July 2018
Intermediate to advanced
452 pages
11h 51m
English
Now, let's try to construct a filter to kill SSH and SMTP connections while allowing all other traffic. This will give us hands-on experience with setting up a basic service filtering mechanism on our Kali box. Pay attention: my first shot at this short filter will have a troublemaking function in it. We'll review the results and see if we can't fix the problem.
First, I fire up nano and create a file with this filter:
if (ip.proto == TCP) { if (tcp.src == 22 || tcp.dst == 22 || tcp.src == 25 || tcp.dst == 25) { msg("SSH or SMTP communication detected. Killing connection.\n"); drop(); kill(); }}
Let's review this line by line: