How do I break an arbitrary TCP/IP connection on Linux?

Question

Is there any command that can be used to break an existing TCP/IP connection from some program?

Is there anything in a TCP connection the OS is aware of, or do the

Answer 1

Use tcpkill.

Answer 2

Cutter

Cutter will send packets to both ends of a TCP/IP connection to close the connection. It is designed to be used on a Linux router to disconnect unwanted connections.

Website: http://www.digitage.co.uk/digitage/software/linux-security/cutter

Debian has a package of it: https://packages.debian.org/stable/cutter

Answer 3

My take on this is by using the `iproute2 framework.

Create a blockhole/unreachable bucket routing table (in my example table id 33) through a rule and give it high prio:

# ip rule add from all lookup 33 prio 1

Now find the connections you're trying to block. In my case I have used Chromium to connect to google.com:

# ss -n -e -p | grep "chrom" | grep "173.194.*:443"
ESTAB      0      0               10.211.55.4:46710         173.194.35.2:443    timer: (keepalive,38sec,0) users:(("chromium-browse",8488,106)) uid:1000 ino:38318 sk:f6a4f800
ESTAB      0      0               10.211.55.4:49288        173.194.35.18:443    timer:(keepalive,34sec,0) users:(("chromium-browse",8488,109)) uid:1000 ino:38047 sk:f6a4cb00

So, let's add 173.194.0.0/16 to table 33 and flush the cache:

# ip route add unreachable 173.194.0.0/16 table 33
# ip route flush cache

Try to connect to google.com now in your browser and you will get a ERR_CONNECTION_REFUSEDin your browser.

To lift the veil of your self-imposed blockage, you simple flush the bucket:

# ip route flush table 33

Of course, if you need a more granular distinction, you can use tc and u32 classifier to flag the exact IP:PORT combo (and other packet aspects) and add an fw rule to the bucket (untested):

# tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 \
    match ip src 173.194.0.0/16 match ip dport 443 classid :1
# ip rule add fwmark 1 table 33 prio 1 realms 3/4