Foil Wireless Poachers and Have Fun Doing It (Part 2) - page 3
Killing and Slaying
These are fine when all you need to do is boot bad users off certain computers, but what if you want to fling them off your entire network? For that you need
tcpkill installed on your wireless access point.
tcpkill is part of the
dsniff suite of network-cracking utilities.
dsniff is a useful network administrator tool, and it also has much power for evil. You should be familiar with it, because you can count on the bad guys knowing it intimately.
First you need to know the IP address of your unwanted visitor, which you can find with
nmap. Run this as root from any host on your subnet:
# sudo nmap -sP 192.168.0.*
This will find all active hosts on your network, and report hostnames, IP addresses, and MAC addresses. Naturally you'll need to know which ones belong. Then clobber the ones you don't want with
# tcpkill -9 net 192.168.0.25
The cutter command makes it even easier. Just do this:
# cutter 192.168.0.25
cuttersee both wired and wireless users. To zero in on wireless users, use Kismet.
Also, there's an easier, holistic way to keep wireless freeloaders and bad people out. Just upgrade all of your wireless gear to WPA2-compliant devices. Authenticate and encrypt every single bit that travels over your airwaves. It's easy and it works. Don't forget that even when you are successful at preventing intruders from entering your network, it's still trivially easy for them to sniff wireless traffic. WPA2's AES-based encryption will foil this.