[eps]

If this were a DoS backdoor, it would've not been that much harder to make it less discoverable. Just use two magic bytes, or three. The chance of false positive are virtually zero and yet you'd still be able to use basic ICMP/ping to trigger it if needed.

[mark-r]

A backdoor that bricks the device, but only if it's the first packet received, isn't terribly useful. The more plausible explanation is that it's a bug that was introduced by the actual backdoor that still remains undiscovered.