Shulou(Shulou.com)06/01 Report--

Removal of session links in Juniper SRX Firewall system

Maintain Juniper firewall SRX series firewall, after a period of time, found that the firewall sometimes can not log on, sometimes can log in.

When checking users, I found that the system hung up a lot of connection sessions, no wonder it is always unable to log in, the data is consumed.

There are not many users:

{primary:node0}

James@SRX3600-FW-1 > show system users

Node0:

3:58PM up 648 days, 15:42, 3 users, load averages: 0.27, 0.19, 0.14

USER TTY FROM LOGIN@ IDLE WHAT

James p0 10.251.152.212 2:42PM 1:07 ssh 10.244.136

James p1 10.251.152.212 3:53PM-cli (cli)

Node1:

3:58PM up 40 days, 10 hrs, 0 users, load averages: 0.17, 0.19, 0.12

There are a lot of connections.

James@SRX3600-FW-1 > show system connections | match 10.111.141.146.22

Tcp4 0 0 10.111.141.146.22 10.251.152.212.1669 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.251.152.212.1281 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.46565 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.24.40582 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.3102 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.27496 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.22894 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.22890 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.21030 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.25413 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.24.51123 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.59378 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.26.40712 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.9228 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.26.7785 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.27143 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.46143 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.9249 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.24.19977 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.54018 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.24.37582 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.39697 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.51267 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.28047 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.36206 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.26.12024 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.19595 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.32237 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.62761 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.8727 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.57345 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.24.7457 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.60782 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.50150 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.24.23601 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.54827 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.28.51074 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.35025 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.26.13587 ESTABLISHED

Log in to see which processes are:

Root@SRX3600-FW-1% ps-aux | grep sshd

Root 61980 0.1 0.2 6084 2432?? S 10:37AM 00.30 sshd: nsm [priv] (sshd)

Root 3740 0.0 0.2 7288 2484?? Is 9Sep15 0RO 00.76 sshd: kevinw@notty (sshd)

Root 3791 0.0 0.2 7288 2484?? Is 9Sep15 0RO 00.50 sshd: kevinw@notty (sshd)

Root 4066 0.0 0.2 7288 2488?? Is 9Sep15 0RO 00.18 sshd: james@notty (sshd)

Root 4449 0.0 0.2 7288 2484?? Is 9Sep15 0RO 00.38 sshd: kevinw@notty (sshd)

Root 6513 0.0 0.2 7288 2484?? Is 1Sep15 0RO 00.29 sshd: kevinw@notty (sshd)

Root 17193 0.0 0.2 7288 2484?? Is 1Sep15 0RO 00.29 sshd: kevinw@notty (sshd)

Root 17558 0.0 0.2 7288 2484?? Is Mon02PM 0RO 00.26 sshd: kevinw@notty (sshd)

Root 18548 0.0 0.2 7288 2484?? Is Mon03PM 0RO 00.16 sshd: kevinw@notty (sshd)

Root 21354 0.0 0.2 7288 2484?? Is 1Sep15 0RO 00.41 sshd: kevinw@notty (sshd)

Root 21658 0.0 0.2 7288 2484?? Is 1Sep15 0RO 00.25 sshd: kevinw@notty (sshd)

Root 27719 0.0 0.2 7288 2484?? Is 28Aug15 0RO 00.39 sshd: kevinw@notty (sshd)

Root 28611 0.0 0.2 7288 2484?? Is Thu04PM 0RO 00.23 sshd: kevinw@notty (sshd)

Root 33524 0.0 0.2 7288 2484?? Is 24Aug15 0RO 00.19 sshd: kevinw@notty (sshd)

Root 36425 0.0 0.2 7288 2484?? Is 6Sep15 0RO 00.26 sshd: kevinw@notty (sshd)

Root 36800 0.0 0.2 7288 2484?? Is 6Sep15 0RO 00.27 sshd: kevinw@notty (sshd)

Root 42448 0.0 0.2 7300 2496?? Is Tue03PM 0RO 00.13 sshd: kevinw@notty (sshd)

Root 42450 0.0 0.2 7300 2496?? Is Tue03PM 0RO 00.13 sshd: kevinw@notty (sshd)

Root 42953 0.0 0.2 7300 2496?? Is Tue04PM 0RO 00.31 sshd: kevinw@notty (sshd)

Root 45193 0.0 0.2 7288 2484?? Is 2Sep15 0RO 00.62 sshd: kevinw@notty (sshd)

Root 47703 0.0 0.2 7288 2484?? Is Fri12PM 0RO 00.83 sshd: kevinw@notty (sshd)

Root 50156 0.0 0.2 7300 2496?? Is Wed09AM 0RO 00.13 sshd: kevinw@notty (sshd)

