- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- killing/blocking/flooding a service port
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 03:58 AM
03-07-2002 03:58 AM
killing/blocking/flooding a service port
I've got a service that listens on port 4242.
It is an embedded java webserver (Chai Server)
If I type
netstat -an 4242
I can see it listing.
Great.
For a troubleshooting lab,
I want to kill that service, but have no easy way to do it via the application,
can I use any command to stop it listening:
ie: ipcs or equivalent
or even flood it with garbage so it crashes..
Later,
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 04:34 AM
03-07-2002 04:34 AM
Re: killing/blocking/flooding a service port
Use ndd (only applicable to HP-UX 11.00) to force close the connection (though not recommended) via tcp_discon and/or tcp_discon_by_addr.
Details at:
http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0xbe06a22d6d27d5118fef0090279cd0f9,00.html
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 04:49 AM
03-07-2002 04:49 AM
Re: killing/blocking/flooding a service port
Later,
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 04:59 AM
03-07-2002 04:59 AM
Re: killing/blocking/flooding a service port
I tries adding the service to the file, but it still listened?
port = 5999 now
/etc/services 5999 = grmd
in inetd.sec
grmd deny *
inetd -c
however, the port listens and operates as normal
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 05:01 AM
03-07-2002 05:01 AM
Re: killing/blocking/flooding a service port
I don't have a HP box to test a script right now but it should go along the following lines, something like this:
#!/sbin/sh
#using tcp_discon
port_no=12345 # replace as appropriate
id=`ndd -get /dev/tcp tcp_status|grep LISTEN|grep "$port_no"|awk '{print $1}'``
ndd -set /dev/tcp tcp_discon 0x$id
This is just a stub. You will need to test it out carefully to make sure that it always returns the id reliably ie. you may need to refine the grep.
I wish I have HP-UX at home and superuser access back in office. Can't wait for the testbed i2000 to come.
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 05:04 AM
03-07-2002 05:04 AM
Re: killing/blocking/flooding a service port
/var/adm/inetd.sec will not help.
One workaround I can think of is that you run a service on that port before you start your server. In this way, your java server on startup will not be able to bind to the port because your other application has already bind on it eg. running sshd on that port.
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 05:14 AM
03-07-2002 05:14 AM
Re: killing/blocking/flooding a service port
Does your program uses /etc/services to define the port bound during daemon startup?
If it does, then simply comment out that line in /etc/services file and your program startup (I assume binds to a number of ports) will fail to bind to that particular service port.
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 05:51 AM
03-07-2002 05:51 AM
Re: killing/blocking/flooding a service port
does not return 5999
netstat -an | grep 5999 does
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 06:03 AM
03-07-2002 06:03 AM
Re: killing/blocking/flooding a service port
java 26788 root 11u inet 0x45e63c68 0t0 TCP kibo:4242 (LISTEN)
java 26788 root 12u inet 0x45882e68 0t0 TCP kibo:5999 (LISTEN)
This is what netstat -an | grep 5999
reports
kibo:root> netstat -an | grep 5999
tcp 0 0 1.2.3.4.5999 *.* LISTEN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 06:05 AM
03-07-2002 06:05 AM
Re: killing/blocking/flooding a service port
o/p of
ndd -get /dev/tcp tcp_status|grep LISTEN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 06:13 AM
03-07-2002 06:13 AM
Re: killing/blocking/flooding a service port
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN
Apparently this 176f is 5999 (hex)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 06:16 AM
03-07-2002 06:16 AM
Re: killing/blocking/flooding a service port
?
kibo:root> ndd -get /dev/tcp tcp_status|grep LISTEN|grep "176f"
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN
kibo:root> ndd -set /dev/tcp tcp_discon 0x0000000045102468
kibo:root> netstat -an | grep 5999
tcp 0 0 1.2.3.49.5999 *.* LISTEN
kibo:root> ndd -get /dev/tcp tcp_status|grep LISTEN|grep "176f"
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN
kibo:root> ndd -set /dev/tcp tcp_discon 0x0000000045102468
kibo:root> ndd -get /dev/tcp tcp_status|grep LISTEN|grep "176f"
0000000045102468 000.000.000.000 1777fde6 1777fde5 00000000 00000000 00000000 00000000 00000000 01500 00536 [176f,0] TCP_LISTEN
kibo:root> netstat -an | grep 5999
tcp 0 0 1.2.3.49.5999 *.* LISTEN
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 06:27 AM
03-07-2002 06:27 AM
Re: killing/blocking/flooding a service port
How about trying tcp_discon_by_addr?
