Port 3144: Unassigned — Once Tarantella's Plaintext Channel

What Port 3144 Is

Port 3144 sits in the registered ports range (1024–49151). That range is managed by IANA, which accepts applications from vendors who want a port number reserved for their software. But IANA has no official assignment for 3144. It is, formally, unassigned.

Informally, it has a history.

The Tarantella Connection

In the early 2000s, a company called Tarantella built remote desktop software that let users run applications from a central server on whatever thin client or workstation they had. The protocol was called AIP — Adaptive Internet Protocol. It was clever for its time: multi-channel, cross-platform, designed to carry application windows across slow and unreliable networks.

AIP used two ports in tandem:

• Port 5307 — the encrypted channel. You connected here, authenticated, and proved you were allowed in.
• Port 3144 — the unencrypted channel. Once authenticated, your session moved here.

The logic, apparently, was that authentication needed protection but session data could travel in the clear. Whether that logic held up is a different question.¹

Sun Microsystems acquired Tarantella and renamed it Sun Secure Global Desktop. Oracle later acquired Sun. The product still exists as Oracle Secure Global Desktop, though modern deployments use HTTPS on port 443 instead.²

Port 3144 never received a formal IANA registration. The traffic ran through it for years anyway.

MyDoom's Shadow

In early 2004, MyDoom became the fastest-spreading email worm ever recorded at the time. Its first variant, MyDoom.A, opened a backdoor on a random port in the range 3127–3198 — giving attackers shell access to any infected machine. Port 3144 is inside that range.³

MyDoom.B followed with the same backdoor mechanism, plus modifications to the hosts file that blocked access to antivirus update servers. The infected machine would become both compromised and unable to clean itself.

MyDoom is long inactive. But the association lingers in port databases and firewall rule sets built during that era.

How to Check What's Using Port 3144

If you see traffic on this port and want to know what's responsible:

On Linux/macOS:

ss -tlnp | grep 3144
# or
lsof -i :3144

On Windows:

netstat -ano | findstr :3144

The process ID in the output can be cross-referenced in Task Manager or with tasklist /fi "PID eq <pid>".

If nothing legitimate should be listening on 3144, treat unexpected activity seriously. It's not a port with an obvious current purpose.

Why Unassigned Ports Matter

The registered ports range contains 48,128 ports. IANA has assigned only a few thousand of them. The rest sit unassigned — available for vendors to claim, or simply claimed without formality, or used opportunistically by software that needed a number and picked one.

Unassigned doesn't mean unused. It means there's no single authoritative answer for what should be there. Which is why checking matters.