Root 51153 0.0 0.2 7300 2496?? Is 11:24AM 0RO 00.13 sshd: kevinw@notty (sshd)

Root 51155 0.0 0.2 7300 2496?? Is 11:24AM 0RO 00.13 sshd: kevinw@notty (sshd)

Root 54215 0.0 0.2 7300 2496?? Is 5:09PM 0RO 00.13 sshd: kevinw@notty (sshd)

Root 54223 0.0 0.2 7300 2496?? Is 5:10PM 0RO 00.13 sshd: kevinw@notty (sshd)

Root 56559 0.0 0.2 7288 2484?? Is 25Aug15 0RO 00.24 sshd: james@notty (sshd)

Root 58693 0.0 0.2 7288 2484?? Is 7Sep15 0RO 00.70 sshd: kevinw@notty (sshd)

Root 60181 0.0 0.2 7288 2484?? Is 7Sep15 0RO 00.31 sshd: kevinw@notty (sshd)

Root 60286 0.0 0.2 7288 2484?? Is 7Sep15 0RO 00.21 sshd: kevinw@notty (sshd)

Root 60326 0.0 0.2 7288 2484?? Is 7Sep15 0RO 00.19 sshd: kevinw@notty (sshd)

Root 61834 0.0 0.2 7288 2484?? Is 25Aug15 0RO 00.37 sshd: kevinw@notty (sshd)

Root 61910 0.0 0.2 7292 2480?? Ss 10:30AM 0RO 00.22 sshd: james@ttyp0 (sshd)

Sshd 61981 0.0 0.1 5740 1192?? I 10:37AM 00.11 sshd: nsm [net] (sshd)

Root 77273 0.0 0.2 7288 2484?? Is 8Sep15 0RO 00.30 sshd: kevinw@notty (sshd)

Root 78136 0.0 0.2 7288 2484?? Is 8Sep15 0RO 00.86 sshd: kevinw@notty (sshd)

Root 79456 0.0 0.4 8512 3692?? Is 26Aug15 0VOR 01.69 sshd: kevinw@notty (sshd)

Root 80979 0.0 0.2 7288 2480?? Is 8Sep15 0VOR 01.87 sshd: kevinw@ttyp2 (sshd)

Root 86243 0.0 0.2 7288 2488?? Is 26Aug15 0RO 00.25 sshd: james@notty (sshd)

Root 93209 0.0 0.2 7288 2488?? Is 31Aug15 0RO 00.56 sshd: andy@notty (sshd)

Root 93754 0.0 0.2 7288 2484?? Is 31Aug15 0RO 01.00 sshd: kevinw@notty (sshd)

Root 97322 0.0 0.2 7288 2484?? Is 31Aug15 0RO 00.71 sshd: andy@notty (sshd)

Root 61994 0.00.1 2096 804 p0R+ 10:37AM 0pur00.01 grep sshd

Root@SRX3600-FW-1%

Root@SRX3600-FW-1%

Kill the process, kill them all:

