trojan problem

Anders Karlsson trudheim at
Tue Jan 24 05:32:28 UTC 2006

On 1/24/06, Brian Walker <bfwalker at> wrote:


>  Follow up:
>  clean install has happened. nmap showed once again  an open port that I did
> not expect:
> (The 1660 ports scanned but not shown below are in state: closed)
>  PORT          STATE     SERVICE
>  25/tcp        open       smtp
>  631/tcp      open       ipp
>  32770/tcp  open       sometimes-rpc3
>  Nmap finished: 1 IP address (1 host up) scanned in 0.296 seconds

Port 25 is your MTA, 631 is CUPS and the sometimes-rpc3/32770 is
explained in this post, Nothing to
worry about I'd say.

>  This is despite having configured Bastille, and shutting down services as
> far as reasonable. I wonder if there is not a residual backdoor being left
> open? Any ideas on this? (BTW scanning other addresses shows no open ports
> or unexpected services)

When you cfg your firewall, the best policy is deny by default, only
allow what you need. I can send you a copy of my fwbuilder firewall if
you want to look at that as an example.


Anders Karlsson <trudheim at>

More information about the ubuntu-users mailing list