Sneakin
My network allows outgoing telnet (src port > 1024, destination port =23)
Attacker installs a sneaking daemon on our network and sends a few pings from outside. Daemon responses “telneting” out and the session is established
When connection made, sneakin client and server reverse the connection
Defense: strong internal host security and Principle Of Least Privileges (open absolutely minimal amount of services)