Root@SRX3600-FW-1%

Root@SRX3600-FW-1% kill-9 4449

Kill-9 6513

Root@SRX3600-FW-1% kill-9 6513

Kill-9 17193

Root@SRX3600-FW-1% kill-9 17193

Root@SRX3600-FW-1% kill-9 17558

Root@SRX3600-FW-1% kill-9 18548

Root@SRX3600-FW-1% kill-9 21354

Root@SRX3600-FW-1% kill-9 21658

Root@SRX3600-FW-1% kill-9 27719

Root@SRX3600-FW-1% kill-9 28611

Root@SRX3600-FW-1% kill-9 33524

Root@SRX3600-FW-1% kill-9 36425

Root@SRX3600-FW-1% kill-9 36800

Root@SRX3600-FW-1%

Root@SRX3600-FW-1% kill-9 42448

Root@SRX3600-FW-1% kill-9 42450

Root@SRX3600-FW-1% kill-9 42953

Root@SRX3600-FW-1% kill-9 45193

Root@SRX3600-FW-1% kill-9 47703

Root@SRX3600-FW-1% kill-9 50156

Root@SRX3600-FW-1% kill-9 51153

Kill-9 51155

Root@SRX3600-FW-1% kill-9 51155

Root@SRX3600-FW-1% kill-9 54215

Root@SRX3600-FW-1% kill-9 54223

Root@SRX3600-FW-1% kill-9 58693

Root@SRX3600-FW-1% kill-9 60181

Root@SRX3600-FW-1% kill-9 60286

Root@SRX3600-FW-1% kill-9 60326

Root@SRX3600-FW-1% kill-9 61834

Root@SRX3600-FW-1% kill-9 61981

61981: No such process

Root@SRX3600-FW-1% kill-9 77273

Root@SRX3600-FW-1%

Root@SRX3600-FW-1% kill-9 78136

Root@SRX3600-FW-1% kill-9 79456

Root@SRX3600-FW-1% kill-9 80979

Kill-9 93209

Kill-9 93754

Kill-9 97322

Root@SRX3600-FW-1% kill-9 93209

Root@SRX3600-FW-1% kill-9 93754

Root@SRX3600-FW-1% kill-9 97322

Root@SRX3600-FW-1%

Root@SRX3600-FW-1%

Root@SRX3600-FW-1% ps-aux | grep sshd

Root 4066 0.0 0.2 7288 2488?? Is 9Sep15 0RO 00.18 sshd: james@notty (sshd)

Root 56559 0.0 0.2 7288 2484?? Is 25Aug15 0RO 00.24 sshd: james@notty (sshd)

Root 61910 0.0 0.2 7292 2480?? Ss 10:30AM 0RO 00.29 sshd: james@ttyp0 (sshd)

Root 62018 0.0 0.2 7300 2492?? Ss 10:40AM 0RO 00.13 sshd: kevinw@ttyp1 (sshd)

Root 62046 0.0 0.2 6084 2432?? S 10:43AM 00.18 sshd: nsm [priv] (sshd)

Sshd 62047 0.0 0.1 5740 1192?? I 10:43AM 00.11 sshd: nsm [net] (sshd)

Root 86243 0.0 0.2 7288 2488?? Is 26Aug15 0RO 00.25 sshd: james@notty (sshd)

Root 62049 0.00.1 2168 868 p0S+ 10:43AM 0pur00.01 grep sshd

Root@SRX3600-FW-1% kill-9 4066

Root@SRX3600-FW-1% kill-9 56559

Root@SRX3600-FW-1% ps-aux | grep sshd

Root 62055 0.3 0.2 6084 2432?? S 10:44AM 00.33 sshd: nsm [priv] (sshd)

Root 61910 0.0 0.2 7292 2480?? Ss 10:30AM 0RO 00.30 sshd: james@ttyp0 (sshd)

Root 62018 0.0 0.2 7300 2492?? Ss 10:40AM 0RO 00.17 sshd: kevinw@ttyp1 (sshd)

Sshd 62056 0.0 0.1 5740 1192?? I 10:44AM 00.11 sshd: nsm [net] (sshd)

Root 86243 0.0 0.2 7288 2488?? Is 26Aug15 0RO 00.25 sshd: james@notty (sshd)

Root 62058 0.00.1 2096 740 p0R + 10:44AM 0pur00.01 grep sshd

Root@SRX3600-FW-1% kill-9 86243

Root@SRX3600-FW-1% ps-aux | grep sshd

Root 62060 20.0 0.2 6084 2432?? S 10:44AM 00.62 sshd: nsm [priv] (sshd)

Sshd 62061 5.1 0.1 5740 1192?? S 10:44AM 00.11 sshd: nsm [net] (sshd)

Root 61910 0.0 0.2 7292 2480?? Ss 10:30AM 0RO 00.31 sshd: james@ttyp0 (sshd)

Root 62018 0.0 0.2 7300 2492?? Ss 10:40AM 0RO 00.19 sshd: kevinw@ttyp1 (sshd)

Root 62063 0.00.1 2124 848 p0R + 10:44AM 0pur00.01 grep sshd

Root@SRX3600-FW-1%

……

After killing them all, I found that the world was much cleaner. ^ _ ^

{primary:node0}

James@SRX3600-FW-1 > show system connections

Node0:

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address Foreign Address (state)

Tcp4 0 0 10.111.141.146.55847 10.251.143.1.7804 ESTABLISHED

Tcp4 0 0 10.111.141.146.56422 10.244.136.250.22 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.30.48485 ESTABLISHED

Tcp4 00 10.111.141.146.22 10.251.152.212.4002 ESTABLISHED

Tcp4 0 0 10.111.141.146.22 10.101.149.27.9228 TIME_WAIT

Tcp4 0 0 10.111.141.146.60840 10.251.139.21.23 FIN_WAIT_1

Tcp4 0 0 10.111.141.146.22 10.101.149.24.23601 TIME_WAIT

Tcp4 0 0 10.111.141.146.22 10.101.149.27.35025 TIME_WAIT

Tcp4 0 0 129.16.0.1.51627 130.16.1.22.49713 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 130.16.1.24.49713 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 130.16.1.24.64910 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 130.16.1.22.64910 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 130.16.1.22.56881 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 130.16.1.22.58046 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 130.16.1.24.56881 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 130.16.1.24.58046 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.22.49713 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.22.64910 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.24.49713 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.22.56881 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.22.58046 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.24.64910 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.24.56881 ESTABLISHED

