Port 3690: SVN — The Version Control System That Ran the Internet Before Git

What Runs on Port 3690

Port 3690 is the default port for svnserve, the standalone server daemon for Apache Subversion (SVN). When you connect to a repository with a URL that starts with svn://, you're connecting to port 3690.

IANA officially registered this port assignment in January 2003, shortly after Subversion became the version control system of choice for serious open-source development.¹

How SVN Uses This Port

Subversion has three ways to serve repositories: over HTTP via Apache's mod_dav_svn, over SSH with svn+ssh://, or directly via its own lightweight daemon using the svn:// scheme. That last option — svnserve — listens on port 3690.

When you run:

svnserve -d

The process backgrounds itself and starts accepting connections on port 3690. Clients connect, authenticate (or don't, if the server allows anonymous access), and speak Subversion's custom binary protocol — a stateful, connection-oriented protocol that predates the REST-everything era.

A typical checkout looks like:

svn checkout svn://example.com/myproject

The client opens a TCP connection to port 3690, negotiates capabilities, authenticates, and then requests the working copy. The server streams back the repository contents.

The Story Behind the Port

In February 2000, CollabNet hired Karl Fogel and Ben Collins-Sussman to build a replacement for CVS — the version control system that every serious project used and everyone complained about.²

CVS had real problems. It couldn't rename files. It tracked changes file-by-file instead of atomically. Branching was painful. Merging was worse. The goal was simple: build something better without reinventing version control philosophy.

By August 2001, Subversion became "self-hosting" — the developers switched from CVS to Subversion to track Subversion's own source code.³ That milestone meant something. The tool was real enough to trust.

For the next decade, SVN was the default answer to "how do we manage source code?" Apache projects, Google Code, SourceForge, Tigris.org — all built on SVN. The svn:// protocol over port 3690 carried the source code of an enormous fraction of the world's software.

Then Git happened. By the early 2010s, GitHub made distributed version control accessible, and SVN began a long, slow retreat. In 2010, Subversion moved to the Apache Software Foundation — a sign of maturity, but also of a project entering maintenance mode.⁴

SVN still runs in enterprise environments that never migrated. Financial systems. Government codebases. Corporate monorepos that predate Git. Port 3690 is quieter than it used to be, but it isn't silent.

Security Considerations

An unprotected svnserve is a gift to anyone doing reconnaissance.

By default, svnserve can be configured to allow anonymous read access — which means anyone who can reach port 3690 can check out your entire repository, including the complete commit history. That history often contains things people thought were deleted: credentials committed by accident, API keys that were "fixed" by a later commit, internal infrastructure details, employee names and email patterns.

Common risks:

• Anonymous access enabled — svnserve's default configuration allows unauthenticated read. If you never explicitly disabled it, it may still be on.
• No encryption — The svn:// protocol sends everything in plaintext, including passwords. Use svn+ssh:// or HTTPS for anything sensitive.
• Exposed to the Internet — svnserve has no IP filtering of its own. A firewall is the only thing standing between your repository and the public.
• Known CVEs — Various Subversion versions have had heap overflows and path authorization bypass vulnerabilities. If you're running an old svnserve, check the Apache Subversion security advisories.⁵

What's Listening on Your Port 3690

To see if anything is running on port 3690 locally:

# Linux/macOS
ss -tlnp | grep 3690
# or
lsof -i :3690

# Windows
netstat -ano | findstr :3690

To probe a remote host:

nmap -sV -p 3690 <target>

An open port with a responding svnserve will return a version banner. That banner tells you exactly what version is running — useful for both administrators and attackers.

Related Ports

• 443 / 80 — SVN over HTTPS via mod_dav_svn (the recommended alternative to svnserve)
• 22 — SSH, used by svn+ssh:// for encrypted SVN access
• 3000 — GitLab's default HTTP port, a common migration destination
• 9418 — Git's native protocol port (the git:// scheme)