Browse Definitions:

port 9875 (port of doom)

Contributor(s): Matthew Haughn, Carrie Higbie

Port 9875 is a port often associated with setting up VoIP (voice over IP) communications. The port is also notorious as an attack vector for the Portal of Doom Trojan horse; as a result, port 9875 is sometimes referred to as the Port of Doom.

Port 9875 is registered with the Internet Assigned Numbers Authority (IANA) for session announcement. The session announcement protocol (SAP) defines the format and describes the information that will be exchanged during a multicast conferencing session. The VoIP system traffic directed to the port communicates the start and stop of a session if this is the port expected by the system. Port 9875 uses the IP network standard TCP (Transmission Control Protocol), which guarantees the delivery of data packets in the order in which they were sent.

Malicious hackers can use the Portal of Doom Trojan to look for sensitive data, such as credit card numbers and information that enables identity theft, or just to cause mischief. The Trojan can enter without causing any behavior that alerts the user and does not have to trick the user into running an executable file manually.

This was last updated in March 2016

Continue Reading About port 9875 (port of doom)

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by:


  • risk map (risk heat map)

    A risk map, also known as a risk heat map, is a data visualization tool for communicating specific risks an organization faces.

  • internal audit (IA)

    An internal audit (IA) is an organizational initiative to monitor and analyze its own business operations in order to determine ...

  • pure risk (absolute risk)

    Pure risk, also called absolute risk, is a category of threat that is beyond human control and has only one possible outcome if ...


  • federated identity management (FIM)

    Federated identity management (FIM) is an arrangement that can be made among multiple enterprises to let subscribers use the same...

  • cross-site scripting (XSS)

    Cross-site scripting (XSS) is a type of injection security attack in which an attacker injects data, such as a malicious script, ...

  • firewall

    In computing, a firewall is software or firmware that enforces a set of rules about what data packets will be allowed to enter or...



  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • business continuity plan (BCP)

    A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue ...

  • call tree

    A call tree -- sometimes referred to as a phone tree -- is a telecommunications chain for notifying specific individuals of an ...


  • volume manager

    A volume manager is software within an operating system (OS) that controls capacity allocation for storage arrays.

  • external storage device

    An external storage device, also referred to as auxiliary storage and secondary storage, is a device that contains all the ...

  • NetApp SolidFire

    NetApp SolidFire is a business division of NetApp Inc. that specializes in all-flash storage systems.


  • hybrid hard disk drive (HDD)

    A hybrid hard disk drive is an electromechanical spinning hard disk that contains some amount of NAND Flash memory.