|
Port 3128 Details
known port assignments and vulnerabilities
threat/application/port search:
| Port(s) |
Protocol |
Service |
Details |
Source |
| 3128 |
tcp |
ndl-aas |
Port used by some proxy servers (3proxy). Common web proxy server ports: 8080, 80, 3128, 6588
Tatsoft default client connection also uses port 3128.
Trojans and backdoors that use this port: Masters Paradise, Reverse WWW Tunnel Backdoor, RingZero
W32.Mydoom.B@mm [Symantec-2004-012816-3647-99] (2004.01.28) - mass-mailing worm that opens a backdoor into the system. The backdoor makes use of TCP ports 80, 1080, 3128, 8080, and 10080.
W32.HLLW.Deadhat [Symantec-2004-020619-0805-99] (2004.02.06) - a worm with backdoor capabilities. It attempts to uninstall the W32.Mydoom.A@mm and W32.Mydoom.B@mm worms, and then it spreads to other systems infected with Mydoom. Also, it spreads through the Soulseek file-sharing program.
Multiple buffer overflows in Thomas Hauck Jana Server allow remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request with a long major version number, an HTTP GET request to the HTTP proxy on port 3128 with a long major version number, a long OK reply from a POP3 server, and a long SMTP server response.
References: [CVE-2002-1061], [BID-5320]
Trojan.Win32.SkynetRef.x / Unauthenticated Open Proxy - the malware listens on TCP port 3128. Third-party attackers who can connect to the infected system can relay requests from the original connection to the destination and then back to the origination system. Attackers may then be able to launch attacks, download files or port scan third party systems and it will appear as the attacks originated from that infected host.
An authentication bypass vulnerability exists in GFI Kerio Control 9.4.5 due to insecure default proxy configuration and weak access control in the GFIAgent service. The non-transparent proxy on TCP port 3128 can be used to forward unauthenticated requests to internal services such as GFIAgent, bypassing firewall restrictions and exposing internal management endpoints. This enables unauthenticated attackers to access the GFIAgent service on ports 7995 and 7996, retrieve the appliance UUID, and issue administrative requests via the proxy. Exploitation results in full administrative access to the Kerio Control appliance.
References: [CVE-2025-34069]
Active API Server Port (IANA official) |
SG
|
| 3128 |
tcp |
|
HTTP used by Web caches and the default for the Squid cache (unofficial) |
Wikipedia
|
| 3128 |
tcp |
trojan |
Reverse WWW Tunnel Backdoor , RingZero |
Trojans
|
| 3128 |
tcp |
squid-http |
Proxy Server |
SANS
|
| 3128 |
tcp |
squid-http |
squid-http |
Nmap
|
| 3128 |
tcp |
ReverseWWWTunnel |
[trojan] Reverse WWW Tunnel Backdoor |
Neophasis
|
| 3128 |
tcp |
RingZero |
[trojan] RingZero |
Neophasis
|
| 3128 |
tcp |
threat |
Mydoom |
Bekkoame
|
| 3128 |
tcp |
threat |
Reverse WWW Tunnel Backdoor |
Bekkoame
|
| 3128 |
tcp |
threat |
RingZero |
Bekkoame
|
| 3128 |
tcp |
threat |
W32.HLLW.Deadhat |
Bekkoame
|
| 3128 |
tcp,udp |
threat |
Squid |
Bekkoame
|
| 3128 |
tcp,udp |
ndl-aas |
Active API Server Port |
IANA
|
| 3074-3174 |
udp |
applications |
Rainbow Six Vegas |
Portforward
|
|
14 records found
Related ports: 1080 2766 3127 7995 7996 10080
|