On Wed, 24 Jan 2001, Paul D. Robertson wrote:
> Finally, there was a (French?) tool for intercepting and FINing TCP
> connections on the local network that might be worth digging for.
> Profile AIM and I'm pretty sure you could shut it down on the local
> wire. Don't forget to prep the help desk first.
tcpkill, from dug song (http://www.monkey.org/~dugsong/) can do this. just
supply a tcpdump filter (ie host login.oscar.aol.com) and it will falsify
FIN's and snipe the connection. very easy to set up.
tcpnice, also from dug, can be used to slow up connection by falsifying
small window advertisements and ICMP source quenches.
however, the blackhole method you describe is quite easy to implement, and
surely more effective.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
