What Port 3347 Is
Port 3347 sits in the registered ports range (1024–49151). These are ports that vendors and developers can claim through IANA — the Internet Assigned Numbers Authority — to give their services a consistent, recognizable home.
IANA's registry lists port 3347 as assigned to Phoenix RPC over both TCP and UDP.1 What Phoenix RPC actually was — who made it, what it did, whether it ever shipped in production software — is unclear. It left no RFC, no documentation trail, no community of users. The name exists in the registry. The service, effectively, does not.
This is not unusual. The registered ports range contains hundreds of entries like this: claimed during a period of active development, never widely deployed, and now just occupying a row in a spreadsheet.
What Actually Uses Port 3347
Because the assigned service never materialized, port 3347 is effectively unoccupied on most systems. That makes it attractive to software that wants to avoid conflict with well-known ports.
The clearest documented use is malicious: Backdoor.Win32.Controlit.10, a remote access trojan, listens on TCP port 3347 to receive commands. It requires no authentication. If the backdoor is running, anyone who can reach that port can execute arbitrary commands on the system.2
There are no widely documented legitimate applications that have adopted 3347 as a default port.
Why This Matters
A registered port nobody uses is essentially a dark corner. Legitimate traffic doesn't go there, so monitoring tools may not watch it closely. Security teams focused on high-value ports — 22, 80, 443, 3389 — may overlook traffic on 3347 entirely.
If you see unexpected traffic on port 3347, treat it as a signal worth investigating.
How to Check What Is Listening
On Linux or macOS:
On Windows:
Take the PID from the output and look it up in Task Manager or with tasklist /fi "PID eq <pid>".
If something is listening on port 3347 and you don't recognize it, investigate before assuming it's benign.
Беше ли полезна тази страница?