This thread has been dead for a few days, but I found an interesting article that is somewhat related:
http://www.infosecuritymag.com/2002/jul/faster.shtml Executive summary: A compromised box doesn't have to be listenting on 31337 (or another port) to be backdoored. Some very interesting scenarios can be imagined once a single box in your area is running something like this. This does not address the question of how to initially break into the box to run the backdoor software (which, i believe, was part of the original question), very interesting nevertheless. And while I'm on the air, for those interested in reducing exposure to thier packet filtering or proxy firewall might be interested in setting up a bridged firewall. More info is available here: http://freebsd.topsecret.net/doc/en_US.ISO8859-1/articles/filtering-bridges/index.html and feel free to contact me offlist with any questions. :) -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --gill | Tatu Ylonen, SSH 1.2.12 README: "Beware that the most effective | way for someone to decrypt your data may be with a rubber hose."