Header Shadow Image


Kill An Established Connection on DD-WRT and TP-LINK Router

So I had an established connection on my router that didn't look like it belonged.  I didn't recognize the device and it wasn't pingable so it was probably a stale old connection.  In this case it was one of my mobile devices which went offline sometime back but didn't close the connection.  On most systems I can use LSOF to check on the open files from the PID that's listed from netstat but lsof isn't installed on DD-WRT:

In this case, we can get teh PID from netstat -nap then list the processes that will hopefully tell us what connection that is:


root@DD-WRT-INTERNET:~# netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
……
tcp        0      0 192.168.0.1:22          192.168.0.17:49858      ESTABLISHED 17700/dropbear
tcp        0    132 192.168.0.1:22          192.168.0.15:51286      ESTABLISHED 5220/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:12233   ESTABLISHED 4869/dropbear
tcp        0     37 192.168.0.1:56031       192.168.0.10:3389       ESTABLISHED 4803/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:1898    ESTABLISHED 4803/dropbear
…..
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  3      [ ]         STREAM     CONNECTED     2262658 821/process_monitor
unix  3      [ ]         STREAM     CONNECTED     2262657 821/process_monitor
unix  2      [ ]         DGRAM                    2262489 16941/dnsmasq
root@DD-WRT-INTERNET:~# ps|grep dropbear
 4803 root      1480 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 4869 root      1332 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 5220 root      1028 R    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
16962 root       972 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
17700 root      1664 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
root@DD-WRT-INTERNET:~#

Looking at the above, we clearly see that which process holds that connection and makes the job easy.


root@DD-WRT-INTERNET:~# which strace
root@DD-WRT-INTERNET:~# kill 17700

root@DD-WRT-INTERNET:~# ps|grep dropbear
 4803 root      1480 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 4869 root      1332 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
 5220 root      1028 R    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
16962 root       972 S    dropbear -b /tmp/loginprompt -r /tmp/root/.ssh/ssh_host_rsa_key -d /tmp/root/.ssh/ssh_host_dss_key -p 22
root@DD-WRT-INTERNET:~# netstat -nap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name

…..
tcp        0      1 192.168.0.1:22          192.168.0.17:49858      FIN_WAIT1   –
tcp        0    132 192.168.0.1:22          192.168.0.15:51286      ESTABLISHED 5220/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:12233   ESTABLISHED 4869/dropbear
tcp        0     37 192.168.0.1:56031       192.168.0.10:3389       ESTABLISHED 4803/dropbear
tcp        0      0 192.168.0.1:22          42.205.232.251:1898    ESTABLISHED 4803/dropbear
…..
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  3      [ ]         STREAM     CONNECTED     2262658 821/process_monitor
unix  3      [ ]         STREAM     CONNECTED     2262657 821/process_monitor
unix  2      [ ]         DGRAM                    2262489 16941/dnsmasq
root@DD-WRT-INTERNET:~#

Leave a Reply

You must be logged in to post a comment.


     
  Copyright © 2003 - 2013 Tom Kacperski (microdevsys.com). All rights reserved.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License