Tcp4 0 0 129.16.0.1.51627 129.16.1.24.58046 ESTABLISHED

Tcp4 0 0 * .22 *. * LISTEN

Tcp4 00 129.16.0.1.9000 129.16.0.1.61057 ESTABLISHED

Tcp4 00 129.16.0.1.61057 129.16.0.1.9000 ESTABLISHED

Tcp4 00 * .7000 *. * LISTEN

Tcp4 0 0 * .6156 *. * LISTEN

Tcp4 0 0 * .666 *. * LISTEN

Tcp4 0 0 * .6159 *. * LISTEN

Tcp4 00 129.16.0.1.9000 129.16.0.1.53096 ESTABLISHED

Tcp4 00 129.16.0.1.53096 129.16.0.1.9000 ESTABLISHED

Tcp4 00 * .9000 *. * LISTEN

Tcp4 0 0 * .51627 *. * LISTEN

Tcp4 0 0 * .6161 *. * LISTEN

Tcp4 0 0 * .31343 *. * LISTEN

Tcp4 0 0 * .31341 *. * LISTEN

Tcp4 0 0 * .2049 *. * LISTEN

Tcp4 0 0 * .6666 *. * LISTEN

Tcp4 0 0 * .830 *. * LISTEN

Tcp4 0 0 * .514 *. * LISTEN

Tcp4 0 0 * .513 *. * LISTEN

Tcp4 0 0 * .6234 *. * LISTEN

Udp4 0 0 * .49299 *.

Udp46 0 0 * .514 *.

Udp4 0 0 * .514 *.

Udp4 720 * .55829 *. *

Udp4 0 0129.16.0.1.123 *.

Udp4 0 0 * .123 *. *

Udp4 0 0 * .31342 *.

Udp46 0 0 * .64560 *.

Udp4 0 010.111.141.146.64967 *.

Udp46 0 0 * .161 *.

Udp4 0 0 * .161 *.

Udp46 00 * .4500 *. *

Udp4 00 * .4500 *. *

Udp46 00 * .500 *. *

Udp4 00 * .500 *. *

Udp46 0 0 * .49152 *.

Udp46 0 0 * .4784 *.

Udp46 0 0 * .3784 *.

Udp4 0 0 * .49152 *.

Udp4 0 0 * .4784 *.

Udp4 0 0 * .3784 *.

Udp4 0 0 * .31340 *.

Udp4 0 0 * .31340 *.

Udp4 0 0 * .2049 *.

Udp4 0 0 * .6666 *.

Udp4 0 0 * .6333 *.

Ip4 0 0 *. * *.

Ip4 0 0 *. * *.

Ip4 0 0 *. * *.

Ip4 0 0 *. * *.

Ip4 0 0 *. * *.

Node1:

Active Internet connections (including servers)

Proto Recv-Q Send-Q Local Address Foreign Address (state)

Tcp4 00 * .7000 *. * LISTEN

Tcp4 00 * .9000 *. * LISTEN

Tcp4 0 0 * .6161 *. * LISTEN

Tcp4 0 0 * .31343 *. * LISTEN

Tcp4 0 0 * .31341 *. * LISTEN

Tcp4 0 0 * .2049 *. * LISTEN

Tcp4 0 0 * .6666 *. * LISTEN

Tcp4 0 0 * .830 *. * LISTEN

Tcp4 0 0 * .22 *. * LISTEN

Tcp4 0 0 * .514 *. * LISTEN

Tcp4 0 0 * .513 *. * LISTEN

Tcp4 0 0 * .6234 *. * LISTEN

Udp46 0 0 * .514 *.

Udp4 0 0 * .514 *.

Udp46 0 0 * .59430 *.

Udp4 0 010.111.141.146.63851 *. *

Udp4 0 0 * .31342 *.

Udp46 0 0 * .161 *.

Udp4 0 0 * .161 *.

Udp46 0 0 * .49152 *.

Udp46 0 0 * .4784 *.

Udp46 0 0 * .3784 *.

Udp4 0 0 * .49152 *.

Udp4 0 0 * .4784 *.

Udp4 0 0 * .3784 *.

Udp4 0 0 * .31340 *.

Udp4 0 0 * .31340 *.

Udp4 0 0130.16.0.1.123 *.

Udp4 0 0 * .123 *. *

Udp4 0 0 * .2049 *.

Udp4 0 0 * .6666 *.

Udp4 0 0 * .6333 *.

Ip4 0 0 *. * *.

Ip4 0 0 *. * *.

{primary:node0}

James@SRX3600-FW-1 >

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.