Destination Port 3171

Has anyone seen TCP destination port 3171 used by any specific malware? After isolating a server we suspect of infection to its own segment, we see pretty clearly on the firewall console that it attempts TCP port 3171 as destination on another internal server. The server it is targeting is one that it should not be interacting with at all.

Reply to
Will
Loading thread data ...

formatting link
?port=3171

Reply to
Bit Twister

I saw you had posted this question at:

formatting link
There is an interesting article that talks about Port 3171 being involved in FTP transmissions:
formatting link
IANA shows:

IANA ports lists information:

Port Number: 3171 Protocol: tcp Name: serverview-gf Description: SERVERVIEW-GF

IANA ports lists information:

Port Number: 3171 Protocol: udp Name: serverview-gf Description: SERVERVIEW-GF

I don't find any information regarding specific malware targeting this port, but that doesn't mean some malware wouldn't use it.

Reply to
Bullseye

Why not slap Wireshark on one of the systems and have a look at the traffic? Or setup a span port on the switch one of them is plugged into and have a look at the traffic.

Reply to
kingthorin

Hmmm looks like ServerView is a Fujitsu package:

formatting link

Reply to
kingthorin

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.