What Range This Port Belongs To
Port 3020 sits in the registered ports range (1024–49151). These ports are assigned by IANA to specific services, separating them from the well-known ports (0–1023) that require root privileges and from the ephemeral ports (49152–65535) that operating systems hand out dynamically for outbound connections.
A registered port assignment means a service or organization formally requested the number from IANA and committed to using it for a declared purpose. It does not mean the assignment is actively used—or used at all.
The IANA Assignment: A Ghost Reservation
IANA officially lists port 3020 as CIFS (Common Internet File System), with Paul Leach—one of the Microsoft engineers behind the SMB/CIFS protocol—listed as the contact.1
The problem: CIFS doesn't actually use port 3020.
CIFS runs on port 445 for direct TCP connections, or ports 139, 138, and 137 when NetBIOS over TCP/IP is involved. Port 3020 appears to be an early reservation that was superseded before it ever saw real deployment. The IANA entry exists; the traffic never followed.
This happens more often than you'd expect. Port space gets reserved during protocol development, then protocol implementations land on different numbers, and the original reservation becomes a footnote. Port 3020's CIFS assignment is one of those footnotes.
What Actually Used This Port
The most documented real-world use of port 3020 was PreMiD, a browser extension and desktop application that displays what you're watching or listening to in your Discord status. PreMiD's desktop app ran a local Socket.IO server on port 3020 to bridge the browser extension and the Discord client.
In 2020, security researchers discovered that this server was configured with origin: *—meaning any website, not just the PreMiD extension, could connect to it and request your Discord user information.2 The vulnerability was assigned CVE-2020-24928 and patched in version 2.1.4, which restricted connections to Chrome extension origins only.3
The lesson is compact: a local server on a registered port, open to all origins, is a data leak waiting for a website to find it.
How to Check What's Listening on This Port
If you want to know whether anything is using port 3020 on your system:
macOS / Linux:
Windows (Command Prompt):
Windows (PowerShell):
If nothing comes back, nothing is listening. If something appears, the process name or PID will tell you what it is.
Why Unassigned (or Barely-Used) Ports Matter
Port 3020 illustrates two things about the registered port space:
Reservations are not deployments. An IANA assignment means someone asked for a number. It says nothing about whether that number is actively in use, whether implementations followed the assignment, or whether the assignment is even still relevant.
Local ports are an attack surface. Any application running a local server—even one only intended for inter-process communication on your own machine—is reachable by any other process or, in misconfigured cases, any website via the browser. The PreMiD vulnerability is a clean example of how "it's only local" can be insufficient as a security model.
Was deze pagina nuttig?