What Port 3460 Is
Port 3460 sits in the registered port range (1024–49151). These are ports that organizations and developers apply to IANA to reserve for their software. In return, IANA lists the port officially so other services don't accidentally collide with it.
IANA lists port 3460 as assigned to a service called "EDM Manger" — that spelling is from the registry itself, missing the 'a' in Manager. The service name is edm-manager. Both TCP and UDP are registered.1
What EDM Manager actually is: unknown. No documentation, no RFC, no surviving software, no company behind it. The registration exists. The software, apparently, does not. This happens more often than you'd expect — ports registered in the 1990s and early 2000s for products that never shipped, got renamed, or quietly died.
What the Port Is Actually Used For
Port 3460 is recognized in security research as the default listening port for Poison Ivy, a remote access trojan first documented around 2005.2
Poison Ivy was a full-featured RAT — remote access toolkit — that let an attacker take complete control of a compromised Windows machine. Keylogging, screenshots, webcam capture, file transfer, remote shell. The attacker ran a management client; Poison Ivy listened on the victim's machine, by default on TCP port 3460.
The port is configurable — attackers could (and did) change it — but the default made 3460 a common indicator of compromise in threat intelligence feeds for years. A variant documented as recently as 2024 still uses this port by default.3
Poison Ivy was notably used in targeted attacks against government and defense organizations in the early 2010s, making it one of the more historically significant RATs in threat research.4
What This Port Range Means
Registered ports (1024–49151) are governed differently than well-known ports (0–1023). Below 1024, you need root or administrator privileges on most systems to bind a listener. Above 1024, any process can open a port — which makes the registered range both more flexible for legitimate software and more accessible to malware.
When Poison Ivy defaults to 3460, it's partly because the port has an official-sounding IANA name. A registered port raises fewer flags than an obviously unassigned number.
How to Check What's Listening on This Port
If you see activity on port 3460 on a system you manage, treat it as worth investigating.
On Linux or macOS:
On Windows:
The output will show the process ID (PID) holding the socket open. Match that PID to a process name in Task Manager or with tasklist.
Legitimate software using this port is essentially unheard of. If something is listening on 3460, and you didn't put it there intentionally, it deserves a closer look.
Frequently Asked Questions
क्या यह पृष्ठ सहायक था?