Purposes of new and modified files and directories

• hide the presence of the intruder
• provide backdoor login mechanisms
• config file for backdoor logins (e.g., /tmp/bob)
• IRC bot/proxy/server programs/configs/logs
• sniffer programs and log files
• exploits and denial-of-service programs
• logs of scanning or attacking other sites
• coordinate distributed denial-of-service attacks
• core files from software used by the intruder