If that still doesn't work, and you don't want the service to be bind at 5999, how about trying running another SSHD daemon on that particular 5999 port before you start the application. Will that be suitable for your testing since the actual application will not be binding to 5999?
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-07-2002 06:31 AM
03-07-2002 06:31 AM
Re: killing/blocking/flooding a service port
Just a hunch, I doubt this helps but nevertheless, how about trying without the zeros in front?
kibo:root> ndd -set /dev/tcp tcp_discon 0x45102468
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2002 04:25 AM
03-08-2002 04:25 AM
Re: killing/blocking/flooding a service port
I can't bind another service as this script must be run after boot after the app has started. (otherwise you can't start the app)
Any other ideas?
Later,
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2002 04:43 AM
03-08-2002 04:43 AM
Re: killing/blocking/flooding a service port
If you just want to deny connections to it, then your suggestion of /var/adm/inetd.sec should work only if the application service is spawned from inetd.
Alternatively, does your application time-out if a connection is established to the port? If it doesn't time-out very quickly. From perhaps 2 to 3 client PCs, perform a telnet loop to port 5999.
while :;
do
telnet server 5999 &
done
What is the limit to the number of connections that your server application can serve. Is there a configuration parameter for it?
If there is a limit (say 100), then the multiple established telnet connections to the port will use up the application serving limit and block any other subsequent connection to it.
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2002 05:35 AM
03-08-2002 05:35 AM
Re: killing/blocking/flooding a service port
Trying...
telnet: Unable to connect to remote host: Connection refused
kibo:root> telnet kibo 4242
Trying...
telnet: Unable to connect to remote host: Connection refused
yea, it's not started from inetd..
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-08-2002 03:13 PM
03-08-2002 03:13 PM
Re: killing/blocking/flooding a service port
That's queer. Is kibo defined in /etc/hosts?
Try:
# telnet localhost 5999
If connection is still refused, then unless the application itself has its own "tcpwrapper"-like or application-level filtering, otherwise if the port is in listen mode (netstat -a), then a TCP connection should be established. Don't tell me they are UDP services?
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2002 01:13 AM
03-11-2002 01:13 AM
Re: killing/blocking/flooding a service port
kibo:root> telnet localhost 4242
Trying...
telnet: Unable to connect to remote host: Connection refused
kibo:root> netstat -an | grep 4242
tcp 0 0 1.2.3.4.4242 *.* LISTEN
Later,
Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2002 06:22 AM
03-11-2002 06:22 AM
Re: killing/blocking/flooding a service port
Can you help just verify that localhost is defined in /etc/hosts?
# grep localhost /etc/hosts
In case your /etc/nsswitch.conf decides otherwise, can you try the loopback IP address instead:
# telnet 127.0.0.1 4242
If this also is not able to connect, then your application is refusing the connectons at the application level.
Hope this helps. Regards.
Steven Sim Kok Leong
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2002 06:38 AM
03-11-2002 06:38 AM
Re: killing/blocking/flooding a service port
Isn't that the behaviour that you wanted? What happens if you restart the app?
Regards,
Steve
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-11-2002 09:13 AM
03-11-2002 09:13 AM
Re: killing/blocking/flooding a service port
kibo:root> telnet 127.0.0.1 4242
Trying...
telnet: Unable to connect to remote host: Connection refused
kibo:root> netstat -an | grep 4242
tcp 0 0 1.2.3.4.4242 *.* LISTEN
The service does work, I can connect to port 4242 via a web browser.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-12-2002 03:07 AM
03-12-2002 03:07 AM
Re: killing/blocking/flooding a service port
I mean, it's not windows here.. it MUST be possible to block/flood a port....
Later,
Bill