As for forcing a password (I assume you mean, requiring password-based authentication), that's completely protocol and application dependent. For instance, HTTP, SSH, and FTP provide login mechanisms in the protocol (but with different ways of configuring them for each implementation), while finger, echo and DNS don't (as far as I know).

If you have something like PAM you can synchronize your user/password database over supporting server apps, but this is getting way off topic.

Are you talking about incoming ports, or outgoing? And if incoming, are you talking about password protecting access to the port from outside, or are you talking about password-protecting the ability for a local process to listen on the port?

Ultimately, Windows is not a very good firewalling platform, and it is really best (both from a security perspective, and in terms of how easy it is to get it to do what you need) to have an external firewall. However, depending on your needs, it may be possible to kludge something together on Windows. The firewall built into Windows XP may be able to accomplish some of what you want, depending on what it is that you want.

If my answer seems vague, it is because your question seems vague, so I don't really know how to answer in detail.

I desire to block port 5101, incoming. the Yahoo IM backdoor port. see www.datastronghold.com/archive/t12996.html Yes I am talking about if incoming, password protecting access to the port from outside.

Mike- It sounds like you want to block this port because this vulnerability exists. The real vulnerability here is not that port, but the user who executes 3rd party application sent to them over AIM. If you educate them you will be able to avoid a large number of risky behavior instead of protecting one port. If you protect against one backdoor like application there will be another using a different port.

If you are really concerned about this and you are on a personal computer I would recommend that you get a nat router. The NAT router will give you firewall protection as default ( as long as you don't open any ports in the router) and it will not impact your computers performance. Also cost is about that of any non-free firewall. There are a number of free firewall apps out there that you can use, the drawbacks just the impact on computer performance, and for the firewall to work correctly it has to integrate into the OS at a low lvl.

Yes I am talking about if incoming, password protecting access to the port from outside.

Password protecting access from the outside for a remote user or program to connect to an existing listening process is entirely up to the listening process. For instance, if YIM is listening on port 5101 and you want only authorized users to be able to connect to it, then YIM needs to provide the username/password checking. Some server software (e.g., OpenSSH, Apache) has this functionality, but I don't know anything about YIM. Note too that the protocol that is being used needs to support authentication. Most standard application-layer protocols (http, ftp, smtp, and so on) do, but I don't happen to know what protocol YIM uses or what kinds of authentication mechanisms it does or does not support. (The Gaim people might know. I don't know if they have a public web forum. I think they have an IRC channel, possibly on freeserve...) The client applications that are connecting have to support it as well, obviously, but if the protocol supports it, then most clients probably do as well.

If you don't need to let authorized users in, then things get easier. In that case there are two options: you can either prevent the service (in this case, YIM) from listening on the port at all (either by configuring it not to do so, if it has that option, or by simply not running the service), or you can drop or reject the packets at the firewall level. The Windows XP built-in firewall is capable of doing this, I believe. You can find the controls for that in your Administrator account's control panel, and there is lots of information about it on the web.

Neither of these approaches is a Perl solution, but I'm not sure what a Perl solution would look like for this question. Fundamentally, you're not trying to get something done, but to prevent something from happening, so you really need to address it at the level where the thing you want to prevent would otherwise happen, which in your example is either the YIM service or the Windows networking layer (or your external router/gateway/firewall (which you really should have anyway, and which really should be set to block all incoming ports except any that you specifically need open)) and either way Perl isn't really involved.

-- 
We're working on a six-year set of freely redistributable Vacation Bible School materials.

Unfortunately I haven't done this myself, so I don't have better advice to offer, but hopefully this points you in the right direction.

As others have said, doing this at the router may be a better idea if it is possible. Otherwise a savvy user could easily turn this off.

Good luck!

Granted, my answer has little to do with Perl. You may want to check whether your OS supports functionality similar to the following:

In OpenBSD, authpf(8) allows altering the firewall configuration for those people who enter the system via a special SSH session. I can heartily recommend reading the entire man page.

There are several reasons why I suggested the above feature:

• You can interface it with distributed authentication mechanisms (LDAP, NIS, RADIUS, etc.);
• It provides a single, secure interface to enter a password (SSH);
• It does not harrass applications for passwords that they're possibly (likely?) not ready for.

I'm fairly sure Perl can cater to the list above. But since you have an OS already, you might as well use it. Unless, of course, you can integrate things more easily with Perl code you already have or use.

Personally, I think the WinXP built-in firewall isn't that bad. It suits most of my needs as an end user while being on the road. At any other location, I place client machines behind a firewall anyway. Just pick the platform you like best (for me, that's OpenBSD).

Where does Perl come into the picture? Well, it may be useful to generate the various firewall rules you're thinking of. At least, that what I'd use it for in this case.