Port 30005 Details
known port assignments and vulnerabilities
threat/application/port search:
Port(s) |
Protocol |
Service |
Details |
Source |
30005 |
tcp |
trojans |
Port sometimes associated with TR-069 - application layer protocol for remote management of end-user devices. It is a bidirectional SOAP/HTTP-based protocol that provides communication between CPE devices and auto-configuration servers (ACS). It can be used by some modems, gateways, routers, VoIP phones, set-top boxes. TR-069 has some known exploits as demonstrated at the DEFCON22 conference. Cox Communcations reportedly uses this port.
If your modem/NAT router/gateway keeps this port open and you are sure you want to filter it (potential interference with ISPs pushing firmware updates), try the following. Navigate to your router's admin interface and disable TR-069. If that does not work, look under "port forwarding", or "virtual servers", and forward port 30005 to an unused local IP address, like (192.168.1.252)
Malware using this port: Backdoor JZ, Litmus trojan
Trojan-Dropper.Win32.Delf.xk / Remote Invalid Pointer Write DOS - Win32.Delf.xk drops server.exe in AppData\Local\Temp dir and listens on TCP ports 30005,30006 and 30007. Netcat to port 30005 and input the number 9 it trys to create a file, number 2 for read file and 3 for opening a file but errors out.
References: [MVID-2021-0130] |
SG
|
30005 |
tcp |
trojan |
Litmus |
Trojans
|
30005 |
tcp |
BackdoorJZ |
[trojan] Backdoor JZ |
SANS
|
30005-30099 |
tcp,udp |
|
Unassigned |
IANA
|
|
4 records found
Related ports: 7547 30006 30007
|