Mike-
It sounds like you want to block this port because this vulnerability exists. The real vulnerability here is not that port, but the user who executes 3rd party application sent to them over AIM. If you educate them you will be able to avoid a large number of risky behavior instead of protecting one port. If you protect against one backdoor like application there will be another using a different port.
If you are really concerned about this and you are on a personal computer I would recommend that you get a nat router. The NAT router will give you firewall protection as default ( as long as you don't open any ports in the router) and it will not impact your computers performance. Also cost is about that of any non-free firewall. There are a number of free firewall apps out there that you can use, the drawbacks just the impact on computer performance, and for the firewall to work correctly it has to integrate into the OS at a low lvl. | [reply] [Watch: Dir/Any] |
Yes I am talking about if incoming, password protecting access to the port from outside.
Password protecting access from the outside for a remote user or program to connect to an existing listening process is entirely up to the listening process. For instance, if YIM is listening on port 5101 and you want only authorized users to be able to connect to it, then YIM needs to provide the username/password checking. Some server software (e.g., OpenSSH, Apache) has this functionality, but I don't know anything about YIM. Note too that the protocol that is being used needs to support authentication. Most standard application-layer protocols (http, ftp, smtp, and so on) do, but I don't happen to know what protocol YIM uses or what kinds of authentication mechanisms it does or does not support. (The Gaim people might know. I don't know if they have a public web forum. I think they have an IRC channel, possibly on freeserve...) The client applications that are connecting have to support it as well, obviously, but if the protocol supports it, then most clients probably do as well.
If you don't need to let authorized users in, then things get easier.
In that case there are two options: you can either prevent the
service (in this case, YIM) from listening on the port at all (either
by configuring it not to do so, if it has that option, or by
simply not running the service), or you can drop or reject the packets at
the firewall level. The Windows XP built-in firewall is capable of
doing this, I believe. You can find the controls for that
in your Administrator account's control panel, and there is lots of information about it on the
web.
Neither of these approaches is a Perl solution, but I'm not sure what a Perl solution would look like for this question. Fundamentally, you're not trying to get something done, but to prevent something from happening, so you really need to address it at the level where the thing you want to prevent would otherwise happen, which in your example is either the YIM service or the Windows networking layer (or your external router/gateway/firewall (which you really should have anyway, and which really should be set to block all incoming ports except any that you specifically need open)) and either way Perl isn't really involved.
| [reply] [Watch: Dir/Any] |