Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re: blocking a port on a Wintel machine

by jonadab (Parson)
on Jan 27, 2007 at 16:16 UTC ( #596884=note: print w/replies, xml ) Need Help??

in reply to blocking a port on a Wintel machine

Are you talking about incoming ports, or outgoing? And if incoming, are you talking about password protecting access to the port from outside, or are you talking about password-protecting the ability for a local process to listen on the port?

Ultimately, Windows is not a very good firewalling platform, and it is really best (both from a security perspective, and in terms of how easy it is to get it to do what you need) to have an external firewall. However, depending on your needs, it may be possible to kludge something together on Windows. The firewall built into Windows XP may be able to accomplish some of what you want, depending on what it is that you want.

If my answer seems vague, it is because your question seems vague, so I don't really know how to answer in detail.

Sanity? Oh, yeah, I've got all kinds of sanity. In fact, I've developed whole new kinds of sanity. You can just call me "Mister Sanity". Why, I've got so much sanity it's driving me crazy.
  • Comment on Re: blocking a port on a Wintel machine

Replies are listed 'Best First'.
Re^2: blocking a port on a Wintel machine
by mikejones (Scribe) on Jan 27, 2007 at 22:30 UTC
    I desire to block port 5101, incoming. the Yahoo IM backdoor port. see Yes I am talking about if incoming, password protecting access to the port from outside.
      Mike- It sounds like you want to block this port because this vulnerability exists. The real vulnerability here is not that port, but the user who executes 3rd party application sent to them over AIM. If you educate them you will be able to avoid a large number of risky behavior instead of protecting one port. If you protect against one backdoor like application there will be another using a different port.

      If you are really concerned about this and you are on a personal computer I would recommend that you get a nat router. The NAT router will give you firewall protection as default ( as long as you don't open any ports in the router) and it will not impact your computers performance. Also cost is about that of any non-free firewall. There are a number of free firewall apps out there that you can use, the drawbacks just the impact on computer performance, and for the firewall to work correctly it has to integrate into the OS at a low lvl.
      Yes I am talking about if incoming, password protecting access to the port from outside.

      Password protecting access from the outside for a remote user or program to connect to an existing listening process is entirely up to the listening process. For instance, if YIM is listening on port 5101 and you want only authorized users to be able to connect to it, then YIM needs to provide the username/password checking. Some server software (e.g., OpenSSH, Apache) has this functionality, but I don't know anything about YIM. Note too that the protocol that is being used needs to support authentication. Most standard application-layer protocols (http, ftp, smtp, and so on) do, but I don't happen to know what protocol YIM uses or what kinds of authentication mechanisms it does or does not support. (The Gaim people might know. I don't know if they have a public web forum. I think they have an IRC channel, possibly on freeserve...) The client applications that are connecting have to support it as well, obviously, but if the protocol supports it, then most clients probably do as well.

      If you don't need to let authorized users in, then things get easier. In that case there are two options: you can either prevent the service (in this case, YIM) from listening on the port at all (either by configuring it not to do so, if it has that option, or by simply not running the service), or you can drop or reject the packets at the firewall level. The Windows XP built-in firewall is capable of doing this, I believe. You can find the controls for that in your Administrator account's control panel, and there is lots of information about it on the web.

      Neither of these approaches is a Perl solution, but I'm not sure what a Perl solution would look like for this question. Fundamentally, you're not trying to get something done, but to prevent something from happening, so you really need to address it at the level where the thing you want to prevent would otherwise happen, which in your example is either the YIM service or the Windows networking layer (or your external router/gateway/firewall (which you really should have anyway, and which really should be set to block all incoming ports except any that you specifically need open)) and either way Perl isn't really involved.

      We're working on a six-year set of freely redistributable Vacation Bible School materials.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://596884]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2022-08-13 20:44 GMT
Find Nodes?
    Voting Booth?

    No recent polls found