TCP/IP Cutter

[mmkhan]

hi all,
i found the following article interesting,

Cutting the tcp/ip network connection with cutter
Cutter is an open source program that allows Linux firewall administrators to abort TCP/IP connections routed over Linux based firewall. Very handy to terminate connection such as SSH tunnels or VPNs left by our own users, abort crackers attacks as soon as they detected, kill high bandwidth consuming connection, or kill peer-to-peer traffic.

for full article: http://www.cyberciti.biz/nixcraft/vi...ction-with.php

Thanks

[thehorse13]

LOL. Who needs that when you can simply pull the ethernet cable right out of the switch - termination guaranteed.

[Striek]

Well if all you want is to disconnect idle users or bandwidth hogs, it would be handy to not cut off everyone. Terminiating connections via software is also useful for automated monitoring of such things, and can be very helpful as part of an IDS.

Although, if you can customize any packet builder or firewall module to send arbitrary RST packets you can accomplish the same thing with less overhead.

[edit]
Actually, iptables can do this just the way it is. The REJECT target can optionally send a tcp reset packet when dealing with rules matching the tcp protocol, with the "--reject-with tcp-reset" option.

So if a bandwidth hog is connected on port 1000 and you want to terminate the connection, add the rule "iptables -A INPUT -p tcp --dport 1000 -j REJECT --reject-with tcp-reset", and when the next packet is sent, they will be dropped without any icmp error messages. Then delete the rule when you want to allow that user back again. So no need to hack up any other software.
[/edit]

[bAgZ]

Nice tool but i must say i am very happy using dsniff and tcpkill for this purpose.