1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
|
--- a/Makefile
+++ b/Makefile
@@ -1,5 +1,5 @@
cutter: cutter.c
- cc cutter.c -o cutter
+ cc $(CFLAGS) cutter.c -o cutter
clean:
rm -f cutter.o cutter
--- a/cutter.c
+++ b/cutter.c
@@ -57,6 +57,7 @@
#include <arpa/inet.h>
#include <net/if.h>
#include <errno.h>
+#include <time.h>
#define ETHHDR sizeof(struct ethhdr)
#define TCPHDR sizeof(struct tcphdr)
@@ -149,7 +150,6 @@
int getmac(in_addr_t ip, uchar *mac)
{
FILE *id = fopen( "/proc/net/arp", "r" );
- union { uchar c[4]; in_addr_t n; } ipu;
in_addr_t ipn;
int mac0, mac1, mac2, mac3, mac4, mac5;
int hwtype, flags;
@@ -240,7 +240,7 @@
u_short toport
)
{
- int i_result, raw_sock, rtn;
+ int i_result, raw_sock;
in_addr_t gateway_ip;
struct sockaddr_ll myaddr, hisaddr;
struct tpack tpack;
@@ -377,7 +377,7 @@
for ( ; time(0) < tstart + 15; ) { // give the peer 15 seconds to respond
struct sockaddr_ll gotaddr;
- int addrlen = sizeof(gotaddr);
+ unsigned int addrlen = sizeof(gotaddr);
fd_set readfds;
struct timeval tv;
@@ -478,8 +478,7 @@
{
FILE *id = fopen( "/proc/net/ip_conntrack", "r" );
char src1[32], dst1[32], src2[32], dst2[32];
- int sport1, dport1, sport2, dport2, i;
- int packets1, packets2, bytes1, bytes2;
+ int sport1, dport1, sport2, dport2;
in_addr_t src1n, src2n, dst1n, dst2n;
char buff[1024], *p;
int found = 0;
--- a/debian/cutter.8
+++ b/debian/cutter.8
@@ -0,0 +1,124 @@
+.\" Hey, EMACS: -*- nroff -*-
+.TH CUTTER 8 "April, 2005"
+.SH NAME
+cutter \- cut tcp/ip connections
+.SH SYNOPSIS
+.B cutter
+.IR ipaddress1 \ [ \ port1 \ [ \ ipaddress2 \ [ \ port2
+\ ] \ ] \ ]
+.br
+.SH DESCRIPTION
+.B Cutter
+is an open source program that allows Linux firewall
+administrators to abort TCP/IP connections routed over the firewall or
+router on which it is run.
+.br
+.SH WARNING
+.B Cutter
+has been designed for use as a administrators tool for Linux
+firewalls. It's use (as is, or modified) for any other purpose is not
+sanctioned by the author. So - do not use this tool as a parachute, or
+to dry your cat, chill meat, answer your phone, drive you car, teach
+your kids to read or attack other people's computer systems or networks.
+.PP
+This software has been designed for
+.I legal
+and
+.I appropriate
+use
+by network security administrators and the like. It has been written as
+part of a larger Linux firewall project, targetting at controlling traffic
+from peer-to-peer software such as Kazaa, iMesh and others into and out of
+a private network. It is not designed as a tool for malicious use and the
+author in no way sanctions such use.
+.PP
+Users of the software should be aware that it's actions are easily detectable
+using a number of readily available network monitoring tools, and it makes no
+attempt to disguise it's actions. Malicious use of "cutter" could result in a
+jail sentance in a number of countries around the world.
+.PP
+The author is not responsible for the results of using this software. It
+is provided "as is" in the hope that it will be useful, but no garantees
+are made about it's use.
+.br
+.SH USAGE
+.B Cutter
+can be called using one of the following four syntaxes.
+
+.BI cutter \ ip-address
+
+.B Example:
+.RS
+.br
+.BI cutter \ 10.10.0.45
+
+Cuts all connections
+passing through the firewall
+between any ports on the specified ip-address (either a "private" or
+"public" address) and any other hosts. This can be used to close down
+all incoming connections to a particular server, all outgoing
+connections from a particular client or all outgoing connections to a
+server.
+.RE
+
+.B cutter
+.I ip-address port
+
+.B Example:
+.RS
+.br
+.B cutter
+.I 200.1.2.3 80
+
+Cuts all connections to or from the
+specified ip-address/port pair. This allows the user to be a little more
+specific than the previous example and allows targetting of specific
+services on specific hosts.
+.RE
+
+.B cutter
+.I ip-address-1 port-1 ip-address-2
+
+.B Example:
+.RS
+.br
+.B cutter
+.I 200.1.2.3 22 10.10.0.45
+
+Cuts all connections between
+ip-address-2 and ip-address-1/port-1. This allows the user to cut
+connections between a specified "client" and a particular service on a
+specified host. Our example closes host 10.10.0.45's SSH connection to
+server 200.1.2.3.
+.RE
+
+.B cutter
+.I ip-address-1 port-1 ip-address-2 port-2
+
+.B Example:
+.RS
+.br
+.B cutter
+.I 200.1.2.3 22 10.10.0.45 32451
+
+Cuts the specific connection between
+the two ip/port number pairs given.
+.RE
+.SH STATUS
+Cutter 1.03 should be considered
+.B EXPERIMENTAL.
+The author is releasing a
+tool that works on the systems he has access to (namely: IPCop and
+RedHat Linux), and he is seeking input on it's use on other systems,
+ideas for improvement, offers of sponsorship - etc.
+.PP
+.br
+.SH ADDITIONAL DOCUMENTATION
+This program is documented at
+.UR http://www.lowth.com/cutter/
+.I http://www.lowth.com/cutter/
+.UE
+.SH AUTHOR
+Blars Blarson addapted the README and web page written by Chris Lowth
+into this man page for debian package of cutter. This man page may be
+distribuated under the terms of the Gnu GPL version 2.
|
GitWeb