's not started from inetd..

Bill
It works for me (tm)
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi,

That's queer. Is kibo defined in /etc/hosts?

Try:

# telnet localhost 5999

If connection is still refused, then unless the application itself has its own "tcpwrapper"-like or application-level filtering, otherwise if the port is in listen mode (netstat -a), then a TCP connection should be established. Don't tell me they are UDP services?

Hope this helps. Regards.

Steven Sim Kok Leong
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

Still no joy!

kibo:root> telnet localhost 4242
Trying...
telnet: Unable to connect to remote host: Connection refused
kibo:root> netstat -an | grep 4242
tcp 0 0 1.2.3.4.4242 *.* LISTEN

Later,
Bill
It works for me (tm)
Steven Sim Kok Leong
Honored Contributor

Re: killing/blocking/flooding a service port

Hi Bill,

Can you help just verify that localhost is defined in /etc/hosts?

# grep localhost /etc/hosts

In case your /etc/nsswitch.conf decides otherwise, can you try the loopback IP address instead:

# telnet 127.0.0.1 4242

If this also is not able to connect, then your application is refusing the connectons at the application level.

Hope this helps. Regards.

Steven Sim Kok Leong
Steven Gillard_2
Honored Contributor

Re: killing/blocking/flooding a service port

I'm guessing that the ndd tcp_discon that you did is why you're now getting a connection refused. The application is still holding the port open so it still show up in netstat, but the tcp_discon is preventing new connections.

Isn't that the behaviour that you wanted? What happens if you restart the app?

Regards,
Steve
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

I assure you the hosts is okay.

kibo:root> telnet 127.0.0.1 4242
Trying...
telnet: Unable to connect to remote host: Connection refused
kibo:root> netstat -an | grep 4242
tcp 0 0 1.2.3.4.4242 *.* LISTEN


The service does work, I can connect to port 4242 via a web browser.
It works for me (tm)
Bill McNAMARA_1
Honored Contributor

Re: killing/blocking/flooding a service port

I'd love a solution to this!

I mean, it's not windows here.. it MUST be possible to block/flood a port....

Later,
Bill

It works for me (tm)