Re: strange network trafficFrom: Jason Bowman (firstname.lastname@example.org)
- Previous message: fmf3: "Re: Macintosh firewall"
- In reply to: Johan De Meersman: "Re: strange network traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jason Bowman <email@example.com> To: Johan De Meersman <firstname.lastname@example.org>, email@example.com Date: Thu, 5 Sep 2002 11:53:09 -0400
On Wednesday 04 September 2002 10:16 am, Johan De Meersman wrote:
> Now, the parallel firewall wil sniff all packets on the segment, and
> follow any traffic. If it detects a connection attempt or an ongoing
> connection that isn't allowed, it will spoof FIN and/or RST packets for
> both sides, thus effectively ending the connection. Simple, but very
> effective :)
> I don't know any software that does this from the top of my head, but
> have a look at google and/or sf.net and I'm sure you'll find something
Try dsniff. Among other things, you can set it up to kill tcp/ip connections
that match a tcpdump style query string.