How do I break an arbitrary TCP/IP connection on Linux?

前端 未结 3 829
一整个雨季
一整个雨季 2021-01-04 14:09

Is there any command that can be used to break an existing TCP/IP connection from some program?

Is there anything in a TCP connection the OS is aware of, or do the

相关标签:
3条回答
  • 2021-01-04 14:41

    Use tcpkill.

    0 讨论(0)
  • 2021-01-04 14:49

    Cutter

    Cutter will send packets to both ends of a TCP/IP connection to close the connection. It is designed to be used on a Linux router to disconnect unwanted connections.

    Website: http://www.digitage.co.uk/digitage/software/linux-security/cutter

    Debian has a package of it: https://packages.debian.org/stable/cutter

    0 讨论(0)
  • 2021-01-04 14:52

    My take on this is by using the `iproute2 framework.

    Create a blockhole/unreachable bucket routing table (in my example table id 33) through a rule and give it high prio:

    # ip rule add from all lookup 33 prio 1
    

    Now find the connections you're trying to block. In my case I have used Chromium to connect to google.com:

    # ss -n -e -p | grep "chrom" | grep "173.194.*:443"
    ESTAB      0      0               10.211.55.4:46710         173.194.35.2:443    timer: (keepalive,38sec,0) users:(("chromium-browse",8488,106)) uid:1000 ino:38318 sk:f6a4f800
    ESTAB      0      0               10.211.55.4:49288        173.194.35.18:443    timer:(keepalive,34sec,0) users:(("chromium-browse",8488,109)) uid:1000 ino:38047 sk:f6a4cb00
    

    So, let's add 173.194.0.0/16 to table 33 and flush the cache:

    # ip route add unreachable 173.194.0.0/16 table 33
    # ip route flush cache
    

    Try to connect to google.com now in your browser and you will get a ERR_CONNECTION_REFUSEDin your browser.

    To lift the veil of your self-imposed blockage, you simple flush the bucket:

    # ip route flush table 33
    

    Of course, if you need a more granular distinction, you can use tc and u32 classifier to flag the exact IP:PORT combo (and other packet aspects) and add an fw rule to the bucket (untested):

    # tc filter add dev eth1 parent ffff: protocol ip prio 1 u32 \
        match ip src 173.194.0.0/16 match ip dport 443 classid :1
    # ip rule add fwmark 1 table 33 prio 1 realms 3/4
    
    0 讨论(0)
提交回复
热议问题