After doing an nmap scan on my Linksys router that has Mandrake 9.0 and windows 2000 connected to it I got these results. My qusetion is are any of these opened ports used for trojans?

[root@linux /]# nmap -sU -sT 192.168.1.1

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on (192.168.1.1):
(The 3062 ports scanned but not shown below are in state: closed)
Port State Service
53/udp open domain
67/udp open dhcpserver
69/udp open tftp
80/tcp open http
520/udp open route
1400/udp open cadkey-tablet
5050/udp open mmcc

Nmap run completed -- 1 IP address (1 host up) scanned in 11 seconds
[root@linux /]#

Thank you

Not necessarily. Although the ports open are the ones most likely to be attacked by an intruder. Usually Trojan's are the fault of either the user on the system from downloads, or a person sitting down at the workstation and loading it manually. You may want to look into tightening up security, such as not allowing anonymous ftp access.

Chris

Besides that here's some LQ notes on Linksys security: http://www.linuxquestions.org/questi...007#post157007

The tftp has me worried the most because I don't have a tftp server running, that I know of. If there is one how do I shut it down?

I'm not very familiar with Mandrake, but with RedHat and Slackware you can remove the line within the rc.M or rc.S file that brings up the tftp server. There must be an entry somewhere. If I were you, I would issue:
=========
cd /etc/rc.d
grep tftp *
=========
Just to see where the entry is within these files, and make sure they are commented out, with either a # or ;

Just uncomment the lines in /etc/inetd.conf