TCP 5631
Synopsis
- TCP port 5631 is primarily used by Symantec/Norton pcAnywhere for its remote-control data channel (with UDP 5632 used for status and discovery).
- In real-world deployments, enterprises exposed 5631 to allow remote desktop/control via pcAnywhere servers and clients.
- This port has a history of exploitation: after Symantec’s 2012 source-code leak, multiple pcAnywhere vulnerabilities were disclosed and actively targeted, leading Symantec to advise customers to disable the product until patches were applied; attackers commonly scan 5631 for exposed hosts and attempt credential brute-force or exploit known flaws.
- pcAnywhere was later discontinued, but legacy systems may still listen on 5631.
Observed activity
Last 30 days
Detailed chart