Skip to main content

A TCPKill utility written in python and scapy

Project description

RSTconn

A TCPKill is a utility that implements a TCP reset attack. RSTconn works for both IPv4 and IPv6 and is written in python and scapy.

How RSTconn works

RESET is a flag in TCP packets to indicate that the connection is not longer working. If any of the two participants in a TCP connection send a packet contains such a RESET flag, the connection will be closed immediately.

Thus it can be use to attack TCP connections once the attacker can forge TCP packets from any of the two parties if he or she know their IPs, ports and the sequence number of current TCP connection.

The attack can be used to make certain users to fail to use certain network services based on TCP if we know the information above.

In practice, we should eavesdrop the victims’ communications to get their IPs, ports and the sequence number.

We do it by filtering the TCP packets and find the newest packets that we want to attack.

Setup

pip install rstconn

Usage

rstconn kills network connections.

optional arguments:
  -h, --help            show this help message and exit
  --iface {lo,enp0s25,lxcbr0,docker0,br-d316e57def52,vethd4f41f0,veth6fa5336, ...}, -i {...}
                        Interface where to listen to
  --server-ip SERVER_IP, -sip SERVER_IP
                        IPv4 or hostname
  --client-ip CLIENT_IP, -cip CLIENT_IP
                        IPv4 or hostname
  --server-port SERVER_PORT, -p SERVER_PORT
                        Server port
  --packet-count PACKET_COUNT, -pc PACKET_COUNT
                        sends N RST packets
  --seq-jitter SEQ_JITTER, -sj SEQ_JITTER
                        Set seq_jitter to be non-zero in order to prove to yourself that the
                        sequence number of a RST segment does indeed need to be exactly equal
                        to the last sequence number ACK-ed by the receiver
  --ignore-syn, -is     if a Packet has SYN flag, not sending RST
  --window-size WINDOW_SIZE, -ws WINDOW_SIZE
                        Window size
  -d {CRITICAL,ERROR,WARNING,INFO,DEBUG}, --debug {CRITICAL,ERROR,WARNING,INFO,DEBUG}
                        Debug level, see python logging; defaults to INFO if omitted
  -m, --monitor         Just sniff traffic without sendin RST
  -v, --version         Print version and exit

RSTconn listens for the matching connections and than sends a number of SYN/ACK and RST packets to the client to get the connection be killed.

The number of packets is configurable by --packet-count, --iface and --server-ip and --server-port are related to the local server port to be listen on.

rstconn -i lo --server-ip 127.0.0.1 --server-port 8000 --packet-count 50

Demo

apt install netcat
  • Setup TCP connection. In one terminal window run nc -nvl 8000 to set up a server
  • In another terminal window run nc 127.0.0.1 8000 to connect to the server
  • In a third window run rstconn to run our sniffing program

You should see the sniffing program log some output, send a RST packet, and the nc connection should be broken.

If you want to test rstconn in IPv6, use instead:

  • nc ::1 8000
  • nc -nvl ::1 8000
  • rstconn -i lo --server-ip "::1" --server-port 8000 -pc 33

Usage examples

Reset connections to ftp.gnu.org

rstconn -i enp0s25 --server-ip ftp.gnu.org

on the client side we'll see

ftp> ls
421 Service not available, remote server has closed connection

without server/client ip, using only the port

rstconn -i lo --server-port 8000

Credits

References

  • Watson, P.: Slipping in the Window: TCP Reset attacks. (2004)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

rstconn-0.5.1.tar.gz (17.6 kB view details)

Uploaded Source

File details

Details for the file rstconn-0.5.1.tar.gz.

File metadata

  • Download URL: rstconn-0.5.1.tar.gz
  • Upload date:
  • Size: 17.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.26.0 setuptools/45.2.0 requests-toolbelt/0.9.1 tqdm/4.49.0 CPython/3.8.10

File hashes

Hashes for rstconn-0.5.1.tar.gz
Algorithm Hash digest
SHA256 5822aa58715957311570eaf411e3fc25bf772b073173784a5622fe7e50424b4b
MD5 3dc43847f468acbfb7aba5237cbb7307
BLAKE2b-256 8ec0ae0c1cba3bdfbb7e6aacc29fda4f0f38de283e051e843b40583b89bad8f3

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page