1. Ports
  2. Port 3104

Port 3104 — Unassigned, but not untouched

Port 3104 is unassigned by IANA. No protocol owns it. No RFC defines its behavior. If you see traffic on this port, something put it there — and that something is worth investigating.

What Range This Port Belongs To

Port 3104 falls in the registered ports range (1024–49151). This is the middle tier of the port space:

  • Well-known ports (0–1023): Reserved for core Internet protocols. HTTP, SSH, DNS, SMTP. Requires root or administrator privileges to bind.
  • Registered ports (1024–49151): IANA accepts registrations here from vendors and projects, but doesn't enforce exclusivity. Anyone can run anything on these ports.
  • Ephemeral ports (49152–65535): Temporary ports assigned by operating systems for outbound connections. No registration, no persistence.

Being in the registered range means port 3104 could be registered — IANA just hasn't assigned it to anyone. The slot is open.

Known History

CA Message Queuing (CAM/CAFT)

Computer Associates (now Broadcom) ran their CA Message Queuing middleware on TCP port 3104. CAM — the message queuing server process Cam.exe — bound to this port to handle inter-process communication across their Unicenter, BrightStor, and eTrust product lines.

In July 2007, security researchers disclosed CVE-2007-0060: a stack-based buffer overflow in Cam.exe. An attacker who could reach port 3104 could send a specially crafted message and execute arbitrary code on the target machine — remotely, without authentication.1 CA rated it High severity. Affected versions spanned CAM 1.04 through 1.11 (prior to Build 54_4).

The patch exists. CA Message Queuing is aging enterprise software. But if you find port 3104 open on an old Windows or NetWare server, it's worth asking whether the software behind it has been updated.

Autocue Logger / Time Service

Older port databases list port 3104 TCP as "Autocue Logger Protocol" and UDP as "Autocue Time Service." Autocue is a UK broadcast company that makes teleprompter systems used in television production. The entries appear in historical IANA snapshots and third-party databases, though they're absent from the current IANA registry — suggesting the registration was either informal or lapsed.2

How to Check What's Listening

On Linux/macOS:

# Show what process is bound to port 3104
ss -tlnp sport = :3104

# Or with lsof
lsof -i :3104

On Windows:

netstat -ano | findstr :3104

Then match the PID to a process name in Task Manager or:

tasklist /fi "pid eq <PID>"

Remotely (with nmap):

nmap -sV -p 3104 <target>

-sV attempts service version detection, which can identify what's actually running even if it's not on a well-known port.

Why Unassigned Ports Matter

The port space isn't fully allocated. Out of 65,535 possible ports, IANA has formally assigned a fraction. The rest are available — which means:

  • Applications regularly pick unassigned ports and claim them informally
  • Security scanners watch unassigned ports precisely because legitimate traffic is rare; anything unusual stands out
  • Malware frequently uses unassigned ports to blend into ambiguity

Port 3104 is quiet today. But quiet doesn't mean safe — it means you should know what's making noise there before assuming it's nothing.

上一篇

Port 3103: Autocue SMI — The Prompter's Port

下一篇

Port 3105: Cardbox — A Database System and Its Port

此页面对您有帮助吗?

😔
🤨
😃