It does not have to accept a connection in order perform an action on the local computer based on on the attempted connection(s). What I am useing is different than the concept trojan that I spoke of. The concept trojan would not show up up with netstat, Nmap, or anything else. Of course you could have the trojan use any other application on the machine to make make connection and do all the dirty work.