[MarkL]

NAT is the answer. Broadband users, learn how to configure your router. Just because you have an app listening on a port on a PC on your intranet doesn't mean you have to let outsiders connect. Get a hardware firewall and use it!

Sorry, but you're wrong... A trojan works like the "Trojan Horse." Once it's inside your NAT router, it connects to the outside from within your network. The only way to block it is by knowing what port the trojan will use, and then blocking that port at the router. Most people who will buy a HW firewall (i.e. not businesses) will use the plug and play features, never really configuring the device.

Mark

[proxy_user]

I'd have to disagree. A normal Trojan listens on a port, waiting for the hacker who sent it to you to connect. This is true of SubSeven, NetBus, BackOrifice, etc. Some of them post their IP to Usenet or send an email. Of course, you could write it so that it acts as a client and connects to a server, which is more typical of spyware-type Trojans. Once you have a TCP/IP connection, it doesn't really matter who contacted who, since the conversation is bidirectional.

In any case, you could solve this one by only allowing specific outbound ports, typically 20, 80, 110, and 119.

As for the ignorant masses who buy a router without knowing how to use it, I urge them to learn. Get the O'Reilly TCP/IP book and work through the examples on a Linux or Sun box.