Slashdot Mirror

← Back to Stories (view on slashdot.org)

TCP/IP Connection Cutting On Linux Firewalls

Posted by Hemos on from the better-then-vasectomy dept.

Chris Lowth writes "Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks when they are detected, stop high bandwidth consuming downloads - etc. There are many potential applications. This article describes how a Linux IPTables based firewall/router can be used to send the right combination of TCP/IP packets to both ends of a connection to cause them to abort the conversation. It describes the steps required to perform this task, and introduces a new open-source utility called 'cutter' that automates the process."

15 of 233 comments (clear)

  1. Well, that kills that. by Divide+By+Zero · · Score: 5, Funny

    So much for downloading the trailer for $NEXT_BIG_MOVIE on company bandwidth. We'll have to do work now. Dammit.

    --
    Dare to Hope. Prepare to be Disappointed.
  2. Oh, I remember this by Anonymous Coward · · Score: 2, Funny

    The old icmp "attack" I used to run it on people on irc all the time to annoy them. I believe the version I used was called click.exe. just paste their address in one space, the server address in the other, and send some icmp packets to a few ports and they got connection reset by peer.

    I also like ice cream.

  3. I have an even better idea: by Sloshed_dot · · Score: 3, Funny

    Just pull the network cable out, then lets see the hacker getting past THAT script!

    --
    fart/faart/(coarse) (v.intr.): emit intestinal gas from the anus. (n.): emission of intestinal gas from the anus.
  4. For Aol Users by jetkust · · Score: 3, Funny

    Wow, now aol users can close aol without using ctrl+alt+delete.

  5. Evil bit comes to the rescue! by RyanK · · Score: 5, Funny

    Why not just turn on the 'evil' bit for these connections?

    Then simply enable a filter to drop those packets during off hours or peak usage.

    And people thought that was a joke!

    1. Re:Evil bit comes to the rescue! by Anonymous Coward · · Score: 1, Funny

      Where did you find out about that evil bit? Slashdot should run an article on it!

  6. That would be great by missing000 · · Score: 4, Funny

    Then you could just ignore your outages after hours since you couldn't ssh in anymore.

    I always wanted to work 9 to 5 like the executives

  7. Re:great by aurelian · · Score: 1, Funny
    working from home would be brought to the higher-ups' attention, thereby making you look good :)

    until they check the logs...

  8. How to announce software on /. by CoolQ · · Score: 5, Funny

    How to announce software on /.:

    1) Go to SourceForge.
    2) Register a project; upload files
    3) Post link to SourceForge page on /.
    4) ???
    5) Profit

    How not to announce software on /.:

    1) Upload software to your web server behind a T1
    2) Post link to /.
    4) ???
    5) Cry over the money you just wasted.

    --Quentin

  9. Golden days at my company by lateralus · · Score: 5, Funny

    My old boss used to use bandwidth hogs as an excuse to cause users pain. We would track the inflated traffic down to hub port level, he would pull the plug and wait. After maybe 2 minutes always came the phone call from some frustrated user saying that his/her Internet was not working. Over the 12 times we did this EVERY time the phone call came from the abuser and not ONCE was he/she downloading anything work related.

    The company has grown since then and those old tricks would get you fired nowadays. Ahhh, the days when IT ruled with an iron fist. Now there this newfangled notion of "service" in the department, how wierd is that?

    --
    If you outlaw the law, only criminals will have laws
  10. No need for cutter by hhg · · Score: 4, Funny

    See, his webserver can not accept any connections, and I bet he's not using cutter at the moment

  11. Re:Would be handy by pheared · · Score: 2, Funny

    Maybe it could even save your webserver from melting when it's posted on /.

    It will do nothing for your uplink though.

    I'd guess that in most instances of the slashdot attack, line saturation is your biggest factor.

  12. NO They weren't slashdotted... by splerdu · · Score: 5, Funny

    The script is obviously in place, and cuts unwanted connections originating from a referer-id of slashdot.org!

  13. My ISP is using this already by chronos82 · · Score: 4, Funny

    It seems to me the connection just drops every five minutes, perhaps they have this on their crontab ;)

  14. Re:Google cache by Anonymous Coward · · Score: 1, Funny

    Karma whoring after only 5 comments posted.