diff --git a/src/core/hub.js b/src/core/hub.js
index 1c38ed5..6a32e52 100644
--- a/src/core/hub.js
+++ b/src/core/hub.js
@@ -43,6 +43,8 @@ export class Hub {
 
   _connQueue = [];
 
+  _udpCleanerTimer = null;
+
   constructor(config) {
     this._config = new Config(config);
     this._udpRelays = LRU({ max: 500, maxAge: 1e5, dispose: (_, relay) => relay.destroy() });
@@ -81,6 +83,9 @@ export class Hub {
     this._udpServer && this._udpServer.close();
     // server
     this._tcpServer.close();
+    // others
+    this._connQueue = [];
+    clearInterval(this._udpCleanerTimer);
     logger.info('[hub] shutdown');
   }
 
@@ -239,7 +244,8 @@ export class Hub {
       const server = dgram.createSocket('udp4');
 
       // destroy old relays every 5s
-      setInterval(() => relays.prune(), 5e3);
+      clearInterval(this._udpCleanerTimer);
+      this._udpCleanerTimer = setInterval(() => relays.prune(), 5e3);
 
       server.on('message', (msg, rinfo) => {
         const { address, port } = rinfo;
diff --git a/src/presets/base-auth.js b/src/presets/base-auth.js
index 17cf3ea..1d80bd6 100644
--- a/src/presets/base-auth.js
+++ b/src/presets/base-auth.js
@@ -1,5 +1,5 @@
 import crypto from 'crypto';
-import { EVP_BytesToKey, numberToBuffer, hmac, hash } from '../utils';
+import { EVP_BytesToKey, numberToBuffer, hmac, hash, dumpHex } from '../utils';
 import { IPresetAddressing } from './defs';
 
 // available HMACs and length
@@ -123,20 +123,20 @@ export default class BaseAuthPreset extends IPresetAddressing {
 
     // minimal length required
     if (buffer.length < 31) {
-      return fail(`length is too short: ${buffer.length}, dump=${buffer.toString('hex')}`);
+      return fail(`length is too short: ${buffer.length}, dump=${dumpHex(buffer)}`);
     }
 
     // decrypt the first byte and check length overflow
     const alen = this._decipher.update(buffer.slice(0, 1))[0];
     if (buffer.length <= 1 + alen + 2 + hmacLen) {
-      return fail(`unexpected length: ${buffer.length}, dump=${buffer.toString('hex')}`);
+      return fail(`unexpected length: ${buffer.length}, dump=${dumpHex(buffer)}`);
     }
 
     // check hmac
     const givenHmac = buffer.slice(1 + alen + 2, 1 + alen + 2 + hmacLen);
     const expHmac = hmac(this._hmacMethod, this._hmacKey, buffer.slice(0, 1 + alen + 2));
     if (!givenHmac.equals(expHmac)) {
-      return fail(`unexpected HMAC=${givenHmac.toString('hex')} want=${expHmac.toString('hex')} dump=${buffer.slice(0, 60).toString('hex')}`);
+      return fail(`unexpected HMAC=${dumpHex(givenHmac)} want=${dumpHex(expHmac)} dump=${dumpHex(buffer)}`);
     }
 
     // decrypt the following bytes