http://www.perlmonks.org?node_id=596912


in reply to Re: blocking a port on a Wintel machine
in thread blocking a port on a Wintel machine

I desire to block port 5101, incoming. the Yahoo IM backdoor port. see www.datastronghold.com/archive/t12996.html Yes I am talking about if incoming, password protecting access to the port from outside.

Replies are listed 'Best First'.
Re^3: blocking a port on a Wintel machine
by Zero_Flop (Pilgrim) on Jan 28, 2007 at 02:31 UTC
    Mike- It sounds like you want to block this port because this vulnerability exists. The real vulnerability here is not that port, but the user who executes 3rd party application sent to them over AIM. If you educate them you will be able to avoid a large number of risky behavior instead of protecting one port. If you protect against one backdoor like application there will be another using a different port.

    If you are really concerned about this and you are on a personal computer I would recommend that you get a nat router. The NAT router will give you firewall protection as default ( as long as you don't open any ports in the router) and it will not impact your computers performance. Also cost is about that of any non-free firewall. There are a number of free firewall apps out there that you can use, the drawbacks just the impact on computer performance, and for the firewall to work correctly it has to integrate into the OS at a low lvl.
Re: blocking a port on a Wintel machine
by jonadab (Parson) on Jan 29, 2007 at 03:42 UTC
    Yes I am talking about if incoming, password protecting access to the port from outside.

    Password protecting access from the outside for a remote user or program to connect to an existing listening process is entirely up to the listening process. For instance, if YIM is listening on port 5101 and you want only authorized users to be able to connect to it, then YIM needs to provide the username/password checking. Some server software (e.g., OpenSSH, Apache) has this functionality, but I don't know anything about YIM. Note too that the protocol that is being used needs to support authentication. Most standard application-layer protocols (http, ftp, smtp, and so on) do, but I don't happen to know what protocol YIM uses or what kinds of authentication mechanisms it does or does not support. (The Gaim people might know. I don't know if they have a public web forum. I think they have an IRC channel, possibly on freeserve...) The client applications that are connecting have to support it as well, obviously, but if the protocol supports it, then most clients probably do as well.

    If you don't need to let authorized users in, then things get easier. In that case there are two options: you can either prevent the service (in this case, YIM) from listening on the port at all (either by configuring it not to do so, if it has that option, or by simply not running the service), or you can drop or reject the packets at the firewall level. The Windows XP built-in firewall is capable of doing this, I believe. You can find the controls for that in your Administrator account's control panel, and there is lots of information about it on the web.

    Neither of these approaches is a Perl solution, but I'm not sure what a Perl solution would look like for this question. Fundamentally, you're not trying to get something done, but to prevent something from happening, so you really need to address it at the level where the thing you want to prevent would otherwise happen, which in your example is either the YIM service or the Windows networking layer (or your external router/gateway/firewall (which you really should have anyway, and which really should be set to block all incoming ports except any that you specifically need open)) and either way Perl isn't really involved.

    -- 
    We're working on a six-year set of freely redistributable Vacation Bible School materials.