netstat... Now can I drop?

Half_Elf · 07-18-2002, 05:41 PM

When I type netstat, I saw a certain number of Established connection (of course!) but in case of an intruder, can I type something to tell netstat (or another progs) to drop the unwanted connection? Or there are no other ways except iptables?

turnip · 07-18-2002, 07:11 PM

Ok.. You can't do that through netstat that I know of, or iptables.

But there is a way and ill use an example for you.

Say john is logged in via ftp and we want to boot him

you would do this.

ps -ef |grep john |awk '{print $2}'| xargs kill -9

I'm not sure what to do on web connections, but this works for anything that authenticates with a username.

Half_Elf · 07-19-2002, 01:24 AM

hehehe ok thanx for the tips

Badly, my ftp use "virtual" user, but that's good to know

unSpawn · 07-19-2002, 09:00 PM

Seems ettercap advertises ability to kill TCP connections.

Half_Elf · 07-20-2002, 03:05 PM

What? Explanation please

unSpawn · 07-21-2002, 11:16 AM

Just look at http://ettercap.sourceforge.net. It's able to list connections and kill them, but I've seen no way to automate usage and it isn't fast.