trojan problem

Anders Karlsson trudheim at gmail.com
Tue Jan 24 05:32:28 UTC 2006


On 1/24/06, Brian Walker <bfwalker at gmail.com> wrote:

[snip]

>  Follow up:
>
>  clean install has happened. nmap showed once again  an open port that I did
> not expect:
>
> (The 1660 ports scanned but not shown below are in state: closed)
>  PORT          STATE     SERVICE
>  25/tcp        open       smtp
>  631/tcp      open       ipp
>  32770/tcp  open       sometimes-rpc3
>
>  Nmap finished: 1 IP address (1 host up) scanned in 0.296 seconds

Port 25 is your MTA, 631 is CUPS and the sometimes-rpc3/32770 is
explained in this post,
http://www.ubuntuforums.org/archive/index.php/t-77684.html. Nothing to
worry about I'd say.

>  This is despite having configured Bastille, and shutting down services as
> far as reasonable. I wonder if there is not a residual backdoor being left
> open? Any ideas on this? (BTW scanning other addresses shows no open ports
> or unexpected services)

When you cfg your firewall, the best policy is deny by default, only
allow what you need. I can send you a copy of my fwbuilder firewall if
you want to look at that as an example.

Regards,

--
Anders Karlsson <trudheim at gmail.com>


More information about the ubuntu-users mailing list