Port 3148: nm-game-admin — Registered, Forgotten, Flagged

What This Port Is

Port 3148 sits in the registered ports range (1024–49151). These ports are assigned by IANA upon request. Any organization can apply; IANA records the assignment; the service may or may not survive.

Port 3148 was assigned to NetMike Game Administrator (nm-game-admin) on both TCP and UDP. NetMike appears to have been a networked gaming platform. No documentation, no surviving project page, no community memory. The registration exists in the IANA database.¹ The service does not appear to exist anywhere else.

The MyDoom Connection

In January 2004, a worm called MyDoom began spreading via email. It became the fastest-spreading email worm ever recorded — a record it still holds.²

Among other things, MyDoom installed a backdoor by opening TCP ports sequentially from 3127 to 3198, listening for incoming connections on each. Port 3148 is squarely in that range. Any machine infected by MyDoom became remotely accessible through these ports. The backdoor could receive and execute additional payloads — infected machines became staging grounds for further attacks.

MyDoom infected an estimated 500,000 machines. Damage estimates reached $38.5 billion. The author was never identified. Microsoft offered a $250,000 bounty. Nobody claimed it.³

Port 3148 didn't choose this. It was just in the neighborhood.

Checking What's on This Port

If port 3148 shows up open on a system you manage, here's how to find what's listening:

Linux / macOS:

# Show what process is listening on port 3148
ss -tlnp sport = :3148

# Alternative using lsof
lsof -i :3148

# Check for both TCP and UDP
ss -ulnp sport = :3148

Windows:

netstat -ano | findstr :3148

The output will include the process ID. On Linux, cross-reference with ps aux | grep <PID>. On Windows, check Task Manager or use tasklist | findstr <PID>.

An open port 3148 on a modern system is almost certainly a legitimate application that picked it dynamically, not malware. MyDoom is two decades old. But it's worth knowing what's there.

Why Unassigned (and Forgotten) Ports Matter

The registered ports range contains thousands of assignments like this one — services that claimed a port, registered it with IANA, and then ceased to exist or never launched. The ports remain in the registry, technically "taken," practically empty.

This matters because:

• Port scanners flag them. Security tools checking for unusual open ports sometimes cross-reference IANA data. A port registered to an unknown service is harder to reason about than one registered to PostgreSQL.
• Malware exploited the ambiguity. MyDoom's sweep through ports 3127–3198 worked partly because those ports were quiet. Nobody was watching them.
• The registry is permanent. IANA doesn't reclaim ports from defunct services automatically. Entries persist indefinitely, which is why the nm-game-admin assignment for a vanished gaming service still appears in the official registry today.

Port 3148 is a small artifact of how the Internet works: a claim staked in a registry, a worm that swept through, and a port that carries the memory of both.