I appear to be a victim of TCP reset attacks with the purpose of preventing me from downloading specific data. I know this is the case at this stage.
For the time being I am staying at a hotel and so I do not have access to the router firewall here, but my question is: Would it be possible to prevent TCP reset style attacks through iptables?
What I have attempted to do is block RST (and FIN) packets with iptables like so:
iptables -I OUTPUT -p tcp --tcp-flags ALL RST -j DROP iptables -I INPUT -p tcp --tcp-flags ALL RST -j DROP (Same for FIN packets)
However, the attacker still appears able to kill the connection -- from analysing wireshark I can see that an RST packet was still sent from my IP to the server. I do not see why it would send this given the iptables settings.
Would it not still be possible for an attacker connected to the same LAN to send an RST packet to the server and kill my connection? In that case I guess I will need control over the networks firewall - which I don't at this time.
A VPN does not prevent the attack -- presumably because the attacker is aware of the server I am using.
I also want to point out that I am using qubes, with all Internet traffic going through the sys-net qube where the iptables rules are active
What I'm looking for is a way to mitigate these kinds of attack, even while using a firewall and blocking these packets it appears the connection can still be killed by a determined attacker, with little evidence on my side from wireshark -- I presume they send the packets themselves to the server with my ip spoofed.
