UDP 31337
Synopsis
- Back Orifice (1998), a remote administration Trojan by Cult of the Dead Cow, defaulted to UDP port 31337 for its command-and-control; the infected host’s server component listened on UDP/31337 for remote control, file transfer, and keystroke logging.
- Because of this association, security tools commonly probe or alert on UDP/31337—for example, Nmap’s backorifice-info NSE script, Nessus “Back Orifice Detection” plugins, and IDS signatures in Snort/Suricata target this port to identify Back Orifice activity.
- Outside of this malware-linked use, there is no widely adopted legitimate protocol standardized on UDP port 31337.
Observed activity
Last 30 days
Detailed chart