TCP/IP Cutter
Results 1 to 4 of 4

Thread: TCP/IP Cutter

  1. #1
    Senior Member
    Join Date
    May 2004
    Posts
    274

    TCP/IP Cutter

    hi all,
    i found the following article interesting,

    Cutting the tcp/ip network connection with cutter
    Cutter is an open source program that allows Linux firewall administrators to abort TCP/IP connections routed over Linux based firewall. Very handy to terminate connection such as SSH tunnels or VPNs left by our own users, abort crackers attacks as soon as they detected, kill high bandwidth consuming connection, or kill peer-to-peer traffic.
    for full article: http://www.cyberciti.biz/nixcraft/vi...ction-with.php

    Thanks
    Excuse me, is there an airport nearby large enough for a private jet to land?

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,883
    LOL. Who needs that when you can simply pull the ethernet cable right out of the switch - termination guaranteed.

    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    Well if all you want is to disconnect idle users or bandwidth hogs, it would be handy to not cut off everyone. Terminiating connections via software is also useful for automated monitoring of such things, and can be very helpful as part of an IDS.

    Although, if you can customize any packet builder or firewall module to send arbitrary RST packets you can accomplish the same thing with less overhead.

    [edit]
    Actually, iptables can do this just the way it is. The REJECT target can optionally send a tcp reset packet when dealing with rules matching the tcp protocol, with the "--reject-with tcp-reset" option.

    So if a bandwidth hog is connected on port 1000 and you want to terminate the connection, add the rule "iptables -A INPUT -p tcp --dport 1000 -j REJECT --reject-with tcp-reset", and when the next packet is sent, they will be dropped without any icmp error messages. Then delete the rule when you want to allow that user back again. So no need to hack up any other software.
    [/edit]
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!

  4. #4
    Senior Member bAgZ's Avatar
    Join Date
    Jul 2001
    Posts
    206
    Nice tool but i must say i am very happy using dsniff and tcpkill for this purpose.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides