TCP/IP connection cutting on Linux firewalls and routers
Network security administrators sometimes need to be able to abort TCP/IP connections routed over their firewalls on demand. This would allow them to terminate connections such as SSH tunnels or VPNs left in place by employees over night, abort hacker attacks when they are detected, stop high bandwidth consuming downloads - etc. There are many potential applications.
This article describes how a Linux IPTables based firewall/router can be used to send the right combination of TCP/IP packets to both ends of a connection to cause them to abort the conversation. It describes the steps required to perform this task, and introduces a new open-source utility called "cutter" that automates the process.
[ Read more ]
- Review: SonicWALL Pro (9 June 2003)
- Article: Interview with Lisa Yeo, author of "Personal Firewalls for Administrators and Remote Users" (30 March 2003)
- Review: Personal Firewalls for Administrators and Remote Users (13 March 2003)
- Article: Interview with Aviel Rubin, Computer Science Professor at Johns Hopkins University and Technical Director of the JHU Information Security Institute (26 February 2003)
- Review: Firewalls and Internet Security: Repelling the Wily Hacker 2/e (30 January 2003)
- Review: Cisco Secure PIX Firewalls (28 January 2003)