A Backdoor can be via telnet, ftp, ssh, a netcat listener, a custom process, or just about any other net-aware process out there. Some holes that have been used in the past were actually executed through the Sendmail daemon, or via an insecure web cgi.
My favorite place for up-to date security information (and research on past issues) is Bugtraq. You can subscribe to the list, or browse via
www.securityfocus.com .
Also, keep in mind it may be near impossible to find someone once they're in. For example, many of the Linux Rootkits floating around modify the system in a way the ls doesn't really show all files, ps doesn't show all processes, lsmod doesn't show all modules loaded. Can you imagine trying to search for "clues" when ls, ps, lsof, find, lsmod, etc etc have been modified? Ick.