RE: Can I shut down individual TCP connections?

From: Scott Weeks (surfer@mauislanwanman.com)
Date: 07/02/02


Date: Tue, 2 Jul 2002 08:59:06 -1000 (HST)
From: Scott Weeks <surfer@mauislanwanman.com>
To: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>


On Tue, 2 Jul 2002, McCammon, Keith wrote:

: I was afraid of that. If that doesn't do it, I don't know of another
: way in XP, short of developing some means by which you could send a TCP
: RST to that socket/port. Can't help you with that one! Perhaps someone
: else has an idea...

Ken Williams sent me a link for a freeware (be sure to look at the bottom
of the page to find the free one) program that seems to be made for this.
I haven't tried it yet. However, it seems that there should be something
in DOS somewhere that'd do this as it seems a security risk not having
that functionality.

On Tue, 2 Jul 2002 Ken.Williams@ey.com wrote:

: eSTOP! is what you want: http://www.nwpsw.com/estopmain.html
:
: regards,
: kw
:
: Ken Williams ; CISSP ; Technical Lead ; ken.williams@ey.com
: eSecurityOnline - an eSecurity Venture of Ernst & Young
: ken.williams@ey.com ; www.esecurityonline.com ; 1-877-eSecurity
: Work: 816-480-5440 ; Fax: 816-480-5140 ; Cell: 816-914-4225
: Pager: 1-888-731-1904 ; 2Way Pager: 8887311904@my2way.com

   "eSTOP! was created to fill a need: the need to be able to
    automatically or manually cutoff an established network connection
    (TCP**) between your computer and another computer without dropping
    your network connection entirely."

scott

On Tue, 2 Jul 2002, McCammon, Keith wrote:

: I was afraid of that. If that doesn't do it, I don't know of another way in XP, short of developing some means by which you could send a TCP RST to that socket/port. Can't help you with that one! Perhaps someone else has an idea...
:
: -----Original Message-----
: From: Scott Weeks [mailto:surfer@mauislanwanman.com]
: Sent: Tuesday, July 02, 2002 2:45 PM
: To: McCammon, Keith
: Cc: focus-ms@securityfocus.com
: Subject: RE: Can I shut down individual TCP connections?
:
:
:
:
:
:
: Thanks Keith,
:
: However it seems the PID is the same for many TCP connections:
:
:
: C:\Documents and Settings\Owner>netstat -o -p tcp
:
: Active Connections
:
: Proto Local Address Foreign Address State PID
: TCP Lono:3151 simmerhawaii.com:http ESTABLISHED 1524
: TCP Lono:3153 simmerhawaii.com:http ESTABLISHED 1524
: TCP Lono:3154 simmerhawaii.com:http ESTABLISHED 1524
: TCP Lono:3155 45-14-241-63.swell.com:http ESTABLISHED 1524
: TCP Lono:3156 simmerhawaii.com:http ESTABLISHED 1524
: TCP Lono:3157 216.205.95.253:http ESTABLISHED 1524
: TCP Lono:3158 216.235.33.200:http ESTABLISHED 1524
: TCP Lono:3159 unassigned.alabanza.com:http SYN_SENT 1524
:
: I use Pine on UNIX, so to see the table formatted well, you'd need to use
: a font like Courier...
:
:
: scott
:
:
:
:
: : Not with the click of a button, but it should be possible. Netstat on XP now has the -o switch, which will show the PID associated with the connection. You can try issuing "netstat -o -p tcp" and then killing that process.
: :
: : Cheers
: :
: : Keith
: :
: :
: :
: : -----Original Message-----
: : From: Scott Weeks [mailto:surfer@mauislanwanman.com]
: : Sent: Tuesday, July 02, 2002 1:33 PM
: : To: focus-ms@securityfocus.com
: : Subject: Can I shut down individual TCP connections?
: :
: :
: :
: :
: :
: :
: : Hello Everyone,
: :
: : Please let me know where to go if this isn't the correct place to ask
: : this type of question.
: :
: : I'd like to be able to terminate particular TCP sessions and not affect
: : any others. For example, I saw the following tonight:
: :
: : TCP Lono:3280 andybent.com:http SYN_SENT
: : TCP Lono:3281 sanaga.itu.ch:http ESTABLISHED
: :
: : and I wanted to kill the andybent.com session. (Who the hell is this
: : anyway?) All I could really do is kill my connection to my ISP and
: : terminate every TCP connection. Anyway to do kill just one or a couple
: : of the existing TCP sessions without affecting the others?
: :
: : Thanks,
: : scott
: :
: :
: :
: :
: : ps. I was asked to provide info like the OS, etc. I'm rumming XP home
: : edition 2002 (unfortunately) on a gateway (major cheapie) with an intel
: : celeron 1.2Ghz. I'd assume, though, that there'd be a dos command that'd
: : run across most all flavors and not just across a stripped down and
: : tweaked nt which is what xp home edition is...
: :
: :
:
:



Relevant Pages

  • [RFC] Add support for changing the flow ID of TCP connections
    ... The main missing piece in the kernel is to allow the mbuf's flowid value to be overwritten in "struct inpcb" once the connection is established and to have a callback once the TCP connection is gone so that the assigned "flowid" can be freed by the ethernet hardware driver. ... The "flowid" will be used to assign the outgoing data traffic of a specific TCP connections to a hardware controlled queue, which in advance contain certain parameters about the timing for the transmitted packets. ...
    (freebsd-current)
  • [RFC] Add support for changing the flow ID of TCP connections
    ... The main missing piece in the kernel is to allow the mbuf's flowid value to be overwritten in "struct inpcb" once the connection is established and to have a callback once the TCP connection is gone so that the assigned "flowid" can be freed by the ethernet hardware driver. ... The "flowid" will be used to assign the outgoing data traffic of a specific TCP connections to a hardware controlled queue, which in advance contain certain parameters about the timing for the transmitted packets. ...
    (freebsd-net)
  • Re: port numbers need
    ... is TCP connections from me:>1024 to microsoft:80 ... > and/or packet filtering technology allows for such a thing. ... > the ports on those packets will be a high ephemeral port, ...
    (microsoft.public.win2000.security)
  • Re: ipfw flooding in /var/log/ipfw.log
    ... > setup is available only for TCP connections. ... > ipfw add allow log logamount 0 tcp from any to any setup ...
    (freebsd-questions)