who synchronizes with whom? the trojan client with the trojan server or the server with the client? This depends completely on the trojan implementation. Sometimes only one direction (incoming or outgoing), sometimes also both directions (notify the "bad guys", to tell them the ip-address and wait for them to connect). Blocking all unwanted (unused) ports for listening sockets (ipchains -y) can prevent trojans which open listening sockets, but at this point it is often much too late - the trojan is already in
Hmm...no good news. Since I at least want to have little security in this I'll put the -y in my most used hi-ports and the others I'll totally block.
bye Markus
-- _____________________________ /"\ Markus Gaugusch ICQ 11374583 \ / ASCII Ribbon Campaign markus@gaugusch.dhs.org X Against HTML Mail / \