Slashdot Mirror
TCP/IP Connection Cutting On Linux Firewalls
Chris Lowth writes "Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks when they are detected, stop high bandwidth consuming downloads - etc. There are many potential applications.
This article describes how a Linux IPTables based firewall/router can be used to send the right combination of TCP/IP packets to both ends of a connection to cause them to abort the conversation. It describes the steps required to perform this task, and introduces a new open-source utility called 'cutter' that automates the process."
fp niggas!
SUCK my cock slashbot
i am the scat king! poop is religion
BITCH Homo Canus comano hehe wacko jacko sacko munch
FORCED PISS!! -1 Offtopic
wootz
1) Imagine a Beowulf of GNU/Goat$e ... ... ... ...
2) Be anti-MS (or anti-any that doesn't like OSS/FS), anti-US, free-rider,
a rish-ass communist (the new definition of communism).
3) Install Linux today.
4) Share code and share your share your wife. Teach your kids to
do so as well.
5) Profit!
Shout out to Erik!
Two aspects stand out:
1. MICROKERNEL VS MONOLITHIC SYSTEM
Most older operating systems are monolithic, that is, the whole operating
system is a single a.out file that runs in 'kernel mode.' This binary
contains the process management, memory management, file system and the
rest. Examples of such systems are UNIX, MS-DOS, VMS, MVS, OS/360,
MULTICS, and many more.
The alternative is a microkernel-based system, in which most of the OS
runs as separate processes, mostly outside the kernel. They communicate
by message passing. The kernel's job is to handle the message passing,
interrupt handling, low-level process management, and possibly the I/O.
Examples of this design are the RC4000, Amoeba, Chorus, Mach, and the
not-yet-released Windows/NT.
While I could go into a long story here about the relative merits of the
two designs, suffice it to say that among the people who actually design
operating systems, the debate is essentially over. Microkernels have won.
The only real argument for monolithic systems was performance, and there
is now enough evidence showing that microkernel systems can be just as
fast as monolithic systems (e.g., Rick Rashid has published papers comparing
Mach 3.0 to monolithic systems) that it is now all over but the shoutin`.
MINIX is a microkernel-based system. The file system and memory management
are separate processes, running outside the kernel. The I/O drivers are
also separate processes (in the kernel, but only because the brain-dead
nature of the Intel CPUs makes that difficult to do otherwise). LINUX is
a monolithic style system. This is a giant step back into the 1970s.
That is like taking an existing, working C program and rewriting it in
BASIC. To me, writing a monolithic system in 1991 is a truly poor idea.
2. PORTABILITY
Once upon a time there was the 4004 CPU. When it grew up it became an
8008. Then it underwent plastic surgery and became the 8080. It begat
the 8086, which begat the 8088, which begat the 80286, which begat the
80386, which begat the 80486, and so on unto the N-th generation. In
the meantime, RISC chips happened, and some of them are running at over
100 MIPS. Speeds of 200 MIPS and more are likely in the coming years.
These things are not going to suddenly vanish. What is going to happen
is that they will gradually take over from the 80x86 line. They will
run old MS-DOS programs by interpreting the 80386 in software. I think it is a
gross error to design an OS for any specific architecture, since that is
not going to be around all that long.
MINIX was designed to be reasonably portable, and has been ported from the
Intel line to the 680x0 (Atari, Amiga, Macintosh), SPARC, and NS32016.
LINUX is tied fairly closely to the 80x86. Not the way to go.
Don`t get me wrong, I am not unhappy with LINUX. It will get all the people
who want to turn MINIX in BSD UNIX off my back. But in all honesty, I would
suggest that people who want a **MODERN** "free" OS look around for a
microkernel-based, portable OS, like maybe GNU or something like that.
I would have gotten first post, but my firewall terminated my connection to /. :(
Ah yes, flamebait, riiiiggghhhtttt. An appropriate response tying together certain indisputable geo-political facts and my hypothesis of the article. Does flamebait = political correctness? I'm about to suggest the internet is no longer fun. But I'm sure this will be modded down because some of the most intelligent thought-provoking commments on this site are rated down because their word usage or lack of the "F" word doesn't get the needed critical mass.
My point, to use clearer English, was to suggest when one makes a tool and gives said tool to someone else, it may not always be used for the intention you thought, i.e. XBox.
Yes, N. Korea recieved light-water Nuclear reactors from the Clinton administration, and yes, the fuel is enough for about 20 missles.
It was the connection between the tool and the need to which I was trying to convey my point in a light-hearted way.
Oh well, missed the target, hit the tree.
Peace, out.
"This isn't a study in computer science, its a study in human behavior"