An amateur exploration of network-based (assuming no NAC) detection of backdoors in the enterprise LAN (like the war-dialing audits of yore, now with 3G modems): * Speaker's background (why this pet problem?) * Some thoughts about the threat model * Techniques and their applicability to scenarios of varying likelihood * A short demo of one approach * Future work