What Port 3456 Is
Port 3456 sits in the registered ports range (1024-49151). These ports are assigned by IANA upon request, can be used by any process without administrator privileges, and represent the middle tier of the port numbering system — above the well-known system ports (0-1023) and below the ephemeral dynamic ports (49152-65535).
IANA has a registration on file for this port: VAT, the Video Audio Tool. It was developed at Lawrence Berkeley National Laboratory in the early 1990s as part of the MBone, an experimental multicast backbone that let researchers hold audio and video conferences over the Internet before the web existed. VAT was real software that real people used. It predated Zoom by about 30 years.1
It is not in wide use today.
What Actually Runs Here Now
Because the legitimate occupant has mostly vacated, port 3456 shows up in a different kind of documentation: malware databases.
Backdoor.Fearic is a remote access trojan that opens ports 2000, 3456, and 8811 on infected Windows systems, giving an attacker a back door into the machine.2 The SANS Internet Storm Center also associates port 3456 TCP with the Terror trojan, part of a family of Windows backdoors with names that were apparently trying to make a statement: Fear, Force, Terror.3
None of these represent active, widespread threats today. They are old. But the association means that traffic appearing on this port will raise flags in security tools, and Internet scanners actively probe it looking for vulnerable hosts.
How to Check What's Listening
If you see port 3456 open on a machine and want to know what's using it:
Linux / macOS:
Windows:
The process ID from those commands can then be matched against your task manager or process list. Anything listening here without a clear reason deserves scrutiny.
Why Unassigned-in-Practice Ports Matter
Port 3456 illustrates something real about how the port system works in practice. A port can be formally registered, rarely used legitimately, and actively probed by scanners all at the same time. The registration does not protect it. The obscurity does not hide it.
Scanners sweep the entire registered port range methodically. Ports that lack active defenders (firewalls, services that announce themselves, well-known signature patterns) become attractive real estate for anything that wants to operate without attracting attention.
An unrecognized open port is not automatically a problem. But it is always worth asking the question.
Frequently Asked Questions
Was deze pagina nuttig?