These are fine when all you need to do is boot bad users off certain computers, but what if you want to fling them off your entire network? For that you need tcpkill installed on your wireless access point. tcpkill is part of the dsniff suite of network-cracking utilities. dsniff is a useful network administrator tool, and it also has much power for evil. You should be familiar with it, because you can count on the bad guys knowing it intimately.

First you need to know the IP address of your unwanted visitor, which you can find with nmap. Run this as root from any host on your subnet:

# sudo nmap -sP 192.168.0.*

This will find all active hosts on your network, and report hostnames, IP addresses, and MAC addresses. Naturally you'll need to know which ones belong. Then clobber the ones you don't want with tcpkill:

# tcpkill -9 net 192.168.0.25

The cutter command makes it even easier. Just do this:

# cutter 192.168.0.25

Also, there's an easier, holistic way to keep wireless freeloaders and bad people out. Just upgrade all of your wireless gear to WPA2-compliant devices. Authenticate and encrypt every single bit that travels over your airwaves. It's easy and it works. Don't forget that even when you are successful at preventing intruders from entering your network, it's still trivially easy for them to sniff wireless traffic. WPA2's AES-based encryption will foil this.

Next: Hunting Down Rogue (Not Rouge) Access Points With Kismet »