Constant connections and odd binaries running on systems usually get caught pretty quickly in CCDC events. However, NFS exports are hardly ever noticed. Setting it up on an Ubuntu/Debian box is a snap and given the right directory and permissions can lead you right back to getting shell any time you want without a constant connection. Plus, NFS blends right in and can listen on TCP and/or UDP (2049)

Here is a quick how-to on setting up NFS

https://help.ubuntu.com/community/SettingUpNFSHowTo

I’m sure you can think of much more evil locations but /etc/, /var/www/, and /root/ are some of my favorite exports, but there is no reason why you couldn’t just export ‘/’ that I know of. (NFSd might not permit it)

Remember to change the NFS settings so that it runs as root and you are golden.