Port 2905: M3UA — Where the Phone Network Meets the Internet

Port 2905 is registered with IANA for M3UA (MTP3-User Adaptation Layer), a protocol that belongs to the SIGTRAN family — the suite of standards built to carry SS7 telephone signaling over IP networks.¹

Most port scanners and databases list this port as unassigned because M3UA runs over SCTP (Stream Control Transmission Protocol), not TCP or UDP. Tools that only speak TCP and UDP simply don't see it.

What M3UA Does

The public telephone network runs on SS7 — a signaling system designed in the 1970s that still coordinates billions of calls, SMS messages, and roaming agreements worldwide. SS7 was never designed to run over IP. It runs over purpose-built TDM circuits between telephone switches.

M3UA is the bridge. It takes MTP3 (the routing layer of SS7) and adapts it to travel over SCTP connections. A Signaling Gateway sits at the boundary, accepting SCTP associations from Application Server Processes on port 2905, translating between the IP world and the telephone network world.²

In practice, this appears in:

• Carrier VoIP infrastructure connecting to the PSTN
• Softswitch deployments (Asterisk, FreeSWITCH, commercial platforms)
• SMS gateway interconnects
• Mobile roaming infrastructure

Why SCTP, Not TCP

SCTP was designed specifically for telephony signaling. It supports multi-homing (a single connection spanning multiple network paths for redundancy) and multi-streaming (multiple independent message streams within one association, so head-of-line blocking in one stream doesn't stall others).³

For a protocol carrying telephone calls, both properties matter. A dropped signaling message because of a network failover, or a stalled call setup because of a queued message, is a real-world problem. SCTP was built to prevent both.

The tradeoff: almost nothing on the public Internet uses SCTP. Most firewalls block it by default. Most monitoring tools don't decode it. Port 2905 can be fully active and completely invisible to standard tooling.

Security Considerations

M3UA and SS7 generally have a troubled security history. SS7 was designed for a closed network of trusted telephone carriers — the signaling was never meant to be exposed to adversaries. As SS7 has moved onto IP infrastructure, attacks via exposed SS7 interfaces have enabled location tracking, call interception, and SMS hijacking.

Port 2905 should never be exposed to the public Internet. It belongs behind carrier-grade firewalls, accessible only to trusted peering partners.

Checking What's on This Port

Standard tools don't help much here. netstat and ss will show SCTP sockets, but most scanners won't:

# Show all SCTP listening sockets (Linux)
ss -lnp --sctp

# Check if anything is bound to port 2905 specifically
ss -lnp --sctp | grep 2905

# On macOS, netstat covers SCTP
netstat -an | grep 2905

If you see TCP or UDP traffic on port 2905 on a general-purpose system, it's worth investigating — there's no legitimate reason for it outside telecom infrastructure.

The Port Range

Port 2905 sits in the registered port range (1024–49151). These ports are registered with IANA by application vendors and standards bodies, but unlike well-known ports (0–1023), they don't require elevated privileges to bind on most operating systems. IANA registration signals intent — "this is what this port is for" — but doesn't enforce exclusivity.